diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
index 90cba25d64382..f3d01668c2244 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
@@ -75,7 +75,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
protected function retrieveUser($username, UsernamePasswordToken $token)
{
$user = $token->getUser();
- if ($user instanceof UserInterface) {
+ if ($user instanceof UserInterface && $token->isAuthenticated()) {
return $user;
}
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
index 7538648b1329f..d9f3e2c0dd00e 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -110,9 +110,9 @@ public function setUser($user)
if ($changed) {
$this->setAuthenticated(false);
+ } else {
+ $this->user = $user;
}
-
- $this->user = $user;
}
/**
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php
index 3eedb8e5842ac..265d2ade974c2 100644
--- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php
@@ -78,6 +78,10 @@ public function testRetrieveUserReturnsUserFromTokenOnReauthentication()
->method('getUser')
->will($this->returnValue($user))
;
+ $token->expects($this->once())
+ ->method('isAuthenticated')
+ ->will($this->returnValue(true))
+ ;
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface'));
$reflection = new \ReflectionMethod($provider, 'retrieveUser');
@@ -260,7 +264,7 @@ public function testCheckAuthentication()
protected function getSupportedToken()
{
- $mock = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false);
+ $mock = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey', 'isAuthenticated'), array(), '', false);
$mock
->expects($this->any())
->method('getProviderKey')
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
index 1a786d7c4543e..ae0c59530e41b 100644
--- a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
@@ -65,9 +65,11 @@ public function testGetUsername()
$token->setUser('fabien');
$this->assertEquals('fabien', $token->getUsername());
+ $token = $this->getToken(array('ROLE_FOO'));
$token->setUser(new TestUser('fabien'));
$this->assertEquals('fabien', $token->getUsername());
+ $token = $this->getToken(array('ROLE_FOO'));
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->once())->method('getUsername')->will($this->returnValue('fabien'));
$token->setUser($user);
diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
index 98f5ac04be303..55879ee7a7d82 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -12,6 +12,7 @@
namespace Symfony\Component\Security\Http\Firewall;
use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
@@ -203,6 +204,15 @@ private function startAuthentication(Request $request, AuthenticationException $
}
}
+ if ($authException instanceof BadCredentialsException) {
+ // remove the security token to prevent infinite redirect loops
+ $this->tokenStorage->setToken(null);
+
+ if (null !== $this->logger) {
+ $this->logger->info('The security token was removed due to a BadCredentialsException.', array('exception' => $authException));
+ }
+ }
+
$response = $this->authenticationEntryPoint->start($request, $authException);
if (!$response instanceof Response) {
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy