8000 Adding a new exception and throwing it when the User changes · symfony/symfony@dd485f4 · GitHub
[go: up one dir, main page]
Skip to content

Commit dd485f4

Browse files
weaverryanweaverryan
committed
Adding a new exception and throwing it when the User changes
This is quite technical. As you can see in the provider, the method is called sometimes when the User changes, and so the token becomes de-authenticated (e.g. someone else changes the password between requests). In practice, the user should be unauthenticated. Using the anonymous token did this, but throwing an AccountStatusException seems like a better idea. It needs to be an AccountStatusException because the ExceptionListener from the Firewall looks for exceptions of this class and logs the user out when they are found (because this is their purpose).
1 parent 302235e commit dd485f4

File tree

3 files changed

+37
-4
lines changed

3 files changed

+37
-4
lines changed

src/Symfony/Component/Security/Core/Exception/AuthenticationExpiredException.php

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\Security\Core\Exception;
13+
14+
/**
15+
* AuthenticationServiceException is thrown when an authenticated token becomes un-authentcated between requests.
16+
*
17+
* In practice, this is due to the User changing between requests (e.g. password changes),
18+
* causes the token to become un-authenticated.
19+
*
20+
* @author Ryan Weaver <ryan@knpuniversity.com>
21+
*/
22+
class AuthenticationExpiredException extends AccountStatusException
23+
{
24+
/**
25+
* {@inheritdoc}
26+
*/
27+
public function getMessageKey()
28+
{
29+
return 'Authentication expired because your account information has changed.';
30+
}
31+
}

src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
use Symfony\Component\Security\Core\User\UserInterface;
2222
use Symfony\Component\Security\Core\User\UserProviderInterface;
2323
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
24+
use Symfony\Component\Security\Core\Exception\AuthenticationExpiredException;
2425

2526
/**
2627
* Responsible for accepting the PreAuthenticationGuardToken and calling
@@ -81,8 +82,8 @@ public function authenticate(TokenInterface $token)
8182
return $token;
8283
}
8384

84-
// cause the logout - the token is not authenticated
85-
return new AnonymousToken($this->providerKey, 'anon.');
85+
// this AccountStatusException causes the user to be logged out
86+
throw new AuthenticationExpiredException();
8687
}
8788

8889
// find the *one* GuardAuthenticator that this token originated from

src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,9 @@ public function testAuthenticate()
8181
$this->assertSame($authedToken, $actualAuthedToken);
8282
}
8383

84+
/**
85+
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationExpiredException
86+
*/
8487
public function testGuardWithNoLongerAuthenticatedTriggersLogout()
8588
{
8689
$providerKey = 'my_firewall_abc';
@@ -93,8 +96,6 @@ public function testGuardWithNoLongerAuthenticatedTriggersLogout()
9396

9497
$provider = new GuardAuthenticationProvider(array(), $this->userProvider, $providerKey, $this->userChecker);
9598
$actualToken = $provider->authenticate($token);
96-
// this should return the anonymous user
97-
$this->assertEquals(new AnonymousToken($providerKey, 'anon.'), $actualToken);
9899
}
99100

100101
protected function setUp()

0 commit comments

Comments
 (0)
0