8000 Renaming the tokens to be clear they are "post" and "pre" auth - also… · symfony/symfony@873ed28 · GitHub
[go: up one dir, main page]
Skip to content

Commit 873ed28

Browse files
weaverryanweaverryan
committed
Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface
The reason is that the GuardAuthenticationProvider *must* respond to *all* tokens created by the system - both "pre auth" and "post auth" tokens. The reason is that if a "post auth" token becomes not authenticated (e.g. because the user changes between requests), then it may be passed to the provider system. If no providers respond (which was the case before this commit), then AuthenticationProviderManager throws an exception. The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens, which should cause a log out.
1 parent a0bceb4 commit 873ed28

8 files changed

+45
-30
lines changed

src/Symfony/Component/Security/Guard/AbstractGuardAuthenticator.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,26 +3,26 @@
33
namespace Symfony\Component\Security\Guard;
44

55
use Symfony\Component\Security\Core\User\UserInterface;
6-
use Symfony\Component\Security\Guard\Token\GenericGuardToken;
6+
use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
77

88
/**
9-
* An optional base class that creates a GenericGuardToken for you
9+
* An optional base class that creates a PostAuthenticationGuardToken for you
1010
*
1111
* @author Ryan Weaver <weaverryan@gmail.com>
1212
*/
1313
abstract class AbstractGuardAuthenticator implements GuardAuthenticatorInterface
1414
{
1515
/**
16-
* Shortcut to create a GenericGuardToken for you, if you don't really
16+
* Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
1717
* care about which authenticated token you're using
1818
*
1919
* @param UserInterface $user
2020
* @param string $providerKey
21-
* @return GenericGuardToken
21+
* @return PostAuthenticationGuardToken
2222
*/
2323
public function createAuthenticatedToken(UserInterface $user, $providerKey)
2424
{
25-
return new GenericGuardToken(
25+
return new PostAuthenticationGuardToken(
2626
$user,
2727
$providerKey,
2828
$user->getRoles()

src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
use Symfony\Component\HttpFoundation\Response;
77
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
88
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
9-
use Symfony\Component\Security\Guard\Token\NonAuthenticatedGuardToken;
9+
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
1010
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
1111
use Symfony\Component\Security\Guard\GuardAuthenticatorInterface;
1212
use Psr\Log\LoggerInterface;
@@ -86,7 +86,7 @@ private function executeGuardAuthenticator($uniqueGuardKey, GuardAuthenticatorIn
8686
}
8787

8888
// create a token with the unique key, so that the provider knows which authenticator to use
89-
$token = new NonAuthenticatedGuardToken($credentials, $uniqueGuardKey);
89+
$token = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey);
9090

9191
if (null !== $this->logger) {
9292
$this->logger->info('Passing guard token information to the GuardAuthenticationProvider', array('firewall_key' => $this->providerKey, 'authenticator' => get_class($guardAuthenticator)));

src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,18 @@
33
namespace Symfony\Component\Security\Guard\Provider;
44

55
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
6+
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
7+
use Symfony\Component\Security\Core\Exception\AuthenticationException;
68
use Symfony\Component\Security\Guard\GuardAuthenticatorInterface;
7-
use Symfony\Component\Security\Guard\Token\NonAuthenticatedGuardToken;
9+
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
10+
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
811
use Symfony\Component\Security\Core\User\UserCheckerInterface;
912
use Symfony\Component\Security\Core\User\UserInterface;
1013
use Symfony\Component\Security\Core\User\UserProviderInterface;
1114
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
1215

1316
/**
14-
* Responsible for accepting the NonAuthenticatedGuardToken and calling
17+
* Responsible for accepting the PreAuthenticationGuardToken and calling
1518
* the correct authenticator to retrieve the authenticated token
1619
*
1720
* @author Ryan Weaver <weaverryan@gmail.com>
@@ -43,12 +46,12 @@ public function __construct(array $guardAuthenticators, UserProviderInterface $u
4346
/**
4447
* Finds the correct authenticator for the token and calls it
4548
*
46-
* @param NonAuthenticatedGuardToken $token
49+
* @param GuardTokenInterface $token
4750
* @return TokenInterface
4851
*/
4952
public function authenticate(TokenInterface $token)
5053
{
51-
if (!$token instanceof NonAuthenticatedGuardToken) {
54+
if (!$this->supports($token)) {
5255
throw new \InvalidArgumentException('GuardAuthenticationProvider only supports NonAuthenticatedGuardToken');
5356
}
5457

@@ -69,7 +72,7 @@ public function authenticate(TokenInterface $token)
6972
));
7073
}
7174

72-
private function authenticateViaGuard(GuardAuthenticatorInterface $guardAuthenticator, NonAuthenticatedGuardToken $token)
75+
private function authenticateViaGuard(GuardAuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token)
7376
{
7477
// get the user from the GuardAuthenticator
7578
$user = $guardAuthenticator->authenticate($token->getCredentials(), $this->userProvider);
@@ -101,6 +104,6 @@ private function authenticateViaGuard(GuardAuthenticatorInterface $guardAuthenti
101104

