Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 16da686

Browse files
dmaicherdmaicher
committed
[Security] fix switch user _exit without having current token
1 parent c4abc15 commit 16da686

File tree

2 files changed

+12
-1
lines changed

2 files changed

+12
-1
lines changed

src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ private function attemptSwitchUser(Request $request)
158158
*/
159159
private function attemptExitUser(Request $request)
160160
{
161-
if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) {
161+
if (null === ($currentToken = $this->tokenStorage->getToken()) || false === $original = $this->getOriginalToken($currentToken)) {
162162
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
163163
}
164164

src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,17 @@ public function testEventIsIgnoredIfUsernameIsNotPassedWithTheRequest()
6565
$this->assertNull($this->tokenStorage->getToken());
6666
}
6767

68+
/**
69+
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
70+
*/
71+
public function testExitUserThrowsAuthenticationExceptionIfNoCurrentToken()
72+
{
73+
$this->tokenStorage->setToken(null);
74+
$this->request->query->set('_switch_user', '_exit');
75+
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
76+
$listener->handle($this->event);
77+
}
78+
6879
/**
6980
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
7081
*/

0 commit comments

Comments
 (0)