diff options
| author | Dariusz Górecki <darek.krk@gmail.com> | 2011-12-19 20:19:35 +0100 |
|---|---|---|
| committer | Dariusz Górecki <darek.krk@gmail.com> | 2012-01-10 21:54:56 +0100 |
| commit | 139482e0da4b00a4cbb33c6ccdd5a922c1ffdd88 (patch) | |
| tree | 397f799e434eb990d76c74c6db64846e4529be56 /Core/Authentication | |
| parent | 4c21da78b969090d04c5c9c772902a1bfe6cedd5 (diff) | |
| download | symfony-security-139482e0da4b00a4cbb33c6ccdd5a922c1ffdd88.zip symfony-security-139482e0da4b00a4cbb33c6ccdd5a922c1ffdd88.tar.gz symfony-security-139482e0da4b00a4cbb33c6ccdd5a922c1ffdd88.tar.bz2 | |
[BC Break][Security] Moved user comparsion logic out of UserInterface As discussed on IRC meetings and in PR #2669 I came up with implementation. This is option2, I think more elegant.
BC break: yes
Feature addition: no/feature move
Symfony2 test pass: yes
Symfony2 test written: yes
Todo: feedback needed
Diffstat (limited to 'Core/Authentication')
| -rw-r--r-- | Core/Authentication/Token/AbstractToken.php | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/Core/Authentication/Token/AbstractToken.php b/Core/Authentication/Token/AbstractToken.php index dc21684..4b48bab 100644 --- a/Core/Authentication/Token/AbstractToken.php +++ b/Core/Authentication/Token/AbstractToken.php @@ -14,6 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Token; use Symfony\Component\Security\Core\Role\RoleInterface; use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\User\AdvancedUserInterface; +use Symfony\Component\Security\Core\User\ComparableInterface; /** * Base class for Token instances. @@ -87,7 +89,7 @@ abstract class AbstractToken implements TokenInterface if (!$user instanceof UserInterface) { $changed = true; } else { - $changed = !$this->user->equals($user); + $changed = !$this->compareUser($user); } } elseif ($user instanceof UserInterface) { $changed = true; @@ -220,4 +222,49 @@ abstract class AbstractToken implements TokenInterface return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUsername(), json_encode($this->authenticated), implode(', ', $roles)); } + + private function compareUser(UserInterface $user) + { + if (!($this->user instanceof UserInterface)) { + throw new \BadMethodCallException('Method "compareUser" should be called when current user class is instance of "UserInterface".'); + } + + if ($this->user instanceof ComparableInterface) { + return $this->user->compareTo($user); + } + + if ($this->user->getPassword() !== $user->getPassword()) { + return false; + } + + if ($this->user->getSalt() !== $user->getSalt()) { + return false; + } + + if ($this->user->getUsername() !== $user->getUsername()) { + return false; + } + + if ($this->user instanceof AdvancedUserInterface && $user instanceof AdvancedUserInterface) { + if ($this->user->isAccountNonExpired() !== $user->isAccountNonExpired()) { + return false; + } + + if ($this->user->isAccountNonLocked() !== $user->isAccountNonLocked()) { + return false; + } + + if ($this->user->isCredentialsNonExpired() !== $user->isCredentialsNonExpired()) { + return false; + } + + if ($this->user->isEnabled() !== $user->isEnabled()) { + return false; + } + } elseif ($this->user instanceof AdvancedUserInterface xor $user instanceof AdvancedUserInterface) { + return false; + } + + return true; + } } |