8000 [Security] Dispatch an event when "logout user on change" steps in · symfony/symfony@abec9c1 · GitHub
[go: up one dir, main page]

Skip to content

Commit abec9c1

Browse files
SimperfitRobin Chalas
authored andcommitted
[Security] Dispatch an event when "logout user on change" steps in
1 parent 27d10a6 commit abec9c1

File tree

4 files changed

+84
-0
lines changed

4 files changed

+84
-0
lines changed

src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ CHANGELOG
2323
* Dispatch `SwitchUserEvent` on `security.switch_user`
2424
* Deprecated `Argon2iPasswordEncoder`, use `SodiumPasswordEncoder` instead
2525
* Deprecated `BCryptPasswordEncoder`, use `NativePasswordEncoder` instead
26+
* Added `DeauthenticatedEvent` dispatched in case the user has changed when trying to refresh it
2627

2728
4.2.0
2829
-----
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\Security\Http\Event;
13+
14+
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
15+
use Symfony\Contracts\EventDispatcher\Event;
16+
17+
/**
18+
* Deauthentication happens in case the user has changed when trying to refresh it.
19+
*
20+
* @author Hamza Amrouche <hamza.simperfit@gmail.com>
21+
*/
22+
class DeauthenticatedEvent extends Event
23+
{
24+
private $originalToken;
25+
private $deauthenticatedToken;
26+
27+
public function __construct(TokenInterface $originalToken, TokenInterface $deauthenticatedToken)
28+
{
29+
$this->originalToken = $originalToken;
30+
$this->deauthenticatedToken = $deauthenticatedToken;
31+
}
32+
33+
/**
34+
* @return TokenInterface The token that was deauthenticated during refreshment
35+
*/
36+
public function getDeauthenticatedToken(): TokenInterface
37+
{
38+
return $this->deauthenticatedToken;
39+
}
40+
41+
/**
42+
* @return TokenInterface The original (authenticated) token
43+
*/
44+
public function getOriginalToken(): TokenInterface
45+
{
46+
return $this->originalToken;
47+
}
48+
}

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
use Symfony\Component\Security\Core\Role\SwitchUserRole;
2929
use Symfony\Component\Security\Core\User\UserInterface;
3030
use Symfony\Component\Security\Core\User\UserProviderInterface;
31+
use Symfony\Component\Security\Http\Event\DeauthenticatedEvent;
3132

3233
/**
3334
* ContextListener manages the SecurityContext persistence through a session.
@@ -225,6 +226,10 @@ protected function refreshUser(TokenInterface $token)
225226
$this->logger->debug('Token was deauthenticated after trying to refresh it.');
226227
}
227228

229+
if (null !== $this->dispatcher) {
230+
$this->dispatcher->dispatch(new DeauthenticatedEvent($token, $newToken), DeauthenticatedEvent::class);
231+
}
232+
228233
return null;
229234
}
230235

src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
use Symfony\Component\Security\Core\User\User;
3232
use Symfony\Component\Security\Core\User\UserInterface;
3333
use Symfony\Component\Security\Core\User\UserProviderInterface;
34+
use Symfony\Component\Security\Http\Event\DeauthenticatedEvent;
3435
use Symfony\Component\Security\Http\Firewall\ContextListener;
3536

3637
class ContextListenerTest extends TestCase
@@ -313,6 +314,35 @@ public function testAcceptsProvidersAsTraversable()
313314
$this->assertSame($refreshedUser, $tokenStorage->getToken()->getUser());
314315
}
315316

317+
public function testDeauthenticatedEvent()
318+
{
319+
$tokenStorage = new TokenStorage();
320+
$refreshedUser = new User('foobar', 'baz');
321+
322+
$user = new User('foo', 'bar');
323+
$session = new Session(new MockArraySessionStorage());
324+
$session->set('_security_context_key', serialize(new UsernamePasswordToken($user, '', 'context_key', ['ROLE_USER'])));
325+
326+
$request = new Request();
327+
$request->setSession($session);
328+
$request->cookies->set('MOCKSESSID', true);
329+
330+
$eventDispatcher = new EventDispatcher();
331+
$eventDispatcher->addListener(DeauthenticatedEvent::class, function ($event) use ($user) {
332+
$originalToken = $event->getWrappedEvent()->getOriginalToken();
333+
$this->assertTrue($originalToken->isAuthenticated());
334+
$this->assertEquals($originalToken->getUser(), $user);
335+
$deauthenticatedToken = $event->getWrappedEvent()->getDeauthenticatedToken();
336+
$this->assertFalse($deauthenticatedToken->isAuthenticated());
337+
$this->assertNotEquals($deauthenticatedToken->getUser(), $user);
338+
});
339+
340+
$listener = new ContextListener($tokenStorage, [new NotSupportingUserProvider(), new SupportingUserProvider($refreshedUser)], 'context_key', null, $eventDispatcher);
341+
$listener(new RequestEvent($this->getMockBuilder(HttpKernelInterface::class)->getMock(), $request, HttpKernelInterface::MASTER_REQUEST));
342+
343+
$this->assertNull($tokenStorage->getToken());
344+
}
345+
316346
protected function runSessionOnKernelResponse($newToken, $original = null)
317347
{
318348
$session = new Session(new MockArraySessionStorage());

0 commit comments

Comments
 (0)
0