diff options
| author | Johannes Schmitt <schmittjoh@gmail.com> | 2011-03-07 18:17:46 +0100 |
|---|---|---|
| committer | Johannes M. Schmitt <schmittjoh@gmail.com> | 2011-03-10 10:25:32 +0100 |
| commit | f0335ae722034233c2f49179bc6a9bf8ada62633 (patch) | |
| tree | 677ee84bc31216f3a7998e62fdc7838a2076fe4c | |
| parent | c224430de65547bc9a25293b6a8caf2b9029f05c (diff) | |
| download | symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.zip symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.gz symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.bz2 | |
[Security] various changes, see below
- visibility changes from protected to private
- AccountInterface -> UserInterface
- SecurityContext::vote() -> SecurityContext::isGranted()
81 files changed, 784 insertions, 910 deletions
diff --git a/Acl/Dbal/AclProvider.php b/Acl/Dbal/AclProvider.php index 2335f69..9ce4130 100644 --- a/Acl/Dbal/AclProvider.php +++ b/Acl/Dbal/AclProvider.php @@ -43,7 +43,7 @@ class AclProvider implements AclProviderInterface protected $loadedAces; protected $loadedAcls; protected $options; - protected $permissionGrantingStrategy; + private $permissionGrantingStrategy; /** * Constructor @@ -201,12 +201,163 @@ class AclProvider implements AclProviderInterface } /** + * Constructs the query used for looking up object identities and associated + * ACEs, and security identities. + * + * @param array $batch + * @param array $sids + * @throws AclNotFoundException + * @return string + */ + protected function getLookupSql(array $batch, array $sids) + { + // FIXME: add support for filtering by sids (right now we select all sids) + + $ancestorIds = $this->getAncestorIds($batch); + if (0 === count($ancestorIds)) { + throw new AclNotFoundException('There is no ACL for the given object identity.'); + } + + $sql = <<<SELECTCLAUSE + SELECT + o.id as acl_id, + o.object_identifier, + o.parent_object_identity_id, + o.entries_inheriting, + c.class_type, + e.id as ace_id, + e.object_identity_id, + e.field_name, + e.ace_order, + e.mask, + e.granting, + e.granting_strategy, + e.audit_success, + e.audit_failure, + s.username, + s.identifier as security_identifier + FROM + {$this->options['oid_table_name']} o + INNER JOIN {$this->options['class_table_name']} c ON c.id = o.class_id + LEFT JOIN {$this->options['entry_table_name']} e ON ( + e.class_id = o.class_id AND (e.object_identity_id = o.id OR {$this->connection->getDatabasePlatform()->getIsNullExpression('e.object_identity_id')}) + ) + LEFT JOIN {$this->options['sid_table_name']} s ON ( + s.id = e.security_identity_id + ) + + WHERE (o.id = +SELECTCLAUSE; + + $sql .= implode(' OR o.id = ', $ancestorIds).')'; + + return $sql; + } + + protected function getAncestorLookupSql(array $batch) + { + $sql = <<<SELECTCLAUSE + SELECT a.ancestor_id + FROM acl_object_identities o + INNER JOIN acl_classes c ON c.id = o.class_id + INNER JOIN acl_object_identity_ancestors a ON a.object_identity_id = o.id + WHERE ( +SELECTCLAUSE; + + $where = '(o.object_identifier = %s AND c.class_type = %s)'; + for ($i=0,$c=count($batch); $i<$c; $i++) { + $sql .= sprintf( + $where, + $this->connection->quote($batch[$i]->getIdentifier()), + $this->connection->quote($batch[$i]->getType()) + ); + + if ($i+1 < $c) { + $sql .= ' OR '; + } + } + + $sql .= ')'; + + return $sql; + } + + /** + * Constructs the SQL for retrieving child object identities for the given + * object identities. + * + * @param ObjectIdentityInterface $oid + * @param Boolean $directChildrenOnly + * @return string + */ + protected function getFindChildrenSql(ObjectIdentityInterface $oid, $directChildrenOnly) + { + if (false === $directChildrenOnly) { + $query = <<<FINDCHILDREN + SELECT o.object_identifier, c.class_type + FROM + {$this->options['oid_table_name']} as o + INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id + INNER JOIN {$this->options['oid_ancestors_table_name']} as a ON a.object_identity_id = o.id + WHERE + a.ancestor_id = %d AND a.object_identity_id != a.ancestor_id +FINDCHILDREN; + } else { + $query = <<<FINDCHILDREN + SELECT o.object_identifier, c.class_type + FROM {$this->options['oid_table_name']} as o + INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id + WHERE o.parent_object_identity_id = %d +FINDCHILDREN; + } + + return sprintf($query, $this->retrieveObjectIdentityPrimaryKey($oid)); + } + + /** + * Constructs the SQL for retrieving the primary key of the given object + * identity. + * + * @param ObjectIdentityInterface $oid + * @return string + */ + protected function getSelectObjectIdentityIdSql(ObjectIdentityInterface $oid) + { + $query = <<<QUERY + SELECT o.id + FROM %s o + INNER JOIN %s c ON c.id = o.class_id + WHERE o.object_identifier = %s AND c.class_type = %s + LIMIT 1 +QUERY; + + return sprintf( + $query, + $this->options['oid_table_name'], + $this->options['class_table_name'], + $this->connection->quote($oid->getIdentifier()), + $this->connection->quote($oid->getType()) + ); + } + + /** + * Returns the primary key of the passed object identity. + * + * @param ObjectIdentityInterface $oid + * @return integer + */ + protected function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid) + { + return $this->connection->executeQuery($this->getSelectObjectIdentityIdSql($oid))->fetchColumn(); + } + + /** * This method is called when an ACL instance is retrieved from the cache. * * @param AclInterface $acl * @return void */ - protected function updateAceIdentityMap(AclInterface $acl) + private function updateAceIdentityMap(AclInterface $acl) { foreach (array('classAces', 'classFieldAces', 'objectAces', 'objectFieldAces') as $property) { $reflection = new \ReflectionProperty($acl, $property); @@ -227,13 +378,34 @@ class AclProvider implements AclProviderInterface } /** + * Retrieves all the ids which need to be queried from the database + * including the ids of parent ACLs. + * + * @param array $batch + * @return array + */ + private function getAncestorIds(array $batch) + { + $sql = $this->getAncestorLookupSql($batch); + + $ancestorIds = array(); + foreach ($this->connection->executeQuery($sql)->fetchAll() as $data) { + // FIXME: skip ancestors which are cached + + $ancestorIds[] = $data['ancestor_id']; + } + + return $ancestorIds; + } + + /** * Does either overwrite the passed ACE, or saves it in the global identity * map to ensure every ACE only gets instantiated once. * * @param array $aces * @return void */ - protected function doUpdateAceIdentityMap(array &$aces) + private function doUpdateAceIdentityMap(array &$aces) { foreach ($aces as $index => $ace) { if (isset($this->loadedAces[$ace->getId()])) { @@ -254,7 +426,7 @@ class AclProvider implements AclProviderInterface * * @return \SplObjectStorage mapping object identities to ACL instances */ - protected function lookupObjectIdentities(array $batch, array $sids, array $oidLookup) + private function lookupObjectIdentities(array $batch, array $sids, array $oidLookup) { $sql = $this->getLookupSql($batch, $sids); $stmt = $this->connection->executeQuery($sql); @@ -277,7 +449,7 @@ class AclProvider implements AclProviderInterface * @throws \RuntimeException * @return \SplObjectStorage */ - protected function hydrateObjectIdentities(Statement $stmt, array $oidLookup, array $sids) { + private function hydrateObjectIdentities(Statement $stmt, array $oidLookup, array $sids) { $parentIdToFill = new \SplObjectStorage(); $acls = $aces = $emptyArray = array(); $oidCache = $oidLookup; @@ -464,169 +636,4 @@ class AclProvider implements AclProviderInterface return $result; } - - /** - * Constructs the query used for looking up object identities and associated - * ACEs, and security identities. - * - * @param array $batch - * @param array $sids - * @throws AclNotFoundException - * @return string - */ - protected function getLookupSql(array $batch, array $sids) - { - // FIXME: add support for filtering by sids (right now we select all sids) - - $ancestorIds = $this->getAncestorIds($batch); - if (0 === count($ancestorIds)) { - throw new AclNotFoundException('There is no ACL for the given object identity.'); - } - - $sql = <<<SELECTCLAUSE - SELECT - o.id as acl_id, - o.object_identifier, - o.parent_object_identity_id, - o.entries_inheriting, - c.class_type, - e.id as ace_id, - e.object_identity_id, - e.field_name, - e.ace_order, - e.mask, - e.granting, - e.granting_strategy, - e.audit_success, - e.audit_failure, - s.username, - s.identifier as security_identifier - FROM - {$this->options['oid_table_name']} o - INNER JOIN {$this->options['class_table_name']} c ON c.id = o.class_id - LEFT JOIN {$this->options['entry_table_name']} e ON ( - e.class_id = o.class_id AND (e.object_identity_id = o.id OR {$this->connection->getDatabasePlatform()->getIsNullExpression('e.object_identity_id')}) - ) - LEFT JOIN {$this->options['sid_table_name']} s ON ( - s.id = e.security_identity_id - ) - - WHERE (o.id = -SELECTCLAUSE; - - $sql .= implode(' OR o.id = ', $ancestorIds).')'; - - return $sql; - } - - /** - * Retrieves all the ids which need to be queried from the database - * including the ids of parent ACLs. - * - * @param array $batch - * @return array - */ - protected function getAncestorIds(array &$batch) - { - $sql = <<<SELECTCLAUSE - SELECT a.ancestor_id - FROM acl_object_identities o - INNER JOIN acl_classes c ON c.id = o.class_id - INNER JOIN acl_object_identity_ancestors a ON a.object_identity_id = o.id - WHERE ( -SELECTCLAUSE; - - $where = '(o.object_identifier = %s AND c.class_type = %s)'; - for ($i=0,$c=count($batch); $i<$c; $i++) { - $sql .= sprintf( - $where, - $this->connection->quote($batch[$i]->getIdentifier()), - $this->connection->quote($batch[$i]->getType()) - ); - - if ($i+1 < $c) { - $sql .= ' OR '; - } - } - - $sql .= ')'; - - $ancestorIds = array(); - foreach ($this->connection->executeQuery($sql)->fetchAll() as $data) { - // FIXME: skip ancestors which are cached - - $ancestorIds[] = $data['ancestor_id']; - } - - return $ancestorIds; - } - - /** - * Constructs the SQL for retrieving child object identities for the given - * object identities. - * - * @param ObjectIdentityInterface $oid - * @param Boolean $directChildrenOnly - * @return string - */ - protected function getFindChildrenSql(ObjectIdentityInterface $oid, $directChildrenOnly) - { - if (false === $directChildrenOnly) { - $query = <<<FINDCHILDREN - SELECT o.object_identifier, c.class_type - FROM - {$this->options['oid_table_name']} as o - INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id - INNER JOIN {$this->options['oid_ancestors_table_name']} as a ON a.object_identity_id = o.id - WHERE - a.ancestor_id = %d AND a.object_identity_id != a.ancestor_id -FINDCHILDREN; - } else { - $query = <<<FINDCHILDREN - SELECT o.object_identifier, c.class_type - FROM {$this->options['oid_table_name']} as o - INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id - WHERE o.parent_object_identity_id = %d -FINDCHILDREN; - } - - return sprintf($query, $this->retrieveObjectIdentityPrimaryKey($oid)); - } - - /** - * Constructs the SQL for retrieving the primary key of the given object - * identity. - * - * @param ObjectIdentityInterface $oid - * @return string - */ - protected function getSelectObjectIdentityIdSql(ObjectIdentityInterface $oid) - { - $query = <<<QUERY - SELECT o.id - FROM %s o - INNER JOIN %s c ON c.id = o.class_id - WHERE o.object_identifier = %s AND c.class_type = %s - LIMIT 1 -QUERY; - - return sprintf( - $query, - $this->options['oid_table_name'], - $this->options['class_table_name'], - $this->connection->quote($oid->getIdentifier()), - $this->connection->quote($oid->getType()) - ); - } - - /** - * Returns the primary key of the passed object identity. - * - * @param ObjectIdentityInterface $oid - * @return integer - */ - protected function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid) - { - return $this->connection->executeQuery($this->getSelectObjectIdentityIdSql($oid))->fetchColumn(); - } } diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php index 9b36d6a..675366a 100644 --- a/Acl/Dbal/MutableAclProvider.php +++ b/Acl/Dbal/MutableAclProvider.php @@ -34,7 +34,7 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; */ class MutableAclProvider extends AclProvider implements MutableAclProviderInterface, PropertyChangedListener { - protected $propertyChanges; + private $propertyChanges; /** * {@inheritDoc} @@ -726,7 +726,7 @@ QUERY; * @param AclInterface $acl * @return void */ - protected function regenerateAncestorRelations(AclInterface $acl) + private function regenerateAncestorRelations(AclInterface $acl) { $pk = $acl->getId(); $this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk)); @@ -747,7 +747,7 @@ QUERY; * @param array $changes * @return void */ - protected function updateFieldAceProperty($name, array $changes) + private function updateFieldAceProperty($name, array $changes) { $sids = new \SplObjectStorage(); $classIds = new \SplObjectStorage(); @@ -804,7 +804,7 @@ QUERY; * @param array $changes * @return void */ - protected function updateAceProperty($name, array $changes) + private function updateAceProperty($name, array $changes) { list($old, $new) = $changes; @@ -858,7 +858,7 @@ QUERY; * @param \SplObjectStorage $aces * @return void */ - protected function updateAces(\SplObjectStorage $aces) + private function updateAces(\SplObjectStorage $aces) { foreach ($aces as $ace) { $propertyChanges = $aces->offsetGet($ace); diff --git a/Acl/Dbal/Schema.php b/Acl/Dbal/Schema.php index 29907b4..09d60aa 100644 --- a/Acl/Dbal/Schema.php +++ b/Acl/Dbal/Schema.php @@ -18,7 +18,7 @@ use Doctrine\DBAL\Schema\Schema as BaseSchema; * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class Schema extends BaseSchema +final class Schema extends BaseSchema { protected $options; diff --git a/Acl/Domain/Acl.php b/Acl/Domain/Acl.php index 6769617..20f300b 100644 --- a/Acl/Domain/Acl.php +++ b/Acl/Domain/Acl.php @@ -35,17 +35,17 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; */ class Acl implements AuditableAclInterface { - protected $parentAcl; - protected $permissionGrantingStrategy; - protected $objectIdentity; - protected $classAces; - protected $classFieldAces; - protected $objectAces; - protected $objectFieldAces; - protected $id; - protected $loadedSids; - protected $entriesInheriting; - protected $listeners; + private $parentAcl; + private $permissionGrantingStrategy; + private $objectIdentity; + private $classAces; + private $classFieldAces; + private $objectAces; + private $objectFieldAces; + private $id; + private $loadedSids; + private $entriesInheriting; + private $listeners; /** * Constructor @@ -406,7 +406,7 @@ class Acl implements AuditableAclInterface * @throws \OutOfBoundsException * @return void */ - protected function deleteAce($property, $index) + private function deleteAce($property, $index) { $aces =& $this->$property; if (!isset($aces[$index])) { @@ -432,7 +432,7 @@ class Acl implements AuditableAclInterface * @throws \OutOfBoundsException * @return void */ - protected function deleteFieldAce($property, $index, $field) + private function deleteFieldAce($property, $index, $field) { $aces =& $this->$property; if (!isset($aces[$field][$index])) { @@ -462,7 +462,7 @@ class Acl implements AuditableAclInterface * @throws \InvalidArgumentException * @return void */ - protected function insertAce($property, $index, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null) + private function insertAce($property, $index, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null) { if ($index < 0 || $index > count($this->$property)) { throw new \OutOfBoundsException(sprintf('The index must be in the interval [0, %d].', count($this->$property))); @@ -512,7 +512,7 @@ class Acl implements AuditableAclInterface * @throws \OutOfBoundsException * @return void */ - protected function insertFieldAce($property, $index, $field, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null) + private function insertFieldAce($property, $index, $field, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null) { if (0 === strlen($field)) { throw new \InvalidArgumentException('$field cannot be empty.'); @@ -557,37 +557,6 @@ class Acl implements AuditableAclInterface } /** - * Called when a property of the ACL changes - * - * @param string $name - * @param mixed $oldValue - * @param mixed $newValue - * @return void - */ - protected function onPropertyChanged($name, $oldValue, $newValue) - { - foreach ($this->listeners as $listener) { - $listener->propertyChanged($this, $name, $oldValue, $newValue); - } - } - - /** - * Called when a property of an ACE associated with this ACL changes - * - * @param EntryInterface $entry - * @param string $name - * @param mixed $oldValue - * @param mixed $newValue - * @return void - */ - protected function onEntryPropertyChanged(EntryInterface $entry, $name, $oldValue, $newValue) - { - foreach ($this->listeners as $listener) { - $listener->propertyChanged($entry, $name, $oldValue, $newValue); - } - } - - /** * Updates an ACE * * @param string $property @@ -597,7 +566,7 @@ class Acl implements AuditableAclInterface * @throws \OutOfBoundsException * @return void */ - protected function updateAce($property, $index, $mask, $strategy = null) + private function updateAce($property, $index, $mask, $strategy = null) { $aces =& $this->$property; if (!isset($aces[$index])) { @@ -625,7 +594,7 @@ class Acl implements AuditableAclInterface * @throws \OutOfBoundsException * @return void */ - protected function updateAuditing(array &$aces, $index, $auditSuccess, $auditFailure) + private function updateAuditing(array &$aces, $index, $auditSuccess, $auditFailure) { if (!isset($aces[$index])) { throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index)); @@ -654,7 +623,7 @@ class Acl implements AuditableAclInterface * @throws \OutOfBoundsException * @return void */ - protected function updateFieldAce($property, $index, $field, $mask, $strategy = null) + private function updateFieldAce($property, $index, $field, $mask, $strategy = null) { if (0 === strlen($field)) { throw new \InvalidArgumentException('$field cannot be empty.'); @@ -675,4 +644,35 @@ class Acl implements AuditableAclInterface $ace->setStrategy($strategy); } } + + /** + * Called when a property of the ACL changes + * + * @param string $name + * @param mixed $oldValue + * @param mixed $newValue + * @return void + */ + private function onPropertyChanged($name, $oldValue, $newValue) + { + foreach ($this->listeners as $listener) { + $listener->propertyChanged($this, $name, $oldValue, $newValue); + } + } + + /** + * Called when a property of an ACE associated with this ACL changes + * + * @param EntryInterface $entry + * @param string $name + * @param mixed $oldValue + * @param mixed $newValue + * @return void + */ + private function onEntryPropertyChanged(EntryInterface $entry, $name, $oldValue, $newValue) + { + foreach ($this->listeners as $listener) { + $listener->propertyChanged($entry, $name, $oldValue, $newValue); + } + } } diff --git a/Acl/Domain/AclCollectionCache.php b/Acl/Domain/AclCollectionCache.php index 81c88fe..f3fe6f0 100644 --- a/Acl/Domain/AclCollectionCache.php +++ b/Acl/Domain/AclCollectionCache.php @@ -22,9 +22,9 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterf */ class AclCollectionCache { - protected $aclProvider; - protected $objectIdentityRetrievalStrategy; - protected $securityIdentityRetrievalStrategy; + private $aclProvider; + private $objectIdentityRetrievalStrategy; + private $securityIdentityRetrievalStrategy; /** * Constructor diff --git a/Acl/Domain/DoctrineAclCache.php b/Acl/Domain/DoctrineAclCache.php index 3aae00f..eb18986 100644 --- a/Acl/Domain/DoctrineAclCache.php +++ b/Acl/Domain/DoctrineAclCache.php @@ -26,9 +26,9 @@ class DoctrineAclCache implements AclCacheInterface { const PREFIX = 'sf2_acl_'; - protected $cache; - protected $prefix; - protected $permissionGrantingStrategy; + private $cache; + private $prefix; + private $permissionGrantingStrategy; /** * Constructor @@ -145,7 +145,7 @@ class DoctrineAclCache implements AclCacheInterface * @param string $serialized * @return AclInterface */ - protected function unserializeAcl($serialized) + private function unserializeAcl($serialized) { $acl = unserialize($serialized); @@ -203,7 +203,7 @@ class DoctrineAclCache implements AclCacheInterface * @param ObjectIdentityInterface $oid * @return string */ - protected function getDataKeyByIdentity(ObjectIdentityInterface $oid) + private function getDataKeyByIdentity(ObjectIdentityInterface $oid) { return $this->prefix.md5($oid->getType()).sha1($oid->getType()) .'_'.md5($oid->getIdentifier()).sha1($oid->getIdentifier()); @@ -215,7 +215,7 @@ class DoctrineAclCache implements AclCacheInterface * @param string $aclId * @return string */ - protected function getAliasKeyForIdentity($aclId) + private function getAliasKeyForIdentity($aclId) { return $this->prefix.$aclId; } diff --git a/Acl/Domain/Entry.php b/Acl/Domain/Entry.php index 67e76ad..7498b03 100644 --- a/Acl/Domain/Entry.php +++ b/Acl/Domain/Entry.php @@ -23,14 +23,14 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; */ class Entry implements AuditableEntryInterface { - protected $acl; - protected $mask; - protected $id; - protected $securityIdentity; - protected $strategy; - protected $auditFailure; - protected $auditSuccess; - protected $granting; + private $acl; + private $mask; + private $id; + private $securityIdentity; + private $strategy; + private $auditFailure; + private $auditSuccess; + private $granting; /** * Constructor @@ -122,10 +122,10 @@ class Entry implements AuditableEntryInterface /** * Turns on/off auditing on permissions denials. - * + * * Do never call this method directly. Use the respective methods on the * AclInterface instead. - * + * * @param Boolean $boolean * @return void */ @@ -136,10 +136,10 @@ class Entry implements AuditableEntryInterface /** * Turns on/off auditing on permission grants. - * + * * Do never call this method directly. Use the respective methods on the * AclInterface instead. - * + * * @param Boolean $boolean * @return void */ @@ -153,7 +153,7 @@ class Entry implements AuditableEntryInterface * * Do never call this method directly. Use the respective methods on the * AclInterface instead. - * + * * @param integer $mask * @return void */ @@ -167,7 +167,7 @@ class Entry implements AuditableEntryInterface * * Do never call this method directly. Use the respective methods on the * AclInterface instead. - * + * * @param string $strategy * @return void */ diff --git a/Acl/Domain/FieldEntry.php b/Acl/Domain/FieldEntry.php index 430f013..0f71237 100644 --- a/Acl/Domain/FieldEntry.php +++ b/Acl/Domain/FieldEntry.php @@ -22,7 +22,7 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; */ class FieldEntry extends Entry implements FieldAwareEntryInterface { - protected $field; + private $field; /** * Constructor @@ -60,13 +60,7 @@ class FieldEntry extends Entry implements FieldAwareEntryInterface { return serialize(array( $this->field, - $this->mask, - $this->id, - $this->securityIdentity, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - $this->granting, + parent::serialize(), )); } @@ -75,14 +69,7 @@ class FieldEntry extends Entry implements FieldAwareEntryInterface */ public function unserialize($serialized) { - list($this->field, - $this->mask, - $this->id, - $this->securityIdentity, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - $this->granting - ) = unserialize($serialized); + list($this->field, $parentStr) = unserialize($serialized); + parent::unserialize($parentStr); } }
\ No newline at end of file diff --git a/Acl/Domain/ObjectIdentity.php b/Acl/Domain/ObjectIdentity.php index 8fc099b..2cb1352 100644 --- a/Acl/Domain/ObjectIdentity.php +++ b/Acl/Domain/ObjectIdentity.php @@ -22,8 +22,8 @@ use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; */ class ObjectIdentity implements ObjectIdentityInterface { - protected $identifier; - protected $type; + private $identifier; + private $type; /** * Constructor diff --git a/Acl/Domain/PermissionGrantingStrategy.php b/Acl/Domain/PermissionGrantingStrategy.php index 9b44177..8bee157 100644 --- a/Acl/Domain/PermissionGrantingStrategy.php +++ b/Acl/Domain/PermissionGrantingStrategy.php @@ -30,8 +30,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface const ALL = 'all'; const ANY = 'any'; - protected static $noAceException; - protected $auditLogger; + private static $noAceException; + private $auditLogger; public function __construct() { @@ -52,16 +52,6 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface } /** - * Returns the audit logger - * - * @return AuditLoggerInterface - */ - public function getAuditLogger() - { - return $this->auditLogger; - } - - /** * {@inheritDoc} */ public function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false) @@ -153,7 +143,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface * @param Boolean $administrativeMode true turns off audit logging * @return Boolean true, or false; either granting, or denying access respectively. */ - protected function hasSufficientPermissions(AclInterface $acl, array $aces, array $masks, array $sids, $administrativeMode) + private function hasSufficientPermissions(AclInterface $acl, array $aces, array $masks, array $sids, $administrativeMode) { $firstRejectedAce = null; @@ -211,7 +201,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface * @param EntryInterface $ace * @return Boolean */ - protected function isAceApplicable($requiredMask, EntryInterface $ace) + private function isAceApplicable($requiredMask, EntryInterface $ace) { $strategy = $ace->getStrategy(); if (self::ALL === $strategy) { diff --git a/Acl/Domain/RoleSecurityIdentity.php b/Acl/Domain/RoleSecurityIdentity.php index a824032..d3694e6 100644 --- a/Acl/Domain/RoleSecurityIdentity.php +++ b/Acl/Domain/RoleSecurityIdentity.php @@ -21,7 +21,7 @@ use Symfony\Component\Security\Core\Role\Role; */ class RoleSecurityIdentity implements SecurityIdentityInterface { - protected $role; + private $role; /** * Constructor diff --git a/Acl/Domain/SecurityIdentityRetrievalStrategy.php b/Acl/Domain/SecurityIdentityRetrievalStrategy.php index c810e38..1252a0f 100644 --- a/Acl/Domain/SecurityIdentityRetrievalStrategy.php +++ b/Acl/Domain/SecurityIdentityRetrievalStrategy.php @@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Acl\Domain; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver; @@ -27,8 +27,8 @@ use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter; */ class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStrategyInterface { - protected $roleHierarchy; - protected $authenticationTrustResolver; + private $roleHierarchy; + private $authenticationTrustResolver; /** * Constructor diff --git a/Acl/Domain/UserSecurityIdentity.php b/Acl/Domain/UserSecurityIdentity.php index 4073bb4..ac63080 100644 --- a/Acl/Domain/UserSecurityIdentity.php +++ b/Acl/Domain/UserSecurityIdentity.php @@ -12,7 +12,7 @@ namespace