8000 [Security] Dispatch an event when "logout user on change" steps in by Simperfit · Pull Request #31138 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security] Dispatch an event when "logout user on change" steps in #31138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 28, 2019
Merged

[Security] Dispatch an event when "logout user on change" steps in #31138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ CHANGELOG
* Dispatch `SwitchUserEvent` on `security.switch_user`
* Deprecated `Argon2iPasswordEncoder`, use `SodiumPasswordEncoder` instead
* Deprecated `BCryptPasswordEncoder`, use `NativePasswordEncoder` instead
* Added `DeauthenticatedEvent` dispatched in case the user has changed when trying to refresh it
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is "it" here? The user?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think "it" refers to the Token here. What about "Added DeauthenticatedEvent dispatched in case the user has changed when trying to refresh the token"?


4.2.0
-----
Expand Down
42 changes: 42 additions & 0 deletions src/Symfony/Component/Security/Http/Event/DeauthenticatedEvent.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Http\Event;

use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Contracts\EventDispatcher\Event;

/**
* Deauthentication happens in case the user has changed when trying to refresh it.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sentence should be changed as well

*
* @author Hamza Amrouche <hamza.simperfit@gmail.com>
*/
class DeauthenticatedEvent extends Event
{
private $originalToken;
private $refreshedToken;

public function __construct(TokenInterface $originalToken, TokenInterface $refreshedToken)
{
$this->originalToken = $originalToken;
$this->refreshedToken = $refreshedToken;
}

public function getRefreshedToken(): TokenInterface
{
return $this->refreshedToken;
}

public function getOriginalToken(): TokenInterface
{
return $this->originalToken;
}
}
5 changes: 5 additions & 0 deletions src/Symfony/Component/Security/Http/Firewall/ContextListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
use Symfony\Component\Security\Core\Role\SwitchUserRole;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Event\DeauthenticatedEvent;

/**
* ContextListener manages the SecurityContext persistence through a session.
Expand Down Expand Up @@ -225,6 +226,10 @@ protected function refreshUser(TokenInterface $token)
$this->logger->debug('Token was deauthenticated after trying to refresh it.');
}

if (null !== $this->dispatcher) {
$this->dispatcher->dispatch(new DeauthenticatedEvent($token, $newToken), DeauthenticatedEvent::class);
}

return null;
}

Expand Down
28 changes: 28 additions & 0 deletions src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
View file
Open in desktop
8000
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
use Symfony\Component\Security\Core\User\User;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Event\DeauthenticatedEvent;
use Symfony\Component\Security\Http\Firewall\ContextListener;

class ContextListenerTest extends TestCase
Expand Down Expand Up @@ -313,6 +314,33 @@ public function testAcceptsProvidersAsTraversable()
$this->assertSame($refreshedUser, $tokenStorage->getToken()->getUser());
}

public function testDeauthenticatedEvent()
{
$tokenStorage = new TokenStorage();
$refreshedUser = new User('foobar', 'baz');

$user = new User('foo', 'bar');
$session = new Session(new MockArraySessionStorage());
$session->set('_security_context_key', serialize(new UsernamePasswordToken($user, '', 'context_key', ['ROLE_USER'])));

$request = new Request();
$request->setSession($session);
$request->cookies->set('MOCKSESSID', true);

$eventDispatcher = new EventDispatcher();
$eventDispatcher->addListener(DeauthenticatedEvent::class, function (DeauthenticatedEvent $event) use ($user) {
$this->assertTrue($event->getOriginalToken()->isAuthenticated());
$this->assertEquals($event->getOriginalToken()->getUser(), $user);
$this->assertFalse($event->getRefreshedToken()->isAuthenticated());
$this->assertNotEquals($event->getRefreshedToken()->getUser(), $user);
});

$listener = new ContextListener($tokenStorage, [new NotSupportingUserProvider(), new SupportingUserProvider($refreshedUser)], 'context_key', null, $eventDispatcher);
$listener(new RequestEvent($this->getMockBuilder(HttpKernelInterface::class)->getMock(), $request, HttpKernelInterface::MASTER_REQUEST));

$this->assertNull($tokenStorage->getToken());
}

protected function runSessionOnKernelResponse($newToken, $original = null)
{
$session = new Session(new MockArraySessionStorage());
Expand Down
0