Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUGFIX] Roles are refreshed after setting authentication status #136

Merged
merged 1 commit into from
Nov 25, 2015
Merged

[BUGFIX] Roles are refreshed after setting authentication status #136

merged 1 commit into from
Nov 25, 2015

Conversation

foerthner
Copy link
Contributor

Otherwise getRoles() might act on the wrong value of the overall
authentication status stored in the authentication manager.

@foerthner foerthner mentioned this pull request Nov 23, 2015
Merged
@foerthner
[BUGFIX] Refresh first level roles cache on authentication
3a12fc8 
As soon as an authentication process completes, roles might
have changed. Therefore we have to reinitialize the roles
first level cache in the security context.
@foerthner foerthner force-pushed the roles-first-level-cache-fix-2.3 branch from 932db6f to 3a12fc8 Compare November 23, 2015 10:54
@aertmann
Copy link
Collaborator

👍 by reading, although not deep into the subject

@albe
Copy link
Member

albe commented Nov 24, 2015

Makes sense and should have no side-effects, 👍 by reading

@kitsunet
Copy link
Member

👍 by reading

@bwaidelich
Copy link
Member

👍 by reading.
A test to reproduce the broken behavior would be great, but it's probably not easy to do. IIRC I had the issue when the CsrfProtection called authenticate() very early

@bwaidelich
Copy link
Member

FYI: I also tested this patch, verifying that it doesn't break an existing application. However I couldn't reproduce the bug - it probably only occurs with multiple concurring authentication tokens

foerthner added a commit that referenced this pull request Nov 25, 2015
@foerthner
Merge pull request #136 from netlogix/roles-first-level-cache-fix-2.3
85bb054 
[BUGFIX] Roles are refreshed after setting authentication status
@foerthner foerthner merged commit 85bb054 into neos:2.3 Nov 25, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
P: Flow T: PHP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@foerthner @aertmann @albe @kitsunet @bwaidelich