[Security] bug fix in FormAuthenticationEntryPoint

author: Johannes M. Schmitt <schmittjoh@gmail.com> 2011-02-01 21:59:24 +0100
committer: Fabien Potencier <fabien.potencier@gmail.com> 2011-02-02 11:31:28 +0100
commit: 8ae19be583eac472874c0760e075fe6e7db19359 (patch)
tree: 1e1820a6b1800e79e5bc8e513df33066a2278ee4
parent: a204c9269152bf429c366eb238d9a95ea2e8bf9b (diff)
download: symfony-security-8ae19be583eac472874c0760e075fe6e7db19359.zip
symfony-security-8ae19be583eac472874c0760e075fe6e7db19359.tar.gz
symfony-security-8ae19be583eac472874c0760e075fe6e7db19359.tar.bz2
10 files changed, 34 insertions, 28 deletions
diff --git a/Core/Exception/NonceExpiredException.php b/Core/Exception/NonceExpiredException.php
index 5e6a0c5..5544a63 100644
--- a/Core/Exception/NonceExpiredException.php
+++ b/Core/Exception/NonceExpiredException.php
@@ -12,7 +12,7 @@
 namespace Symfony\Component\HttpKernel\Security\EntryPoint;
 
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Log\LoggerInterface;
 
diff --git a/Core/Authentication/EntryPoint/AuthenticationEntryPointInterface.php b/Http/EntryPoint/AuthenticationEntryPointInterface.php
index 7fd64bf..98cbf28 100644
--- a/Core/Authentication/EntryPoint/AuthenticationEntryPointInterface.php
+++ b/Http/EntryPoint/AuthenticationEntryPointInterface.php
@@ -9,8 +9,9 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\Security\Core\Authentication\EntryPoint;
+namespace Symfony\Component\Security\Http\EntryPoint;
 
+use Symfony\Component\EventDispatcher\EventInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\HttpFoundation\Request;
 
@@ -25,8 +26,9 @@ interface AuthenticationEntryPointInterface
     /**
      * Starts the authentication scheme.
      *
+     * @param EventInterface          $event         The "core.security" event
      * @param object                  $request       The request that resulted in an AuthenticationException
      * @param AuthenticationException $authException The exception that started the authentication process
      */
-    function start(Request $request, AuthenticationException $authException = null);
+    function start(EventInterface $event, Request $request, AuthenticationException $authException = null);
 }
diff --git a/Http/EntryPoint/BasicAuthenticationEntryPoint.php b/Http/EntryPoint/BasicAuthenticationEntryPoint.php
index 26bc305..907301c 100644
--- a/Http/EntryPoint/BasicAuthenticationEntryPoint.php
+++ b/Http/EntryPoint/BasicAuthenticationEntryPoint.php
@@ -11,8 +11,9 @@
 
 namespace Symfony\Component\Security\Http\EntryPoint;
 
+use Symfony\Component\EventDispatcher\EventInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\Request;
 
@@ -30,7 +31,7 @@ class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
         $this->realmName = $realmName;
     }
 
-    public function start(Request $request, AuthenticationException $authException = null)
+    public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
     {
         $response = new Response();
         $response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));
diff --git a/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/Http/EntryPoint/DigestAuthenticationEntryPoint.php
index 89ba465..ecc6178 100644
--- a/Http/EntryPoint/DigestAuthenticationEntryPoint.php
+++ b/Http/EntryPoint/DigestAuthenticationEntryPoint.php
@@ -11,8 +11,9 @@
 
 namespace Symfony\Component\Security\Http\EntryPoint;
 
+use Symfony\Component\EventDispatcher\EventInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Core\Exception\NonceExpiredException;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\Request;
@@ -38,7 +39,7 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac
         $this->logger = $logger;
     }
 
-    public function start(Request $request, AuthenticationException $authException = null)
+    public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
     {
         $expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000;
         $signatureValue = md5($expiryTime.':'.$this->key);
diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php
index 0902507..7a18b2f 100644
--- a/Http/EntryPoint/FormAuthenticationEntryPoint.php
+++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php
@@ -11,10 +11,11 @@
 
 namespace Symfony\Component\Security\Http\EntryPoint;
 
+use Symfony\Component\EventDispatcher\EventInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Core\SecurityContext;
 
 /**
@@ -42,7 +43,7 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
     /**
      * {@inheritdoc}
      */
-    public function start(Request $request, AuthenticationException $authException = null)
+    public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
     {
         if ($this->useForward) {
             return $event->getSubject()->handle(Request::create($this->loginPath), HttpKernelInterface::SUB_REQUEST);
diff --git a/Http/EntryPoint/RetryAuthenticationEntryPoint.php b/Http/EntryPoint/RetryAuthenticationEntryPoint.php
index eb32e8a..ed1297f 100644
--- a/Http/EntryPoint/RetryAuthenticationEntryPoint.php
+++ b/Http/EntryPoint/RetryAuthenticationEntryPoint.php
@@ -11,8 +11,9 @@
 
 namespace Symfony\Component\Security\Http\EntryPoint;
 
+use Symfony\Component\EventDispatcher\EventInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\Request;
 
@@ -34,7 +35,7 @@ class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface
         $this->httpsPort = $httpsPort;
     }
 
