diff options
| author | Ryan Weaver <ryan@thatsquality.com> | 2015-09-20 20:41:52 -0400 |
|---|---|---|
| committer | Ryan Weaver <ryan@thatsquality.com> | 2015-09-20 20:44:39 -0400 |
| commit | 7e00d82e77d150ac8c328e65248845eaa2d95442 (patch) | |
| tree | 0cf40d5a71b497bf7f06b3aa53accf834ec3ebf3 /Guard | |
| parent | 1aa1d1b25ee51760e703df10ca383cd3a6e957e4 (diff) | |
| download | symfony-security-7e00d82e77d150ac8c328e65248845eaa2d95442.zip symfony-security-7e00d82e77d150ac8c328e65248845eaa2d95442.tar.gz symfony-security-7e00d82e77d150ac8c328e65248845eaa2d95442.tar.bz2 | |
Adding a new exception and throwing it when the User changes
This is quite technical. As you can see in the provider, the method is called
sometimes when the User changes, and so the token becomes de-authenticated (e.g.
someone else changes the password between requests).
In practice, the user should be unauthenticated. Using the anonymous token did this,
but throwing an AccountStatusException seems like a better idea. It needs to be an
AccountStatusException because the ExceptionListener from the Firewall looks for exceptions
of this class and logs the user out when they are found (because this is their purpose).
Diffstat (limited to 'Guard')
| -rw-r--r-- | Guard/Provider/GuardAuthenticationProvider.php | 5 | ||||
| -rw-r--r-- | Guard/Tests/Provider/GuardAuthenticationProviderTest.php | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/Guard/Provider/GuardAuthenticationProvider.php b/Guard/Provider/GuardAuthenticationProvider.php index 646eea9..2a58085 100644 --- a/Guard/Provider/GuardAuthenticationProvider.php +++ b/Guard/Provider/GuardAuthenticationProvider.php @@ -21,6 +21,7 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Exception\AuthenticationExpiredException; /** * Responsible for accepting the PreAuthenticationGuardToken and calling @@ -81,8 +82,8 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface return $token; } - // cause the logout - the token is not authenticated - return new AnonymousToken($this->providerKey, 'anon.'); + // this AccountStatusException causes the user to be logged out + throw new AuthenticationExpiredException(); } // find the *one* GuardAuthenticator that this token originated from diff --git a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php index 24c946d..3bc002b 100644 --- a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php +++ b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php @@ -81,6 +81,9 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $this->assertSame($authedToken, $actualAuthedToken); } + /** + * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationExpiredException + */ public function testGuardWithNoLongerAuthenticatedTriggersLogout() { $providerKey = 'my_firewall_abc'; @@ -93,8 +96,6 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $provider = new GuardAuthenticationProvider(array(), $this->userProvider, $providerKey, $this->userChecker); $actualToken = $provider->authenticate($token); - // this should return the anonymous user - $this->assertEquals(new AnonymousToken($providerKey, 'anon.'), $actualToken); } protected function setUp() |