Skip to content

Commit

Permalink
remove impersonator from username not impersonating #301 (#302)
Browse files Browse the repository at this point in the history
* remove impersonator from username not impersonating #301

* test for userprovider impersonator behavior

* fix SwitchUserToken for symfony 4.4
  • Loading branch information
Marmelatze authored Mar 24, 2022
1 parent da669fd commit 4fbdfd4
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 4 deletions.
4 changes: 0 additions & 4 deletions src/User/UserProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -91,10 +91,6 @@ private function getImpersonatorUser()
return $token->getOriginalToken()->getUser();
}

if (null !== $token) {
return $token->getUser();
}

return null;
}
}
132 changes: 132 additions & 0 deletions tests/User/UserProviderTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
<?php

declare(strict_types=1);

namespace DH\AuditorBundle\Tests\User;

use DateTimeImmutable;
use DH\Auditor\Provider\Doctrine\DoctrineProvider;
use DH\Auditor\Tests\Provider\Doctrine\Fixtures\Entity\Standard\Blog\Post;
use DH\Auditor\Tests\Provider\Doctrine\Traits\ReaderTrait;
use DH\Auditor\Tests\Provider\Doctrine\Traits\Schema\BlogSchemaSetupTrait;
use DH\AuditorBundle\DHAuditorBundle;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpKernel\Kernel;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\User\InMemoryUser;
use Symfony\Component\Security\Core\User\User;
use Symfony\Component\Security\Core\User\UserInterface;

/**
* @internal
*
* @small
*/
final class UserProviderTest extends WebTestCase
{
use BlogSchemaSetupTrait;
use ReaderTrait;

private DoctrineProvider $provider;

protected function setUp(): void
{
parent::setUp();

$this->client = self::createClient();

// provider with 1 em for both storage and auditing
$this->createAndInitDoctrineProvider();

// declare audited entites
$this->configureEntities();

// setup entity and audit schemas
$this->setupEntitySchemas();
$this->setupAuditSchemas();
}

public function testBlameUser(): void
{
$auditingServices = [
Post::class => $this->provider->getAuditingServiceForEntity(Post::class),
];

$user = $this->createUser('dark.vador');

$firewallName = 'main';

if (6 === Kernel::MAJOR_VERSION) {
$token = new UsernamePasswordToken($user, $firewallName, $user->getRoles());
} else {
$token = new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
}
self::$container->get('security.token_storage')->setToken($token);
$post = new Post();
$post
->setTitle('Blameable post')
->setBody('yet another post')
->setCreatedAt(new DateTimeImmutable('2020-01-17 22:17:34'))
;
$auditingServices[Post::class]->getEntityManager()->persist($post);
$this->flushAll($auditingServices);
// get history
$entries = $this->createReader()->createQuery(Post::class)->execute();
self::assertSame('dark.vador', $entries[0]->getUsername());
}

public function testBlameImpersonator(): void
{
$auditingServices = [
Post::class => $this->provider->getAuditingServiceForEntity(Post::class),
];

$user = $this->createUser('dark.vador');
$secondUser = $this->createUser('second_user');

$firewallName = 'main';

if (6 === Kernel::MAJOR_VERSION) {
$userToken = new UsernamePasswordToken($user, $firewallName, $user->getRoles());
$token = new SwitchUserToken($secondUser, $firewallName, $secondUser->getRoles(), $userToken);
} else {
$userToken = new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
$token = new SwitchUserToken($secondUser, null, $firewallName, $secondUser->getRoles(), $userToken);
}

self::$container->get('security.token_storage')->setToken($token);
$post = new Post();
$post
->setTitle('Blameable post')
->setBody('yet another post')
->setCreatedAt(new DateTimeImmutable('2020-01-17 22:17:34'))
;
$auditingServices[Post::class]->getEntityManager()->persist($post);
$this->flushAll($auditingServices);
// get history
$entries = $this->createReader()->createQuery(Post::class)->execute();
self::assertSame('second_user[impersonator dark.vador]', $entries[0]->getUsername());
}

protected function getBundleClass()
{
return DHAuditorBundle::class;
}

private function createAndInitDoctrineProvider(): void
{
$this->provider = self::$container->get(DoctrineProvider::class);
}

private function createUser(string $username): UserInterface
{
$class = class_exists(User::class) ? User::class : InMemoryUser::class;

return new $class(
$username,
'$argon2id$v=19$m=65536,t=4,p=1$g1yZVCS0GJ32k2fFqBBtqw$359jLODXkhqVWtD/rf+CjiNz9r/kIvhJlenPBnW851Y',
[]
);
}
}

0 comments on commit 4fbdfd4

Please sign in to comment.