fix #9356 [Security] Logger should manipulate the user reloaded from provider

Matthieu Auger · fabpot · commit 725ec05d69e2 · 2013-12-20T16:43:18.000+01:00
diff --git a/Firewall/ContextListener.php b/Firewall/ContextListener.php
@@ -156,18 +156,19 @@ private function refreshUser(TokenInterface $token)
 
         foreach ($this->userProviders as $provider) {
             try {
-                $token->setUser($provider->refreshUser($user));
+                $refreshedUser = $provider->refreshUser($user);
+                $token->setUser($refreshedUser);
 
                 if (null !== $this->logger) {
-                    $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user->getUsername()));
+                    $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $refreshedUser->getUsername()));
                 }
 
                 return $token;
             } catch (UnsupportedUserException $unsupported) {
                 // let's try the next user provider
             } catch (UsernameNotFoundException $notFound) {
                 if (null !== $this->logger) {
-                    $this->logger->warning(sprintf('Username "%s" could not be found.', $user->getUsername()));
+                    $this->logger->warning(sprintf('Username "%s" could not be found.', $notFound->getUsername()));
                 }
 
                 return null;
