8000 feature #40567 [Security] Move the badges resolution check to `Authen… · symfony/symfony@2dcf313 · GitHub
[go: up one dir, main page]
Skip to content

Commit 2dcf313

Browse files
chalasrchalasr
committed
feature #40567 [Security] Move the badges resolution check to AuthenticatorManager (chalasr)
This PR was merged into the 5.3-dev branch. Discussion ---------- [Security] Move the badges resolution check to `AuthenticatorManager` | Q | A | ------------- | --- | Branch? | 5.x | Bug fix? | no | New feature? | yes | Deprecations? | no (BC breaks on experimental code) | Tickets | Fixes #40491 | License | MIT | Doc PR | - Commits ------- 532f4aa [Security] Move the badges resolution check to `AuthenticatorManager`
2 parents 4e85380 + 532f4aa commit 2dcf313

File tree

5 files changed

+18
-16
lines changed

5 files changed

+18
-16
lines changed

UPGRADE-5.3.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,8 @@ Routing
9191
Security
9292
--------
9393

94+
* [BC BREAK] Remove method `checkIfCompletelyResolved()` from `PassportInterface`, checking that passport badges are
95+
resolved is up to `AuthenticatorManager`
9496
* Deprecate class `User`, use `InMemoryUser` or your own implementation instead.
9597
If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing
9698
them in your own user class, as they are not part of the `InMemoryUser` API

src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ CHANGELOG
44
5.3
55
---
66

7+
* Add `PassportInterface:getBadges()`, implemented by `PassportTrait`
8+
* [BC BREAK] Remove method `checkIfCompletelyResolved()` from `PassportInterface`, checking that passport badges are
9+
resolved is up to `AuthenticatorManager`
710
* Deprecate class `User`, use `InMemoryUser` instead
811
* Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead
912
* [BC break] Remove support for passing a `UserInterface` implementation to `Passport`, use the `UserBadge` instead.

src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
use Symfony\Component\Security\Core\AuthenticationEvents;
2020
use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent;
2121
use Symfony\Component\Security\Core\Exception\AuthenticationException;
22+
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
2223
use Symfony\Component\Security\Core\User\UserInterface;
2324
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
2425
use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface;
@@ -168,7 +169,11 @@ private function executeAuthenticator(AuthenticatorInterface $authenticator, Req
168169
$this->eventDispatcher->dispatch($event);
169170

170171
// check if all badges are resolved
171-
$passport->checkIfCompletelyResolved();
172+
foreach ($passport->getBadges() as $badge) {
173+
if (!$badge->isResolved()) {
174+
throw new BadCredentialsException(sprintf('Authentication failed: Security badge "%s" is not resolved, did you forget to register the correct listeners?', get_debug_type($badge)));
175+
}
176+
}
172177

173178
// create the authenticated token
174179
$authenticatedToken = $authenticator->createAuthenticatedToken($passport, $this->firewallName);

src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@
1111

1212
namespace Symfony\Component\Security\Http\Authenticator\Passport;
1313

14-
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
1514
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface;
1615

1716
/**
@@ -43,9 +42,7 @@ public function hasBadge(string $badgeFqcn): bool;
4342
public function getBadge(string $badgeFqcn): ?BadgeInterface;
4443

4544
/**
46-
* Checks if all badges are marked as resolved.
47-
*
48-
* @throws BadCredentialsException when a badge is not marked as resolved
45+
* @return array<class-string<BadgeInterface>, BadgeInterface> An array of badge instances indexed by class name
4946
*/
50-
public function checkIfCompletelyResolved(): void;
47+
public function getBadges(): array;
5148
}

src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@
1111

1212
namespace Symfony\Component\Security\Http\Authenticator\Passport;
1313

14-
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
1514
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface;
1615

1716
/**
@@ -21,9 +20,6 @@
2120
*/
2221
trait PassportTrait
2322
{
24-
/**
25-
* @var BadgeInterface[]
26-
*/
2723
private $badges = [];
2824

2925
public function addBadge(BadgeInterface $badge): PassportInterface
@@ -43,12 +39,11 @@ public function getBadge(string $badgeFqcn): ?BadgeInterface
4339
return $this->badges[$badgeFqcn] ?? null;
4440
}
4541

46-
public function checkIfCompletelyResolved(): void
42+
/**
43+
* @return array<class-string<BadgeInterface>, BadgeInterface>
44+
*/
45+
public function getBadges(): array
4746
{
48-
foreach ($this->badges as $badge) {
49-
if (!$badge->isResolved()) {
50-
throw new BadCredentialsException(sprintf('Authentication failed security badge "%s" is not resolved, did you forget to register the correct listeners?', \get_class($badge)));
51-
}
52-
}
47+
return $this->badges;
5348
}
5449
}

0 commit comments

Comments
 (0)
0