Merge branch '5.1'

nicolas-grekas · nicolas-grekas · commit 608b770f1bf1 · 2020-05-30T23:59:47.000+02:00
* 5.1:
  [Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint
  [Security] Fixed AbstractToken::hasUserChanged()
  [PropertyAccess] fix merge
  [DI] fix typo
diff --git a/src/Symfony/Component/HttpClient/Tests/DataCollector/HttpClientDataCollectorTest.php b/src/Symfony/Component/HttpClient/Tests/DataCollector/HttpClientDataCollectorTest.php
@@ -172,7 +172,7 @@ private function httpClientThatHasTracedRequests($tracedRequests): TraceableHttp
 
         foreach ($tracedRequests as $request) {
             $response = $httpClient->request($request['method'], $request['url'], $request['options'] ?? []);
-            $response->getContent(false); // To avoid exception in ResponseTrait::doDestruct
+            $response->getContent(false); // disables exceptions from destructors
         }
 
         return $httpClient;
diff --git a/src/Symfony/Component/PropertyAccess/PropertyAccessor.php b/src/Symfony/Component/PropertyAccess/PropertyAccessor.php
@@ -408,11 +408,11 @@ private function readProperty(array $zval, string $property, bool $ignoreInvalid
 
                         // handle uninitialized properties in PHP >= 7
                         if (__FILE__ === $trace['file']
-                            && $access[self::ACCESS_NAME] === $trace['function']
+                            && $name === $trace['function']
                             && $object instanceof $trace['class']
                             && preg_match((sprintf('/Return value (?:of .*::\w+\(\) )?must be of (?:the )?type (\w+), null returned$/')), $e->getMessage(), $matches)
                         ) {
-                            throw new UninitializedPropertyException(sprintf('The method "%s::%s()" returned "null", but expected type "%3$s". Did you forget to initialize a property or to make the return type nullable using "?%3$s"?', false === strpos(\get_class($object), "@anonymous\0") ? \get_class($object) : (get_parent_class($object) ?: 'class').'@anonymous', $access[self::ACCESS_NAME], $matches[1]), 0, $e);
+                            throw new UninitializedPropertyException(sprintf('The method "%s::%s()" returned "null", but expected type "%3$s". Did you forget to initialize a property or to make the return type nullable using "?%3$s"?', false === strpos(\get_class($object), "@anonymous\0") ? \get_class($object) : (get_parent_class($object) ?: key(class_implements($object)) ?: 'class').'@anonymous', $name, $matches[1]), 0, $e);
                         }
 
                         throw $e;
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -270,10 +270,13 @@ private function hasUserChanged(UserInterface $user): bool
             return true;
         }
 
-        $currentUserRoles = array_map('strval', (array) $this->user->getRoles());
         $userRoles = array_map('strval', (array) $user->getRoles());
 
-        if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
+        if ($this instanceof SwitchUserToken) {
+            $userRoles[] = 'ROLE_PREVIOUS_ADMIN';
+        }
+
+        if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
             return true;
         }
 
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
@@ -152,13 +152,28 @@ public function getUserChanges()
      */
     public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
     {
-        $token = new ConcreteToken(['ROLE_FOO']);
+        $token = new ConcreteToken();
+        $token->setAuthenticated(true);
+        $this->assertTrue($token->isAuthenticated());
+
+        $token->setUser($user);
+        $this->assertTrue($token->isAuthenticated());
+
+        $token->setUser($user);
+        $this->assertTrue($token->isAuthenticated());
+    }
+
+    public function testIsUserChangedWhenSerializing()
+    {
+        $token = new ConcreteToken(['ROLE_ADMIN']);
         $token->setAuthenticated(true);
         $this->assertTrue($token->isAuthenticated());
 
+        $user = new SerializableUser('wouter', ['ROLE_ADMIN']);
         $token->setUser($user);
         $this->assertTrue($token->isAuthenticated());
 
+        $token = unserialize(serialize($token));
         $token->setUser($user);
         $this->assertTrue($token->isAuthenticated());
     }
@@ -179,6 +194,56 @@ public function __toString(): string
     }
 }
 
+class SerializableUser implements UserInterface, \Serializable
+{
+    private $roles;
+    private $name;
+
+    public function __construct($name, array $roles = [])
+    {
+        $this->name = $name;
+        $this->roles = $roles;
+    }
+
+    public function getUsername()
+    {
+        return $this->name;
+    }
+
+    public function getPassword()
+    {
+        return '***';
+    }
+
+    public function getRoles()
+    {
+        if (empty($this->roles)) {
+            return ['ROLE_USER'];
+        }
+
+        return $this->roles;
+    }
+
+    public function eraseCredentials()
+    {
+    }
+
+    public function getSalt()
+    {
+        return null;
+    }
+
+    public function serialize()
+    {
+        return serialize($this->name);
+    }
+
+    public function unserialize($serialized)
+    {
+        $this->name = unserialize($serialized);
+    }
+}
+
 class ConcreteToken extends AbstractToken
 {
     private $credentials = 'credentials_value';
diff --git a/src/Symfony/Component/Validator/Constraints/ExpressionLanguageSyntax.php b/src/Symfony/Component/Validator/Constraints/ExpressionLanguageSyntax.php
@@ -29,8 +29,7 @@ class ExpressionLanguageSyntax extends Constraint
 
     public $message = 'This value should be a valid expression.';
     public $service;
-    public $validateNames = true;
-    public $names = [];
+    public $allowedVariables = null;
 