Symfony\Component\Security\Acl\Domain; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; /** @@ -22,8 +22,8 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; */ class UserSecurityIdentity implements SecurityIdentityInterface { - protected $username; - protected $class; + private $username; + private $class; /** * Constructor @@ -45,12 +45,12 @@ class UserSecurityIdentity implements SecurityIdentityInterface } /** - * Creates a user security identity from an AccountInterface + * Creates a user security identity from an UserInterface * - * @param AccountInterface $user + * @param UserInterface $user * @return UserSecurityIdentity */ - public static function fromAccount(AccountInterface $user) + public static function fromAccount(UserInterface $user) { return new self($user->getUsername(), get_class($user)); } @@ -65,7 +65,7 @@ class UserSecurityIdentity implements SecurityIdentityInterface { $user = $token->getUser(); - if ($user instanceof AccountInterface) { + if ($user instanceof UserInterface) { return self::fromAccount($user); } diff --git a/Acl/Exception/NotAllAclsFoundException.php b/Acl/Exception/NotAllAclsFoundException.php index 7db9b21..820d933 100644 --- a/Acl/Exception/NotAllAclsFoundException.php +++ b/Acl/Exception/NotAllAclsFoundException.php @@ -22,7 +22,7 @@ namespace Symfony\Component\Security\Acl\Exception; */ class NotAllAclsFoundException extends AclNotFoundException { - protected $partialResult; + private $partialResult; /** * Sets the partial result diff --git a/Acl/Permission/BasicPermissionMap.php b/Acl/Permission/BasicPermissionMap.php index 4818e0c..18006ff 100644 --- a/Acl/Permission/BasicPermissionMap.php +++ b/Acl/Permission/BasicPermissionMap.php @@ -28,7 +28,7 @@ class BasicPermissionMap implements PermissionMapInterface const PERMISSION_MASTER = 'MASTER'; const PERMISSION_OWNER = 'OWNER'; - protected $map = array( + private $map = array( self::PERMISSION_VIEW => array( MaskBuilder::MASK_VIEW, MaskBuilder::MASK_EDIT, diff --git a/Acl/Permission/MaskBuilder.php b/Acl/Permission/MaskBuilder.php index b1c283a..9965228 100644 --- a/Acl/Permission/MaskBuilder.php +++ b/Acl/Permission/MaskBuilder.php @@ -67,7 +67,7 @@ class MaskBuilder const OFF = '.'; const ON = '*'; - protected $mask; + private $mask; /** * Constructor diff --git a/Acl/Voter/AclVoter.php b/Acl/Voter/AclVoter.php index bc70c59..e7811ed 100644 --- a/Acl/Voter/AclVoter.php +++ b/Acl/Voter/AclVoter.php @@ -32,12 +32,12 @@ use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; */ class AclVoter implements VoterInterface { - protected $aclProvider; - protected $permissionMap; - protected $objectIdentityRetrievalStrategy; - protected $securityIdentityRetrievalStrategy; - protected $allowIfObjectIdentityUnavailable; - protected $logger; + private $aclProvider; + private $permissionMap; + private $objectIdentityRetrievalStrategy; + private $securityIdentityRetrievalStrategy; + private $allowIfObjectIdentityUnavailable; + private $logger; public function __construct(AclProviderInterface $aclProvider, ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy, SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy, PermissionMapInterface $permissionMap, LoggerInterface $logger = null, $allowIfObjectIdentityUnavailable = true) { diff --git a/Acl/Voter/FieldVote.php b/Acl/Voter/FieldVote.php index 7b7f39a..01f0c20 100644 --- a/Acl/Voter/FieldVote.php +++ b/Acl/Voter/FieldVote.php @@ -19,8 +19,8 @@ namespace Symfony\Component\Security\Acl\Voter; */ class FieldVote { - protected $domainObject; - protected $field; + private $domainObject; + private $field; public function __construct($domainObject, $field) { diff --git a/Core/Authentication/AuthenticationProviderManager.php b/Core/Authentication/AuthenticationProviderManager.php index ac1e36d..1d85e87 100644 --- a/Core/Authentication/AuthenticationProviderManager.php +++ b/Core/Authentication/AuthenticationProviderManager.php @@ -25,8 +25,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AuthenticationProviderManager implements AuthenticationManagerInterface { - protected $providers; - protected $eraseCredentials; + private $providers; + private $eraseCredentials; /** * Constructor. @@ -34,9 +34,13 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface * @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances * @param Boolean $eraseCredentials Whether to erase credentials after authentication or not */ - public function __construct(array $providers = array(), $eraseCredentials = true) + public function __construct(array $providers, $eraseCredentials = true) { - $this->setProviders($providers); + if (!$providers) { + throw new \InvalidArgumentException('You must at least add one authentication provider.'); + } + + $this->providers = $providers; $this->eraseCredentials = (Boolean) $eraseCredentials; } @@ -45,10 +49,6 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface */ public function authenticate(TokenInterface $token) { - if (!count($this->providers)) { - throw new \LogicException('You must add at least one provider.'); - } - $lastException = null; $result = null; @@ -84,37 +84,4 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface throw $lastException; } - - /** - * Returns the list of current providers. - * - * @return AuthenticationProviderInterface[] An array of AuthenticationProviderInterface instances - */ - public function all() - { - return $this->providers; - } - - /** - * Sets the providers instances. - * - * @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances - */ - public function setProviders(array $providers) - { - $this->providers = array(); - foreach ($providers as $provider) { - $this->add($provider); - } - } - - /** - * Adds a provider. - * - * @param AuthenticationProviderInterface $provider A AuthenticationProviderInterface instance - */ - public function add(AuthenticationProviderInterface $provider) - { - $this->providers[] = $provider; - } } diff --git a/Core/Authentication/AuthenticationTrustResolver.php b/Core/Authentication/AuthenticationTrustResolver.php index f2e00cc..8ca28fb 100644 --- a/Core/Authentication/AuthenticationTrustResolver.php +++ b/Core/Authentication/AuthenticationTrustResolver.php @@ -20,8 +20,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface { - protected $anonymousClass; - protected $rememberMeClass; + private $anonymousClass; + private $rememberMeClass; /** * Constructor diff --git a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php index ad1ad60..c48a27e 100644 --- a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php +++ b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php @@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; */ class AnonymousAuthenticationProvider implements AuthenticationProviderInterface { - protected $key; + private $key; /** * Constructor. diff --git a/Core/Authentication/Provider/DaoAuthenticationProvider.php b/Core/Authentication/Provider/DaoAuthenticationProvider.php index ce0d220..21bec82 100644 --- a/Core/Authentication/Provider/DaoAuthenticationProvider.php +++ b/Core/Authentication/Provider/DaoAuthenticationProvider.php @@ -14,8 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -29,19 +29,19 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; */ class DaoAuthenticationProvider extends UserAuthenticationProvider { - protected $encoderFactory; - protected $userProvider; + private $encoderFactory; + private $userProvider; /** * Constructor. * * @param UserProviderInterface $userProvider A UserProviderInterface instance - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance + * @param UserCheckerInterface $userChecker An UserCheckerInterface instance * @param EncoderFactoryInterface $encoderFactory A EncoderFactoryInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) + public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) { - parent::__construct($accountChecker, $providerKey, $hideUserNotFoundExceptions); + parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions); $this->encoderFactory = $encoderFactory; $this->userProvider = $userProvider; @@ -50,19 +50,19 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider /** * {@inheritdoc} */ - protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token) + protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { - $user = $token->getUser(); - if ($user instanceof AccountInterface) { - if ($account->getPassword() !== $user->getPassword()) { + $currentUser = $token->getUser(); + if ($currentUser instanceof UserInterface) { + if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { - if (!$presentedPassword = (string) $token->getCredentials()) { + if (!$presentedPassword = $token->getCredentials()) { throw new BadCredentialsException('Bad credentials'); } - if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) { + if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('Bad credentials'); } } @@ -74,15 +74,15 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider protected function retrieveUser($username, UsernamePasswordToken $token) { $user = $token->getUser(); - if ($user instanceof AccountInterface) { + if ($user instanceof UserInterface) { return $user; } try { $user = $this->userProvider->loadUserByUsername($username); - if (!$user instanceof AccountInterface) { - throw new AuthenticationServiceException('The user provider must return an AccountInterface object.'); + if (!$user instanceof UserInterface) { + throw new AuthenticationServiceException('The user provider must return an UserInterface object.'); } return $user; diff --git a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php index cca52fc..bf2df86 100644 --- a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php +++ b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php @@ -11,9 +11,9 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -30,20 +30,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderInterface { - protected $userProvider; - protected $accountChecker; - protected $providerKey; + private $userProvider; + private $userChecker; + private $providerKey; /** * Constructor. * * @param UserProviderInterface $userProvider A UserProviderInterface instance - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance + * @param UserCheckerInterface $userChecker An UserCheckerInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey) + public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey) { $this->userProvider = $userProvider; - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; } @@ -66,7 +66,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn */ $user = $this->userProvider->loadUserByUsername($user); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); diff --git a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php index 95ee588..940288b 100644 --- a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php +++ b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php @@ -1,21 +1,21 @@ <?php namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Core\Exception\BadCredentialsException; class RememberMeAuthenticationProvider implements AuthenticationProviderInterface { - protected $accountChecker; - protected $key; - protected $providerKey; + private $userChecker; + private $key; + private $providerKey; - public function __construct(AccountCheckerInterface $accountChecker, $key, $providerKey) + public function __construct(UserCheckerInterface $userChecker, $key, $providerKey) { - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->key = $key; $this->providerKey = $providerKey; } @@ -31,11 +31,12 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac } $user = $token->getUser(); - $this->accountChecker->checkPreAuth($user); - $this->accountChecker->checkPostAuth($user); - $token->setAuthenticated(true); + $this->userChecker->checkPostAuth($user); - return $token; + $authenticatedToken = new RememberMeToken($user, $this->providerKey, $this->key); + $authenticatedToken->setAttributes($token->getAttributes()); + + return $authenticatedToken; } public function supports(TokenInterface $token) diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php index 14a6fdf..7b6079d 100644 --- a/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -27,23 +27,23 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ abstract class UserAuthenticationProvider implements AuthenticationProviderInterface { - protected $hideUserNotFoundExceptions; - protected $accountChecker; - protected $providerKey; + private $hideUserNotFoundExceptions; + private $userChecker; + private $providerKey; /** * Constructor. * - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface interface + * @param UserCheckerInterface $userChecker An UserCheckerInterface interface * @param Boolean $hideUserNotFoundExceptions Whether to hide user not found exception or not */ - public function __construct(AccountCheckerInterface $accountChecker, $providerKey, $hideUserNotFoundExceptions = true) + public function __construct(UserCheckerInterface $userChecker, $providerKey, $hideUserNotFoundExceptions = true) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions; } @@ -57,18 +57,21 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter return null; } - $username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token; + $username = $token->getUsername(); + if (empty($username)) { + $username = 'NONE_PROVIDED'; + } try { $user = $this->retrieveUser($username, $token); - if (!$user instanceof AccountInterface) { - throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.'); + if (!