merged branch vierbergenlars/patch-1 (PR #8854)

fabpot · fabpot · commit 7f3878e1d9df · 2013-08-30T15:07:27.000+02:00
This PR was merged into the master branch. Discussion ---------- [Security] Keep other query string parameters when switching users | Q | A | ---------------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | Doc PR | n/a When switching users, the whole query string gets dropped when redirecting after the switch. I think only the switch user parameter should be dropped from the query string. Commits ------- 0a338f5 [Security] Keep other query string parameters when switching users
diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
@@ -92,7 +92,9 @@ public function handle(GetResponseEvent $event)
             }
         }
 
-        $request->server->set('QUERY_STRING', '');
+        $request->query->remove($this->usernameParameter);
+        $request->server->set('QUERY_STRING', http_build_query($request->query->all()));
+
         $response = new RedirectResponse($request->getUri(), 302);
 
         $event->setResponse($response);
diff --git a/src/Symfony/Component/Security/Tests/Http/Firewall/SwitchUserListenerTest.php b/src/Symfony/Component/Security/Tests/Http/Firewall/SwitchUserListenerTest.php
@@ -34,6 +34,7 @@ protected function setUp()
         $this->userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
         $this->accessDecisionManager = $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface');
         $this->request = $this->getMock('Symfony\Component\HttpFoundation\Request');
+        $this->request->query = $this->getMock('Symfony\Component\HttpFoundation\ParameterBag');
         $this->request->server = $this->getMock('Symfony\Component\HttpFoundation\ServerBag');
         $this->event = $this->getEvent($this->request);
     }
@@ -86,6 +87,8 @@ public function testExitUserUpdatesToken()
 
         $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('_exit'));
         $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/'));
+        $this->request->query->expects($this->once())->method('remove','_switch_user');
+        $this->request->query->expects($this->any())->method('all')->will($this->returnValue(array()));
         $this->request->server->expects($this->once())->method('set')->with('QUERY_STRING', '');
 
         $this->securityContext->expects($this->once())
@@ -123,6 +126,9 @@ public function testSwitchUser()
 
         $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token));
         $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('kuba'));
+        $this->request->query->expects($this->once())->method('remove','_switch_user');
+        $this->request->query->expects($this->any())->method('all')->will($this->returnValue(array()));
+
         $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/'));
         $this->request->server->expects($this->once())->method('set')->with('QUERY_STRING', '');
 
@@ -142,6 +148,35 @@ public function testSwitchUser()
         $listener->handle($this->event);
     }
 
+    public function testSwitchUserKeepsOtherQueryStringParameters()
+    {
+        $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+        $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
+        $user->expects($this->any())->method('getRoles')->will($this->returnValue(array()));
+
+        $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token));
+        $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('kuba'));
+        $this->request->query->expects($this->once())->method('remove','_switch_user');
+        $this->request->query->expects($this->any())->method('all')->will($this->returnValue(array('page'=>3,'section'=>2)));
+        $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/'));
+        $this->request->server->expects($this->once())->method('set')->with('QUERY_STRING', 'page=3&section=2');
+
+        $this->accessDecisionManager->expects($this->once())
+            ->method('decide')->with($token, array('ROLE_ALLOWED_TO_SWITCH'))
+            ->will($this->returnValue(true));
+
+        $this->userProvider->expects($this->once())
+            ->method('loadUserByUsername')->with('kuba')
+            ->will($this->returnValue($user));
+        $this->userChecker->expects($this->once())
+            ->method('checkPostAuth')->with($user);
+        $this->securityContext->expects($this->once())
+            ->method('setToken')->with($this->isInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken'));
+
+        $listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
+        $listener->handle($this->event);
+    }
+
     private function getEvent($request)
     {
         $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent')

Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,9 @@ public function handle(GetResponseEvent $event)`
`92`	`92`	`}`
`93`	`93`	`}`
`94`	`94`
`95`		`- $request->server->set('QUERY_STRING', '');`
	`95`	`+ $request->query->remove($this->usernameParameter);`
	`96`	`+ $request->server->set('QUERY_STRING', http_build_query($request->query->all()));`
	`97`	`+`
`96`	`98`	`$response = new RedirectResponse($request->getUri(), 302);`
`97`	`99`
`98`	`100`	`$event->setResponse($response);`