-    public function start(Request $request, AuthenticationException $authException = null)
+    public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
     {
         $scheme = $request->isSecure() ? 'http' : 'https';
         if ('http' === $scheme && 80 != $this->httpPort) {
diff --git a/Http/Firewall/BasicAuthenticationListener.php b/Http/Firewall/BasicAuthenticationListener.php
index 5cedf49..98443e9 100644
--- a/Http/Firewall/BasicAuthenticationListener.php
+++ b/Http/Firewall/BasicAuthenticationListener.php
@@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Http\Firewall;
 
 use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\HttpKernel\Log\LoggerInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\EventDispatcher\EventInterface;
diff --git a/Http/Firewall/ChannelListener.php b/Http/Firewall/ChannelListener.php
index 39f8eef..49cef7e 100644
--- a/Http/Firewall/ChannelListener.php
+++ b/Http/Firewall/ChannelListener.php
@@ -12,7 +12,7 @@
 namespace Symfony\Component\Security\Http\Firewall;
 
 use Symfony\Component\Security\Http\AccessMap;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\HttpKernel\Log\LoggerInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\EventDispatcher\EventInterface;
@@ -37,7 +37,7 @@ class ChannelListener implements ListenerInterface
     }
 
     /**
-     * 
+     *
      *
      * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
      * @param integer                  $priority   The priority
@@ -53,7 +53,7 @@ class ChannelListener implements ListenerInterface
     public function unregister(EventDispatcherInterface $dispatcher)
     {
     }
-    
+
     /**
      * Handles channel management.
      *
@@ -72,7 +72,7 @@ class ChannelListener implements ListenerInterface
 
             $event->setProcessed();
 
-            return $this->authenticationEntryPoint->start($request);
+            return $this->authenticationEntryPoint->start($event, $request);
         }
 
         if ('http' === $channel && $request->isSecure()) {
@@ -82,7 +82,7 @@ class ChannelListener implements ListenerInterface
 
             $event->setProcessed();
 
-            return $this->authenticationEntryPoint->start($request);
+            return $this->authenticationEntryPoint->start($event, $request);
         }
     }
 }
diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php
index ea6a880..bc731b3 100644
--- a/Http/Firewall/DigestAuthenticationListener.php
+++ b/Http/Firewall/DigestAuthenticationListener.php
@@ -101,7 +101,7 @@ class DigestAuthenticationListener implements ListenerInterface
         try {
             $digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
         } catch (BadCredentialsException $e) {
-            $this->fail($request, $e);
+            $this->fail($event, $request, $e);
 
             return;
         }
@@ -115,7 +115,7 @@ class DigestAuthenticationListener implements ListenerInterface
 
             $serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
         } catch (UsernameNotFoundException $notFound) {
-            $this->fail($request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
+            $this->fail($event, $request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
 
             return;
         }
@@ -125,13 +125,13 @@ class DigestAuthenticationListener implements ListenerInterface
                 $this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse()));
             }
 
-            $this->fail($request, new BadCredentialsException('Incorrect response'));
+            $this->fail($event, $request, new BadCredentialsException('Incorrect response'));
 
             return;
         }
 
         if ($digestAuth->isNonceExpired()) {
-            $this->fail($request, new NonceExpiredException('Nonce has expired/timed out.'));
+            $this->fail($event, $request, new NonceExpiredException('Nonce has expired/timed out.'));
 
             return;
         }
@@ -143,7 +143,7 @@ class DigestAuthenticationListener implements ListenerInterface
         $this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
     }
 
-    protected function fail(Request $request, AuthenticationException $failed)
+    protected function fail(EventInterface $event, Request $request, AuthenticationException $failed)
     {
         $this->securityContext->setToken(null);
 
@@ -151,7 +151,7 @@ class DigestAuthenticationListener implements ListenerInterface
             $this->logger->debug($failed);
         }
 
-        $this->authenticationEntryPoint->start($request, $failed);
+        $this->authenticationEntryPoint->start($event, $request, $failed);
     }
 }
 
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index de90954..66d56b3 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -16,7 +16,7 @@ use Symfony\Bundle\SecurityBundle\Security\AccessDeniedHandler;
 use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
 use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
-use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\HttpKernel\Log\LoggerInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\EventDispatcher\EventInterface;
@@ -87,7 +87,7 @@ class ExceptionListener implements ListenerInterface
             }
 
             try {
-                $response = $this->startAuthentication($request, $exception);
+                $response = $this->startAuthentication($event, $request, $exception);
             } catch (\Exception $e) {
                 $event->set('exception', $e);
 
@@ -101,7 +101,7 @@ class ExceptionListener implements ListenerInterface
                 }
 
                 try {
-                    $response = $this->startAuthentication($request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
+                    $response = $this->startAuthentication($event, $request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
                 } catch (\Exception $e) {
                     $event->set('exception', $e);
 
@@ -151,7 +151,7 @@ class ExceptionListener implements ListenerInterface
         return $response;
     }
 
-    protected function startAuthentication(Request $request, AuthenticationException $reason)
+    protected function startAuthentication(EventInterface $event, Request $request, AuthenticationException $reason)
     {
         $this->context->setToken(null);
 
@@ -165,6 +165,6 @@ class ExceptionListener implements ListenerInterface
 
         $request->getSession()->set('_security.target_path', $request->getUri());
 
-        return $this->authenticationEntryPoint->start($request, $reason);
+        return $this->authenticationEntryPoint->start($event, $request, $reason);
     }
 }
author	Johannes M. Schmitt <schmittjoh@gmail.com>	2011-02-01 21:59:24 +0100
committer	Fabien Potencier <fabien.potencier@gmail.com>	2011-02-02 11:31:28 +0100
commit	8ae19be583eac472874c0760e075fe6e7db19359 (patch)
tree	1e1820a6b1800e79e5bc8e513df33066a2278ee4
parent	a204c9269152bf429c366eb238d9a95ea2e8bf9b (diff)
download	symfony-security-8ae19be583eac472874c0760e075fe6e7db19359.zip symfony-security-8ae19be583eac472874c0760e075fe6e7db19359.tar.gz symfony-security-8ae19be583eac472874c0760e075fe6e7db19359.tar.bz2