Skip to content

Commit ea2ead6

Browse files
sstoksstok
committed
fixed UserProvider::refreshUser() not checking the class-name
1 parent f821491 commit ea2ead6

File tree

3 files changed

+34
-0
lines changed

3 files changed

+34
-0
lines changed

Security/UserProvider.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,10 @@ public function refreshUser(SecurityUserInterface $user)
6060
throw new UnsupportedUserException(sprintf('Expected an instance of FOS\UserBundle\Model\User, but got "%s".', get_class($user)));
6161
}
6262

63+
if (!$this->supportsClass(get_class($user))) {
64+
throw new UnsupportedUserException(sprintf('Expected an instance of %s, but got "%s".', $this->userManager->getClass(), get_class($user)));
65+
}
66+
6367
if (null === $reloadedUser = $this->userManager->findUserBy(array('id' => $user->getId()))) {
6468
throw new UsernameNotFoundException(sprintf('User with ID "%d" could not be reloaded.', $user->getId()));
6569
}

Tests/Security/EmailUserProviderTest.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,10 @@ public function testRefreshUserBy()
6262
->with(array('id' => '123'))
6363
->will($this->returnValue($refreshedUser));
6464

65+
$this->userManager->expects($this->atLeastOnce())
66+
->method('getClass')
67+
->will($this->returnValue(get_class($user)));
68+
6569
$this->assertSame($refreshedUser, $this->userProvider->refreshUser($user));
6670
}
6771

Tests/Security/UserProviderTest.php

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,10 @@ public function testRefreshUserBy()
6262
->with(array('id' => '123'))
6363
->will($this->returnValue($refreshedUser));
6464

65+
$this->userManager->expects($this->atLeastOnce())
66+
->method('getClass')
67+
->will($this->returnValue(get_class($user)));
68+
6569
$this->assertSame($refreshedUser, $this->userProvider->refreshUser($user));
6670
}
6771

@@ -75,6 +79,10 @@ public function testRefreshDeleted()
7579
->method('findUserBy')
7680
->will($this->returnValue(null));
7781

82+
$this->userManager->expects($this->atLeastOnce())
83+
->method('getClass')
84+
->will($this->returnValue(get_class($user)));
85+
7886
$this->userProvider->refreshUser($user);
7987
}
8088

@@ -84,7 +92,25 @@ public function testRefreshDeleted()
8492
public function testRefreshInvalidUser()
8593
{
8694
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
95+
$this->userManager->expects($this->any())
96+
->method('getClass')
97+
->will($this->returnValue(get_class($user)));
8798

8899
$this->userProvider->refreshUser($user);
89100
}
101+
102+
/**
103+
* @expectedException \Symfony\Component\Security\Core\Exception\UnsupportedUserException
104+
*/
105+
public function testRefreshInvalidUserClass()
106+
{
107+
$user = $this->getMock('FOS\UserBundle\Model\User');
108+
$providedUser = $this->getMock('FOS\UserBundle\Tests\TestUser');
109+
110+
$this->userManager->expects($this->atLeastOnce())
111+
->method('getClass')
112+
->will($this->returnValue(get_class($user)));
113+
114+
$this->userProvider->refreshUser($providedUser);
115+
}
90116
}

0 commit comments

Comments
 (0)