Skip to content

Undefined array key when trying to reuse old token after upgrading to Symfony 5.2 #39177

New issue
New issue
Closed
Closed
Undefined array key when trying to reuse old token after upgrading to Symfony 5.2#39177
Labels
BugSecurityStatus: Reviewed
@PhilETaylor

Description

@PhilETaylor
PhilETaylor
opened on Nov 26, 2020

Symfony version(s) affected: 5.2.0-rc2 tested

Description

Reusing existing token after upgrade causes "ErrorException: Warning: Undefined array key 2" error on first page load only

How to reproduce

Run your app in Symfony 4... login...
Composer upgrade to 5.2.0-rc2
Reload browser window
See ErrorException error

ErrorException:
Warning: Undefined array key 2

  at vendor/symfony/security-core/Authentication/Token/SwitchUserToken.php:62
  at Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken->__unserialize()
  at unserialize()
     (vendor/symfony/security-http/Firewall/ContextListener.php:287)
  at Symfony\Component\Security\Http\Firewall\ContextListener->safelyUnserialize()
     (vendor/symfony/security-http/Firewall/ContextListener.php:121)
  at Symfony\Component\Security\Http\Firewall\ContextListener->authenticate()
     (vendor/symfony/security-bundle/Debug/WrappedLazyListener.php:49)
  at Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener->authenticate()
     (vendor/symfony/security-bundle/Security/LazyFirewallContext.php:73)
  at Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext->Symfony\Bundle\SecurityBundle\Security\{closure}()
     (vendor/symfony/security-core/Authentication/Token/Storage/TokenStorage.php:37)
  at Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage->getToken()
     (vendor/symfony/security-core/Authentication/Token/Storage/UsageTrackingTokenStorage.php:46)
  at Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage->getToken()
     (vendor/sentry/sentry-symfony/src/EventListener/RequestListener.php:76)
  at Sentry\SentryBundle\EventListener\RequestListener->onKernelRequest()
     (vendor/symfony/event-dispatcher/Debug/WrappedListener.php:117)
  at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke()
     (vendor/symfony/event-dispatcher/EventDispatcher.php:230)
  at Symfony\Component\EventDispatcher\EventDispatcher->callListeners()
     (vendor/symfony/event-dispatcher/EventDispatcher.php:59)
  at Symfony\Component\EventDispatcher\EventDispatcher->dispatch()
     (vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:151)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch()
     (vendor/symfony/http-kernel/HttpKernel.php:133)
  at Symfony\Component\HttpKernel\HttpKernel->handleRaw()
     (vendor/symfony/http-kernel/HttpKernel.php:79)
  at Symfony\Component\HttpKernel\HttpKernel->handle()
     (vendor/symfony/http-kernel/Kernel.php:195)
  at Symfony\Component\HttpKernel\Kernel->handle()
     (public/index.php:31)

Possible Solution
Simple better handling of array data?

Additional context
Problem caused by __unserialize of the data array

symfony/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php

Line 62 in 49eafee

[$this->originalToken, $this->originatedFromUri, $parentData] = $data;

Change that caused this was c1e3703 for PR #32841 from @dFayet

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSecurityStatus: Reviewed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions