diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-05 16:30:38 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-05 16:30:38 +0200 |
| commit | dc6bf51f8c3febd6a5fa0708e2a020d98daca79d (patch) | |
| tree | be3f0eb1ea4db1e8733c1756785a7e0ca876405c /Tests/Http | |
| parent | fb61b3ac9393e62f64d261e560267004b39f32da (diff) | |
| parent | c1a81db1bf00f308a75ae920b584ff2ce85ea5ad (diff) | |
| download | symfony-security-dc6bf51f8c3febd6a5fa0708e2a020d98daca79d.zip symfony-security-dc6bf51f8c3febd6a5fa0708e2a020d98daca79d.tar.gz symfony-security-dc6bf51f8c3febd6a5fa0708e2a020d98daca79d.tar.bz2 | |
bug #13627 [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing (issei-m)
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself.
[DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it.
But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication.
It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication.
Commits
-------
729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
Diffstat (limited to 'Tests/Http')
0 files changed, 0 insertions, 0 deletions