Thanks to visit codestin.com
Credit goes to github.com

Skip to content

UserLoader Not Called #50511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cesurapp opened this issue May 31, 2023 · 1 comment
Closed

UserLoader Not Called #50511

cesurapp opened this issue May 31, 2023 · 1 comment
Labels
Bug Security Status: Needs Review

Comments

@cesurapp
Copy link
Contributor

Symfony version(s) affected

6.3

Description

Always using the default userLoader.

AccessTokenHandler:

readonly class AccessTokenHandler implements AccessTokenHandlerInterface
{
    public function __construct(private UserRepository $userRepo, private JWT $jwt)
    {
    }

    public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
    {
        $userId = $this->decodeJWT($accessToken)['id'];
        $user = $this->userRepo->find($userId);

        return new UserBadge($userId, fn () => $user);
    }
    ....
}

How to reproduce

class UserRepository extends ApiServiceEntityRepository implements PasswordUpgraderInterface, UserLoaderInterface
{
    public function loadUserByIdentifier(string|int $identifier): ?User
    {
        $q = $this->createQueryBuilder('q');

        if (is_numeric($identifier)) {
            $q->where('q.phone = :identity')->setParameter('identity', (int) $identifier);
        } else {
            $q->where('q.email = :identity')->setParameter('identity', $identifier);
        }

        return $q->getQuery()->getOneOrNullResult();
    }
    ....
}

Possible Solution

Before:
if (null === $userBadge->getUserLoader() && $this->userProvider) {

New Code:
https://github.com/vincentchalamon/symfony/blob/99a35f0fc32a7b5250aab5530129bae318c95209/src/Symfony/Component/Security/Http/Authenticator/AccessTokenAuthenticator.php#LL62C35-L62C35

Feature:
#48272

Additional Context

No response
@cesurapp cesurapp added the Bug label May 31, 2023
@chalasr
Copy link
Member

chalasr commented May 31, 2023

Would you mind sending a PR?

@cesurapp cesurapp mentioned this issue May 31, 2023
Closed
@xabbuh xabbuh added the Security label Jun 5, 2023
This was referenced Jul 25, 2023
Closed
Merged
guillaumesmo added a commit to guillaumesmo/symfony that referenced this issue Jul 25, 2023
@guillaumesmo
Fix breaking change in AccessTokenAuthenticator
6f6bc12 
fixes symfony#50511
guillaumesmo added a commit to guillaumesmo/symfony that referenced this issue Jul 25, 2023
@guillaumesmo
Fix breaking change in AccessTokenAuthenticator
99a217f 
fixes symfony#50511
guillaumesmo added a commit to guillaumesmo/symfony that referenced this issue Jul 26, 2023
@guillaumesmo
Fix breaking change in AccessTokenAuthenticator
ea93785 
fixes symfony#50511
guillaumesmo added a commit to guillaumesmo/symfony that referenced this issue Jul 28, 2023
@guillaumesmo
Fix breaking change in AccessTokenAuthenticator
21532cb 
fixes symfony#50511
@fabpot fabpot closed this as completed Aug 25, 2023
fabpot added a commit that referenced this issue Aug 25, 2023
@fabpot
bug #51104 [Security] Fix loading user from UserBadge (guillaumesmo)
0ef6b32 
This PR was merged into the 6.3 branch.

Discussion
----------

[Security] Fix loading user from UserBadge

| Q             | A
| ------------- | ---
| Branch?       | 6.3
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #50511
| License       | MIT
| Doc PR        | none

Fixed a breaking change from https://github.com/symfony/symfony/pull/48272/files#diff-de9707bb338188f62878f2ebd42e7a7bf9547f6d0bf07a4fcd9c386c263c601b

Commits
-------

21532cb Fix breaking change in AccessTokenAuthenticator
@guillaumesmo guillaumesmo mentioned this issue Aug 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Security Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@fabpot @xabbuh @chalasr @cesurapp @carsonbot