[Security] various changes, see below

- visibility changes from protected to private - AccountInterface -> UserInterface - SecurityContext::vote() -> SecurityContext::isGranted()
author: Johannes Schmitt <schmittjoh@gmail.com> 2011-03-07 18:17:46 +0100
committer: Johannes M. Schmitt <schmittjoh@gmail.com> 2011-03-10 10:25:32 +0100
commit: f0335ae722034233c2f49179bc6a9bf8ada62633 (patch)
tree: 677ee84bc31216f3a7998e62fdc7838a2076fe4c /Core/Authentication/Provider
parent: c224430de65547bc9a25293b6a8caf2b9029f05c (diff)
download: symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.zip
symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.gz
symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.bz2
5 files changed, 56 insertions, 52 deletions
diff --git a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php
index ad1ad60..c48a27e 100644
--- a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php
+++ b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php
@@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
  */
 class AnonymousAuthenticationProvider implements AuthenticationProviderInterface
 {
-    protected $key;
+    private $key;
 
     /**
      * Constructor.
diff --git a/Core/Authentication/Provider/DaoAuthenticationProvider.php b/Core/Authentication/Provider/DaoAuthenticationProvider.php
index ce0d220..21bec82 100644
--- a/Core/Authentication/Provider/DaoAuthenticationProvider.php
+++ b/Core/Authentication/Provider/DaoAuthenticationProvider.php
@@ -14,8 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
-use Symfony\Component\Security\Core\User\AccountCheckerInterface;
-use Symfony\Component\Security\Core\User\AccountInterface;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -29,19 +29,19 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  */
 class DaoAuthenticationProvider extends UserAuthenticationProvider
 {
-    protected $encoderFactory;
-    protected $userProvider;
+    private $encoderFactory;
+    private $userProvider;
 
     /**
      * Constructor.
      *
      * @param UserProviderInterface    $userProvider    A UserProviderInterface instance
-     * @param AccountCheckerInterface  $accountChecker  An AccountCheckerInterface instance
+     * @param UserCheckerInterface  $userChecker  An UserCheckerInterface instance
      * @param EncoderFactoryInterface  $encoderFactory  A EncoderFactoryInterface instance
      */
-    public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true)
+    public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true)
     {
-        parent::__construct($accountChecker, $providerKey, $hideUserNotFoundExceptions);
+        parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions);
 
         $this->encoderFactory = $encoderFactory;
         $this->userProvider = $userProvider;
@@ -50,19 +50,19 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider
     /**
      * {@inheritdoc}
      */
-    protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token)
+    protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
     {
-        $user = $token->getUser();
-        if ($user instanceof AccountInterface) {
-            if ($account->getPassword() !== $user->getPassword()) {
+        $currentUser = $token->getUser();
+        if ($currentUser instanceof UserInterface) {
+            if ($currentUser->getPassword() !== $user->getPassword()) {
                 throw new BadCredentialsException('The credentials were changed from another session.');
             }
         } else {
-            if (!$presentedPassword = (string) $token->getCredentials()) {
+            if (!$presentedPassword = $token->getCredentials()) {
                 throw new BadCredentialsException('Bad credentials');
             }
 
-            if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) {
+            if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
                 throw new BadCredentialsException('Bad credentials');
             }
         }
@@ -74,15 +74,15 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider
     protected function retrieveUser($username, UsernamePasswordToken $token)
     {
         $user = $token->getUser();
-        if ($user instanceof AccountInterface) {
+        if ($user instanceof UserInterface) {
             return $user;
         }
 
         try {
             $user = $this->userProvider->loadUserByUsername($username);
 
-            if (!$user instanceof AccountInterface) {
-                throw new AuthenticationServiceException('The user provider must return an AccountInterface object.');
+            if (!$user instanceof UserInterface) {
+                throw new AuthenticationServiceException('The user provider must return an UserInterface object.');
             }
 
             return $user;
diff --git a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
index cca52fc..bf2df86 100644
--- a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
+++ b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
@@ -11,9 +11,9 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Provider;
 
-use Symfony\Component\Security\Core\User\AccountInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
-use Symfony\Component\Security\Core\User\AccountCheckerInterface;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -30,20 +30,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  */
 class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderInterface
 {
-    protected $userProvider;
-    protected $accountChecker;
-    protected $providerKey;
+    private $userProvider;
+    private $userChecker;
+    private $providerKey;
 
     /**
      * Constructor.
      *
      * @param UserProviderInterface   $userProvider   A UserProviderInterface instance
-     * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance
+     * @param UserCheckerInterface $userChecker An UserCheckerInterface instance
      */
-    public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey)
+    public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey)
     {
         $this->userProvider = $userProvider;
-        $this->accountChecker = $accountChecker;
+        $this->userChecker = $userChecker;
         $this->providerKey = $providerKey;
     }
 
@@ -66,7 +66,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn
 */
         $user = $this->userProvider->loadUserByUsername($user);
 
