Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 243937a

Browse files
stlrnzstlrnz
committed
[Securitiy] do not overwrite already stored tokens (i.e. from the session)
1 parent 07a891f commit 243937a

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,11 @@ abstract protected function extractUsername(Request $request): ?string;
5959

6060
public function supports(Request $request): ?bool
6161
{
62+
// do not overwrite already stored tokens (i.e. from the session)
63+
if (null !== $this->tokenStorage->getToken()) {
64+
return false;
65+
}
66+
6267
try {
6368
$username = $this->extractUsername($request);
6469
} catch (BadCredentialsException $e) {

src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,24 @@
1313

1414
use PHPUnit\Framework\TestCase;
1515
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
1617
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
1718
use Symfony\Component\Security\Core\User\InMemoryUser;
1819
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
1920
use Symfony\Component\Security\Http\Authenticator\RemoteUserAuthenticator;
2021

2122
class RemoteUserAuthenticatorTest extends TestCase
2223
{
24+
public function testSupportsTokenStorageWithToken()
25+
{
26+
$tokenStorage = new TokenStorage();
27+
$tokenStorage->setToken(new PreAuthenticatedToken('username', 'credentials', 'main'));
28+
29+
$authenticator = new RemoteUserAuthenticator(new InMemoryUserProvider(), $tokenStorage, 'main');
30+
31+
$this->assertFalse($authenticator->supports(Request::create('/')));
32+
}
33+
2334
/**
2435
* @dataProvider provideAuthenticators
2536
*/

0 commit comments

Comments
 (0)