[Security] Copy token attributes when auth providers create a new token from another

PreAuthenticatedAuthenticationProvider and UserAuthenticationProvider tend to copy a token instead of modifying it during their authenticate() methods, which is probably a good idea if the token might be immutable. Ensure that the token's attributes get copied along with everything else.
author: Jeremy Mikola <jmikola@gmail.com> 2011-02-23 16:03:01 -0500
committer: Jeremy Mikola <jmikola@gmail.com> 2011-02-23 16:03:01 -0500
commit: 1625a8e936f747bca3390680c5452af34e06ad97 (patch)
tree: b8fbc4ddc1b42810374e36f5e7bfe31386d0642a /Core/Authentication/Provider
parent: ac445877da6dfa111b9ee3772c70cccb07b0ffcf (diff)
download: symfony-security-1625a8e936f747bca3390680c5452af34e06ad97.zip
symfony-security-1625a8e936f747bca3390680c5452af34e06ad97.tar.gz
symfony-security-1625a8e936f747bca3390680c5452af34e06ad97.tar.bz2
2 files changed, 8 insertions, 2 deletions
diff --git a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
index 17443b9..c67e586 100644
--- a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
+++ b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
@@ -68,7 +68,10 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn
 
         $this->accountChecker->checkPostAuth($user);
 
-        return new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+        $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+        $authenticatedToken->setAttributes($token->getAttributes());
+
+        return $authenticatedToken;
     }
 
     /**
diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php
index 6947de3..d59a386 100644
--- a/Core/Authentication/Provider/UserAuthenticationProvider.php
+++ b/Core/Authentication/Provider/UserAuthenticationProvider.php
@@ -70,7 +70,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
             $this->checkAuthentication($user, $token);
             $this->accountChecker->checkPostAuth($user);
 
-            return new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+            $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+            $authenticatedToken->setAttributes($token->getAttributes());
+
+            return $authenticatedToken;
         } catch (UsernameNotFoundException $notFound) {
             if ($this->hideUserNotFoundExceptions) {
                 throw new BadCredentialsException('Bad credentials', 0, $notFound);
author	Jeremy Mikola <jmikola@gmail.com>	2011-02-23 16:03:01 -0500
committer	Jeremy Mikola <jmikola@gmail.com>	2011-02-23 16:03:01 -0500
commit	1625a8e936f747bca3390680c5452af34e06ad97 (patch)
tree	b8fbc4ddc1b42810374e36f5e7bfe31386d0642a /Core/Authentication/Provider
parent	ac445877da6dfa111b9ee3772c70cccb07b0ffcf (diff)
download	symfony-security-1625a8e936f747bca3390680c5452af34e06ad97.zip symfony-security-1625a8e936f747bca3390680c5452af34e06ad97.tar.gz symfony-security-1625a8e936f747bca3390680c5452af34e06ad97.tar.bz2