Initial commit (but after some polished work) of the new Guard authentication system

2 files changed, 152 insertions, 0 deletions

diff --git a/Guard/Token/GenericGuardToken.php b/Guard/Token/GenericGuardToken.php
new file mode 100644
index 0000000..869d071
--- /dev/null
+++ b/Guard/Token/GenericGuardToken.php
@@ -0,0 +1,96 @@
+<?php
+
+namespace Symfony\Component\Security\Guard\Token;
+
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+use Symfony\Component\Security\Core\Role\RoleInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * A generic token used by the AbstractGuardAuthenticator
+ *
+ * This is meant to be used as an "authenticated" token, though it
+ * could be set to not-authenticated later.
+ *
+ * You're free to use this (it's simple) or use any other token for
+ * your authenticated token
+ *
+ * @author Ryan Weaver <weaverryan@gmail.com>
+ */
+class GenericGuardToken extends AbstractToken
+{
+    private $providerKey;
+
+    /**
+     * @param UserInterface            $user        The user!
+     * @param string                   $providerKey The provider (firewall) key
+     * @param RoleInterface[]|string[] $roles       An array of roles
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function __construct(UserInterface $user, $providerKey, array $roles)
+    {
+        parent::__construct($roles);
+
+        if (empty($providerKey)) {
+            throw new \InvalidArgumentException('$providerKey (i.e. firewall key) must not be empty.');
+        }
+
+        $this->setUser($user);
+        $this->providerKey = $providerKey;
+
+        // this token is meant to be used after authentication success, so it is always authenticated
+        // you could set it as non authenticated later if you need to
+        parent::setAuthenticated(true);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setAuthenticated($isAuthenticated)
+    {
+        if ($isAuthenticated) {
+            throw new \LogicException('Cannot set this token to trusted after instantiation.');
+        }
+
+        parent::setAuthenticated(false);
+    }
+
+    /**
+     * This is meant to be only an authenticated token, where credentials
+     * have already been used and are thus cleared.
+     *
+     * {@inheritdoc}
+     */
+    public function getCredentials()
+    {
+        return array();
+    }
+
+    /**
+     * Returns the provider (firewall) key.
+     *
+     * @return string
+     */
+    public function getProviderKey()
+    {
+        return $this->providerKey;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function serialize()
+    {
+        return serialize(array($this->providerKey, parent::serialize()));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function unserialize($serialized)
+    {
+        list($this->providerKey, $parentStr) = unserialize($serialized);
+        parent::unserialize($parentStr);
+    }
+}
diff --git a/Guard/Token/NonAuthenticatedGuardToken.php b/Guard/Token/NonAuthenticatedGuardToken.php
new file mode 100644
index 0000000..28e21e0
--- /dev/null
+++ b/Guard/Token/NonAuthenticatedGuardToken.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace Symfony\Component\Security\Guard\Token;
+
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+
+/**
+ * The token used by the guard auth system before authentication
+ *
+ * The GuardAuthenticationListener creates this, which is then consumed
+ * immediately by the GuardAuthenticationProvider. If authentication is
+ * successful, a different authenticated token is returned
+ *
+ * @author Ryan Weaver <weaverryan@gmail.com>
+ */
+class NonAuthenticatedGuardToken extends AbstractToken
+{
+    private $credentials;
+    private $guardProviderKey;
+
+    /**
+     * @param mixed  $credentials
+     * @param string $guardProviderKey Unique key that bind this token to a specific GuardAuthenticatorInterface
+     */
+    public function __construct($credentials, $guardProviderKey)
+    {
+        $this->credentials = $credentials;
+        $this->guardProviderKey = $guardProviderKey;
+
+        parent::__construct(array());
+
+        // never authenticated
+        parent::setAuthenticated(false);
+    }
+
+    public function getGuardProviderKey()
+    {
+        return $this->guardProviderKey;
+    }
+
+    /**
+     * Returns the user credentials, which might be an array of anything you
+     * wanted to put in there (e.g. username, password, favoriteColor).
+     *
+     * @return mixed The user credentials
+     */
+    public function getCredentials()
+    {
+        return $this->credentials;
+    }
+
+    public function setAuthenticated($authenticated)
+    {
+        throw new \Exception('The NonAuthenticatedGuardToken is *always* not authenticated');
+    }
+}