8000 [Security] AuthenticatorManager to make "authenticators" first-class security by wouterj · Pull Request #33558 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security] AuthenticatorManager to make "authenticators" first-class security #33558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 30 commits into from
Apr 21, 2020
Merged

[Security] AuthenticatorManager to make "authenticators" first-class security #33558

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
c321f4d
Created GuardAuthenticationManager to make Guard first-class Security
wouterj Sep 8, 2019
a6890db
Created HttpBasicAuthenticator and some Guard traits
wouterj Sep 8, 2019
9b7fddd
Integrated GuardAuthenticationManager in the SecurityBundle
wouterj Sep 8, 2019
a172bac
Added FormLogin and Anonymous authenticators
wouterj Dec 13, 2019
526f756
Added GuardManagerListener
wouterj Dec 13, 2019
5013258
Add provider key in PreAuthenticationGuardToken
wouterj Jan 26, 2020
5efa892
Create a new core AuthenticatorInterface
wouterj Jan 26, 2020
fa4b3ec
Implemented password migration for the new authenticators
wouterj Jan 26, 2020
4c06236
Fixes after testing in Demo application
wouterj Jan 26, 2020
873b949
Mark new core authenticators as experimental
wouterj Jan 26, 2020
b923e4c
Enabled remember me for the GuardManagerListener
wouterj Jan 26, 2020
b14a5e8
Moved new authenticator to the HTTP namespace
wouterj Jan 26, 2020
999ec27
Refactor to an event based authentication approach
wouterj Feb 6, 2020
7859977
Removed all mentions of 'guard' in the new system
wouterj Feb 6, 2020
1c810d5
Added support for lazy firewalls
wouterj Feb 9, 2020
ddf430f
Added remember me functionality
wouterj Feb 12, 2020
09bed16
Only load old manager if new system is disabled
wouterj Feb 22, 2020
44cc76f
Use one AuthenticatorManager per firewall
wouterj Feb 29, 2020
bf1a452
Merge AuthenticatorManager and AuthenticatorHandler
wouterj Mar 1, 2020
60d396f
Added automatically CSRF protected authenticators
wouterj Mar 1, 2020
59f49b2
Rename AuthenticatingListener
wouterj Mar 7, 2020
6b9d78d
Added tests
wouterj Mar 7, 2020
ba3754a
Differentiate between interactive and non-interactive authenticators
wouterj Mar 13, 2020
f5e11e5
Reverted changes to the Guard component
wouterj Mar 14, 2020
95edc80
Added pre-authenticated authenticators (X.509 & REMOTE_USER)
wouterj Mar 14, 2020
7ef6a7a
Use the firewall event dispatcher
wouterj Apr 4, 2020
0fe5083
Added JSON login authenticator
wouterj Apr 5, 2020
9ea32c4
Also use authentication failure/success handlers in FormLoginAuthenti…
wouterj Apr 6, 2020
50224aa
Introduce Passport & Badges to extend authenticators
wouterj Apr 9, 2020
b1e040f
Rename providerKey to firewallName for more consistent naming
wouterj Apr 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Implemented password migration for the new authenticators
  • Loading branch information
@wouterj
wouterj committed Apr 20, 2020
commit fa4b3ec2135d3a1682cfaa52c87c03fb4eb7b3ef
4 changes: 4 additions & 0 deletions src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@

namespace Symfony\Component\Security\Guard;

use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;

/**
* An optional interface for "guard" authenticators that deal with user passwords.
*/
Expand All @@ -22,4 +24,6 @@ interface PasswordAuthenticatedInterface
* @param mixed $credentials The user credentials
*/
public function getPassword($credentials): ?string;

/* public function getPasswordEncoder(): ?UserPasswordEncoderInterface; */
}
16 changes: 14 additions & 2 deletions src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProviderTrait.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,20 @@ private function authenticateViaGuard($guardAuthenticator, PreAuthenticationGuar

throw new BadCredentialsException(sprintf('Authentication failed because "%s::checkCredentials()" did not return true.', get_debug_type($guardAuthenticator)));
}
if ($this->userProvider instanceof PasswordUpgraderInterface && $guardAuthenticator instanceof PasswordAuthenticatedInterface && null !== $this->passwordEncoder && (null !== $password = $guardAuthenticator->getPassword($token->getCredentials())) && method_exists($this->passwordEncoder, 'needsRehash') && $this->passwordEncoder->needsRehash($user)) {
$this->userProvider->upgradePassword($user, $this->passwordEncoder->encodePassword($user, $password));

if ($guardAuthenticator instanceof PasswordAuthenticatedInterface
&& null !== $password = $guardAuthenticator->getPassword($token->getCredentials())
&& null !== $passwordEncoder = $this->passwordEncoder ?? (method_exists($guardAuthenticator, 'getPasswordEncoder') ? $guardAuthenticator->getPasswordEncoder() : null)
) {
if (method_exists($passwordEncoder, 'needsRehash') && $passwordEncoder->needsRehash($user)) {
if (!isset($this->userProvider)) {
if ($guardAuthenticator instanceof PasswordUpgraderInterface) {
$guardAuthenticator->upgradePassword($user, $guardAuthenticator->getPasswordEncoder()->encodePassword($user, $password));
}
} elseif ($this->userProvider instanceof PasswordUpgraderInterface) {
$this->userProvider->upgradePassword($user, $passwordEncoder->encodePassword($user, $password));
}
}
}
$this->userChecker->checkPostAuth($user);

Expand Down
0