diff options
| author | Johannes Schmitt <schmittjoh@gmail.com> | 2011-01-25 20:28:26 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2011-01-26 16:38:54 +0100 |
| commit | 521c9f65e9d70618f63ac6ed803a495651b9fd35 (patch) | |
| tree | 4e64bf3f877a4050eb3eb95c0b55630a4105053c /Authentication/Provider | |
| parent | bff922f5c7ab61fb144e124b584da067842cb955 (diff) | |
| download | symfony-security-521c9f65e9d70618f63ac6ed803a495651b9fd35.zip symfony-security-521c9f65e9d70618f63ac6ed803a495651b9fd35.tar.gz symfony-security-521c9f65e9d70618f63ac6ed803a495651b9fd35.tar.bz2 | |
[Security] many improvements, and fixes
Diffstat (limited to 'Authentication/Provider')
4 files changed, 62 insertions, 7 deletions
diff --git a/Authentication/Provider/DaoAuthenticationProvider.php b/Authentication/Provider/DaoAuthenticationProvider.php index d83a125..69ef9a3 100644 --- a/Authentication/Provider/DaoAuthenticationProvider.php +++ b/Authentication/Provider/DaoAuthenticationProvider.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Security\Authentication\Provider; +use Symfony\Component\Security\Authentication\Token\TokenInterface; use Symfony\Component\Security\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\User\UserProviderInterface; use Symfony\Component\Security\User\AccountCheckerInterface; @@ -38,9 +39,9 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance * @param EncoderFactoryInterface $encoderFactory A EncoderFactoryInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) + public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) { - parent::__construct($accountChecker, $hideUserNotFoundExceptions); + parent::__construct($accountChecker, $providerKey, $hideUserNotFoundExceptions); $this->encoderFactory = $encoderFactory; $this->userProvider = $userProvider; diff --git a/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php index aab823a..850b1ec 100644 --- a/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php +++ b/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Security\Authentication\Provider; +use Symfony\Component\Security\User\AccountInterface; use Symfony\Component\Security\User\UserProviderInterface; use Symfony\Component\Security\User\AccountCheckerInterface; use Symfony\Component\Security\Exception\BadCredentialsException; @@ -31,6 +32,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn { protected $userProvider; protected $accountChecker; + protected $providerKey; /** * Constructor. @@ -38,10 +40,11 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn * @param UserProviderInterface $userProvider A UserProviderInterface instance * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker) + public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey) { $this->userProvider = $userProvider; $this->accountChecker = $accountChecker; + $this->providerKey = $providerKey; } /** @@ -73,6 +76,6 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn */ public function supports(TokenInterface $token) { - return $token instanceof PreAuthenticatedToken; + return $token instanceof PreAuthenticatedToken && $this->providerKey === $token->getProviderKey(); } } diff --git a/Authentication/Provider/RememberMeAuthenticationProvider.php b/Authentication/Provider/RememberMeAuthenticationProvider.php new file mode 100644 index 0000000..d2d0268 --- /dev/null +++ b/Authentication/Provider/RememberMeAuthenticationProvider.php @@ -0,0 +1,45 @@ +<?php +namespace Symfony\Component\Security\Authentication\Provider; + +use Symfony\Component\Security\User\AccountCheckerInterface; +use Symfony\Component\Security\User\AccountInterface; +use Symfony\Component\Security\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Authentication\Token\RememberMeToken; +use Symfony\Component\Security\Exception\BadCredentialsException; + +class RememberMeAuthenticationProvider implements AuthenticationProviderInterface +{ + protected $accountChecker; + protected $key; + protected $providerKey; + + public function __construct(AccountCheckerInterface $accountChecker, $key, $providerKey) + { + $this->accountChecker = $accountChecker; + $this->key = $key; + $this->providerKey = $providerKey; + } + + public function authenticate(TokenInterface $token) + { + if (!$this->supports($token)) { + return; + } + + if ($this->key !== $token->getKey()) { + throw new BadCredentialsException('The presented key does not match.'); + } + + $user = $token->getUser(); + $this->accountChecker->checkPreAuth($user); + $this->accountChecker->checkPostAuth($user); + $token->setAuthenticated(true); + + return $token; + } + + public function supports(TokenInterface $token) + { + return $token instanceof RememberMeToken && $token->getProviderKey() === $this->providerKey; + } +}
\ No newline at end of file diff --git a/Authentication/Provider/UserAuthenticationProvider.php b/Authentication/Provider/UserAuthenticationProvider.php index 9ee4d61..fa678b7 100644 --- a/Authentication/Provider/UserAuthenticationProvider.php +++ b/Authentication/Provider/UserAuthenticationProvider.php @@ -29,6 +29,7 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter { protected $hideUserNotFoundExceptions; protected $accountChecker; + protected $providerKey; /** * Constructor. @@ -36,9 +37,14 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface interface * @param Boolean $hideUserNotFoundExceptions Whether to hide user not found exception or not */ - public function __construct(AccountCheckerInterface $accountChecker, $hideUserNotFoundExceptions = true) + public function __construct(AccountCheckerInterface $accountChecker, $providerKey, $hideUserNotFoundExceptions = true) { + if (empty($providerKey)) { + throw new \InvalidArgumentException('$providerKey must not be empty.'); + } + $this->accountChecker = $accountChecker; + $this->providerKey = $providerKey; $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions; } @@ -64,7 +70,7 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter $this->checkAuthentication($user, $token); $this->accountChecker->checkPostAuth($user); - return new UsernamePasswordToken($user, $token->getCredentials(), $user->getRoles()); + return new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $notFound); @@ -79,7 +85,7 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter */ public function supports(TokenInterface $token) { - return $token instanceof UsernamePasswordToken; + return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey(); } /** |