diff options
| author | David de Boer <david@ddeboer.nl> | 2013-12-17 21:46:42 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-23 16:46:26 +0100 |
| commit | 35c3590ba55c63d2684ff849b1f97fd4a688019c (patch) | |
| tree | ff6784a953d584bb3f5fb3110f58e0bb3cf00905 | |
| parent | 8f61147b69f8b6289ae94388d8cf523dad446273 (diff) | |
| download | symfony-security-35c3590ba55c63d2684ff849b1f97fd4a688019c.zip symfony-security-35c3590ba55c63d2684ff849b1f97fd4a688019c.tar.gz symfony-security-35c3590ba55c63d2684ff849b1f97fd4a688019c.tar.bz2 | |
Fix parent serialization of user object
| -rw-r--r-- | Core/Authentication/Token/AbstractToken.php | 9 | ||||
| -rw-r--r-- | Tests/Core/Authentication/Token/AbstractTokenTest.php | 41 |
2 files changed, 49 insertions, 1 deletions
diff --git a/Core/Authentication/Token/AbstractToken.php b/Core/Authentication/Token/AbstractToken.php index 1d65819..b994733 100644 --- a/Core/Authentication/Token/AbstractToken.php +++ b/Core/Authentication/Token/AbstractToken.php @@ -146,7 +146,14 @@ abstract class AbstractToken implements TokenInterface */ public function serialize() { - return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes)); + return serialize( + array( + is_object($this->user) ? clone $this->user : $this->user, + $this->authenticated, + $this->roles, + $this->attributes + ) + ); } /** diff --git a/Tests/Core/Authentication/Token/AbstractTokenTest.php b/Tests/Core/Authentication/Token/AbstractTokenTest.php index 783c27e..5683b78 100644 --- a/Tests/Core/Authentication/Token/AbstractTokenTest.php +++ b/Tests/Core/Authentication/Token/AbstractTokenTest.php @@ -11,7 +11,9 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Token; +use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; use Symfony\Component\Security\Core\Role\Role; +use Symfony\Component\Security\Core\Role\SwitchUserRole; class TestUser { @@ -28,6 +30,31 @@ class TestUser } } +class ConcreteToken extends AbstractToken +{ + private $credentials = 'credentials_value'; + + public function __construct($user, array $roles = array()) + { + parent::__construct($roles); + + $this->setUser($user); + } + + public function serialize() + { + return serialize(array($this->credentials, parent::serialize())); + } + + public function unserialize($serialized) + { + list($this->credentials, $parentStr) = unserialize($serialized); + parent::unserialize($parentStr); + } + + public function getCredentials() {} +} + class AbstractTokenTest extends \PHPUnit_Framework_TestCase { public function testGetUsername() @@ -71,6 +98,20 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase $this->assertEquals($token->getAttributes(), $uToken->getAttributes()); } + public function testSerializeParent() + { + $user = new TestUser('fabien'); + $token = new ConcreteToken($user, array('ROLE_FOO')); + + $parentToken = new ConcreteToken($user, array(new SwitchUserRole('ROLE_PREVIOUS', $token))); + $uToken = unserialize(serialize($parentToken)); + + $this->assertEquals( + current($parentToken->getRoles())->getSource()->getUser(), + current($uToken->getRoles())->getSource()->getUser() + ); + } + /** * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::__construct */ |