diff options
| author | Ryan Weaver <ryan@thatsquality.com> | 2015-05-18 09:14:21 -0400 |
|---|---|---|
| committer | Ryan Weaver <ryan@thatsquality.com> | 2015-09-20 19:24:21 -0400 |
| commit | 182111856105a1f080bcee931e7fe0af40e55fec (patch) | |
| tree | a2008b53a5bbb81fd0115c46dfa64aefdeb19135 /Guard/GuardAuthenticatorInterface.php | |
| parent | dd9cccbeed41777f2e0c30d990a47737e8701cc7 (diff) | |
| download | symfony-security-182111856105a1f080bcee931e7fe0af40e55fec.zip symfony-security-182111856105a1f080bcee931e7fe0af40e55fec.tar.gz symfony-security-182111856105a1f080bcee931e7fe0af40e55fec.tar.bz2 | |
Splitting the getting of the user and checking credentials into two steps
This looks like a subjective change (one more method, but the method implementations are
simpler), but it wasn't. The problem was that the UserChecker checkPreAuth should happen
*after* we get the user, but *before* the credentials are checked, and that wasn't possible
before this change. Now it is.
Diffstat (limited to 'Guard/GuardAuthenticatorInterface.php')
| -rw-r--r-- | Guard/GuardAuthenticatorInterface.php | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/Guard/GuardAuthenticatorInterface.php b/Guard/GuardAuthenticatorInterface.php index 4b1e407..a727371 100644 --- a/Guard/GuardAuthenticatorInterface.php +++ b/Guard/GuardAuthenticatorInterface.php @@ -27,7 +27,7 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface * as any type (e.g. an associate array). If you return null, authentication * will be skipped. * - * Whatever value you return here will be passed to authenticate() + * Whatever value you return here will be passed to getUser() and checkCredentials() * * For example, for a form login, you might: * @@ -47,19 +47,33 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface public function getCredentials(Request $request); /** - * Return a UserInterface object based on the credentials OR throw - * an AuthenticationException. + * Return a UserInterface object based on the credentials * * The *credentials* are the return value from getCredentials() * + * You may throw an AuthenticationException if you wish. If you return + * null, then a UsernameNotFoundException is thrown for you. + * * @param mixed $credentials * @param UserProviderInterface $userProvider * * @throws AuthenticationException * - * @return UserInterface + * @return UserInterface|null + */ + public function getUser($credentials, UserProviderInterface $userProvider); + + /** + * Throw an AuthenticationException if the credentials are invalid + * + * The *credentials* are the return value from getCredentials() + * + * @param mixed $credentials + * @param UserInterface $user + * @throws AuthenticationException + * @return void */ - public function authenticate($credentials, UserProviderInterface $userProvider); + public function checkCredentials($credentials, UserInterface $user); /** * Create an authenticated token for the given user. |