Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SecurityBundle] Allow switching to the user that is already imperson…
…ated (fix #2554) Disabled exception when switching to the user that is already impersonated, exception is now only thrown when trying to switch to a new user. Added an Excption exception when switching fails because target user does not exist. Added funtional tests for switching users.
- Loading branch information
Andreas Hucks
committed
Mar 15, 2012
1 parent
632077a
commit a98d554
Showing
3 changed files
with
118 additions
and
6 deletions.
There are no files selected for viewing
91 changes: 91 additions & 0 deletions
91
src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony framework. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* This source file is subject to the MIT license that is bundled | ||
* with this source code in the file LICENSE. | ||
*/ | ||
|
||
namespace Symfony\Bundle\SecurityBundle\Tests\Functional; | ||
|
||
/** | ||
* @group functional | ||
*/ | ||
class SwitchUserTest extends WebTestCase | ||
{ | ||
/** | ||
* @dataProvider getTestParameters | ||
*/ | ||
public function testSwitchUser($originalUser, $targetUser, $expectedUser, $expectedStatus) | ||
{ | ||
$client = $this->createAuthenticatedClient($originalUser); | ||
|
||
$client->request('GET', '/profile?_switch_user=' . $targetUser); | ||
|
||
$this->assertEquals($expectedStatus, $client->getResponse()->getStatusCode()); | ||
$this->assertEquals($expectedUser, $client->getProfile()->getCollector('security')->getUser()); | ||
} | ||
|
||
public function testSwitchedUserCannotSwitchToOther() | ||
{ | ||
$client = $this->createAuthenticatedClient('user_can_switch'); | ||
|
||
$client->request('GET', '/profile?_switch_user=user_cannot_switch_1'); | ||
$client->request('GET', '/profile?_switch_user=user_cannot_switch_2'); | ||
|
||
$this->assertEquals(500, $client->getResponse()->getStatusCode()); | ||
$this->assertEquals('user_cannot_switch_1', $client->getProfile()->getCollector('security')->getUser()); | ||
} | ||
|
||
public function testSwitchedUserExit() | ||
{ | ||
$client = $this->createAuthenticatedClient('user_can_switch'); | ||
|
||
$client->request('GET', '/profile?_switch_user=user_cannot_switch_1'); | ||
$client->request('GET', '/profile?_switch_user=_exit'); | ||
|
||
$this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
$this->assertEquals('user_can_switch', $client->getProfile()->getCollector('security')->getUser()); | ||
} | ||
|
||
public function getTestParameters() | ||
{ | ||
return array( | ||
'unauthorized_user_cannot_switch' => array('user_cannot_switch_1', 'user_cannot_switch_1', 'user_cannot_switch_1', 403), | ||
'authorized_user_can_switch' => array('user_can_switch', 'user_cannot_switch_1', 'user_cannot_switch_1', 200), | ||
'authorized_user_cannot_switch_to_non_existent' => array('user_can_switch', 'user_does_not_exist', 'user_can_switch', 500), | ||
'authorized_user_can_switch_to_himself' => array('user_can_switch', 'user_can_switch', 'user_can_switch', 200), | ||
); | ||
} | ||
|
||
protected function createAuthenticatedClient($username) | ||
{ | ||
$client = $this->createClient(array('test_case' => 'StandardFormLogin', 'root_config' => 'switchuser.yml')); | ||
$client->followRedirects(true); | ||
$client->insulate(); | ||
|
||
$form = $client->request('GET', '/login')->selectButton('login')->form(); | ||
$form['_username'] = $username; | ||
$form['_password'] = 'test'; | ||
$client->submit($form); | ||
|
||
return $client; | ||
} | ||
|
||
protected function setUp() | ||
{ | ||
parent::setUp(); | ||
|
||
$this->deleteTmpDir('StandardFormLogin'); | ||
} | ||
|
||
protected function tearDown() | ||
{ | ||
parent::tearDown(); | ||
|
||
$this->deleteTmpDir('StandardFormLogin'); | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
imports: | ||
- { resource: config.yml } | ||
|
||
framework: | ||
profiler: { only_exceptions: false } | ||
|
||
security: | ||
providers: | ||
in_memory: | ||
memory: | ||
users: | ||
user_can_switch: { password: test, roles: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH] } | ||
user_cannot_switch_1: { password: test, roles: [ROLE_USER] } | ||
user_cannot_switch_2: { password: test, roles: [ROLE_USER] } | ||
firewalls: | ||
default: | ||
switch_user: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters