Fixes #15621: Fixed `yii\web\User::getIdentity()` returning `null` if an exception had been thrown when it was called previously

7 years ago · 2e55570e1f
3 changed files with 48 additions and 2 deletions
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@ -97,6 +97,7 @@ Yii Framework 2 Change Log
 - Enh: Added check to `yii\base\Model::formName()` to prevent source path disclosure when form is represented by an anonymous class (silverfire)
 - Chg #15420: Handle OPTIONS request in `yii\filter\Cors` so the preflight check isn't passed trough authentication filters (michaelarnauts, leandrogehlen)
 - Enh #15595: `yii\data\DataFilter` can now handle `lt`,`gt`,`lte` and `gte` on `yii\validators\DateValidator` (mikk150)
+- Bug #15621: Fixed `yii\web\User::getIdentity()` returning `null` if an exception had been thrown when it was called previously (brandonkelly)

 2.0.13.1 November 14, 2017
 --------------------------
--- a/framework/web/User.php
+++ b/framework/web/User.php
@ -187,8 +187,16 @@ class User extends Component
    {
        if ($this->_identity === false) {
            if ($this->enableSession && $autoRenew) {
-                $this->_identity = null;
-                $this->renewAuthStatus();
+                try {
+                    $this->_identity = null;
+                    $this->renewAuthStatus();
+                } catch (\Exception $e) {
+                    $this->_identity = false;
+                    throw $e;
+                } catch (\Throwable $e) {
+                    $this->_identity = false;
+                    throw $e;
+                }
            } else {
                return null;
            }
--- a/tests/framework/web/UserTest.php
+++ b/tests/framework/web/UserTest.php
@ -365,6 +365,35 @@ class UserTest extends TestCase
        $this->assertInstanceOf(AccessChecker::className(), Yii::$app->user->accessChecker);
    }

+    public function testGetIdentityException()
+    {
+        $session = $this->getMock('yii\web\Session');
+        $session->method('getHasSessionId')->willReturn(true);
+        $session->method('get')->with($this->equalTo('__id'))->willReturn('1');
+
+        $appConfig = [
+            'components' => [
+                'user' => [
+                    'identityClass' => ExceptionIdentity::className(),
+                ],
+                'session' => $session,
+            ],
+        ];
+        $this->mockWebApplication($appConfig);
+
+        $exceptionThrown = false;
+        try {
+            Yii::$app->getUser()->getIdentity();
+        } catch (\Exception $e) {
+            $exceptionThrown = true;
+        }
+        $this->assertTrue($exceptionThrown);
+
+        // Do it again to make sure the exception is thrown the second time
+        $this->expectException('Exception');
+        Yii::$app->getUser()->getIdentity();
+    }
+
 }

 static $cookiesMock;
@ -397,3 +426,11 @@ class AccessChecker extends BaseObject implements CheckAccessInterface
        // Implement checkAccess() method.
    }
 }
+
+class ExceptionIdentity extends \yiiunit\framework\filters\stubs\UserIdentity
+{
+    public static function findIdentity($id)
+    {
+        throw new \Exception();
+    }
+}