Skip to content

Check provider supports user class #29653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Check provider supports user class #29653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
839b143
Check provider supports user class
HTMLGuyLLC Dec 19, 2018
9a20ca0
Update CHANGELOG.md
HTMLGuyLLC Dec 19, 2018
37cbd02
Update ContextListener.php
HTMLGuyLLC Dec 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ CHANGELOG
4.2.0
-----

* added a `supportsClass()` check prior to `refreshUser()` for each user provider
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be reverted, if this is a bugfix it should be based off the 3.4 branch. And for bugfixes we do not add entries to the components changelog files. If this is a new feature, it will be part of 4.3.

* added the `is_granted()` function in security expressions
* deprecated the `has_role()` function in security expressions, use `is_granted()` instead
* Passing custom class names to the
Expand Down
20 changes: 15 additions & 5 deletions src/Symfony/Component/Security/Http/Firewall/ContextListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,11 +164,21 @@ protected function refreshUser(TokenInterface $token)
$userDeauthenticated = false;

foreach ($this->userProviders as $provider) {

$providerClass = \get_class($provider);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes should be reverted.

if (!$provider instanceof UserProviderInterface) {
throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "%s".', \get_class($provider), UserProviderInterface::class));
throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "%s".', $providerClass, UserProviderInterface::class));
}

try {
$userClass = \get_class($user);
if( !$provider->supportsClass($userClass) )
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would move this outside the try ... catch block. IMO there is no need to use an exception for this. We can instead just continue:

foreach ($this->userProviders as $provider) {
    if (!$provider->supportsClass(\get_class($user)) {
        continue;
    }

    // ...
}

{
throw new UnsupportedUserException(
sprintf('Instances of "%s" are not supported by %s.', $userClass, $providerClass)
);
}

$refreshedUser = $provider->refreshUser($user);
$newToken = clone $token;
$newToken->setUser($refreshedUser);
Expand All @@ -178,7 +188,7 @@ protected function refreshUser(TokenInterface $token)
$userDeauthenticated = true;

if (null !== $this->logger) {
$this->logger->debug('Cannot refresh token because user has changed.', array('username' => $refreshedUser->getUsername(), 'provider' => \get_class($provider)));
$this->logger->debug('Cannot refresh token because user has changed.', array('username' => $refreshedUser->getUsername(), 'provider' => $providerClass));
}

continue;
Expand All @@ -187,7 +197,7 @@ protected function refreshUser(TokenInterface $token)
$token->setUser($refreshedUser);

if (null !== $this->logger) {
$context = array('provider' => \get_class($provider), 'username' => $refreshedUser->getUsername());
$context = array('provider' => $providerClass, 'username' => $refreshedUser->getUsername());

foreach ($token->getRoles() as $role) {
if ($role instanceof SwitchUserRole) {
Expand All @@ -204,7 +214,7 @@ protected function refreshUser(TokenInterface $token)
// let's try the next user provider
} catch (UsernameNotFoundException $e) {
if (null !== $this->logger) {
$this->logger->warning('Username could not be found in the selected user provider.', array('username' => $e->getUsername(), 'provider' => \get_class($provider)));
$this->logger->warning('Username could not be found in the selected user provider.', array('username' => $e->getUsername(), 'provider' => $providerClass));
}

$userNotFoundByProvider = true;
Expand All @@ -223,7 +233,7 @@ protected function refreshUser(TokenInterface $token)
return null;
}

throw new \RuntimeException(sprintf('There is no user provider for user "%s".', \get_class($user)));
throw new \RuntimeException(sprintf('There is no user provider for user "%s".', $userClass));
}

private function safelyUnserialize($serializedToken)
Expand Down