diff --git a/Firewall/SwitchUserListener.php b/Firewall/SwitchUserListener.php index a8c7a65..cd8822e 100644 --- a/Firewall/SwitchUserListener.php +++ b/Firewall/SwitchUserListener.php @@ -111,7 +111,7 @@ public function authenticate(RequestEvent $event): void } if (self::EXIT_VALUE === $username) { - $this->tokenStorage->setToken($this->attemptExitUser($request)); + $this->attemptExitUser($request); } else { try { $this->tokenStorage->setToken($this->attemptSwitchUser($request, $username)); @@ -212,6 +212,8 @@ private function attemptExitUser(Request $request): TokenInterface $original = $switchEvent->getToken(); } + $this->tokenStorage->setToken($original); + return $original; } diff --git a/Tests/Firewall/SwitchUserListenerTest.php b/Tests/Firewall/SwitchUserListenerTest.php index 46da564..6278bab 100644 --- a/Tests/Firewall/SwitchUserListenerTest.php +++ b/Tests/Firewall/SwitchUserListenerTest.php @@ -19,6 +19,7 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\Security\Core\Exception\AccessDeniedException; @@ -206,7 +207,10 @@ public function testSwitchUserAlreadySwitched() $targetsUser = $this->callback(fn ($user) => 'kuba' === $user->getUserIdentifier()); $this->accessDecisionManager->expects($this->once()) - ->method('decide')->with($originalToken, ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser) + ->method('decide')->with(self::callback(function (TokenInterface $token) use ($originalToken, $tokenStorage) { + // the token storage should also contain the original token for voters depending on it + return $token === $originalToken && $tokenStorage->getToken() === $originalToken; + }), ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser) ->willReturn(true); $this->userChecker->expects($this->once())