diff options
| author | Andreas Hucks <andreas.hucks@duochrome.net> | 2012-03-12 19:00:32 +0100 |
|---|---|---|
| committer | Andreas Hucks <andreas.hucks@duochrome.net> | 2012-03-15 01:50:14 -0700 |
| commit | a3bbd47233a371d6b5d85d27141772b60c36f40a (patch) | |
| tree | b5ebfb9c27a0ffa4fc88abd4cc79901de1388f4f /Http | |
| parent | 7053900c4b792914f8884b388fd97cf881979284 (diff) | |
| download | symfony-security-a3bbd47233a371d6b5d85d27141772b60c36f40a.zip symfony-security-a3bbd47233a371d6b5d85d27141772b60c36f40a.tar.gz symfony-security-a3bbd47233a371d6b5d85d27141772b60c36f40a.tar.bz2 | |
[SecurityBundle] Allow switching to the user that is already impersonated (fix #2554)
Disabled exception when switching to the user that is already impersonated, exception is now only thrown when trying to switch to a new user.
Added an Excption exception when switching fails because target user does not exist.
Added funtional tests for switching users.
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/SwitchUserListener.php | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/Http/Firewall/SwitchUserListener.php b/Http/Firewall/SwitchUserListener.php index 9780860..7f0aa78 100644 --- a/Http/Firewall/SwitchUserListener.php +++ b/Http/Firewall/SwitchUserListener.php @@ -86,9 +86,7 @@ class SwitchUserListener implements ListenerInterface try { $this->securityContext->setToken($this->attemptSwitchUser($request)); } catch (AuthenticationException $e) { - if (null !== $this->logger) { - $this->logger->warn(sprintf('Switch User failed: "%s"', $e->getMessage())); - } + throw new \LogicException(sprintf('Switch User failed: "%s"', $e->getMessage())); } } @@ -108,8 +106,14 @@ class SwitchUserListener implements ListenerInterface private function attemptSwitchUser(Request $request) { $token = $this->securityContext->getToken(); - if (false !== $this->getOriginalToken($token)) { - throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername())); + $originalToken = $this->getOriginalToken($token); + + if (false !== $originalToken) { + if ($token->getUsername() === $request->get($this->usernameParameter)) { + return $token; + } else { + throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername())); + } } if (false === $this->accessDecisionManager->decide($token, array($this->role))) { @@ -148,7 +152,7 @@ class SwitchUserListener implements ListenerInterface private function attemptExitUser(Request $request) { if (false === $original = $this->getOriginalToken($this->securityContext->getToken())) { - throw new AuthenticationCredentialsNotFoundException(sprintf('Could not find original Token object.')); + throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.'); } if (null !== $this->dispatcher) { |