     /**
      * {@inheritdoc}
diff --git a/src/Symfony/Component/Validator/Constraints/ExpressionLanguageSyntaxValidator.php b/src/Symfony/Component/Validator/Constraints/ExpressionLanguageSyntaxValidator.php
@@ -16,6 +16,7 @@
 use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\ConstraintValidator;
 use Symfony\Component\Validator\Exception\UnexpectedTypeException;
+use Symfony\Component\Validator\Exception\UnexpectedValueException;
 
 /**
  * @author Andrey Sevastianov <mrpkmail@gmail.com>
@@ -39,15 +40,15 @@ public function validate($expression, Constraint $constraint): void
         }
 
         if (!\is_string($expression)) {
-            throw new UnexpectedTypeException($expression, 'string');
+            throw new UnexpectedValueException($expression, 'string');
         }
 
         if (null === $this->expressionLanguage) {
             $this->expressionLanguage = new ExpressionLanguage();
         }
 
         try {
-            $this->expressionLanguage->lint($expression, ($constraint->validateNames ? ($constraint->names ?? []) : null));
+            $this->expressionLanguage->lint($expression, $constraint->allowedVariables);
         } catch (SyntaxError $exception) {
             $this->context->buildViolation($constraint->message)
                 ->setParameter('{{ syntax_error }}', $this->formatValue($exception->getMessage()))
diff --git a/src/Symfony/Component/Validator/Tests/Constraints/ExpressionLanguageSyntaxValidatorTest.php b/src/Symfony/Component/Validator/Tests/Constraints/ExpressionLanguageSyntaxValidatorTest.php
@@ -18,7 +18,7 @@
 use Symfony\Component\Validator\Constraints\ExpressionLanguageSyntaxValidator;
 use Symfony\Component\Validator\Test\ConstraintValidatorTestCase;
 
-class ExpressionLanguageSyntaxTest extends ConstraintValidatorTestCase
+class ExpressionLanguageSyntaxValidatorTest extends ConstraintValidatorTestCase
 {
     /**
      * @var \PHPUnit\Framework\MockObject\MockObject|ExpressionLanguage
@@ -45,6 +45,7 @@ public function testExpressionValid(): void
 
         $this->validator->validate($this->value, new ExpressionLanguageSyntax([
             'message' => 'myMessage',
+            'allowedVariables' => [],
         ]));
 
         $this->assertNoViolation();
@@ -58,7 +59,6 @@ public function testExpressionWithoutNames(): void
 
         $this->validator->validate($this->value, new ExpressionLanguageSyntax([
             'message' => 'myMessage',
-            'validateNames' => false,
         ]));
 
         $this->assertNoViolation();
@@ -73,6 +73,7 @@ public function testExpressionIsNotValid(): void
 
         $this->validator->validate($this->value, new ExpressionLanguageSyntax([
             'message' => 'myMessage',
+            'allowedVariables' => [],
         ]));
 
         $this->buildViolation('myMessage')

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ private function httpClientThatHasTracedRequests($tracedRequests): TraceableHttp`
`172`	`172`
`173`	`173`	`foreach ($tracedRequests as $request) {`
`174`	`174`	`$response = $httpClient->request($request['method'], $request['url'], $request['options'] ?? []);`
`175`		`- $response->getContent(false); // To avoid exception in ResponseTrait::doDestruct`
	`175`	`+ $response->getContent(false); // disables exceptions from destructors`
`176`	`176`	`}`
`177`	`177`
`178`	`178`	`return $httpClient;`
Original file line number	Diff line number	Diff line change
`@@ -270,10 +270,13 @@ private function hasUserChanged(UserInterface $user): bool`
`270`	`270`	`return true;`
`271`	`271`	`}`
`272`	`272`
`273`		`- $currentUserRoles = array_map('strval', (array) $this->user->getRoles());`
`274`	`273`	`$userRoles = array_map('strval', (array) $user->getRoles());`
`275`	`274`
`276`		`- if (\count($userRoles) !== \count($currentUserRoles) \|\| \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {`
	`275`	`+ if ($this instanceof SwitchUserToken) {`
	`276`	`+ $userRoles[] = 'ROLE_PREVIOUS_ADMIN';`
	`277`	`+ }`
	`278`	`+`
	`279`	`+ if (\count($userRoles) !== \count($this->getRoleNames()) \|\| \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {`
`277`	`280`	`return true;`
`278`	`281`	`}`
`279`	`282`