diff options
| author | Grégoire Pineau <lyrixx@lyrixx.info> | 2016-04-03 22:28:33 +0200 |
|---|---|---|
| committer | Grégoire Pineau <lyrixx@lyrixx.info> | 2016-04-04 14:27:18 +0200 |
| commit | 8930c053da78b96618182f855d8b5f0de5de4e14 (patch) | |
| tree | dae68a870f0e859d296d01741387caabf53f1070 /Tests/Http | |
| parent | f9e167fde187546f3eb91f62d8de5ba36483a70a (diff) | |
| download | symfony-security-8930c053da78b96618182f855d8b5f0de5de4e14.zip symfony-security-8930c053da78b96618182f855d8b5f0de5de4e14.tar.gz symfony-security-8930c053da78b96618182f855d8b5f0de5de4e14.tar.bz2 | |
[Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken
If you configure a firewall with switch user with `role: IS_AUTHENTICATED_ANONYMOUSLY` it's impossible to exit the
impersonation because the next line `$this->provider->refreshUser($original->getUser())` will fail. It fails because `RefreshUser`
expects an instance of `UserInterface` and here it's a string.
Therefore, it does not make sense to refresh an Anonymous Token, right ?
Diffstat (limited to 'Tests/Http')
| -rw-r--r-- | Tests/Http/Firewall/SwitchUserListenerTest.php | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/Tests/Http/Firewall/SwitchUserListenerTest.php b/Tests/Http/Firewall/SwitchUserListenerTest.php index 1852751..1ee6ea5 100644 --- a/Tests/Http/Firewall/SwitchUserListenerTest.php +++ b/Tests/Http/Firewall/SwitchUserListenerTest.php @@ -149,6 +149,54 @@ class SwitchUserListenerTest extends \PHPUnit_Framework_TestCase $listener->handle($this->event); } + public function testExitUserDoesNotDispatchEventWithStringUser() + { + $originalUser = 'anon.'; + $refreshedUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $this + ->userProvider + ->expects($this->never()) + ->method('refreshUser'); + $originalToken = $this->getToken(); + $originalToken + ->expects($this->any()) + ->method('getUser') + ->willReturn($originalUser); + $role = $this + ->getMockBuilder('Symfony\Component\Security\Core\Role\SwitchUserRole') + ->disableOriginalConstructor() + ->getMock(); + $role + ->expects($this->any()) + ->method('getSource') + ->willReturn($originalToken); + $this + ->securityContext + ->expects($this->any()) + ->method('getToken') + ->willReturn($this->getToken(array($role))); + $this + ->request + ->expects($this->any()) + ->method('get') + ->with('_switch_user') + ->willReturn('_exit'); + $this + ->request + ->expects($this->any()) + ->method('getUri') + ->willReturn('/'); + + $dispatcher = $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface'); + $dispatcher + ->expects($this->never()) + ->method('dispatch') + ; + + $listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, null, '_switch_user', 'ROLE_ALLOWED_TO_SWITCH', $dispatcher); + $listener->handle($this->event); + } + /** * @expectedException \Symfony\Component\Security\Core\Exception\AccessDeniedException */ |