Skip to content

Commit ce1ee74

Browse files
stlrnznicolas-grekas
stlrnz
authored and
nicolas-grekas
committed
[Security] Do not overwrite already stored tokens for REMOTE_USER authentication
1 parent 07a891f commit ce1ee74

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,17 @@ public function supports(Request $request): ?bool
7979
return false;
8080
}
8181

82+
// do not overwrite already stored tokens from the same user (i.e. from the session)
83+
$token = $this->tokenStorage->getToken();
84+
85+
if ($token instanceof PreAuthenticatedToken && $this->firewallName === $token->getFirewallName() && $token->getUserIdentifier() === $username) {
86+
if (null !== $this->logger) {
87+
$this->logger->debug('Skipping pre-authenticated authenticator as the user already has an existing session.', ['authenticator' => static::class]);
88+
}
89+
90+
return false;
91+
}
92+
8293
$request->attributes->set('_pre_authenticated_username', $username);
8394

8495
return true;

src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use PHPUnit\Framework\TestCase;
1515
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
1617
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
1718
use Symfony\Component\Security\Core\User\InMemoryUser;
1819
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -37,6 +38,17 @@ public function testSupportNoUser()
3738
$this->assertFalse($authenticator->supports($this->createRequest([])));
3839
}
3940

41+
public function testSupportTokenStorageWithToken()
42+
{
43+
$tokenStorage = new TokenStorage();
44+
$tokenStorage->setToken(new PreAuthenticatedToken('username', 'credentials', 'main'));
45+
46+
$authenticator = new RemoteUserAuthenticator(new InMemoryUserProvider(), $tokenStorage, 'main');
47+
48+
$this->assertFalse($authenticator->supports($this->createRequest(['REMOTE_USER' => 'username'])));
49+
$this->assertTrue($authenticator->supports($this->createRequest(['REMOTE_USER' => 'another_username'])));
50+
}
51+
4052
/**
4153
* @dataProvider provideAuthenticators
4254
*/

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy