diff options
| author | Johannes Schmitt <schmittjoh@gmail.com> | 2011-03-07 18:17:46 +0100 |
|---|---|---|
| committer | Johannes M. Schmitt <schmittjoh@gmail.com> | 2011-03-10 10:25:32 +0100 |
| commit | f0335ae722034233c2f49179bc6a9bf8ada62633 (patch) | |
| tree | 677ee84bc31216f3a7998e62fdc7838a2076fe4c /Core/Authentication | |
| parent | c224430de65547bc9a25293b6a8caf2b9029f05c (diff) | |
| download | symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.zip symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.gz symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.bz2 | |
[Security] various changes, see below
- visibility changes from protected to private
- AccountInterface -> UserInterface
- SecurityContext::vote() -> SecurityContext::isGranted()
Diffstat (limited to 'Core/Authentication')
| -rw-r--r-- | Core/Authentication/AuthenticationProviderManager.php | 49 | ||||
| -rw-r--r-- | Core/Authentication/AuthenticationTrustResolver.php | 4 | ||||
| -rw-r--r-- | Core/Authentication/Provider/AnonymousAuthenticationProvider.php | 2 | ||||
| -rw-r--r-- | Core/Authentication/Provider/DaoAuthenticationProvider.php | 32 | ||||
| -rw-r--r-- | Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php | 18 | ||||
| -rw-r--r-- | Core/Authentication/Provider/RememberMeAuthenticationProvider.php | 23 | ||||
| -rw-r--r-- | Core/Authentication/Provider/UserAuthenticationProvider.php | 33 | ||||
| -rw-r--r-- | Core/Authentication/RememberMe/InMemoryTokenProvider.php | 2 | ||||
| -rw-r--r-- | Core/Authentication/Token/AbstractToken.php (renamed from Core/Authentication/Token/Token.php) | 142 | ||||
| -rw-r--r-- | Core/Authentication/Token/AnonymousToken.php | 29 | ||||
| -rw-r--r-- | Core/Authentication/Token/PreAuthenticatedToken.php | 41 | ||||
| -rw-r--r-- | Core/Authentication/Token/RememberMeToken.php | 46 | ||||
| -rw-r--r-- | Core/Authentication/Token/TokenInterface.php | 46 | ||||
| -rw-r--r-- | Core/Authentication/Token/UsernamePasswordToken.php | 32 |
14 files changed, 231 insertions, 268 deletions
diff --git a/Core/Authentication/AuthenticationProviderManager.php b/Core/Authentication/AuthenticationProviderManager.php index ac1e36d..1d85e87 100644 --- a/Core/Authentication/AuthenticationProviderManager.php +++ b/Core/Authentication/AuthenticationProviderManager.php @@ -25,8 +25,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AuthenticationProviderManager implements AuthenticationManagerInterface { - protected $providers; - protected $eraseCredentials; + private $providers; + private $eraseCredentials; /** * Constructor. @@ -34,9 +34,13 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface * @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances * @param Boolean $eraseCredentials Whether to erase credentials after authentication or not */ - public function __construct(array $providers = array(), $eraseCredentials = true) + public function __construct(array $providers, $eraseCredentials = true) { - $this->setProviders($providers); + if (!$providers) { + throw new \InvalidArgumentException('You must at least add one authentication provider.'); + } + + $this->providers = $providers; $this->eraseCredentials = (Boolean) $eraseCredentials; } @@ -45,10 +49,6 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface */ public function authenticate(TokenInterface $token) { - if (!count($this->providers)) { - throw new \LogicException('You must add at least one provider.'); - } - $lastException = null; $result = null; @@ -84,37 +84,4 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface throw $lastException; } - - /** - * Returns the list of current providers. - * - * @return AuthenticationProviderInterface[] An array of AuthenticationProviderInterface instances - */ - public function all() - { - return $this->providers; - } - - /** - * Sets the providers instances. - * - * @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances - */ - public function setProviders(array $providers) - { - $this->providers = array(); - foreach ($providers as $provider) { - $this->add($provider); - } - } - - /** - * Adds a provider. - * - * @param AuthenticationProviderInterface $provider A AuthenticationProviderInterface instance - */ - public function add(AuthenticationProviderInterface $provider) - { - $this->providers[] = $provider; - } } diff --git a/Core/Authentication/AuthenticationTrustResolver.php b/Core/Authentication/AuthenticationTrustResolver.php index f2e00cc..8ca28fb 100644 --- a/Core/Authentication/AuthenticationTrustResolver.php +++ b/Core/Authentication/AuthenticationTrustResolver.php @@ -20,8 +20,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface { - protected $anonymousClass; - protected $rememberMeClass; + private $anonymousClass; + private $rememberMeClass; /** * Constructor diff --git a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php index ad1ad60..c48a27e 100644 --- a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php +++ b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php @@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; */ class AnonymousAuthenticationProvider implements AuthenticationProviderInterface { - protected $key; + private $key; /** * Constructor. diff --git a/Core/Authentication/Provider/DaoAuthenticationProvider.php b/Core/Authentication/Provider/DaoAuthenticationProvider.php index ce0d220..21bec82 100644 --- a/Core/Authentication/Provider/DaoAuthenticationProvider.php +++ b/Core/Authentication/Provider/DaoAuthenticationProvider.php @@ -14,8 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -29,19 +29,19 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; */ class DaoAuthenticationProvider extends UserAuthenticationProvider { - protected $encoderFactory; - protected $userProvider; + private $encoderFactory; + private $userProvider; /** * Constructor. * * @param UserProviderInterface $userProvider A UserProviderInterface instance - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance + * @param UserCheckerInterface $userChecker An UserCheckerInterface instance * @param EncoderFactoryInterface $encoderFactory A EncoderFactoryInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) + public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) { - parent::__construct($accountChecker, $providerKey, $hideUserNotFoundExceptions); + parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions); $this->encoderFactory = $encoderFactory; $this->userProvider = $userProvider; @@ -50,19 +50,19 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider /** * {@inheritdoc} */ - protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token) + protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { - $user = $token->getUser(); - if ($user instanceof AccountInterface) { - if ($account->getPassword() !== $user->getPassword()) { + $currentUser = $token->getUser(); + if ($currentUser instanceof UserInterface) { + if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { - if (!$presentedPassword = (string) $token->getCredentials()) { + if (!$presentedPassword = $token->getCredentials()) { throw new BadCredentialsException('Bad credentials'); } - if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) { + if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('Bad credentials'); } } @@ -74,15 +74,15 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider protected function retrieveUser($username, UsernamePasswordToken $token) { $user = $token->getUser(); - if ($user instanceof AccountInterface) { + if ($user instanceof UserInterface) { return $user; } try { $user = $this->userProvider->loadUserByUsername($username); - if (!$user instanceof AccountInterface) { - throw new AuthenticationServiceException('The user provider must return an AccountInterface object.'); + if (!$user instanceof UserInterface) { + throw new AuthenticationServiceException('The user provider must return an UserInterface object.'); } return $user; diff --git a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php index cca52fc..bf2df86 100644 --- a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php +++ b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php @@ -11,9 +11,9 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -30,20 +30,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderInterface { - protected $userProvider; - protected $accountChecker; - protected $providerKey; + private $userProvider; + private $userChecker; + private $providerKey; /** * Constructor. * * @param UserProviderInterface $userProvider A UserProviderInterface instance - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance + * @param UserCheckerInterface $userChecker An UserCheckerInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey) + public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey) { $this->userProvider = $userProvider; - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; } @@ -66,7 +66,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn */ $user = $this->userProvider->loadUserByUsername($user); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); diff --git a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php index 95ee588..940288b 100644 --- a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php +++ b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php @@ -1,21 +1,21 @@ <?php namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Core\Exception\BadCredentialsException; class RememberMeAuthenticationProvider implements AuthenticationProviderInterface { - protected $accountChecker; - protected $key; - protected $providerKey; + private $userChecker; + private $key; + private $providerKey; - public function __construct(AccountCheckerInterface $accountChecker, $key, $providerKey) + public function __construct(UserCheckerInterface $userChecker, $key, $providerKey) { - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->key = $key; $this->providerKey = $providerKey; } @@ -31,11 +31,12 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac } $user = $token->getUser(); - $this->accountChecker->checkPreAuth($user); - $this->accountChecker->checkPostAuth($user); - $token->setAuthenticated(true); + $this->userChecker->checkPostAuth($user); - return $token; + $authenticatedToken = new RememberMeToken($user, $this->providerKey, $this->key); + $authenticatedToken->setAttributes($token->getAttributes()); + + return $authenticatedToken; } public function supports(TokenInterface $token) diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php index 14a6fdf..7b6079d 100644 --- a/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -27,23 +27,23 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ abstract class UserAuthenticationProvider implements AuthenticationProviderInterface { - protected $hideUserNotFoundExceptions; - protected $accountChecker; - protected $providerKey; + private $hideUserNotFoundExceptions; + private $userChecker; + private $providerKey; /** * Constructor. * - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface interface + * @param UserCheckerInterface $userChecker An UserCheckerInterface interface * @param Boolean $hideUserNotFoundExceptions Whether to hide user not found exception or not */ - public function __construct(AccountCheckerInterface $accountChecker, $providerKey, $hideUserNotFoundExceptions = true) + public function __construct(UserCheckerInterface $userChecker, $providerKey, $hideUserNotFoundExceptions = true) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions; } @@ -57,18 +57,21 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter return null; } - $username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token; + $username = $token->getUsername(); + if (empty($username)) { + $username = 'NONE_PROVIDED'; + } try { $user = $this->retrieveUser($username, $token); - if (!$user instanceof AccountInterface) { - throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.'); + if (!$user instanceof UserInterface) { + throw new AuthenticationServiceException('retrieveUser() must return an UserInterface.'); } - $this->accountChecker->checkPreAuth($user); + $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $token); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); @@ -107,10 +110,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter * Does additional checks on the user and token (like validating the * credentials). * - * @param AccountInterface $account The retrieved AccountInterface instance + * @param UserInterface $user The retrieved UserInterface instance * @param UsernamePasswordToken $token The UsernamePasswordToken token to be authenticated * * @throws AuthenticationException if the credentials could not be validated */ - abstract protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token); + abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token); } diff --git a/Core/Authentication/RememberMe/InMemoryTokenProvider.php b/Core/Authentication/RememberMe/InMemoryTokenProvider.php index 80c10d1..c432b0e 100644 --- a/Core/Authentication/RememberMe/InMemoryTokenProvider.php +++ b/Core/Authentication/RememberMe/InMemoryTokenProvider.php @@ -11,7 +11,7 @@ use Symfony\Component\Security\Core\Exception\TokenNotFoundException; */ class InMemoryTokenProvider implements TokenProviderInterface { - protected $tokens = array(); + private $tokens = array(); public function loadTokenBySeries($series) { diff --git a/Core/Authentication/Token/Token.php b/Core/Authentication/Token/AbstractToken.php index ac0879f..3839154 100644 --- a/Core/Authentication/Token/Token.php +++ b/Core/Authentication/Token/AbstractToken.php @@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Core\Authentication\Token; use Symfony\Component\Security\Core\Role\RoleInterface; use Symfony\Component\Security\Core\Role\Role; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * Base class for Token instances. @@ -21,15 +21,12 @@ use Symfony\Component\Security\Core\User\AccountInterface; * @author Fabien Potencier <fabien@symfony.com> * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -abstract class Token implements TokenInterface +abstract class AbstractToken implements TokenInterface { - protected $roles; - protected $authenticated; - protected $user; - protected $credentials; - protected $immutable; - protected $providerKey; - protected $attributes; + private $user; + private $roles; + private $authenticated; + private $attributes; /** * Constructor. @@ -38,156 +35,93 @@ abstract class Token implements TokenInterface */ public function __construct(array $roles = array()) { - $this->setRoles($roles); $this->authenticated = false; - $this->immutable = false; $this->attributes = array(); - } - - /** - * Adds a Role to the token. - * - * @param RoleInterface $role A RoleInterface instance - */ - public function addRole(RoleInterface $role) - { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); - } - - $this->roles[] = $role; - } - /** - * {@inheritdoc} - */ - public function getRoles() - { - return $this->roles; - } - - /** - * {@inheritDoc} - */ - public function setRoles(array $roles) - { $this->roles = array(); - foreach ($roles as $role) { if (is_string($role)) { $role = new Role($role); + } else if (!$role instanceof RoleInterface) { + throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or RoleInterface instances, but got %s.', gettype($role))); } - $this->addRole($role); + $this->roles[] = $role; } } /** * {@inheritdoc} */ - public function __toString() - { - if ($this->user instanceof AccountInterface) { - return $this->user->getUsername(); - } - - return (string) $this->user; - } - - /** - * {@inheritdoc} - */ - public function isAuthenticated() + public function getRoles() { - return $this->authenticated; + return $this->roles; } /** * {@inheritdoc} */ - public function setAuthenticated($authenticated) + public function getUsername() { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if ($this->user instanceof UserInterface) { + return $this->user->getUsername(); } - $this->authenticated = (Boolean) $authenticated; - } - - /** - * {@inheritdoc} - */ - public function getCredentials() - { - return $this->credentials; + return (string) $this->user; } - /** - * {@inheritdoc} - */ public function getUser() { return $this->user; } - /** - * {@inheritDoc} - */ public function setUser($user) { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if (!($user instanceof UserInterface || (is_object($user) && method_exists($user, '__toString')) || is_string($user))) { + throw new \InvalidArgumentException('$user must be an instanceof of UserInterface, an object implementing a __toString method, or a primitive string.'); } - if (!is_string($user) && !is_object($user)) { - throw new \InvalidArgumentException('$user must be an object, or a primitive string.'); - } else if (is_object($user) && !$user instanceof AccountInterface && !method_exists($user, '__toString')) { - throw new \InvalidArgumentException('If $user is an object, it must implement __toString().'); + if (null === $this->user) { + $changed = false; + } else if ($this->user instanceof UserInterface) { + $changed = $this->user->equals($user); + } else if ($user instanceof UserInterface) { + $changed = true; + } else { + $changed = (string) $this->user === (string) $user; } - $this->user = $user; - } - - /** - * {@inheritdoc} - */ - public function eraseCredentials() - { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if ($changed) { + $this->setAuthenticated(false); } - if ($this->getCredentials() instanceof AccountInterface) { - $this->getCredentials()->eraseCredentials(); - } - - if ($this->getUser() instanceof AccountInterface) { - $this->getUser()->eraseCredentials(); - } + $this->user = $user; } /** * {@inheritdoc} */ - public function isImmutable() + public function isAuthenticated() { - return $this->immutable; + return $this->authenticated; } /** * {@inheritdoc} */ - public function setImmutable() + public function setAuthenticated($authenticated) { - $this->immutable = true; + $this->authenticated = (Boolean) $authenticated; } /** * {@inheritdoc} */ - public function getProviderKey() + public function eraseCredentials() { - return $this->providerKey; + if ($this->getUser() instanceof UserInterface) { + $this->getUser()->eraseCredentials(); + } } /** @@ -195,7 +129,7 @@ abstract class Token implements TokenInterface */ public function serialize() { - return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes)); + return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes)); } /** @@ -203,7 +137,7 @@ abstract class Token implements TokenInterface */ public function unserialize($serialized) { - list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes) = unserialize($serialized); + list($this->user, $this->authenticated, $this->roles, $this->attributes) = unserialize($serialized); } /** diff --git a/Core/Authentication/Token/AnonymousToken.php b/Core/Authentication/Token/AnonymousToken.php index a22460f..92d95de 100644 --- a/Core/Authentication/Token/AnonymousToken.php +++ b/Core/Authentication/Token/AnonymousToken.php @@ -16,10 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class AnonymousToken extends Token +use Symfony\Component\Security\Core\User\UserInterface; + +class AnonymousToken extends AbstractToken { - protected $user; - protected $key; + private $key; /** * Constructor. @@ -33,9 +34,8 @@ class AnonymousToken extends Token parent::__construct($roles); $this->key = $key; - $this->user = $user; - - parent::setAuthenticated(true); + $this->setUser($user); + $this->setAuthenticated(true); } /** @@ -55,4 +55,21 @@ class AnonymousToken extends Token { return $this->key; } + + /** + * {@inheritDoc} + */ + public function serialize() + { + return serialize(array($this->key, parent::serialize())); + } + + /** + * {@inheritDoc} + */ + public function unserialize($str) + { + list($this->key, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authentication/Token/PreAuthenticatedToken.php b/Core/Authentication/Token/PreAuthenticatedToken.php index 0db56bd..ff0572f 100644 --- a/Core/Authentication/Token/PreAuthenticatedToken.php +++ b/Core/Authentication/Token/PreAuthenticatedToken.php @@ -16,21 +16,39 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class PreAuthenticatedToken extends Token +class PreAuthenticatedToken extends AbstractToken { + private $credentials; + private $providerKey; + /** * Constructor. */ - public function __construct($user, $credentials, $providerKey, array $roles = null) + public function __construct($user, $credentials, $providerKey, array $roles = array()) { - parent::__construct(null === $roles ? array() : $roles); - if (null !== $roles) { - $this->setAuthenticated(true); + parent::__construct($roles); + + if (empty($providerKey)) { + throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->user = $user; + $this->setUser($user); $this->credentials = $credentials; $this->providerKey = $providerKey; + + if ($roles) { + $this->setAuthenticated(true); + } + } + + public function getProviderKey() + { + return $this->providerKey; + } + + public function getCredentials() + { + return $this->credentials; } /** @@ -42,4 +60,15 @@ class PreAuthenticatedToken extends Token $this->credentials = null; } + + public function serialize() + { + return serialize(array($this->credentials, $this->providerKey, parent::serialize())); + } + + public function unserialize($str) + { + list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authentication/Token/RememberMeToken.php b/Core/Authentication/Token/RememberMeToken.php index ce1ed5d..a502cdb 100644 --- a/Core/Authentication/Token/RememberMeToken.php +++ b/Core/Authentication/Token/RememberMeToken.php @@ -12,46 +12,50 @@ namespace Symfony\Component\Security\Core\Authentication\Token; use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentTokenInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** - * Base class for "Remember Me" tokens + * Authentication Token for "Remember-Me". * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class RememberMeToken extends Token +class RememberMeToken extends AbstractToken { - protected $key; - - /** - * The persistent token which resulted in this authentication token. - * - * @var PersistentTokenInterface - */ - protected $persistentToken; + private $key; + private $providerKey; + private $persistentToken; /** * Constructor. * - * @param string $username + * @param UserInterface $user + * @param string $providerKey * @param string $key */ - public function __construct(AccountInterface $user, $providerKey, $key) { + public function __construct(UserInterface $user, $providerKey, $key, PersistentTokenInterface $persistentToken = null) { parent::__construct($user->getRoles()); if (empty($key)) { throw new \InvalidArgumentException('$key must not be empty.'); } + if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->setUser($user); $this->providerKey = $providerKey; $this->key = $key; + $this->persistentToken = $persistentToken; + + $this->setUser($user); $this->setAuthenticated(true); } + public function getProviderKey() + { + return $this->providerKey; + } + public function getKey() { return $this->key; @@ -62,18 +66,21 @@ class RememberMeToken extends Token return $this->persistentToken; } - public function setPersistentToken(PersistentTokenInterface $persistentToken) + public function getCredentials() { - $this->persistentToken = $persistentToken; + return ''; } - /** * {@inheritdoc} */ public function serialize() { - return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key)); + return serialize(array( + $this->key, + $this->providerKey, + parent::serialize(), + )); } /** @@ -81,6 +88,7 @@ class RememberMeToken extends Token */ public function unserialize($serialized) { - list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key) = unserialize($serialized); + list($this->key, $this->providerKey, $parentStr) = unserialize($serialized); + parent::unserialize($parentStr); } }
\ No newline at end of file diff --git a/Core/Authentication/Token/TokenInterface.php b/Core/Authentication/Token/TokenInterface.php index f3947dd..add550f 100644 --- a/Core/Authentication/Token/TokenInterface.php +++ b/Core/Authentication/Token/TokenInterface.php @@ -11,23 +11,17 @@ namespace Symfony\Component\Security\Core\Authentication\Token; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * TokenInterface is the interface for the user authentication information. * * @author Fabien Potencier <fabien@symfony.com> + * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ interface TokenInterface extends \Serializable { /** - * Returns a string representation of the token. - * - * @return string A string representation - */ - function __toString(); - - /** * Returns the user roles. * * @return Role[] An array of Role instances. @@ -35,14 +29,6 @@ interface TokenInterface extends \Serializable function getRoles(); /** - * Sets the user's roles - * - * @param array $roles - * @return void - */ - function setRoles(array $roles); - - /** * Returns the user credentials. * * @return mixed The user credentials @@ -58,14 +44,20 @@ interface TokenInterface extends \Serializable function getUser(); /** - * Sets the user. + * Sets a user. * - * @param mixed $user can either be an object which implements __toString(), or - * only a primitive string + * @param mixed $user */ function setUser($user); /** + * Returns the username. + * + * @return string + */ + function getUsername(); + + /** * Checks if the user is authenticated or not. * * @return Boolean true if the token has been authenticated, false otherwise @@ -80,22 +72,6 @@ interface TokenInterface extends \Serializable function setAuthenticated($isAuthenticated); /** - * Whether this token is considered immutable - * - * @return Boolean - */ - function isImmutable(); - - /** - * Marks this token as immutable. This change cannot be reversed. - * - * You'll need to create a new token if you want a mutable token again. - * - * @return void - */ - function setImmutable(); - - /** * Removes sensitive information from the token. */ function eraseCredentials(); diff --git a/Core/Authentication/Token/UsernamePasswordToken.php b/Core/Authentication/Token/UsernamePasswordToken.php index 58b2b5b..67311db 100644 --- a/Core/Authentication/Token/UsernamePasswordToken.php +++ b/Core/Authentication/Token/UsernamePasswordToken.php @@ -16,8 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class UsernamePasswordToken extends Token +class UsernamePasswordToken extends AbstractToken { + private $credentials; + private $providerKey; + /** * Constructor. * @@ -28,11 +31,15 @@ class UsernamePasswordToken extends Token { parent::__construct($roles); + if (empty($providerKey)) { + throw new \InvalidArgumentException('$providerKey must not be empty.'); + } + $this->setUser($user); $this->credentials = $credentials; $this->providerKey = $providerKey; - parent::setAuthenticated((Boolean) count($roles)); + parent::setAuthenticated(count($roles) > 0); } /** @@ -47,6 +54,16 @@ class UsernamePasswordToken extends Token parent::setAuthenticated(false); } + public function getCredentials() + { + return $this->credentials; + } + + public function getProviderKey() + { + return $this->providerKey; + } + /** * {@inheritdoc} */ @@ -56,4 +73,15 @@ class UsernamePasswordToken extends Token $this->credentials = null; } + + public function serialize() + { + return serialize(array($this->credentials, $this->providerKey, parent::serialize())); + } + + public function unserialize($str) + { + list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } |