Merge branch '5.4' into 6.4

nicolas-grekas · nicolas-grekas · commit cc13b601fc84 · 2024-11-05T16:34:40.000+01:00
* 5.4:
  fix detecting anonymous exception classes on Windows and PHP 7
  skip tests requiring the intl extension if it's not installed
  [RateLimiter] Fix DateInterval normalization
  [Security] Store original token in token storage when implicitly exiting impersonation
  [Cache] Fix clear() when using Predis
diff --git a/Firewall/SwitchUserListener.php b/Firewall/SwitchUserListener.php
@@ -111,7 +111,7 @@ public function authenticate(RequestEvent $event): void
         }
 
         if (self::EXIT_VALUE === $username) {
-            $this->tokenStorage->setToken($this->attemptExitUser($request));
+            $this->attemptExitUser($request);
         } else {
             try {
                 $this->tokenStorage->setToken($this->attemptSwitchUser($request, $username));
@@ -213,6 +213,8 @@ private function attemptExitUser(Request $request): TokenInterface
             $original = $switchEvent->getToken();
         }
 
+        $this->tokenStorage->setToken($original);
+
         return $original;
     }
 
diff --git a/Tests/Firewall/SwitchUserListenerTest.php b/Tests/Firewall/SwitchUserListenerTest.php
@@ -19,6 +19,7 @@
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
@@ -198,7 +199,10 @@ public function testSwitchUserAlreadySwitched()
 
         $targetsUser = $this->callback(fn ($user) => 'kuba' === $user->getUserIdentifier());
         $this->accessDecisionManager->expects($this->once())
-            ->method('decide')->with($originalToken, ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser)
+            ->method('decide')->with(self::callback(function (TokenInterface $token) use ($originalToken, $tokenStorage) {
+                // the token storage should also contain the original token for voters depending on it
+                return $token === $originalToken && $tokenStorage->getToken() === $originalToken;
+            }), ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser)
             ->willReturn(true);
 
         $this->userChecker->expects($this->once())

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ public function authenticate(RequestEvent $event): void`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`if (self::EXIT_VALUE === $username) {`
`114`		`- $this->tokenStorage->setToken($this->attemptExitUser($request));`
	`114`	`+ $this->attemptExitUser($request);`
`115`	`115`	`} else {`
`116`	`116`	`try {`
`117`	`117`	`$this->tokenStorage->setToken($this->attemptSwitchUser($request, $username));`
`@@ -213,6 +213,8 @@ private function attemptExitUser(Request $request): TokenInterface`
`213`	`213`	`$original = $switchEvent->getToken();`
`214`	`214`	`}`
`215`	`215`
	`216`	`+ $this->tokenStorage->setToken($original);`
	`217`	`+`
`216`	`218`	`return $original;`
`217`	`219`	`}`
`218`	`220`