102105
public function supports(TokenInterface $token)
103106
{
104-
return $token instanceof NonAuthenticatedGuardToken;
107+
return $token instanceof GuardTokenInterface;
105108
}
106109
}

src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
use Symfony\Component\HttpFoundation\Request;
1515
use Symfony\Component\HttpFoundation\Response;
1616
use Symfony\Component\Security\Guard\Firewall\GuardAuthenticationListener;
17-
use Symfony\Component\Security\Guard\Token\NonAuthenticatedGuardToken;
17+
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
1818
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1919

2020
/**
@@ -44,7 +44,7 @@ public function testHandleSuccess()
4444

4545
// a clone of the token that should be created internally
4646
$uniqueGuardKey = 'my_firewall_0';
47-
$nonAuthedToken = new NonAuthenticatedGuardToken($credentials, $uniqueGuardKey);
47+
$nonAuthedToken = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey);
4848

4949
$this->authenticationManager
5050
->expects($this->once())

src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
2020
{
2121
private $userProvider;
2222
private $userChecker;
23-
private $nonAuthedToken;
23+
private $preAuthenticationToken;
2424

2525
public function testAuthenticate()
2626
{
@@ -32,7 +32,7 @@ public function testAuthenticate()
3232
$authenticators = array($authenticatorA, $authenticatorB, $authenticatorC);
3333

3434
// called 2 times - for authenticator A and B (stops on B because of match)
35-
$this->nonAuthedToken->expects($this->exactly(2))
35+
$this->preAuthenticationToken->expects($this->exactly(2))
3636
->method('getGuardProviderKey')
3737
// it will return the "1" index, which will match authenticatorB
3838
->will($this->returnValue('my_cool_firewall_1'));
@@ -41,7 +41,7 @@ public function testAuthenticate()
4141
'username' => '_weaverryan_test_user',
4242
'password' => 'guard_auth_ftw',
4343
);
44-
$this->nonAuthedToken->expects($this->once())
44+
$this->preAuthenticationToken->expects($this->once())
4545
->method('getCredentials')
4646
->will($this->returnValue($enteredCredentials));
4747

@@ -71,15 +71,15 @@ public function testAuthenticate()
7171
->with($mockedUser);
7272

7373
$provider = new GuardAuthenticationProvider($authenticators, $this->userProvider, $providerKey, $this->userChecker);
74-
$actualAuthedToken = $provider->authenticate($this->nonAuthedToken);
74+
$actualAuthedToken = $provider->authenticate($this->preAuthenticationToken);
7575
$this->assertSame($authedToken, $actualAuthedToken);
7676
}
7777

7878
protected function setUp()
7979
{
8080
$this->userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
8181
$this->userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
82-
$this->nonAuthedToken = $this->getMockBuilder('Symfony\Component\Security\Guard\Token\NonAuthenticatedGuardToken')
82+
$this->preAuthenticationToken = $this->getMockBuilder('Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken')
8383
->disableOriginalConstructor()
8484
->getMock();
8585
}
@@ -88,6 +88,6 @@ protected function tearDown()
8888
{
8989
$this->userProvider = null;
9090
$this->userChecker = null;
91-
$this->nonAuthedToken = null;
91+
$this->preAuthenticationToken = null;
9292
}
9393
}

src/Symfony/Component/Security/Guard/Token/GuardTokenInterface.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
<?php
2+
3+
namespace Symfony\Component\Security\Guard\Token;
4+
5+
/**
6+
* An empty interface that both guard tokens implement
7+
*
8+
* This interface is used by the GuardAuthenticationProvider to know
9+
* that a token belongs to its system.
10+
*
11+
* @author Ryan Weaver <weaverryan@gmail.com>
12+
*/
13+
interface GuardTokenInterface
14+
{
15+
}

src/Symfony/Component/Security/Guard/Token/GenericGuardToken.php renamed to src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -7,17 +7,14 @@
77
use Symfony\Component\Security\Core\User\UserInterface;
88

99
/**
10-
* A generic token used by the AbstractGuardAuthenticator
10+
* Used as an "authenticated" token, though it could be set to not-authenticated later.
1111
*
12-
* This is meant to be used as an "authenticated" token, though it
13-
* could be set to not-authenticated later.
14-
*
15-
* You're free to use this (it's simple) or use any other token for
16-
* your authenticated token
12+
* If you're using Guard authentication, you *must* use a class that implements
13+
* GuardTokenInterface as your authenticated token (like this class).
1714
*
1815
* @author Ryan Weaver <weaverryan@gmail.com>
1916
*/
20-
class GenericGuardToken extends AbstractToken
17+
class PostAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface
2118
{
2219
private $providerKey;
2320

src/Symfony/Component/Security/Guard/Token/NonAuthenticatedGuardToken.php renamed to src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
*
1414
* @author Ryan Weaver <weaverryan@gmail.com>
1515
*/
16-
class NonAuthenticatedGuardToken extends AbstractToken
16+
class PreAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface
1717
{
1818
private $credentials;
1919
private $guardProviderKey;
@@ -51,6 +51,6 @@ public function getCredentials()
5151

5252
public function setAuthenticated($authenticated)
5353
{
54-
throw new \Exception('The NonAuthenticatedGuardToken is *always* not authenticated');
54+
throw new \Exception('The PreAuthenticationGuardToken is *always* not authenticated');
5555
}
5656
}

0 commit comments

Comments
 (0)
0