From 1bce959c3cdd3f92dada6821eb91ab14f6dc9281 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Wac=C5=82awczyk?= Date: Wed, 11 Sep 2013 21:24:30 +0200 Subject: [PATCH 1/2] [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role. --- .../Provider/UserAuthenticationProvider.php | 26 ++++++++++- .../UserAuthenticationProviderTest.php | 44 ++++++++++++++++++- 2 files changed, 68 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php index 626f50b8b59f9..67a6abdcdb944 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -19,6 +19,7 @@ use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Role\SwitchUserRole; /** * UserProviderInterface retrieves users for UsernamePasswordToken tokens. @@ -92,7 +93,7 @@ public function authenticate(TokenInterface $token) throw $e; } - $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); + $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token)); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; @@ -106,6 +107,29 @@ public function supports(TokenInterface $token) return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey(); } + /** + * Retrives roles from user and appends SwitchUserRole if original token contained one. + * + * @param \Symfony\Component\Security\Core\User\UserInterface $user + * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token + * + * @return \Symfony\Component\Security\Core\Role\SwitchUserRole + */ + protected function getRoles(UserInterface $user, TokenInterface $token) + { + $roles = $user->getRoles(); + + foreach ($token->getRoles() as $role) { + if ($role instanceof SwitchUserRole) { + $roles[] = $role; + + break; + } + } + + return $roles; + } + /** * Retrieves the user from an implementation-specific location. * diff --git a/src/Symfony/Component/Security/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php b/src/Symfony/Component/Security/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php index 1516a5f279667..22a7e5d1f4d13 100644 --- a/src/Symfony/Component/Security/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php @@ -13,6 +13,7 @@ use Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider; use Symfony\Component\Security\Core\Role\Role; +use Symfony\Component\Security\Core\Role\SwitchUserRole; use Symfony\Component\Security\Core\Exception\BadCredentialsException; class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase @@ -172,6 +173,11 @@ public function testAuthenticate() ->will($this->returnValue('foo')) ; + $token->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array())) + ; + $authToken = $provider->authenticate($token); $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken); @@ -181,9 +187,45 @@ public function testAuthenticate() $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes'); } + public function testAuthenticateWithPreservingRoleSwitchUserRole() + { + $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array('ROLE_FOO'))) + ; + + $provider = $this->getProvider(); + $provider->expects($this->once()) + ->method('retrieveUser') + ->will($this->returnValue($user)) + ; + + $token = $this->getSupportedToken(); + $token->expects($this->once()) + ->method('getCredentials') + ->will($this->returnValue('foo')) + ; + + $switchUserRole = new SwitchUserRole('foo', $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')); + $token->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array($switchUserRole))) + ; + + $authToken = $provider->authenticate($token); + + $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken); + $this->assertSame($user, $authToken->getUser()); + $this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false); + $this->assertContains($switchUserRole, $authToken->getRoles()); + $this->assertEquals('foo', $authToken->getCredentials()); + $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes'); + } + protected function getSupportedToken() { - $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getProviderKey'), array(), '', false); + $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getProviderKey', 'getRoles'), array(), '', false); $mock ->expects($this->any()) ->method('getProviderKey') From d04bc919d1d5370fc348e48498a4f005e027e6e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Wac=C5=82awczyk?= Date: Sat, 7 Dec 2013 19:14:31 +0100 Subject: [PATCH 2/2] [Security] Fix phpdocs. --- .../Provider/UserAuthenticationProvider.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php index 67a6abdcdb944..18c3e70ade514 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -108,14 +108,14 @@ public function supports(TokenInterface $token) } /** - * Retrives roles from user and appends SwitchUserRole if original token contained one. + * Retrieves roles from user and appends SwitchUserRole if original token contained one. * - * @param \Symfony\Component\Security\Core\User\UserInterface $user - * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token + * @param UserInterface $user The user + * @param TokenInterface $token The token * - * @return \Symfony\Component\Security\Core\Role\SwitchUserRole + * @return Role[] The user roles */ - protected function getRoles(UserInterface $user, TokenInterface $token) + private function getRoles(UserInterface $user, TokenInterface $token) { $roles = $user->getRoles();