From 5113886f34b4d6224a28ebefb5e71515e291d1a9 Mon Sep 17 00:00:00 2001
From: Jeremy Mikola <jmikola@gmail.com>
Date: Wed, 23 Feb 2011 16:03:01 -0500
Subject: [PATCH] [Security] Copy token attributes when auth providers create a
 new token from another

PreAuthenticatedAuthenticationProvider and UserAuthenticationProvider tend to copy a token instead of modifying it during their authenticate() methods, which is probably a good idea if the token might be immutable. Ensure that the token's attributes get copied along with everything else.
---
 .../Provider/PreAuthenticatedAuthenticationProvider.php      | 5 ++++-
 .../Authentication/Provider/UserAuthenticationProvider.php   | 5 ++++-
 .../Provider/PreAuthenticatedAuthenticationProviderTest.php  | 3 +++
 .../Provider/UserAuthenticationProviderTest.php              | 3 +++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
index 17443b967cc86..c67e586fc76a4 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
@@ -68,7 +68,10 @@ public function authenticate(TokenInterface $token)
 
         $this->accountChecker->checkPostAuth($user);
 
-        return new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+        $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+        $authenticatedToken->setAttributes($token->getAttributes());
+
+        return $authenticatedToken;
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
index 6947de3d4ffde..d59a3862b2712 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
@@ -70,7 +70,10 @@ public function authenticate(TokenInterface $token)
             $this->checkAuthentication($user, $token);
             $this->accountChecker->checkPostAuth($user);
 
-            return new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+            $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+            $authenticatedToken->setAttributes($token->getAttributes());
+
+            return $authenticatedToken;
         } catch (UsernameNotFoundException $notFound) {
             if ($this->hideUserNotFoundExceptions) {
                 throw new BadCredentialsException('Bad credentials', 0, $notFound);
diff --git a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php
index 0ffbe85c35cc9..ca2a459e5f5cf 100644
--- a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php
+++ b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php
@@ -60,6 +60,7 @@ public function testAuthenticate()
         $this->assertEquals('pass', $token->getCredentials());
         $this->assertEquals('key', $token->getProviderKey());
         $this->assertEquals(array(), $token->getRoles());
+        $this->assertEquals(array('foo' => 'bar'), $token->getAttributes(), '->authenticate() copies token attributes');
         $this->assertSame($user, $token->getUser());
     }
 
@@ -103,6 +104,8 @@ protected function getSupportedToken($user = false, $credentials = false)
             ->will($this->returnValue('key'))
         ;
 
+        $token->setAttributes(array('foo' => 'bar'));
+
         return $token;
     }
 
diff --git a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php
index 5c72920a32578..2f6fcc7053c25 100644
--- a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php
+++ b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php
@@ -157,6 +157,7 @@ public function testAuthenticate()
         $this->assertSame($user, $authToken->getUser());
         $this->assertEquals(array(new Role('ROLE_FOO')), $authToken->getRoles());
         $this->assertEquals('foo', $authToken->getCredentials());
+        $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
     }
 
     protected function getSupportedToken()
@@ -168,6 +169,8 @@ protected function getSupportedToken()
             ->will($this->returnValue('key'))
         ;
 
+        $mock->setAttributes(array('foo' => 'bar'));
+
         return $mock;
     }