From 35b97b920781ce6430fbb4ab1899463ae5c3fd5c Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Fri, 19 Jul 2024 09:42:17 +0200 Subject: [PATCH] pass the current token to the checkPostAuth() method of user checkers --- UPGRADE-7.2.md | 1 + src/Symfony/Component/Security/Core/CHANGELOG.md | 1 + .../Security/Core/User/ChainUserChecker.php | 12 ++++++++++-- .../Security/Core/User/UserCheckerInterface.php | 2 +- src/Symfony/Component/Security/Http/CHANGELOG.md | 1 + .../Http/EventListener/UserCheckerListener.php | 2 +- .../Security/Http/Firewall/SwitchUserListener.php | 2 +- .../Tests/EventListener/UserCheckerListenerTest.php | 8 ++++++++ .../Http/Tests/Firewall/SwitchUserListenerTest.php | 2 +- 9 files changed, 25 insertions(+), 6 deletions(-) diff --git a/UPGRADE-7.2.md b/UPGRADE-7.2.md index a9bb8322d15f3..d5c8c2911cd7d 100644 --- a/UPGRADE-7.2.md +++ b/UPGRADE-7.2.md @@ -11,6 +11,7 @@ If you're upgrading from a version below 7.1, follow the [7.1 upgrade guide](UPG Security -------- + * Add `$token` argument to `UserCheckerInterface::checkPostAuth()` * Deprecate argument `$secret` of `RememberMeToken` and `RememberMeAuthenticator` String diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md index 208f0d4854305..ac99a3c0b243f 100644 --- a/src/Symfony/Component/Security/Core/CHANGELOG.md +++ b/src/Symfony/Component/Security/Core/CHANGELOG.md @@ -4,6 +4,7 @@ CHANGELOG 7.2 --- + * Add `$token` argument to `UserCheckerInterface::checkPostAuth()` * Deprecate argument `$secret` of `RememberMeToken` 7.0 diff --git a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php index f889d35d55145..67fd76b9c1a55 100644 --- a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php +++ b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\User; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; + final class ChainUserChecker implements UserCheckerInterface { /** @@ -27,10 +29,16 @@ public function checkPreAuth(UserInterface $user): void } } - public function checkPostAuth(UserInterface $user): void + public function checkPostAuth(UserInterface $user /*, TokenInterface $token*/): void { + $token = 1 < \func_num_args() ? func_get_arg(1) : null; + foreach ($this->checkers as $checker) { - $checker->checkPostAuth($user); + if ($token instanceof TokenInterface) { + $checker->checkPostAuth($user, $token); + } else { + $checker->checkPostAuth($user); + } } } } diff --git a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php index 480ba7b5c6176..2dc748aa7dc6b 100644 --- a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php +++ b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php @@ -35,5 +35,5 @@ public function checkPreAuth(UserInterface $user): void; * * @throws AccountStatusException */ - public function checkPostAuth(UserInterface $user): void; + public function checkPostAuth(UserInterface $user /*, TokenInterface $token*/): void; } diff --git a/src/Symfony/Component/Security/Http/CHANGELOG.md b/src/Symfony/Component/Security/Http/CHANGELOG.md index b3d38d924e7d1..487deb4674f05 100644 --- a/src/Symfony/Component/Security/Http/CHANGELOG.md +++ b/src/Symfony/Component/Security/Http/CHANGELOG.md @@ -4,6 +4,7 @@ CHANGELOG 7.2 --- + * Pass the current token to the `checkPostAuth()` method of user checkers * Deprecate argument `$secret` of `RememberMeAuthenticator` 7.1 diff --git a/src/Symfony/Component/Security/Http/EventListener/UserCheckerListener.php b/src/Symfony/Component/Security/Http/EventListener/UserCheckerListener.php index d5e0cc5edf07f..9de200dd3af51 100644 --- a/src/Symfony/Component/Security/Http/EventListener/UserCheckerListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/UserCheckerListener.php @@ -47,7 +47,7 @@ public function postCheckCredentials(AuthenticationSuccessEvent $event): void return; } - $this->userChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user, $event->getAuthenticationToken()); } public static function getSubscribedEvents(): array diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php index 63b1f036b8abc..81707d75743ed 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php @@ -163,7 +163,7 @@ private function attemptSwitchUser(Request $request, string $username): ?TokenIn $this->logger?->info('Attempting to switch to user.', ['username' => $username]); - $this->userChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user, $token); $roles = $user->getRoles(); $originatedFromUri = str_replace('/&', '/?', preg_replace('#[&?]'.$this->usernameParameter.'=[^&]*#', '', $request->getRequestUri())); diff --git a/src/Symfony/Component/Security/Http/Tests/EventListener/UserCheckerListenerTest.php b/src/Symfony/Component/Security/Http/Tests/EventListener/UserCheckerListenerTest.php index 3d9da4028300a..f47af8f5d7bd1 100644 --- a/src/Symfony/Component/Security/Http/Tests/EventListener/UserCheckerListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/EventListener/UserCheckerListenerTest.php @@ -58,6 +58,14 @@ public function testPostAuthValidCredentials() $this->listener->postCheckCredentials(new AuthenticationSuccessEvent(new PostAuthenticationToken($this->user, 'main', []))); } + public function testTokenIsPassedToPost() + { + $token = new PostAuthenticationToken($this->user, 'main', []); + $this->userChecker->expects($this->once())->method('checkPostAuth')->with($this->user, $token); + + $this->listener->postCheckCredentials(new AuthenticationSuccessEvent($token)); + } + private function createCheckPassportEvent($passport = null) { $passport ??= new SelfValidatingPassport(new UserBadge('test', fn () => $this->user)); diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php index 46da56485d529..e7e96f7257a67 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php @@ -184,7 +184,7 @@ public function testSwitchUser() ->willReturn(true); $this->userChecker->expects($this->once()) - ->method('checkPostAuth')->with($this->callback(fn ($user) => 'kuba' === $user->getUserIdentifier())); + ->method('checkPostAuth')->with($this->callback(fn ($user) => 'kuba' === $user->getUserIdentifier()), $token); $listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager); $listener($this->event); pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy