diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2012-08-10 13:48:23 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2012-08-10 13:48:23 +0200 |
| commit | 3d7bc6981737b48b504afbc9813c1a491cdfa4c1 (patch) | |
| tree | f2c9431548b7c5758fcd589cd8a0a49554bf32ce | |
| parent | 554ad6bb1448fdd54274a061d6a9ee8951284078 (diff) | |
| download | symfony-security-3d7bc6981737b48b504afbc9813c1a491cdfa4c1.zip symfony-security-3d7bc6981737b48b504afbc9813c1a491cdfa4c1.tar.gz symfony-security-3d7bc6981737b48b504afbc9813c1a491cdfa4c1.tar.bz2 | |
merged 2.0
| -rw-r--r-- | Http/Firewall/ContextListener.php | 23 | ||||
| -rw-r--r-- | Tests/Http/Firewall/ContextListenerTest.php | 43 |
2 files changed, 58 insertions, 8 deletions
diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php index bb1e308..53b2073 100644 --- a/Http/Firewall/ContextListener.php +++ b/Http/Firewall/ContextListener.php @@ -75,19 +75,26 @@ class ContextListener implements ListenerInterface if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) { $this->context->setToken(null); - } else { - if (null !== $this->logger) { - $this->logger->debug('Read SecurityContext from the session'); - } + return; + } - $token = unserialize($token); + $token = unserialize($token); - if (null !== $token) { - $token = $this->refreshUser($token); + if (null !== $this->logger) { + $this->logger->debug('Read SecurityContext from the session'); + } + + if ($token instanceof TokenInterface) { + $token = $this->refreshUser($token); + } elseif (null !== $token) { + if (null !== $this->logger) { + $this->logger->warn(sprintf('Session includes a "%s" where a security token is expected', is_object($value) ? get_class($value) : gettype($value))); } - $this->context->setToken($token); + $token = null; } + + $this->context->setToken($token); } /** diff --git a/Tests/Http/Firewall/ContextListenerTest.php b/Tests/Http/Firewall/ContextListenerTest.php index 646ed23..d360ef5 100644 --- a/Tests/Http/Firewall/ContextListenerTest.php +++ b/Tests/Http/Firewall/ContextListenerTest.php @@ -125,4 +125,47 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase $this->assertFalse($request->hasSession()); } + + /** + * @dataProvider provideInvalidToken + */ + public function testInvalidTokenInSession($token) + { + $context = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface'); + $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent') + ->disableOriginalConstructor() + ->getMock(); + $request = $this->getMock('Symfony\Component\HttpFoundation\Request'); + $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session') + ->disableOriginalConstructor() + ->getMock(); + + $event->expects($this->any()) + ->method('getRequest') + ->will($this->returnValue($request)); + $request->expects($this->any()) + ->method('hasPreviousSession') + ->will($this->returnValue(true)); + $request->expects($this->any()) + ->method('getSession') + ->will($this->returnValue($session)); + $session->expects($this->any()) + ->method('get') + ->with('_security_key123') + ->will($this->returnValue(serialize($token))); + $context->expects($this->once()) + ->method('setToken') + ->with(null); + + $listener = new ContextListener($context, array(), 'key123'); + $listener->handle($event); + } + + public function provideInvalidToken() + { + return array( + array(new \__PHP_Incomplete_Class()), + array(null), + ); + } } |