diff options
author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-05 16:30:38 +0200 |
---|---|---|
committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-05 16:30:38 +0200 |
commit | dc6bf51f8c3febd6a5fa0708e2a020d98daca79d (patch) | |
tree | be3f0eb1ea4db1e8733c1756785a7e0ca876405c /Tests/Core/User | |
parent | fb61b3ac9393e62f64d261e560267004b39f32da (diff) | |
parent | c1a81db1bf00f308a75ae920b584ff2ce85ea5ad (diff) | |
download | symfony-security-dc6bf51f8c3febd6a5fa0708e2a020d98daca79d.zip symfony-security-dc6bf51f8c3febd6a5fa0708e2a020d98daca79d.tar.gz symfony-security-dc6bf51f8c3febd6a5fa0708e2a020d98daca79d.tar.bz2 |
bug #13627 [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing (issei-m)
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself.
[DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it.
But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication.
It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication.
Commits
-------
729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
Diffstat (limited to 'Tests/Core/User')
-rw-r--r-- | Tests/Core/User/InMemoryUserProviderTest.php | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/Tests/Core/User/InMemoryUserProviderTest.php b/Tests/Core/User/InMemoryUserProviderTest.php index 826e390..266d397 100644 --- a/Tests/Core/User/InMemoryUserProviderTest.php +++ b/Tests/Core/User/InMemoryUserProviderTest.php @@ -18,18 +18,39 @@ class InMemoryUserProviderTest extends \PHPUnit_Framework_TestCase { public function testConstructor() { - $provider = new InMemoryUserProvider(array( + $provider = $this->createProvider(); + + $user = $provider->loadUserByUsername('fabien'); + $this->assertEquals('foo', $user->getPassword()); + $this->assertEquals(array('ROLE_USER'), $user->getRoles()); + $this->assertFalse($user->isEnabled()); + } + + public function testRefresh() + { + $user = new User('fabien', 'bar'); + + $provider = $this->createProvider(); + + $refreshedUser = $provider->refreshUser($user); + $this->assertEquals('foo', $refreshedUser->getPassword()); + $this->assertEquals(array('ROLE_USER'), $refreshedUser->getRoles()); + $this->assertFalse($refreshedUser->isEnabled()); + $this->assertFalse($refreshedUser->isCredentialsNonExpired()); + } + + /** + * @return InMemoryUserProvider + */ + protected function createProvider() + { + return new InMemoryUserProvider(array( 'fabien' => array( 'password' => 'foo', 'enabled' => false, 'roles' => array('ROLE_USER'), ), )); - - $user = $provider->loadUserByUsername('fabien'); - $this->assertEquals('foo', $user->getPassword()); - $this->assertEquals(array('ROLE_USER'), $user->getRoles()); - $this->assertFalse($user->isEnabled()); } public function testCreateUser() |