$user instanceof UserInterface) { + throw new AuthenticationServiceException('retrieveUser() must return an UserInterface.'); } - $this->accountChecker->checkPreAuth($user); + $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $token); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); @@ -107,10 +110,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter * Does additional checks on the user and token (like validating the * credentials). * - * @param AccountInterface $account The retrieved AccountInterface instance + * @param UserInterface $user The retrieved UserInterface instance * @param UsernamePasswordToken $token The UsernamePasswordToken token to be authenticated * * @throws AuthenticationException if the credentials could not be validated */ - abstract protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token); + abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token); } diff --git a/Core/Authentication/RememberMe/InMemoryTokenProvider.php b/Core/Authentication/RememberMe/InMemoryTokenProvider.php index 80c10d1..c432b0e 100644 --- a/Core/Authentication/RememberMe/InMemoryTokenProvider.php +++ b/Core/Authentication/RememberMe/InMemoryTokenProvider.php @@ -11,7 +11,7 @@ use Symfony\Component\Security\Core\Exception\TokenNotFoundException; */ class InMemoryTokenProvider implements TokenProviderInterface { - protected $tokens = array(); + private $tokens = array(); public function loadTokenBySeries($series) { diff --git a/Core/Authentication/Token/Token.php b/Core/Authentication/Token/AbstractToken.php index ac0879f..3839154 100644 --- a/Core/Authentication/Token/Token.php +++ b/Core/Authentication/Token/AbstractToken.php @@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Core\Authentication\Token; use Symfony\Component\Security\Core\Role\RoleInterface; use Symfony\Component\Security\Core\Role\Role; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * Base class for Token instances. @@ -21,15 +21,12 @@ use Symfony\Component\Security\Core\User\AccountInterface; * @author Fabien Potencier <fabien@symfony.com> * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -abstract class Token implements TokenInterface +abstract class AbstractToken implements TokenInterface { - protected $roles; - protected $authenticated; - protected $user; - protected $credentials; - protected $immutable; - protected $providerKey; - protected $attributes; + private $user; + private $roles; + private $authenticated; + private $attributes; /** * Constructor. @@ -38,156 +35,93 @@ abstract class Token implements TokenInterface */ public function __construct(array $roles = array()) { - $this->setRoles($roles); $this->authenticated = false; - $this->immutable = false; $this->attributes = array(); - } - - /** - * Adds a Role to the token. - * - * @param RoleInterface $role A RoleInterface instance - */ - public function addRole(RoleInterface $role) - { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); - } - - $this->roles[] = $role; - } - /** - * {@inheritdoc} - */ - public function getRoles() - { - return $this->roles; - } - - /** - * {@inheritDoc} - */ - public function setRoles(array $roles) - { $this->roles = array(); - foreach ($roles as $role) { if (is_string($role)) { $role = new Role($role); + } else if (!$role instanceof RoleInterface) { + throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or RoleInterface instances, but got %s.', gettype($role))); } - $this->addRole($role); + $this->roles[] = $role; } } /** * {@inheritdoc} */ - public function __toString() - { - if ($this->user instanceof AccountInterface) { - return $this->user->getUsername(); - } - - return (string) $this->user; - } - - /** - * {@inheritdoc} - */ - public function isAuthenticated() + public function getRoles() { - return $this->authenticated; + return $this->roles; } /** * {@inheritdoc} */ - public function setAuthenticated($authenticated) + public function getUsername() { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if ($this->user instanceof UserInterface) { + return $this->user->getUsername(); } - $this->authenticated = (Boolean) $authenticated; - } - - /** - * {@inheritdoc} - */ - public function getCredentials() - { - return $this->credentials; + return (string) $this->user; } - /** - * {@inheritdoc} - */ public function getUser() { return $this->user; } - /** - * {@inheritDoc} - */ public function setUser($user) { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if (!($user instanceof UserInterface || (is_object($user) && method_exists($user, '__toString')) || is_string($user))) { + throw new \InvalidArgumentException('$user must be an instanceof of UserInterface, an object implementing a __toString method, or a primitive string.'); } - if (!is_string($user) && !is_object($user)) { - throw new \InvalidArgumentException('$user must be an object, or a primitive string.'); - } else if (is_object($user) && !$user instanceof AccountInterface && !method_exists($user, '__toString')) { - throw new \InvalidArgumentException('If $user is an object, it must implement __toString().'); + if (null === $this->user) { + $changed = false; + } else if ($this->user instanceof UserInterface) { + $changed = $this->user->equals($user); + } else if ($user instanceof UserInterface) { + $changed = true; + } else { + $changed = (string) $this->user === (string) $user; } - $this->user = $user; - } - - /** - * {@inheritdoc} - */ - public function eraseCredentials() - { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if ($changed) { + $this->setAuthenticated(false); } - if ($this->getCredentials() instanceof AccountInterface) { - $this->getCredentials()->eraseCredentials(); - } - - if ($this->getUser() instanceof AccountInterface) { - $this->getUser()->eraseCredentials(); - } + $this->user = $user; } /** * {@inheritdoc} */ - public function isImmutable() + public function isAuthenticated() { - return $this->immutable; + return $this->authenticated; } /** * {@inheritdoc} */ - public function setImmutable() + public function setAuthenticated($authenticated) { - $this->immutable = true; + $this->authenticated = (Boolean) $authenticated; } /** * {@inheritdoc} */ - public function getProviderKey() + public function eraseCredentials() { - return $this->providerKey; + if ($this->getUser() instanceof UserInterface) { + $this->getUser()->eraseCredentials(); + } } /** @@ -195,7 +129,7 @@ abstract class Token implements TokenInterface */ public function serialize() { - return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes)); + return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes)); } /** @@ -203,7 +137,7 @@ abstract class Token implements TokenInterface */ public function unserialize($serialized) { - list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes) = unserialize($serialized); + list($this->user, $this->authenticated, $this->roles, $this->attributes) = unserialize($serialized); } /** diff --git a/Core/Authentication/Token/AnonymousToken.php b/Core/Authentication/Token/AnonymousToken.php index a22460f..92d95de 100644 --- a/Core/Authentication/Token/AnonymousToken.php +++ b/Core/Authentication/Token/AnonymousToken.php @@ -16,10 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class AnonymousToken extends Token +use Symfony\Component\Security\Core\User\UserInterface; + +class AnonymousToken extends AbstractToken { - protected $user; - protected $key; + private $key; /** * Constructor. @@ -33,9 +34,8 @@ class AnonymousToken extends Token parent::__construct($roles); $this->key = $key; - $this->user = $user; - - parent::setAuthenticated(true); + $this->setUser($user); + $this->setAuthenticated(true); } /** @@ -55,4 +55,21 @@ class AnonymousToken extends Token { return $this->key; } + + /** + * {@inheritDoc} + */ + public function serialize() + { + return serialize(array($this->key, parent::serialize())); + } + + /** + * {@inheritDoc} + */ + public function unserialize($str) + { + list($this->key, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authentication/Token/PreAuthenticatedToken.php b/Core/Authentication/Token/PreAuthenticatedToken.php index 0db56bd..ff0572f 100644 --- a/Core/Authentication/Token/PreAuthenticatedToken.php +++ b/Core/Authentication/Token/PreAuthenticatedToken.php @@ -16,21 +16,39 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class PreAuthenticatedToken extends Token +class PreAuthenticatedToken extends AbstractToken { + private $credentials; + private $providerKey; + /** * Constructor. */ - public function __construct($user, $credentials, $providerKey, array $roles = null) + public function __construct($user, $credentials, $providerKey, array $roles = array()) { - parent::__construct(null === $roles ? array() : $roles); - if (null !== $roles) { - $this->setAuthenticated(true); + parent::__construct($roles); + + if (empty($providerKey)) { + throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->user = $user; + $this->setUser($user); $this->credentials = $credentials; $this->providerKey = $providerKey; + + if ($roles) { + $this->setAuthenticated(true); + } + } + + public function getProviderKey() + { + return $this->providerKey; + } + + public function getCredentials() + { + return $this->credentials; } /** @@ -42,4 +60,15 @@ class PreAuthenticatedToken extends Token $this->credentials = null; } + + public function serialize() + { + return serialize(array($this->credentials, $this->providerKey, parent::serialize())); + } + + public function unserialize($str) + { + list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authentication/Token/RememberMeToken.php b/Core/Authentication/Token/RememberMeToken.php index ce1ed5d..a502cdb 100644 --- a/Core/Authentication/Token/RememberMeToken.php +++ b/Core/Authentication/Token/RememberMeToken.php @@ -12,46 +12,50 @@ namespace Symfony\Component\Security\Core\Authentication\Token; use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentTokenInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** - * Base class for "Remember Me" tokens + * Authentication Token for "Remember-Me". * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class RememberMeToken extends Token +class RememberMeToken extends AbstractToken { - protected $key; - - /** - * The persistent token which resulted in this authentication token. - * - * @var PersistentTokenInterface - */ - protected $persistentToken; + private $key; + private $providerKey; + private $persistentToken; /** * Constructor. * - * @param string $username + * @param UserInterface $user + * @param string $providerKey * @param string $key */ - public function __construct(AccountInterface $user, $providerKey, $key) { + public function __construct(UserInterface $user, $providerKey, $key, PersistentTokenInterface $persistentToken = null) { parent::__construct($user->getRoles()); if (empty($key)) { throw new \InvalidArgumentException('$key must not be empty.'); } + if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->setUser($user); $this->providerKey = $providerKey; $this->key = $key; + $this->persistentToken = $persistentToken; + + $this->setUser($user); $this->setAuthenticated(true); } + public function getProviderKey() + { + return $this->providerKey; + } + public function getKey() { return $this->key; @@ -62,18 +66,21 @@ class RememberMeToken extends Token return $this->persistentToken; } - public function setPersistentToken(PersistentTokenInterface $persistentToken) + public function getCredentials() { - $this->persistentToken = $persistentToken; + return ''; } - /** * {@inheritdoc} */ public function serialize() { - return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key)); + return serialize(array( + $this->key, + $this->providerKey, + parent::serialize(), + )); } /** @@ -81,6 +88,7 @@ class RememberMeToken extends Token */ public function unserialize($serialized) { - list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key) = unserialize($serialized); + list($this->key, $this->providerKey, $parentStr) = unserialize($serialized); + parent::unserialize($parentStr); } }
\ No newline at end of file diff --git a/Core/Authentication/Token/TokenInterface.php b/Core/Authentication/Token/TokenInterface.php index f3947dd..add550f 100644 --- a/Core/Authentication/Token/TokenInterface.php +++ b/Core/Authentication/Token/TokenInterface.php @@ -11,23 +11,17 @@ namespace Symfony\Component\Security\Core\Authentication\Token; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * TokenInterface is the interface for the user authentication information. * * @author Fabien Potencier <fabien@symfony.com> + * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ interface TokenInterface extends \Serializable { /** - * Returns a string representation of the token. - * - * @return string A string representation - */ - function __toString(); - - /** * Returns the user roles. * * @return Role[] An array of Role instances. @@ -35,14 +29,6 @@ interface TokenInterface extends \Serializable function getRoles(); /** - * Sets the user's roles - * - * @param array $roles - * @return void - */ - function setRoles(array $roles); - - /** * Returns the user credentials. * * @return mixed The user credentials @@ -58,14 +44,20 @@ interface TokenInterface extends \Serializable function getUser(); /** - * Sets the user. + * Sets a user. * - * @param mixed $user can either be an object which implements __toString(), or - * only a primitive string + * @param mixed $user */ function setUser($user); /** + * Returns the username. + * + * @return string + */ + function getUsername(); + + /** * Checks if the user is authenticated or not. * * @return Boolean true if the token has been authenticated, false otherwise @@ -80,22 +72,6 @@ interface TokenInterface extends \Serializable function setAuthenticated($isAuthenticated); /** - * Whether this token is considered immutable - * - * @return Boolean - */ - function isImmutable(); - - /** - * Marks this token as immutable. This change cannot be reversed. - * - * You'll need to create a new token if you want a mutable token again. - * - * @return void - */ - function setImmutable(); - - /** * Removes sensitive information from the token. */ function eraseCredentials(); diff --git a/Core/Authentication/Token/UsernamePasswordToken.php b/Core/Authentication/Token/UsernamePasswordToken.php index 58b2b5b..67311db 100644 --- a/Core/Authentication/Token/UsernamePasswordToken.php +++ b/Core/Authentication/Token/UsernamePasswordToken.php @@ -16,8 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class UsernamePasswordToken extends Token +class UsernamePasswordToken extends AbstractToken { + private $credentials; + private $providerKey; + /** * Constructor. * @@ -28,11 +31,15 @@ class UsernamePasswordToken extends Token { parent::__construct($roles); + if (empty($providerKey)) { + throw new \InvalidArgumentException('$providerKey must not be empty.'); + } + $this->setUser($user); $this->credentials = $credentials; $this->providerKey = $providerKey; - parent::setAuthenticated((Boolean) count($roles)); + parent::setAuthenticated(count($roles) > 0); } /** @@ -47,6 +54,16 @@ class UsernamePasswordToken extends Token parent::setAuthenticated(false); } + public function getCredentials() + { + return $this->credentials; + } + + public function getProviderKey() + { + return $this->providerKey; + } + /** * {@inheritdoc} */ @@ -56,4 +73,15 @@ class UsernamePasswordToken extends Token $this->credentials = null; } + + public function serialize() + { + return serialize(array($this->credentials, $this->providerKey, parent::serialize())); + } + + public function unserialize($str) + { + list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authorization/AccessDecisionManager.php b/Core/Authorization/AccessDecisionManager.php index 7ae5378..c1b643e 100644 --- a/Core/Authorization/AccessDecisionManager.php +++ b/Core/Authorization/AccessDecisionManager.php @@ -22,10 +22,10 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AccessDecisionManager implements AccessDecisionManagerInterface { - protected $voters; - protected $strategy; - protected $allowIfAllAbstainDecisions; - protected $allowIfEqualGrantedDeniedDecisions; + private $voters; + private $strategy; + private $allowIfAllAbstainDecisions; + private $allowIfEqualGrantedDeniedDecisions; /** * Constructor. @@ -34,8 +34,12 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * @param string $strategy The vote strategy * @param Boolean $allowIfAllAbstainDecisions Whether to grant access if all voters abstained or not */ - public function __construct(array $voters = array(), $strategy = 'affirmative', $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true) + public function __construct(array $voters, $strategy = 'affirmative', $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true) { + if (!$voters) { + throw new \InvalidArgumentException('You must at least add one voter.'); + } + $this->voters = $voters; $this->strategy = 'decide'.ucfirst($strategy); $this->allowIfAllAbstainDecisions = (Boolean) $allowIfAllAbstainDecisions; @@ -51,43 +55,6 @@ class AccessDecisionManager implements AccessDecisionManagerInterface } /** - * Returns all voters. - * - * @return VoterInterface[] $voters An array of VoterInterface instances - */ - public function getVoters() - { - return $this->voters; - } - - /** - * Sets voters. - * - * @param VoterInterface[] $voters An array of VoterInterface instances - */ - public function setVoters(array $voters) - { - if (!count($voters)) { - throw new \LogicException('You must have at least one voter.'); - } - - $this->voters = array(); - foreach ($voters as $voter) { - $this->addVoter($voter); - } - } - - /** - * Adds a voter. - * - * @param VoterInterface $voter A VoterInterface instance - */ - public function addVoter(VoterInterface $voter) - { - $this->voters[] = $voter; - } - - /** * {@inheritdoc} */ public function supportsAttribute($attribute) @@ -121,7 +88,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - protected function decideAffirmative(TokenInterface $token, array $attributes, $object = null) + private function decideAffirmative(TokenInterface $token, array $attributes, $object = null) { $deny = 0; foreach ($this->voters as $voter) { @@ -161,7 +128,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - protected function decideConsensus(TokenInterface $token, array $attributes, $object = null) + private function decideConsensus(TokenInterface $token, array $attributes, $object = null) { $grant = 0; $deny = 0; @@ -208,7 +175,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - protected function decideUnanimous(TokenInterface $token, array $attributes, $object = null) + private function decideUnanimous(TokenInterface $token, array $attributes, $object = null) { $grant = 0; foreach ($attributes as $attribute) { diff --git a/Core/Authorization/Voter/AuthenticatedVoter.php b/Core/Authorization/Voter/AuthenticatedVoter.php index 3b5ca97..d750e33 100644 --- a/Core/Authorization/Voter/AuthenticatedVoter.php +++ b/Core/Authorization/Voter/AuthenticatedVoter.php @@ -29,7 +29,7 @@ class AuthenticatedVoter implements VoterInterface const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED'; const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY'; - protected $authenticationTrustResolver; + private $authenticationTrustResolver; /** * Constructor. diff --git a/Core/Authorization/Voter/RoleHierarchyVoter.php b/Core/Authorization/Voter/RoleHierarchyVoter.php index 5c1e11e..c8f9b7e 100644 --- a/Core/Authorization/Voter/RoleHierarchyVoter.php +++ b/Core/Authorization/Voter/RoleHierarchyVoter.php @@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; */ class RoleHierarchyVoter extends RoleVoter { - protected $roleHierarchy; + private $roleHierarchy; public function __construct(RoleHierarchyInterface $roleHierarchy, $prefix = 'ROLE_') { diff --git a/Core/Authorization/Voter/RoleVoter.php b/Core/Authorization/Voter/RoleVoter.php index 3a1aa2d..722675d 100644 --- a/Core/Authorization/Voter/RoleVoter.php +++ b/Core/Authorization/Voter/RoleVoter.php @@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class RoleVoter implements VoterInterface { - protected $prefix; + private $prefix; /** * Constructor. diff --git a/Core/Encoder/EncoderFactory.php b/Core/Encoder/EncoderFactory.php index 80a7a61..d6441d9 100644 --- a/Core/Encoder/EncoderFactory.php +++ b/Core/Encoder/EncoderFactory.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * A generic encoder factory implementation @@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\User\AccountInterface; */ class EncoderFactory implements EncoderFactoryInterface { - protected $encoders; + private $encoders; public function __construct(array $encoders) { @@ -30,10 +30,10 @@ class EncoderFactory implements EncoderFactoryInterface /** * {@inheritDoc} */ - public function getEncoder(AccountInterface $account) + public function getEncoder(UserInterface $user) { foreach ($this->encoders as $class => $encoder) { - if (!$account instanceof $class) { + if (!$user instanceof $class) { continue; } @@ -44,7 +44,7 @@ class EncoderFactory implements EncoderFactoryInterface return $this->encoders[$class]; } - throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".', get_class($account))); + throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".', get_class($user))); } /** @@ -53,7 +53,7 @@ class EncoderFactory implements EncoderFactoryInterface * @param array $config * @return PasswordEncoderInterface */ - protected function createEncoder(array $config) + private function createEncoder(array $config) { if (!isset($config['class'])) { throw new \InvalidArgumentException(sprintf('"class" must be set in %s.', json_encode($config))); diff --git a/Core/Encoder/EncoderFactoryInterface.php b/Core/Encoder/EncoderFactoryInterface.php index a4b7d3b..62cc9aa 100644 --- a/Core/Encoder/EncoderFactoryInterface.php +++ b/Core/Encoder/EncoderFactoryInterface.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * EncoderFactoryInterface to support different encoders for different accounts. @@ -23,8 +23,8 @@ interface EncoderFactoryInterface /** * Returns the password encoder to use for the given account * - * @param AccountInterface $account + * @param UserInterface $user * @return PasswordEncoderInterface never null */ - function getEncoder(AccountInterface $account); + function getEncoder(UserInterface $user); }
\ No newline at end of file diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index b69cf6e..a5b2c81 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -18,8 +18,8 @@ namespace Symfony\Component\Security\Core\Encoder; */ class MessageDigestPasswordEncoder extends BasePasswordEncoder { - protected $algorithm; - protected $encodeHashAsBase64; + private $algorithm; + private $encodeHashAsBase64; /** * Constructor. diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php index 48c19fb..21a9a97 100644 --- a/Core/Encoder/PlaintextPasswordEncoder.php +++ b/Core/Encoder/PlaintextPasswordEncoder.php @@ -18,7 +18,7 @@ namespace Symfony\Component\Security\Core\Encoder; */ class PlaintextPasswordEncoder extends BasePasswordEncoder { - protected $ignorePasswordCase; + private $ignorePasswordCase; public function __construct($ignorePasswordCase = false) { diff --git a/Core/Exception/AuthenticationException.php b/Core/Exception/AuthenticationException.php index a01d6b8..074dad0 100644 --- a/Core/Exception/AuthenticationException.php +++ b/Core/Exception/AuthenticationException.php @@ -18,7 +18,7 @@ namespace Symfony\Component\Security\Core\Exception; */ class AuthenticationException extends \RuntimeException implements \Serializable { - protected $extraInformation; + private $extraInformation; public function __construct($message, $extraInformation = null, $code = 0, \Exception $previous = null) { diff --git a/Core/Exception/UnsupportedAccountException.php b/Core/Exception/UnsupportedUserException.php index 9859c1d..5be9bc4 100644 --- a/Core/Exception/UnsupportedAccountException.php +++ b/Core/Exception/UnsupportedUserException.php @@ -13,10 +13,10 @@ namespace Symfony\Component\Security\Core\Exception; /** * This exception is thrown when an account is reloaded from a provider which - * doesn't support the passed implementation of AccountInterface. + * doesn't support the passed implementation of UserInterface. * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class UnsupportedAccountException extends AuthenticationServiceException +class UnsupportedUserException extends AuthenticationServiceException { }
\ No newline at end of file diff --git a/Core/Role/Role.php b/Core/Role/Role.php index 4e22340..5b50981 100644 --- a/Core/Role/Role.php +++ b/Core/Role/Role.php @@ -19,7 +19,7 @@ namespace Symfony\Component\Security\Core\Role; */ class Role implements RoleInterface { - protected $role; + private $role; /** * Constructor. diff --git a/Core/Role/RoleHierarchy.php b/Core/Role/RoleHierarchy.php index 5217b53..a368a44 100644 --- a/Core/Role/RoleHierarchy.php +++ b/Core/Role/RoleHierarchy.php @@ -18,8 +18,8 @@ namespace Symfony\Component\Security\Core\Role; */ class RoleHierarchy implements RoleHierarchyInterface { - protected $hierarchy; - protected $map; + private $hierarchy; + private $map; /** * Constructor. @@ -56,7 +56,7 @@ class RoleHierarchy implements RoleHierarchyInterface return $reachableRoles; } - protected function buildRoleMap() + private function buildRoleMap() { $this->map = array(); foreach ($this->hierarchy as $main => $roles) { diff --git a/Core/Role/SwitchUserRole.php b/Core/Role/SwitchUserRole.php index 1305841..c679584 100644 --- a/Core/Role/SwitchUserRole.php +++ b/Core/Role/SwitchUserRole.php @@ -21,7 +21,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class SwitchUserRole extends Role { - protected $source; + private $source; /** * Constructor. diff --git a/Core/SecurityContext.php b/Core/SecurityContext.php index 68ee2e0..76ec4c1 100644 --- a/Core/SecurityContext.php +++ b/Core/SecurityContext.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; @@ -28,10 +28,10 @@ use Symfony\Component\Security\Acl\Voter\FieldVote; */ class SecurityContext implements SecurityContextInterface { - protected $token; - protected $accessDecisionManager; - protected $authenticationManager; - protected $alwaysAuthenticate; + private $token; + private $accessDecisionManager; + private $authenticationManager; + private $alwaysAuthenticate; /** * Constructor. @@ -45,7 +45,7 @@ class SecurityContext implements SecurityContextInterface $this->alwaysAuthenticate = $alwaysAuthenticate; } - public final function vote($attributes, $object = null) + public final function isGranted($attributes, $object = null) { if (null === $this->token) { throw new AuthenticationCredentialsNotFoundException('The security context contains no authentication token.'); diff --git a/Core/SecurityContextInterface.php b/Core/SecurityContextInterface.php index fd205d6..a811557 100644 --- a/Core/SecurityContextInterface.php +++ b/Core/SecurityContextInterface.php @@ -16,6 +16,6 @@ interface SecurityContextInterface const LAST_USERNAME = '_security.last_username'; function getToken(); - function setToken(TokenInterface $account); - function vote($attributes, $object = null); + function setToken(TokenInterface $token); + function isGranted($attributes, $object = null); }
