[Security] added unit tests for the Authentication sub-namespace

6 files changed, 17 insertions, 10 deletions

diff --git a/Authentication/AuthenticationProviderManager.php b/Authentication/AuthenticationProviderManager.php
index 1b50ccb..78d7225 100644
--- a/Authentication/AuthenticationProviderManager.php
+++ b/Authentication/AuthenticationProviderManager.php
@@ -37,7 +37,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
     public function __construct(array $providers = array(), $eraseCredentials = true)
     {
         $this->setProviders($providers);
-        $this->eraseCredentials = $eraseCredentials;
+        $this->eraseCredentials = (Boolean) $eraseCredentials;
     }
 
     /**
@@ -60,7 +60,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
             try {
                 $result = $provider->authenticate($token);
             } catch (AccountStatusException $e) {
-                $e->setToken($token);
+                $e->setExtraInformation($token);
 
                 throw $e;
             } catch (AuthenticationException $e) {
@@ -69,7 +69,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
         }
 
         if (null !== $result) {
-            if ($this->eraseCredentials) {
+            if (true === $this->eraseCredentials) {
                 $result->eraseCredentials();
             }
 
@@ -80,7 +80,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
             $lastException = new ProviderNotFoundException(sprintf('No Authentication Provider found for token of class "%s".', get_class($token)));
         }
 
-        $lastException->setToken($token);
+        $lastException->setExtraInformation($token);
 
         throw $lastException;
     }
diff --git a/Authentication/Provider/DaoAuthenticationProvider.php b/Authentication/Provider/DaoAuthenticationProvider.php
index b5ae27c..a4fb4c7 100644
--- a/Authentication/Provider/DaoAuthenticationProvider.php
+++ b/Authentication/Provider/DaoAuthenticationProvider.php
@@ -39,9 +39,9 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider
      * @param AccountCheckerInterface  $accountChecker  An AccountCheckerInterface instance
      * @param PasswordEncoderInterface $passwordEncoder A PasswordEncoderInterface instance
      */
-    public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, PasswordEncoderInterface $passwordEncoder = null)
+    public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, PasswordEncoderInterface $passwordEncoder = null, $hideUserNotFoundExceptions = true)
     {
-        parent::__construct($accountChecker);
+        parent::__construct($accountChecker, $hideUserNotFoundExceptions);
 
         if (null === $passwordEncoder) {
             $passwordEncoder = new PlaintextPasswordEncoder();
diff --git a/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
index 1494dcf..e161323 100644
--- a/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
+++ b/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
@@ -53,7 +53,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn
              return null;
          }
 
-        if (null === $token->getUser()) {
+        if (!$user = $token->getUser()) {
             throw new BadCredentialsException('No pre-authenticated principal found in request.');
         }
 /*
@@ -61,7 +61,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn
             throw new BadCredentialsException('No pre-authenticated credentials found in request.');
         }
 */
-        $user = $this->userProvider->loadUserByUsername($token->getUser());
+        $user = $this->userProvider->loadUserByUsername($user);
 
         $this->accountChecker->checkPostAuth($user);
 
diff --git a/Authentication/Token/PreAuthenticatedToken.php b/Authentication/Token/PreAuthenticatedToken.php
index 7466757..9532c53 100644
--- a/Authentication/Token/PreAuthenticatedToken.php
+++ b/Authentication/Token/PreAuthenticatedToken.php
@@ -23,8 +23,8 @@ class PreAuthenticatedToken extends Token
      */
     public function __construct($user, $credentials, array $roles = null)
     {
+        parent::__construct(null === $roles ? array() : $roles);
         if (null !== $roles) {
-            parent::__construct($roles);
             $this->setAuthenticated(true);
         }
 
diff --git a/Authentication/Token/Token.php b/Authentication/Token/Token.php
index 1903cc1..46a97e2 100644
--- a/Authentication/Token/Token.php
+++ b/Authentication/Token/Token.php
@@ -42,6 +42,8 @@ abstract class Token implements TokenInterface
             }
             $this->addRole($role);
         }
+        $this->authenticated = false;
+        $this->immutable = false;
     }
 
     /**
@@ -107,7 +109,7 @@ abstract class Token implements TokenInterface
     }
 
     /**
-     * Removes sensitive information from the token.
+     * {@inheritdoc}
      */
     public function eraseCredentials()
     {
diff --git a/Authentication/Token/TokenInterface.php b/Authentication/Token/TokenInterface.php
index 9dcc820..01753cf 100644
--- a/Authentication/Token/TokenInterface.php
+++ b/Authentication/Token/TokenInterface.php
@@ -66,4 +66,9 @@ interface TokenInterface extends \Serializable
      * @param Boolean $isAuthenticated The authenticated flag
      */
     function setAuthenticated($isAuthenticated);
+
+    /**
+     * Removes sensitive information from the token.
+     */
+    function eraseCredentials();
 }