Skip to content

Commit e64b44b

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '3.4' into 4.3
* 3.4: [Intl] Update the ICU data to 65.1 [VarDumper] fix dumping uninitialized SplFileInfo Added missing translations. Fixed invalid VarDumper upgrade doc. [HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array Don't let falsey usernames slip through
2 parents 1d36e2a + fb11079 commit e64b44b

File tree

2 files changed

+35
-2
lines changed

2 files changed

+35
-2
lines changed

Firewall/SwitchUserListener.php

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,9 +82,16 @@ public function __construct(TokenStorageInterface $tokenStorage, UserProviderInt
8282
public function __invoke(RequestEvent $event)
8383
{
8484
$request = $event->getRequest();
85-
$username = $request->get($this->usernameParameter) ?: $request->headers->get($this->usernameParameter);
8685

87-
if (!$username) {
86+
// usernames can be falsy
87+
$username = $request->get($this->usernameParameter);
88+
89+
if (null === $username || '' === $username) {
90+
$username = $request->headers->get($this->usernameParameter);
91+
}
92+
93+
// if it's still "empty", nothing to do.
94+
if (null === $username || '' === $username) {
8895
return;
8996
}
9097

Tests/Firewall/SwitchUserListenerTest.php

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -212,6 +212,32 @@ public function testSwitchUser()
212212
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $this->tokenStorage->getToken());
213213
}
214214

215+
public function testSwitchUserWorksWithFalsyUsernames()
216+
{
217+
$token = new UsernamePasswordToken('username', '', 'key', ['ROLE_FOO']);
218+
$user = new User('username', 'password', []);
219+
220+
$this->tokenStorage->setToken($token);
221+
$this->request->query->set('_switch_user', '0');
222+
223+
$this->accessDecisionManager->expects($this->once())
224+
->method('decide')->with($token, ['ROLE_ALLOWED_TO_SWITCH'])
225+
->willReturn(true);
226+
227+
$this->userProvider->expects($this->once())
228+
->method('loadUserByUsername')->with('0')
229+
->willReturn($user);
230+
$this->userChecker->expects($this->once())
231+
->method('checkPostAuth')->with($user);
232+
233+
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
234+
$listener->handle($this->event);
235+
236+
$this->assertSame([], $this->request->query->all());
237+
$this->assertSame('', $this->request->server->get('QUERY_STRING'));
238+
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $this->tokenStorage->getToken());
239+
}
240+
215241
public function testSwitchUserKeepsOtherQueryStringParameters()
216242
{
217243
$token = new UsernamePasswordToken('username', '', 'key', ['ROLE_FOO']);

0 commit comments

Comments
 (0)