[Security] Switching Users with HTTP Basic Auth does not work

https://github.com/symfony/symfony/issues/8260

A part of the discussion

I'm experiencing an issue with HTTP Basic Auth and the SwitchUserListener. The symptoms are that switching users just does not work:

• The firewall is configured with stateless: false and switch_user: true
• When attempting to GET /<existing_path>?_switch_user=<valid_other_user>, the SwitchUserListenerredirectes to /<existing_path>.
• The active token still points to the 'old' user.

After some research, I found out that this behaviour is caused by two things:

1. The BasicAuthenticationListener is built in a way that should prevent credentials being checked again when the current token is already authenticated. This condition (among others) is being tested in line 64 and evaluates to false since $token->getUsername() !== $username. This results in the token withROLE_PREVIOUS_ADMIN to be overwritten in SecurityContext (line 75).
2. Apparently persisting a token with ROLE_PREVIOUS_ADMIN does not work as expected. There already is anissue for this to which I added a comment.

In general, I don't know whether this is a bug or a feature that was never planned, but I would really appreciate some feedback on this. Switching users when providing the user's credentials with every request might sound strange, but there are cases in which this makes perfect sense.

Thank you in advance,

The date extension twig

http://twig.sensiolabs.org/doc/extensions/date.html

Doctrine create a custom sql query

http://stackoverflow.com/questions/12862389/symfony2-doctrine-create-custom-sql-query

jQuery validation: change default error message

http://stackoverflow.com/questions/2457032/jquery-validation-change-default-error-message

Symfony cache warmup

php app/console cache:warmup --env=prod --no-debug