bug #51104 [Security] Fix loading user from UserBadge (guillaumesmo)

This PR was merged into the 6.3 branch. Discussion ---------- [Security] Fix loading user from UserBadge | Q | A | ------------- | --- | Branch? | 6.3 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #50511 | License | MIT | Doc PR | none Fixed a breaking change from https://github.com/symfony/symfony/pull/48272/files#diff-de9707bb338188f62878f2ebd42e7a7bf9547f6d0bf07a4fcd9c386c263c601b Commits ------- 21532cb6bc Fix breaking change in AccessTokenAuthenticator
symfony · Aug 25, 2023 · 3195747 · 3195747
2 parents 3000cce + f85b972
commit 3195747
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/Tests/Functional/AccessTokenTest.php b/Tests/Functional/AccessTokenTest.php
@@ -333,6 +333,18 @@ public function testSelfContainedTokens()
         $this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true));
     }
 
+    public function testCustomUserLoader()
+    {
+        $client = $this->createClient(['test_case' => 'AccessToken', 'root_config' => 'config_custom_user_loader.yml']);
+        $client->catchExceptions(false);
+        $client->request('GET', '/foo', [], [], ['HTTP_AUTHORIZATION' => 'Bearer SELF_CONTAINED_ACCESS_TOKEN']);
+        $response = $client->getResponse();
+
+        $this->assertInstanceOf(Response::class, $response);
+        $this->assertSame(200, $response->getStatusCode());
+        $this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true));
+    }
+
     /**
      * @requires extension openssl
      */

diff --git a/Tests/Functional/app/AccessToken/config_custom_user_loader.yml b/Tests/Functional/app/AccessToken/config_custom_user_loader.yml
@@ -0,0 +1,32 @@
+imports:
+    - { resource: ./../config/framework.yml }
+
+framework:
+    http_method_override: false
+    serializer: ~
+
+security:
+    password_hashers:
+        Symfony\Component\Security\Core\User\InMemoryUser: plaintext
+
+    providers:
+        in_memory:
+            memory:
+                users:
+                    dunglas: { password: foo, roles: [ROLE_MISSING] }
+
+    firewalls:
+        main:
+            pattern: ^/
+            stateless: true
+            access_token:
+                token_handler: access_token.access_token_handler
+                token_extractors: 'header'
+                realm: 'My API'
+
+    access_control:
+        - { path: ^/foo, roles: ROLE_USER }
+
+services:
+    access_token.access_token_handler:
+        class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AccessTokenBundle\Security\Handler\AccessTokenHandler