diff --git a/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
index a5736aecd800c..7317967125e1f 100644
--- a/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
@@ -79,6 +79,17 @@ public function supports(Request $request): ?bool
return false;
}
+ // do not overwrite already stored tokens from the same user (i.e. from the session)
+ $token = $this->tokenStorage->getToken();
+
+ if ($token instanceof PreAuthenticatedToken && $this->firewallName === $token->getFirewallName() && $token->getUserIdentifier() === $username) {
+ if (null !== $this->logger) {
+ $this->logger->debug('Skipping pre-authenticated authenticator as the user already has an existing session.', ['authenticator' => static::class]);
+ }
+
+ return false;
+ }
+
$request->attributes->set('_pre_authenticated_username', $username);
return true;
diff --git a/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php b/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php
index 46454e6aaf86a..d1322ec4a3164 100644
--- a/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php
@@ -13,6 +13,7 @@
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
use Symfony\Component\Security\Core\User\InMemoryUser;
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -37,6 +38,17 @@ public function testSupportNoUser()
$this->assertFalse($authenticator->supports($this->createRequest([])));
}
+ public function testSupportTokenStorageWithToken()
+ {
+ $tokenStorage = new TokenStorage();
+ $tokenStorage->setToken(new PreAuthenticatedToken('username', 'credentials', 'main'));
+
+ $authenticator = new RemoteUserAuthenticator(new InMemoryUserProvider(), $tokenStorage, 'main');
+
+ $this->assertFalse($authenticator->supports($this->createRequest(['REMOTE_USER' => 'username'])));
+ $this->assertTrue($authenticator->supports($this->createRequest(['REMOTE_USER' => 'another_username'])));
+ }
+
/**
* @dataProvider provideAuthenticators
*/
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy