diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2012-06-20 21:32:48 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2012-06-20 21:33:33 +0200 |
| commit | 1ddd70f2c3d9baeb28f1f13024a100fd25e6fdde (patch) | |
| tree | 88202edf947a8e5d47c79928d3674754bb5305c3 | |
| parent | 47c17d9466eecf765733bc359250faea94aa4b26 (diff) | |
| parent | 1d26f9286503935f3d4670d2087c1194063687be (diff) | |
| download | symfony-security-1ddd70f2c3d9baeb28f1f13024a100fd25e6fdde.zip symfony-security-1ddd70f2c3d9baeb28f1f13024a100fd25e6fdde.tar.gz symfony-security-1ddd70f2c3d9baeb28f1f13024a100fd25e6fdde.tar.bz2 | |
merged 2.0
4 files changed, 69 insertions, 31 deletions
diff --git a/Core/Authentication/Provider/DaoAuthenticationProvider.php b/Core/Authentication/Provider/DaoAuthenticationProvider.php index f17eaa4..f22045f 100644 --- a/Core/Authentication/Provider/DaoAuthenticationProvider.php +++ b/Core/Authentication/Provider/DaoAuthenticationProvider.php @@ -59,7 +59,7 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider throw new BadCredentialsException('The credentials were changed from another session.'); } } else { - if (!$presentedPassword = $token->getCredentials()) { + if ("" === ($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php index f0463ea..32d7971 100644 --- a/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -109,7 +109,7 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter * @param string $username The username to retrieve * @param UsernamePasswordToken $token The Token * - * @return array The user + * @return UserInterface The user * * @throws AuthenticationException if the credentials could not be validated */ diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 05e7d14..d101d01 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -179,7 +179,7 @@ class ExceptionListener protected function setTargetPath(Request $request) { // session isn't required when using http basic authentication mechanism for example - if ($request->hasSession()) { + if ($request->hasSession() && $request->isMethodSafe()) { $request->getSession()->set('_security.target_path', $request->getUri()); } } diff --git a/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php b/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php index e211da4..8bff354 100644 --- a/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php +++ b/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php @@ -35,13 +35,13 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase */ public function testRetrieveUserWhenUsernameIsNotFound() { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\UsernameNotFoundException', null, array(), '', false))) + ->will($this->throwException($this->getMock('Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException', null, array(), '', false))) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $method = new \ReflectionMethod($provider, 'retrieveUser'); $method->setAccessible(true); @@ -53,13 +53,13 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase */ public function testRetrieveUserWhenAnExceptionOccurs() { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') ->will($this->throwException($this->getMock('RuntimeException', null, array(), '', false))) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $method = new \ReflectionMethod($provider, 'retrieveUser'); $method->setAccessible(true); @@ -68,19 +68,19 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase public function testRetrieveUserReturnsUserFromTokenOnReauthentication() { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->never()) ->method('loadUserByUsername') ; - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $token = $this->getSupportedToken(); $token->expects($this->once()) ->method('getUser') ->will($this->returnValue($user)) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $reflection = new \ReflectionMethod($provider, 'retrieveUser'); $reflection->setAccessible(true); $result = $reflection->invoke($provider, null, $token); @@ -90,15 +90,15 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase public function testRetrieveUser() { - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') ->will($this->returnValue($user)) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $method = new \ReflectionMethod($provider, 'retrieveUser'); $method->setAccessible(true); @@ -110,17 +110,55 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase */ public function testCheckAuthenticationWhenCredentialsAreEmpty() { - $provider = $this->getProvider(); + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); + $encoder + ->expects($this->never()) + ->method('isPasswordValid') + ; + + $provider = $this->getProvider(false, false, $encoder); $method = new \ReflectionMethod($provider, 'checkAuthentication'); $method->setAccessible(true); $token = $this->getSupportedToken(); - $token->expects($this->once()) - ->method('getCredentials') - ->will($this->returnValue('')) + $token + ->expects($this->once()) + ->method('getCredentials') + ->will($this->returnValue('')) + ; + + $method->invoke( + $provider, + $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), + $token + ); + } + + public function testCheckAuthenticationWhenCredentialsAre0() + { + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); + $encoder + ->expects($this->once()) + ->method('isPasswordValid') + ->will($this->returnValue(true)) + ; + + $provider = $this->getProvider(false, false, $encoder); + $method = new \ReflectionMethod($provider, 'checkAuthentication'); + $method->setAccessible(true); + + $token = $this->getSupportedToken(); + $token + ->expects($this->once()) + ->method('getCredentials') + ->will($this->returnValue('0')) ; - $method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token); + $method->invoke( + $provider, + $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), + $token + ); } /** @@ -128,7 +166,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase */ public function testCheckAuthenticationWhenCredentialsAreNotValid() { - $encoder = $this->getMock('Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface'); + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); $encoder->expects($this->once()) ->method('isPasswordValid') ->will($this->returnValue(false)) @@ -144,7 +182,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue('foo')) ; - $method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token); + $method->invoke($provider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), $token); } /** @@ -152,7 +190,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase */ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChanged() { - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $user->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foo')) @@ -163,7 +201,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->method('getUser') ->will($this->returnValue($user)); - $dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $dbUser = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $dbUser->expects($this->once()) ->method('getPassword') ->will($this->returnValue('newFoo')) @@ -177,7 +215,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithoutOriginalCredentials() { - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $user->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foo')) @@ -188,7 +226,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->method('getUser') ->will($this->returnValue($user)); - $dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $dbUser = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $dbUser->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foo')) @@ -202,7 +240,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase public function testCheckAuthentication() { - $encoder = $this->getMock('Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface'); + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); $encoder->expects($this->once()) ->method('isPasswordValid') ->will($this->returnValue(true)) @@ -218,12 +256,12 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue('foo')) ; - $method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token); + $method->invoke($provider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), $token); } protected function getSupportedToken() { - $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false); + $mock = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false); $mock ->expects($this->any()) ->method('getProviderKey') @@ -235,7 +273,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase protected function getProvider($user = false, $userChecker = false, $passwordEncoder = null) { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); if (false !== $user) { $userProvider->expects($this->once()) ->method('loadUserByUsername') @@ -244,14 +282,14 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase } if (false === $userChecker) { - $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); + $userChecker = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'); } if (null === $passwordEncoder) { $passwordEncoder = new PlaintextPasswordEncoder(); } - $encoderFactory = $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'); + $encoderFactory = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface'); $encoderFactory ->expects($this->any()) ->method('getEncoder') |