[2.2] make refreshUser try all providers fixes #4498 #4778
Conversation
Make refreshUser try all user providers instead stopping at the first UserNotFound exception.
|
a provider should only be triggered if it supports the token and so imho if you have multiple providers that should work on the same token, it would be better to create a chained provider. changing this could have adverse affect on performance. then again .. right now there is no way to control the order of the providers #2131 which means the order is accidental and not controllable anyway |
|
A chained provider would not be the right solution as the use case is for different firewalls with different, seperately managed user providers that just happen to provide the same class of user object. refreshUser currently has no way of knowing which firewall was hit and which providers are in it, so it checks them all and stops at the first success or failure. The current implementation requires each user provider to provide a user of a different class to all other user providers. If this is by design, it isn't documented and non-obvious. |
|
@schmittjoh ping |
|
bump |
|
This issue could be fixed with #4498 ? |
|
Yes, it could |
|
Ran into this issue in 2.4 where multiple token/users on multiple firewalls with different authentication methods. |
|
Closing this old PR as this is not the right fix. The one explained in #4498 might be better. |
Make refreshUser try all user providers instead stopping at the first
UserNotFound exception.