diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-29 16:53:43 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-29 16:53:43 +0100 |
| commit | 2edf1f33f7595aec863d3b23147ce389c50a7cf5 (patch) | |
| tree | e963624bc8a248bcbe4d337ca3c31d85e3712043 /Tests/Core/Authentication | |
| parent | 64b27936a722b4fc759212882f9481b7dbf9b453 (diff) | |
| parent | 3e020d61729721b526c02c54f8cd6894c8ac9bd4 (diff) | |
| download | symfony-security-2edf1f33f7595aec863d3b23147ce389c50a7cf5.zip symfony-security-2edf1f33f7595aec863d3b23147ce389c50a7cf5.tar.gz symfony-security-2edf1f33f7595aec863d3b23147ce389c50a7cf5.tar.bz2 | |
bug #8997 [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role. (pawaclawczyk)
This PR was squashed before being merged into the 2.3 branch (closes #8997).
Discussion
----------
[Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
<table>
<tr>
<td><b>Q</b></td>
<td><b>A</b></td>
</tr>
<tr>
<td>Bug fix?</td>
<td>yes</td>
</tr>
<tr>
<td>New feature</td>
<td>no</td>
</tr>
<tr>
<td>BC breaks?</td>
<td>no</td>
</tr>
<tr>
<td>Deprecations?</td>
<td>no</td>
</tr>
<tr>
<td>Tests pass?</td>
<td>yes</td>
</tr>
<tr>
<td>Fixed tickets</td>
<td>#3085, #8974</td>
</tr>
<tr>
<td>License</td>
<td>MIT</td>
</tr>
<tr>
<td>Doc PR</td>
<td>n/a</td>
</tr>
</table>
Problem occurs while user is impersonated. Authentication process generates new token and doeas not preserve role ```ROLE_PREVIOUS_ADMIN```. Ex. when parameter ```security.always_authenticate_before_granting``` is enabled.
Commits
-------
a7baa3b [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
Diffstat (limited to 'Tests/Core/Authentication')
| -rw-r--r-- | Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php b/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php index 1516a5f..22a7e5d 100644 --- a/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php +++ b/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php @@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider; use Symfony\Component\Security\Core\Role\Role; +use Symfony\Component\Security\Core\Role\SwitchUserRole; use Symfony\Component\Security\Core\Exception\BadCredentialsException; class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase @@ -172,6 +173,11 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue('foo')) ; + $token->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array())) + ; + $authToken = $provider->authenticate($token); $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken); @@ -181,9 +187,45 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes'); } + public function testAuthenticateWithPreservingRoleSwitchUserRole() + { + $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array('ROLE_FOO'))) + ; + + $provider = $this->getProvider(); + $provider->expects($this->once()) + ->method('retrieveUser') + ->will($this->returnValue($user)) + ; + + $token = $this->getSupportedToken(); + $token->expects($this->once()) + ->method('getCredentials') + ->will($this->returnValue('foo')) + ; + + $switchUserRole = new SwitchUserRole('foo', $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')); + $token->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array($switchUserRole))) + ; + + $authToken = $provider->authenticate($token); + + $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken); + $this->assertSame($user, $authToken->getUser()); + $this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false); + $this->assertContains($switchUserRole, $authToken->getRoles()); + $this->assertEquals('foo', $authToken->getCredentials()); + $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes'); + } + protected function getSupportedToken() { - $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getProviderKey'), array(), '', false); + $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getProviderKey', 'getRoles'), array(), '', false); $mock ->expects($this->any()) ->method('getProviderKey') |