-        $this->accountChecker->checkPostAuth($user);
+        $this->userChecker->checkPostAuth($user);
 
         $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
         $authenticatedToken->setAttributes($token->getAttributes());
diff --git a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
index 95ee588..940288b 100644
--- a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
+++ b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
@@ -1,21 +1,21 @@
 <?php
 namespace Symfony\Component\Security\Core\Authentication\Provider;
 
-use Symfony\Component\Security\Core\User\AccountCheckerInterface;
-use Symfony\Component\Security\Core\User\AccountInterface;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 
 class RememberMeAuthenticationProvider implements AuthenticationProviderInterface
 {
-    protected $accountChecker;
-    protected $key;
-    protected $providerKey;
+    private $userChecker;
+    private $key;
+    private $providerKey;
 
-    public function __construct(AccountCheckerInterface $accountChecker, $key, $providerKey)
+    public function __construct(UserCheckerInterface $userChecker, $key, $providerKey)
     {
-        $this->accountChecker = $accountChecker;
+        $this->userChecker = $userChecker;
         $this->key = $key;
         $this->providerKey = $providerKey;
     }
@@ -31,11 +31,12 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac
         }
 
         $user = $token->getUser();
-        $this->accountChecker->checkPreAuth($user);
-        $this->accountChecker->checkPostAuth($user);
-        $token->setAuthenticated(true);
+        $this->userChecker->checkPostAuth($user);
 
-        return $token;
+        $authenticatedToken = new RememberMeToken($user, $this->providerKey, $this->key);
+        $authenticatedToken->setAttributes($token->getAttributes());
+
+        return $authenticatedToken;
     }
 
     public function supports(TokenInterface $token)
diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php
index 14a6fdf..7b6079d 100644
--- a/Core/Authentication/Provider/UserAuthenticationProvider.php
+++ b/Core/Authentication/Provider/UserAuthenticationProvider.php
@@ -11,8 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Provider;
 
-use Symfony\Component\Security\Core\User\AccountInterface;
-use Symfony\Component\Security\Core\User\AccountCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -27,23 +27,23 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  */
 abstract class UserAuthenticationProvider implements AuthenticationProviderInterface
 {
-    protected $hideUserNotFoundExceptions;
-    protected $accountChecker;
-    protected $providerKey;
+    private $hideUserNotFoundExceptions;
+    private $userChecker;
+    private $providerKey;
 
     /**
      * Constructor.
      *
-     * @param AccountCheckerInterface $accountChecker             An AccountCheckerInterface interface
+     * @param UserCheckerInterface $userChecker             An UserCheckerInterface interface
      * @param Boolean                 $hideUserNotFoundExceptions Whether to hide user not found exception or not
      */
-    public function __construct(AccountCheckerInterface $accountChecker, $providerKey, $hideUserNotFoundExceptions = true)
+    public function __construct(UserCheckerInterface $userChecker, $providerKey, $hideUserNotFoundExceptions = true)
     {
         if (empty($providerKey)) {
             throw new \InvalidArgumentException('$providerKey must not be empty.');
         }
 
-        $this->accountChecker = $accountChecker;
+        $this->userChecker = $userChecker;
         $this->providerKey = $providerKey;
         $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions;
     }
@@ -57,18 +57,21 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
             return null;
         }
 
-        $username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token;
+        $username = $token->getUsername();
+        if (empty($username)) {
+            $username = 'NONE_PROVIDED';
+        }
 
         try {
             $user = $this->retrieveUser($username, $token);
 
-            if (!$user instanceof AccountInterface) {
-                throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.');
+            if (!$user instanceof UserInterface) {
+                throw new AuthenticationServiceException('retrieveUser() must return an UserInterface.');
             }
 
-            $this->accountChecker->checkPreAuth($user);
+            $this->userChecker->checkPreAuth($user);
             $this->checkAuthentication($user, $token);
-            $this->accountChecker->checkPostAuth($user);
+            $this->userChecker->checkPostAuth($user);
 
             $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
             $authenticatedToken->setAttributes($token->getAttributes());
@@ -107,10 +110,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
      * Does additional checks on the user and token (like validating the
      * credentials).
      *
-     * @param AccountInterface      $account The retrieved AccountInterface instance
+     * @param UserInterface      $user The retrieved UserInterface instance
      * @param UsernamePasswordToken $token   The UsernamePasswordToken token to be authenticated
      *
      * @throws AuthenticationException if the credentials could not be validated
      */
-    abstract protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token);
+    abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token);
 }
author	Johannes Schmitt <schmittjoh@gmail.com>	2011-03-07 18:17:46 +0100
committer	Johannes M. Schmitt <schmittjoh@gmail.com>	2011-03-10 10:25:32 +0100
commit	f0335ae722034233c2f49179bc6a9bf8ada62633 (patch)
tree	677ee84bc31216f3a7998e62fdc7838a2076fe4c /Core/Authentication/Provider
parent	c224430de65547bc9a25293b6a8caf2b9029f05c (diff)
download	symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.zip symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.gz symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.bz2