Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2e4670d

Browse files
ddeboerfabpot
ddeboer
authored and
fabpot
committed
[Security] Fix parent serialization of user object
1 parent 6a9c223 commit 2e4670d

File tree

2 files changed

+49
-1
lines changed

2 files changed

+49
-1
lines changed

src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,14 @@ public function eraseCredentials()
146146
*/
147147
public function serialize()
148148
{
149-
return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes));
149+
return serialize(
150+
array(
151+
is_object($this->user) ? clone $this->user : $this->user,
152+
$this->authenticated,
153+
$this->roles,
154+
$this->attributes
155+
)
156+
);
150157
}
151158

152159
/**

src/Symfony/Component/Security/Tests/Core/Authentication/Token/AbstractTokenTest.php

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,9 @@
1111

1212
namespace Symfony\Component\Security\Tests\Core\Authentication\Token;
1313

14+
use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
1415
use Symfony\Component\Security\Core\Role\Role;
16+
use Symfony\Component\Security\Core\Role\SwitchUserRole;
1517

1618
class TestUser
1719
{
@@ -28,6 +30,31 @@ public function __toString()
2830
}
2931
}
3032

33+
class ConcreteToken extends AbstractToken
34+
{
35+
private $credentials = 'credentials_value';
36+
37+
public function __construct($user, array $roles = array())
38+
{
39+
parent::__construct($roles);
40+
41+
$this->setUser($user);
42+
}
43+
44+
public function serialize()
45+
{
46+
return serialize(array($this->credentials, parent::serialize()));
47+
}
48+
49+
public function unserialize($serialized)
50+
{
51+
list($this->credentials, $parentStr) = unserialize($serialized);
52+
parent::unserialize($parentStr);
53+
}
54+
55+
public function getCredentials() {}
56+
}
57+
3158
class AbstractTokenTest extends \PHPUnit_Framework_TestCase
3259
{
3360
public function testGetUsername()
@@ -71,6 +98,20 @@ public function testSerialize()
7198
$this->assertEquals($token->getAttributes(), $uToken->getAttributes());
7299
}
73100

101+
public function testSerializeParent()
102+
{
103+
$user = new TestUser('fabien');
104+
$token = new ConcreteToken($user, array('ROLE_FOO'));
105+
106+
$parentToken = new ConcreteToken($user, array(new SwitchUserRole('ROLE_PREVIOUS', $token)));
107+
$uToken = unserialize(serialize($parentToken));
108+
109+
$this->assertEquals(
110+
current($parentToken->getRoles())->getSource()->getUser(),
111+
current($uToken->getRoles())->getSource()->getUser()
112+
);
113+
}
114+
74115
/**
75116
* @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::__construct
76117
*/

0 commit comments

Comments
 (0)