\ No newline at end of file diff --git a/Core/User/AdvancedAccountInterface.php b/Core/User/AdvancedUserInterface.php index 2c615b2..ba528a1 100644 --- a/Core/User/AdvancedAccountInterface.php +++ b/Core/User/AdvancedUserInterface.php @@ -12,11 +12,11 @@ namespace Symfony\Component\Security\Core\User; /** - * AdvancedAccountInterface adds status flags to a regular account. + * AdvancedUserInterface adds status flags to a regular account. * * @author Fabien Potencier <fabien@symfony.com> */ -interface AdvancedAccountInterface extends AccountInterface +interface AdvancedUserInterface extends UserInterface { /** * Checks whether the user's account has expired. diff --git a/Core/User/ChainUserProvider.php b/Core/User/ChainUserProvider.php index 296d099..6417f99 100644 --- a/Core/User/ChainUserProvider.php +++ b/Core/User/ChainUserProvider.php @@ -2,7 +2,7 @@ namespace Symfony\Component\Security\Core\User; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; /** @@ -15,7 +15,7 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; */ class ChainUserProvider implements UserProviderInterface { - protected $providers; + private $providers; public function __construct(array $providers) { @@ -41,17 +41,17 @@ class ChainUserProvider implements UserProviderInterface /** * {@inheritDoc} */ - public function loadUserByAccount(AccountInterface $account) + public function loadUser(UserInterface $user) { foreach ($this->providers as $provider) { try { - return $provider->loadUserByAccount($account); - } catch (UnsupportedAccountException $unsupported) { + return $provider->loadUser($user); + } catch (UnsupportedUserException $unsupported) { // try next one } } - throw new UnsupportedAccountException(sprintf('The account "%s" is not supported.', get_class($account))); + throw new UnsupportedUserException(sprintf('The account "%s" is not supported.', get_class($user))); } /** diff --git a/Core/User/EntityUserProvider.php b/Core/User/EntityUserProvider.php index 58bcc45..61dd708 100644 --- a/Core/User/EntityUserProvider.php +++ b/Core/User/EntityUserProvider.php @@ -12,7 +12,7 @@ namespace Symfony\Component\Security\Core\User; use Doctrine\ORM\EntityManager; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; /** @@ -25,9 +25,9 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; */ class EntityUserProvider implements UserProviderInterface { - protected $class; - protected $repository; - protected $property; + private $class; + private $repository; + private $property; public function __construct(EntityManager $em, $class, $property = null) { @@ -66,13 +66,13 @@ class EntityUserProvider implements UserProviderInterface /** * {@inheritDoc} */ - public function loadUserByAccount(AccountInterface $account) + public function loadUser(UserInterface $user) { - if (!$account instanceof $this->class) { - throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account))); + if (!$user instanceof $this->class) { + throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); } - return $this->loadUserByUsername($account->getUsername()); + return $this->loadUserByUsername($user->getUsername()); } /** diff --git a/Core/User/InMemoryUserProvider.php b/Core/User/InMemoryUserProvider.php index 7d4d1cc..26b4080 100644 --- a/Core/User/InMemoryUserProvider.php +++ b/Core/User/InMemoryUserProvider.php @@ -12,7 +12,7 @@ namespace Symfony\Component\Security\Core\User; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; /** * InMemoryUserProvider is a simple non persistent user provider. @@ -24,7 +24,7 @@ use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; */ class InMemoryUserProvider implements UserProviderInterface { - protected $users; + private $users; /** * Constructor. @@ -50,9 +50,9 @@ class InMemoryUserProvider implements UserProviderInterface /** * Adds a new User to the provider. * - * @param AccountInterface $user A AccountInterface instance + * @param UserInterface $user A UserInterface instance */ - public function createUser(AccountInterface $user) + public function createUser(UserInterface $user) { if (isset($this->users[strtolower($user->getUsername())])) { throw new \LogicException('Another user with the same username already exist.'); @@ -79,13 +79,13 @@ class InMemoryUserProvider implements UserProviderInterface /** * {@inheritDoc} */ - public function loadUserByAccount(AccountInterface $account) + public function loadUser(UserInterface $user) { - if (!$account instanceof User) { - throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account))); + if (!$user instanceof User) { + throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); } - return $this->loadUserByUsername((string) $account); + return $this->loadUserByUsername($user->getUsername()); } /** diff --git a/Core/User/User.php b/Core/User/User.php index 02a2c06..7dcdee3 100644 --- a/Core/User/User.php +++ b/Core/User/User.php @@ -18,16 +18,16 @@ namespace Symfony\Component\Security\Core\User; * * @author Fabien Potencier <fabien@symfony.com> */ -class User implements AdvancedAccountInterface +final class User implements AdvancedUserInterface { - protected $username; - protected $password; - protected $accountNonExpired; - protected $credentialsNonExpired; - protected $accountNonLocked; - protected $roles; - - public function __construct($username, $password, array $roles = array(), $enabled = true, $accountNonExpired = true, $credentialsNonExpired = true, $accountNonLocked = true) + private $username; + private $password; + private $userNonExpired; + private $credentialsNonExpired; + private $userNonLocked; + private $roles; + + public function __construct($username, $password, array $roles = array(), $enabled = true, $userNonExpired = true, $credentialsNonExpired = true, $userNonLocked = true) { if (empty($username)) { throw new \InvalidArgumentException('The username cannot be empty.'); @@ -36,23 +36,15 @@ class User implements AdvancedAccountInterface $this->username = $username; $this->password = $password; $this->enabled = $enabled; - $this->accountNonExpired = $accountNonExpired; + $this->accountNonExpired = $userNonExpired; $this->credentialsNonExpired = $credentialsNonExpired; - $this->accountNonLocked = $accountNonLocked; + $this->accountNonLocked = $userNonLocked; $this->roles = $roles; } /** * {@inheritdoc} */ - public function __toString() - { - return $this->username; - } - - /** - * {@inheritdoc} - */ public function getRoles() { return $this->roles; @@ -124,37 +116,37 @@ class User implements AdvancedAccountInterface /** * {@inheritDoc} */ - public function equals(AccountInterface $account) + public function equals(UserInterface $user) { - if (!$account instanceof User) { + if (!$user instanceof User) { return false; } - if ($this->password !== $account->getPassword()) { + if ($this->password !== $user->getPassword()) { return false; } - if ($this->getSalt() !== $account->getSalt()) { + if ($this->getSalt() !== $user->getSalt()) { return false; } - if ($this->username !== $account->getUsername()) { + if ($this->username !== $user->getUsername()) { return false; } - if ($this->accountNonExpired !== $account->isAccountNonExpired()) { + if ($this->accountNonExpired !== $user->isAccountNonExpired()) { return false; } - if ($this->accountNonLocked !== $account->isAccountNonLocked()) { + if ($this->accountNonLocked !== $user->isAccountNonLocked()) { return false; } - if ($this->credentialsNonExpired !== $account->isCredentialsNonExpired()) { + if ($this->credentialsNonExpired !== $user->isCredentialsNonExpired()) { return false; } - if ($this->enabled !== $account->isEnabled()) { + if ($this->enabled !== $user->isEnabled()) { return false; } diff --git a/Core/User/AccountChecker.php b/Core/User/UserChecker.php index cf66f93..93897a1 100644 --- a/Core/User/AccountChecker.php +++ b/Core/User/UserChecker.php @@ -17,45 +17,45 @@ use Symfony\Component\Security\Core\Exception\DisabledException; use Symfony\Component\Security\Core\Exception\AccountExpiredException; /** - * AccountChecker checks the user account flags. + * UserChecker checks the user account flags. * * @author Fabien Potencier <fabien@symfony.com> */ -class AccountChecker implements AccountCheckerInterface +class UserChecker implements UserCheckerInterface { /** * {@inheritdoc} */ - public function checkPreAuth(AccountInterface $account) + public function checkPreAuth(UserInterface $user) { - if (!$account instanceof AdvancedAccountInterface) { + if (!$user instanceof AdvancedUserInterface) { return; } - if (!$account->isCredentialsNonExpired()) { - throw new CredentialsExpiredException('User credentials have expired.', $account); + if (!$user->isCredentialsNonExpired()) { + throw new CredentialsExpiredException('User credentials have expired.', $user); } } /** * {@inheritdoc} */ - public function checkPostAuth(AccountInterface $account) + public function checkPostAuth(UserInterface $user) { - if (!$account instanceof AdvancedAccountInterface) { + if (!$user instanceof AdvancedUserInterface) { return; } - if (!$account->isAccountNonLocked()) { - throw new LockedException('User account is locked.', $account); + if (!$user->isAccountNonLocked()) { + throw new LockedException('User account is locked.', $user); } - if (!$account->isEnabled()) { - throw new DisabledException('User account is disabled.', $account); + if (!$user->isEnabled()) { + throw new DisabledException('User account is disabled.', $user); } - if (!$account->isAccountNonExpired()) { - throw new AccountExpiredException('User account has expired.', $account); + if (!$user->isAccountNonExpired()) { + throw new AccountExpiredException('User account has expired.', $user); } } } diff --git a/Core/User/AccountCheckerInterface.php b/Core/User/UserCheckerInterface.php index 1e9abaa..25de94a 100644 --- a/Core/User/AccountCheckerInterface.php +++ b/Core/User/UserCheckerInterface.php @@ -12,25 +12,25 @@ namespace Symfony\Component\Security\Core\User; /** - * AccountCheckerInterface checks user account when authentication occurs. + * UserCheckerInterface checks user account when authentication occurs. * * This should not be used to make authentication decisions. * * @author Fabien Potencier <fabien@symfony.com> */ -interface AccountCheckerInterface +interface UserCheckerInterface { /** * Checks the user account before authentication. * - * @param AccountInterface $account An AccountInterface instance + * @param UserInterface $user An UserInterface instance */ - function checkPreAuth(AccountInterface $account); + function checkPreAuth(UserInterface $user); /** * Checks the user account after authentication. * - * @param AccountInterface $account An AccountInterface instance + * @param UserInterface $user An UserInterface instance */ - function checkPostAuth(AccountInterface $account); + function checkPostAuth(UserInterface $user); } diff --git a/Core/User/AccountInterface.php b/Core/User/UserInterface.php index 46ea6ae..9091bfc 100644 --- a/Core/User/AccountInterface.php +++ b/Core/User/UserInterface.php @@ -12,11 +12,11 @@ namespace Symfony\Component\Security\Core\User; /** - * AccountInterface is the interface that user classes must implement. + * UserInterface is the interface that user classes must implement. * * @author Fabien Potencier <fabien@symfony.com> */ -interface AccountInterface +interface UserInterface { /** * Returns the roles granted to the user. @@ -60,8 +60,8 @@ interface AccountInterface * However, you do not need to compare every attribute, but only those that * are relevant for assessing whether re-authentication is required. * - * @param AccountInterface $account + * @param UserInterface $user * @return Boolean */ - function equals(AccountInterface $account); + function equals(UserInterface $user); } diff --git a/Core/User/UserProviderInterface.php b/Core/User/UserProviderInterface.php index 6c5666f..79be191 100644 --- a/Core/User/UserProviderInterface.php +++ b/Core/User/UserProviderInterface.php @@ -28,7 +28,7 @@ interface UserProviderInterface * @throws UsernameNotFoundException if the user is not found * @param string $username The username * - * @return AccountInterface + * @return UserInterface */ function loadUserByUsername($username); @@ -39,12 +39,12 @@ interface UserProviderInterface * from the database, or if it simply merges the passed User into the * identity map of an entity manager. * - * @throws UnsupportedAccountException if the account is not supported - * @param AccountInterface $account + * @throws UnsupportedUserException if the account is not supported + * @param UserInterface $user * - * @return AccountInterface + * @return UserInterface */ - function loadUserByAccount(AccountInterface $account); + function loadUser(UserInterface $user); /** * Whether this provider supports the given user class diff --git a/Http/AccessMap.php b/Http/AccessMap.php index ef7a4f0..6d12b42 100644 --- a/Http/AccessMap.php +++ b/Http/AccessMap.php @@ -22,7 +22,7 @@ use Symfony\Component\HttpFoundation\Request; */ class AccessMap { - protected $map = array(); + private $map = array(); /** * Constructor. diff --git a/Http/EntryPoint/BasicAuthenticationEntryPoint.php b/Http/EntryPoint/BasicAuthenticationEntryPoint.php index 4fcfe6f..8f82426 100644 --- a/Http/EntryPoint/BasicAuthenticationEntryPoint.php +++ b/Http/EntryPoint/BasicAuthenticationEntryPoint.php @@ -24,7 +24,7 @@ use Symfony\Component\HttpFoundation\Request; */ class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $realmName; + private $realmName; public function __construct($realmName) { diff --git a/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/Http/EntryPoint/DigestAuthenticationEntryPoint.php index a1dcf4b..a4488ab 100644 --- a/Http/EntryPoint/DigestAuthenticationEntryPoint.php +++ b/Http/EntryPoint/DigestAuthenticationEntryPoint.php @@ -26,10 +26,10 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface; */ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $key; - protected $realmName; - protected $nonceValiditySeconds; - protected $logger; + private $key; + private $realmName; + private $nonceValiditySeconds; + private $logger; public function __construct($realmName, $key, $nonceValiditySeconds = 300, LoggerInterface $logger = null) { @@ -62,14 +62,4 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac return $response; } - - public function getKey() - { - return $this->key; - } - - public function getRealmName() - { - return $this->realmName; - } } diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php index 55a32db..e43eca4 100644 --- a/Http/EntryPoint/FormAuthenticationEntryPoint.php +++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php @@ -26,8 +26,8 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; */ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $loginPath; - protected $useForward; + private $loginPath; + private $useForward; /** * Constructor diff --git a/Http/EntryPoint/RetryAuthenticationEntryPoint.php b/Http/EntryPoint/RetryAuthenticationEntryPoint.php index 328617e..48959bf 100644 --- a/Http/EntryPoint/RetryAuthenticationEntryPoint.php +++ b/Http/EntryPoint/RetryAuthenticationEntryPoint.php @@ -27,8 +27,8 @@ use Symfony\Component\HttpFoundation\Request; */ class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $httpPort; - protected $httpsPort; + private $httpPort; + private $httpsPort; public function __construct($httpPort = 80, $httpsPort = 443) { diff --git a/Http/Firewall.php b/Http/Firewall.php index 76889ba..66b3ce6 100644 --- a/Http/Firewall.php +++ b/Http/Firewall.php @@ -31,9 +31,9 @@ use Symfony\Component\HttpFoundation\Request; */ class Firewall { - protected $map; - protected $dispatcher; - protected $currentListeners; + private $map; + private $dispatcher; + private $currentListeners; /** * Constructor. diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 501dcd9..4e1f443 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -35,8 +35,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; * Subclasses likely have to implement the following: * - an TokenInterface to hold authentication related data * - an AuthenticationProvider to perform the actual authentication of the - * token, retrieve the AccountInterface implementation from a database, and - * perform the specific account checks using the AccountChecker + * token, retrieve the UserInterface implementation from a database, and + * perform the specific account checks using the UserChecker * * By default, this listener only is active for a specific path, e.g. * /login_check. If you want to change this behavior, you can overwrite the @@ -47,16 +47,16 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ abstract class AbstractAuthenticationListener implements ListenerInterface { - protected $securityContext; - protected $authenticationManager; - protected $sessionStrategy; - protected $providerKey; - protected $eventDispatcher; protected $options; - protected $successHandler; - protected $failureHandler; protected $logger; - protected $rememberMeServices; + private $securityContext; + private $authenticationManager; + private $sessionStrategy; + private $providerKey; + private $eventDispatcher; + private $successHandler; + private $failureHandler; + private $rememberMeServices; /** * Constructor. @@ -173,7 +173,18 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return $this->options['check_path'] === $request->getPathInfo(); } - protected function onFailure($event, Request $request, AuthenticationException $failed) + /** + * Performs authentication. + * + * @param Request $request A Request instance + * + * @return TokenInterface The authenticated token, or null if full authentication is not possible + * + * @throws AuthenticationException if the authentication fails + */ + abstract protected function attemptAuthentication(Request $request); + + private function onFailure($event, Request $request, AuthenticationException $failed) { if (null !== $this->logger) { $this->logger->debug(sprintf('Authentication request failed: %s', $failed->getMessage())); @@ -209,7 +220,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return new RedirectResponse(0 !== strpos($this->options['failure_path'], 'http') ? $request->getUriForPath($this->options['failure_path']) : $this->options['failure_path'], 302); } - protected function onSuccess(EventInterface $event, Request $request, TokenInterface $token) + private function onSuccess(EventInterface $event, Request $request, TokenInterface $token) { if (null !== $this->logger) { $this->logger->debug('User has been authenticated successfully'); @@ -246,7 +257,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface * * @return string */ - protected function determineTargetUrl(Request $request) + private function determineTargetUrl(Request $request) { if ($this->options['always_use_default_target_path']) { return $this->options['default_target_path']; @@ -269,15 +280,4 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return $this->options['default_target_path']; } - - /** - * Performs authentication. - * - * @param Request $request A Request instance - * - * @return TokenInterface The authenticated token, or null if full authentication is not possible - * - * @throws AuthenticationException if the authentication fails - */ - abstract protected function attemptAuthentication(Request $request); } diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php index afced74..716f575 100644 --- a/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -30,11 +30,11 @@ use Symfony\Component\HttpFoundation\Request; */ abstract class AbstractPreAuthenticatedListener implements ListenerInterface { - protected $securityContext; - protected $authenticationManager; - protected $providerKey; protected $logger; - protected $eventDispatcher; + private $securityContext; + private $authenticationManager; + private $providerKey; + private $eventDispatcher; public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, LoggerInterface $logger = null) { @@ -80,11 +80,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface list($user, $credentials) = $this->getPreAuthenticatedData($request); if (null !== $token = $this->securityContext->getToken()) { - if ($token->isImmutable()) { - return; - } - - if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && (string) $token === $user) { + if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && $token->getUsername() === $user) { return; } } diff --git a/Http/Firewall/AccessListener.php b/Http/Firewall/AccessListener.php index cb3e023..3bbbc4b 100644 --- a/Http/Firewall/AccessListener.php +++ b/Http/Firewall/AccessListener.php @@ -28,11 +28,11 @@ use Symfony\Component\Security\Core\Exception\AccessDeniedException; */ class AccessListener implements ListenerInterface { - protected $context; - protected $accessDecisionManager; - protected $map; - protected $authManager; - protected $logger; + private $context; + private $accessDecisionManager; + private $map; + private $authManager; + private $logger; public function __construct(SecurityContext $context, AccessDecisionManagerInterface $accessDecisionManager, AccessMap $map, AuthenticationManagerInterface $authManager, LoggerInterface $logger = null) { @@ -53,7 +53,7 @@ class AccessListener implements ListenerInterface { $dispatcher->connect('core.security', array($this, 'handle'), 0); } - + /** * {@inheritDoc} */ diff --git a/Http/Firewall/AnonymousAuthenticationListener.php b/Http/Firewall/AnonymousAuthenticationListener.php index 352872a..9450006 100644 --- a/Http/Firewall/AnonymousAuthenticationListener.php +++ b/Http/Firewall/AnonymousAuthenticationListener.php @@ -25,9 +25,9 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; */ class AnonymousAuthenticationListener implements ListenerInterface { - protected $context; - protected $key; - protected $logger; + private $context; + private $key; + private $logger; public function __construct(SecurityContextInterface $context, $key, LoggerInterface $logger = null) { diff --git a/Http/Firewall/BasicAuthenticationListener.php b/Http/Firewall/BasicAuthenticationListener.php index 8b5afd2..3ae3e51 100644 --- a/Http/Firewall/BasicAuthenticationListener.php +++ b/Http/Firewall/BasicAuthenticationListener.php @@ -27,12 +27,12 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; */ class BasicAuthenticationListener implements ListenerInterface { - protected $securityContext; - protected $authenticationManager; - protected $providerKey; - protected $authenticationEntryPoint; - protected $logger; - protected $ignoreFailure; + private $securityContext; + private $authenticationManager; + private $providerKey; + private $authenticationEntryPoint; + private $logger; + private $ignoreFailure; public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null) { @@ -80,11 +80,7 @@ class BasicAuthenticationListener implements ListenerInterface } if (null !== $token = $this->securityContext->getToken()) { - if ($token->isImmutable()) { - return; - } - - if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) { + if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $username) { return; } } diff --git a/Http/Firewall/ChannelListener.php b/Http/Firewall/ChannelListener.php index 43c578e..b0db398 100644 --- a/Http/Firewall/ChannelListener.php +++ b/Http/Firewall/ChannelListener.php @@ -25,9 +25,9 @@ use Symfony\Component\EventDispatcher\EventInterface; */ class ChannelListener implements ListenerInterface { - protected $map; - protected $authenticationEntryPoint; - protected $logger; + private $map; + private $authenticationEntryPoint; + private $logger; public function __construct(AccessMap $map, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null) { diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php index bd9cd2f..d868278 100644 --- a/Http/Firewall/ContextListener.php +++ b/Http/Firewall/ContextListener.php @@ -19,9 +19,9 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\SecurityContext; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * ContextListener manages the SecurityContext persistence through a session. @@ -31,10 +31,10 @@ use Symfony\Component\Security\Core\User\AccountInterface; */ class ContextListener implements ListenerInterface { - protected $context; - protected $contextKey; - protected $logger; - protected $userProviders; + private $context; + private $contextKey; + private $logger; + private $userProviders; public function __construct(SecurityContext $context, array $userProviders, $contextKey, LoggerInterface $logger = null) { @@ -89,7 +89,7 @@ class ContextListener implements ListenerInterface $token = unserialize($token); - if (null !== $token && false === $token->isImmutable()) { + if (null !== $token) { $token = $this->refreshUser($token); } @@ -132,10 +132,10 @@ class ContextListener implements ListenerInterface * * @return TokenInterface|null */ - protected function refreshUser(TokenInterface $token) + private function refreshUser(TokenInterface $token) { $user = $token->getUser(); - if (!$user instanceof AccountInterface) { + if (!$user instanceof UserInterface) { return $token; } @@ -145,21 +145,14 @@ class ContextListener implements ListenerInterface foreach ($this->userProviders as $provider) { try { - $cUser = $provider->loadUserByAccount($user); - - $token->setRoles($cUser->getRoles()); - $token->setUser($cUser); - - if (false === $cUser->equals($user)) { - $token->setAuthenticated(false); - } + $token->setUser($provider->loadUser($user)); if (null !== $this->logger) { $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user)); } return $token; - } catch (UnsupportedAccountException $unsupported) { + } catch (UnsupportedUserException $unsupported) { // let's try the next user provider } catch (UsernameNotFoundException $notFound) { if (null !== $this->logger) { diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index 537faaa..de5ba18 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -32,11 +32,11 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; */ class DigestAuthenticationListener implements ListenerInterface { - protected $securityContext; - protected $provider; - protected $providerKey; - protected $authenticationEntryPoint; - protected $logger; + private $securityContext; + private $provider; + private $providerKey; + private $authenticationEntryPoint; + private $logger; public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, $providerKey, DigestAuthenticationEntryPoint $authenticationEntryPoint, LoggerInterface $logger = null) { @@ -85,11 +85,7 @@ class DigestAuthenticationListener implements ListenerInterface $digestAuth = new DigestData($header); if (null !== $token = $this->securityContext->getToken()) { - if ($token->isImmutable()) { - return; - } - - if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $digestAuth->getUsername()) { + if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $digestAuth->getUsername()) { return; } } @@ -143,7 +139,7 @@ class DigestAuthenticationListener implements ListenerInterface $this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey)); } - protected function fail(EventInterface $event, Request $request, AuthenticationException $authException) + private function fail(EventInterface $event, Request $request, AuthenticationException $authException) { $this->securityContext->setToken(null); @@ -157,9 +153,9 @@ class DigestAuthenticationListener implements ListenerInterface class DigestData { - protected $elements; - protected $header; - protected $nonceExpiryTime; + private $elements; + private $header; + private $nonceExpiryTime; public function __construct($header) { diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 76a9c99..90f5a01 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -34,12 +34,12 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; */ class ExceptionListener implements ListenerInterface { - protected $context; - protected $accessDeniedHandler; - protected $authenticationEntryPoint; - protected $authenticationTrustResolver; - protected $errorPage; - protected $logger; + private $context; + private $accessDeniedHandler; + private $authenticationEntryPoint; + private $authenticationTrustResolver; + private $errorPage; + private $logger; public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) { @@ -148,7 +148,7 @@ class ExceptionListener implements ListenerInterface return $response; } - protected function startAuthentication(EventInterface $event, Request $request, AuthenticationException $authException) + private function startAuthentication(EventInterface $event, Request $request, AuthenticationException $authException) { $this->context->setToken(null); @@ -160,7 +160,7 @@ class ExceptionListener implements ListenerInterface $this->logger->debug('Calling Authentication entry point'); } - // session isn't required when using http basic authentification mecanism for example + // session isn't required when using http basic authentification mechanism for example if ($request->hasSession()) { $request->getSession()->set('_security.target_path', $request->getUri()); } diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php index 4025739..9963757 100644 --- a/Http/Firewall/LogoutListener.php +++ b/Http/Firewall/LogoutListener.php @@ -27,11 +27,11 @@ use Symfony\Component\HttpFoundation\RedirectResponse; */ class LogoutListener implements ListenerInterface { - protected $securityContext; - protected $logoutPath; - protected $targetUrl; - protected $handlers; - protected $successHandler; + private $securityContext; + private $logoutPath; + private $targetUrl; + private $handlers; + private $successHandler; /** * Constructor diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php index d44f353..6b23679 100644 --- a/Http/Firewall/RememberMeListener.php +++ b/Http/Firewall/RememberMeListener.php @@ -31,12 +31,12 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; */ class RememberMeListener implements ListenerInterface { - protected $securityContext; - protected $rememberMeServices; - protected $authenticationManager; - protected $logger; - protected $lastState; - protected $eventDispatcher; + private $securityContext; + private $rememberMeServices; + private $authenticationManager; + private $logger; + private $lastState; + private $eventDispatcher; /** * Constructor diff --git a/Http/Firewall/SwitchUserListener.php b/Http/Firewall/SwitchUserListener.php index 2adc676..96891bd 100644 --- a/Http/Firewall/SwitchUserListener.php +++ b/Http/Firewall/SwitchUserListener.php @@ -14,7 +14,7 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\EventDispatcher\Event; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; @@ -36,20 +36,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class SwitchUserListener implements ListenerInterface { - protected $securityContext; - protected $provider; - protected $accountChecker; - protected $providerKey; - protected $accessDecisionManager; - protected $usernameParameter; - protected $role; - protected $logger; - protected $eventDispatcher; + private $securityContext; + private $provider; + private $userChecker; + private $providerKey; + private $accessDecisionManager; + private $usernameParameter; + private $role; + private $logger; + private $eventDispatcher; /** * Constructor. */ - public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, AccountCheckerInterface $accountChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH') + public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, UserCheckerInterface $userChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH') { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); @@ -57,7 +57,7 @@ class SwitchUserListener implements ListenerInterface $this->securityContext = $securityContext; $this->provider = $provider; - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; $this->accessDecisionManager = $accessDecisionManager; $this->usernameParameter = $usernameParameter; @@ -125,11 +125,11 @@ class SwitchUserListener implements ListenerInterface * * @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise */ - protected function attemptSwitchUser(Request $request) + private function attemptSwitchUser(Request $request) { $token = $this->securityContext->getToken(); if (false !== $this->getOriginalToken($token)) { - throw new \LogicException(sprintf('You are already switched to "%s" user.', (string) $token)); + throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername())); } $this->accessDecisionManager->decide($token, array($this->role)); @@ -141,13 +141,12 @@ class SwitchUserListener implements ListenerInterface } $user = $this->provider->loadUserByUsername($username); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $roles = $user->getRoles(); $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->securityContext->getToken()); $token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles); - $token->setImmutable(true); if (null !== $this->eventDispatcher) { $this->eventDispatcher->notify(new Event($this, 'security.switch_user', array('request' => $request, 'target_user' => $token->getUser()))); @@ -163,7 +162,7 @@ class SwitchUserListener implements ListenerInterface * * @return TokenInterface The original TokenInterface instance */ - protected function attemptExitUser(Request $request) + private function attemptExitUser(Request $request) { if (false === $original = $this->getOriginalToken($this->securityContext->getToken())) { throw new AuthenticationCredentialsNotFoundException(sprintf('Could not find original Token object.')); @@ -183,7 +182,7 @@ class SwitchUserListener implements ListenerInterface * * @return TokenInterface|false The original TokenInterface instance, false if the current TokenInterface is not switched */ - protected function getOriginalToken(TokenInterface $token) + private function getOriginalToken(TokenInterface $token) { foreach ($token->getRoles() as $role) { if ($role instanceof SwitchUserRole) { diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 126ef41..3008273 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -30,7 +30,7 @@ use Symfony\Component\Security\Core\SecurityContextInterface; */ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationListener { - protected $csrfProvider; + private $csrfProvider; /** * {@inheritdoc} diff --git a/Http/FirewallMap.php b/Http/FirewallMap.php index c7a57f2..d5fc331 100644 --- a/Http/FirewallMap.php +++ b/Http/FirewallMap.php @@ -23,7 +23,7 @@ use Symfony\Component\Security\Http\Firewall\ExceptionListener; */ class FirewallMap implements FirewallMapInterface { - protected $map = array(); + private $map = array(); public function add(RequestMatcherInterface $requestMatcher = null, array $listeners = array(), ExceptionListener $exceptionListener = null) { diff --git a/Http/Logout/CookieClearingLogoutHandler.php b/Http/Logout/CookieClearingLogoutHandler.php index 8ca284d..ebdcbed 100644 --- a/Http/Logout/CookieClearingLogoutHandler.php +++ b/Http/Logout/CookieClearingLogoutHandler.php @@ -22,7 +22,7 @@ use Symfony\Component\HttpFoundation\Request; */ class CookieClearingLogoutHandler implements LogoutHandlerInterface { - protected $cookies; + private $cookies; /** * Constructor diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php index ff3306e..351ad03 100644 --- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -30,7 +30,7 @@ use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; */ class PersistentTokenBasedRememberMeServices extends RememberMeServices { - protected $tokenProvider; + private $tokenProvider; /** * Sets the token provider @@ -46,6 +46,21 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices /** * {@inheritDoc} */ + public function logout(Request $request, Response $response, TokenInterface $token) + { + parent::logout($request, $response, $token); + + if (null !== ($cookie = $request->cookies->get($this->options['name'])) + && count($parts = $this->decodeCookie($cookie)) === 2 + ) { + list($series, $tokenValue) = $parts; + $this->tokenProvider->deleteTokenBySeries($series); + } + } + + /** + * {@inheritDoc} + */ protected function processAutoLoginCookie(array $cookieParts, Request $request) { if (count($cookieParts) !== 2) { @@ -66,10 +81,8 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices } $user = $this->getUserProvider($persistentToken->getClass())->loadUserByUsername($persistentToken->getUsername()); - $authenticationToken = new RememberMeToken($user, $this->providerKey, $this->key); - $authenticationToken->setPersistentToken($persistentToken); - return $authenticationToken; + return new RememberMeToken($user, $this->providerKey, $this->key, $persistentToken); } /** @@ -115,21 +128,6 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices } /** - * {@inheritDoc} - */ - public function logout(Request $request, Response $response, TokenInterface $token) - { - parent::logout($request, $response, $token); - - if (null !== ($cookie = $request->cookies->get($this->options['name'])) - && count($parts = $this->decodeCookie($cookie)) === 2 - ) { - list($series, $tokenValue) = $parts; - $this->tokenProvider->deleteTokenBySeries($series); - } - } - - /** * Generates the value for the cookie * * @param string $series diff --git a/Http/RememberMe/RememberMeServices.php b/Http/RememberMe/RememberMeServices.php index 4370d92..e0ed52b 100644 --- a/Http/RememberMe/RememberMeServices.php +++ b/Http/RememberMe/RememberMeServices.php @@ -2,7 +2,7 @@ namespace Symfony\Component\Security\Http\RememberMe; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -30,11 +30,11 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout { const COOKIE_DELIMITER = ':'; - protected $userProviders; protected $options; protected $logger; - protected $key; protected $providerKey; + protected $key; + private $userProviders; /** * Constructor @@ -80,7 +80,7 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout * @param Request $request * @return TokenInterface */ - public function autoLogin(Request $request) + public final function autoLogin(Request $request) { if (null === $cookie = $request->cookies->get($this->options['name'])) { return; @@ -139,12 +139,12 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout * @param TokenInterface $token The token that resulted in a successful authentication * @return void */ - public function loginSuccess(Request $request, Response $response, TokenInterface $token) + public final function loginSuccess(Request $request, Response $response, TokenInterface $token) { if (!$token instanceof RememberMeToken) { - if (!$token->getUser() instanceof AccountInterface) { + if (!$token->getUser() instanceof UserInterface) { if (null !== $this->logger) { - $this->logger->debug('Remember-me ignores token since it does not contain an AccountInterface implementation.'); + $this->logger->debug('Remember-me ignores token since it does not contain an UserInterface implementation.'); } return; diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php index 40757f4..206e10b 100644 --- a/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/Http/RememberMe/TokenBasedRememberMeServices.php @@ -8,7 +8,7 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /* * This file is part of the Symfony package. @@ -50,8 +50,8 @@ class TokenBasedRememberMeServices extends RememberMeServices throw $ex; } - if (!$user instanceof AccountInterface) { - throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of AccountInterface, but returned "%s".', get_class($user))); + if (!$user instanceof UserInterface) { + throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) { @@ -76,7 +76,7 @@ class TokenBasedRememberMeServices extends RememberMeServices * * @return Boolean true if the two hashes are the same, false otherwise */ - protected function compareHashes($hash1, $hash2) + private function compareHashes($hash1, $hash2) { if (strlen($hash1) !== $c = strlen($hash2)) { return false; diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php index 1d25bd9..dea34be 100644 --- a/Http/Session/SessionAuthenticationStrategy.php +++ b/Http/Session/SessionAuthenticationStrategy.php @@ -21,7 +21,7 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte const MIGRATE = 'migrate'; const INVALIDATE = 'invalidate'; - protected $strategy; + private $strategy; public function __construct($strategy) { |