Merge branch '7.1' into 7.2

nicolas-grekas · nicolas-grekas · commit dd89ea67fcf7 · 2024-11-05T16:35:02.000+01:00
* 7.1:
  fix detecting anonymous exception classes on Windows and PHP 7
  skip tests requiring the intl extension if it's not installed
  [RateLimiter] Fix DateInterval normalization
  re-add missing profiler shortcuts on profiler homepage
  Fix support for \SplTempFileObject in BinaryFileResponse
  [Security] Store original token in token storage when implicitly exiting impersonation
  [Cache] Fix clear() when using Predis
diff --git a/Firewall/SwitchUserListener.php b/Firewall/SwitchUserListener.php
@@ -97,7 +97,7 @@ public function authenticate(RequestEvent $event): void
         }
 
         if (self::EXIT_VALUE === $username) {
-            $this->tokenStorage->setToken($this->attemptExitUser($request));
+            $this->attemptExitUser($request);
         } else {
             try {
                 $this->tokenStorage->setToken($this->attemptSwitchUser($request, $username));
@@ -198,6 +198,8 @@ private function attemptExitUser(Request $request): TokenInterface
             $original = $switchEvent->getToken();
         }
 
+        $this->tokenStorage->setToken($original);
+
         return $original;
     }
 
diff --git a/Tests/Firewall/SwitchUserListenerTest.php b/Tests/Firewall/SwitchUserListenerTest.php
@@ -19,6 +19,7 @@
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
@@ -206,7 +207,10 @@ public function testSwitchUserAlreadySwitched()
 
         $targetsUser = $this->callback(fn ($user) => 'kuba' === $user->getUserIdentifier());
         $this->accessDecisionManager->expects($this->once())
-            ->method('decide')->with($originalToken, ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser)
+            ->method('decide')->with(self::callback(function (TokenInterface $token) use ($originalToken, $tokenStorage) {
+                // the token storage should also contain the original token for voters depending on it
+                return $token === $originalToken && $tokenStorage->getToken() === $originalToken;
+            }), ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser)
             ->willReturn(true);
 
         $this->userChecker->expects($this->once())

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ public function authenticate(RequestEvent $event): void`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`if (self::EXIT_VALUE === $username) {`
`100`		`- $this->tokenStorage->setToken($this->attemptExitUser($request));`
	`100`	`+ $this->attemptExitUser($request);`
`101`	`101`	`} else {`
`102`	`102`	`try {`
`103`	`103`	`$this->tokenStorage->setToken($this->attemptSwitchUser($request, $username));`
`@@ -198,6 +198,8 @@ private function attemptExitUser(Request $request): TokenInterface`
`198`	`198`	`$original = $switchEvent->getToken();`
`199`	`199`	`}`
`200`	`200`
	`201`	`+ $this->tokenStorage->setToken($original);`
	`202`	`+`
`201`	`203`	`return $original;`
`202`	`204`	`}`
`203`	`205`