Skip to content

UserLoader Not Called #50511

New issue
New issue
Closed
Closed
UserLoader Not Called#50511
Labels
BugSecurityStatus: Needs Review
@cesurapp

Description

@cesurapp
cesurapp
opened on May 31, 2023

Symfony version(s) affected

6.3

Description

Always using the default userLoader.

AccessTokenHandler:

readonly class AccessTokenHandler implements AccessTokenHandlerInterface
{
    public function __construct(private UserRepository $userRepo, private JWT $jwt)
    {
    }

    public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
    {
        $userId = $this->decodeJWT($accessToken)['id'];
        $user = $this->userRepo->find($userId);

        return new UserBadge($userId, fn () => $user);
    }
    ....
}

How to reproduce

class UserRepository extends ApiServiceEntityRepository implements PasswordUpgraderInterface, UserLoaderInterface
{
    public function loadUserByIdentifier(string|int $identifier): ?User
    {
        $q = $this->createQueryBuilder('q');

        if (is_numeric($identifier)) {
            $q->where('q.phone = :identity')->setParameter('identity', (int) $identifier);
        } else {
            $q->where('q.email = :identity')->setParameter('identity', $identifier);
        }

        return $q->getQuery()->getOneOrNullResult();
    }
    ....
}

Possible Solution

Before:
if (null === $userBadge->getUserLoader() && $this->userProvider) {

New Code:
https://github.com/vincentchalamon/symfony/blob/99a35f0fc32a7b5250aab5530129bae318c95209/src/Symfony/Component/Security/Http/Authenticator/AccessTokenAuthenticator.php#LL62C35-L62C35

Feature:
#48272

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSecurityStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions