Skip to content
This repository was archived by the owner on May 31, 2024. It is now read-only.

Commit a2d134b

Browse files
rvanlaakxabbuh
rvanlaak
authored and
xabbuh
committed
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet. load user by UserInterface instead of username
1 parent 5cabfec commit a2d134b

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

Http/Firewall/SwitchUserListener.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,8 @@ private function attemptExitUser(Request $request)
163163
}
164164

165165
if (null !== $this->dispatcher) {
166-
$switchEvent = new SwitchUserEvent($request, $original->getUser());
166+
$user = $this->provider->refreshUser($original->getUser());
167+
$switchEvent = new SwitchUserEvent($request, $user);
167168
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent);
168169
}
169170

0 commit comments

Comments
 (0)