diff options
| author | Ryan Weaver <ryan@thatsquality.com> | 2015-10-30 15:12:11 -0400 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-31 08:07:17 -0700 |
| commit | dc8d7f7f1d5f94fc92c0872063409acf042b0d3c (patch) | |
| tree | 31bc29b5b8b67f83fb3f32a95bfa1d8b90cc2bb3 /Guard | |
| parent | 7c51b1c6f08ea0bfd4a44e8d0f202c6423a39587 (diff) | |
| download | symfony-security-dc8d7f7f1d5f94fc92c0872063409acf042b0d3c.zip symfony-security-dc8d7f7f1d5f94fc92c0872063409acf042b0d3c.tar.gz symfony-security-dc8d7f7f1d5f94fc92c0872063409acf042b0d3c.tar.bz2 | |
checkCredentials() force it to be an affirmative yes!
Diffstat (limited to 'Guard')
| -rw-r--r-- | Guard/GuardAuthenticatorInterface.php | 6 | ||||
| -rw-r--r-- | Guard/Provider/GuardAuthenticationProvider.php | 5 | ||||
| -rw-r--r-- | Guard/Tests/Provider/GuardAuthenticationProviderTest.php | 37 |
3 files changed, 45 insertions, 3 deletions
diff --git a/Guard/GuardAuthenticatorInterface.php b/Guard/GuardAuthenticatorInterface.php index 2db313c..6e62ae6 100644 --- a/Guard/GuardAuthenticatorInterface.php +++ b/Guard/GuardAuthenticatorInterface.php @@ -73,7 +73,11 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface public function getUser($credentials, UserProviderInterface $userProvider); /** - * Throw an AuthenticationException if the credentials are invalid. + * Returns true if the credentials are valid. + * + * If any value other than true is returned, authentication will + * fail. You may also throw an AuthenticationException if you wish + * to cause authentication to fail. * * The *credentials* are the return value from getCredentials() * diff --git a/Guard/Provider/GuardAuthenticationProvider.php b/Guard/Provider/GuardAuthenticationProvider.php index 2a58085..4347e02 100644 --- a/Guard/Provider/GuardAuthenticationProvider.php +++ b/Guard/Provider/GuardAuthenticationProvider.php @@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Guard\Provider; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Guard\GuardAuthenticatorInterface; use Symfony\Component\Security\Guard\Token\GuardTokenInterface; @@ -122,7 +123,9 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface } $this->userChecker->checkPreAuth($user); - $guardAuthenticator->checkCredentials($token->getCredentials(), $user); + if (true !== $guardAuthenticator->checkCredentials($token->getCredentials(), $user)) { + throw new BadCredentialsException(sprintf('Authentication failed because %s::checkCredentials() did not return true.', get_class($guardAuthenticator))); + } $this->userChecker->checkPostAuth($user); // turn the UserInterface into a TokenInterface diff --git a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php index 33c00e5..bfcf24b 100644 --- a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php +++ b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php @@ -60,7 +60,9 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase // checkCredentials is called $authenticatorB->expects($this->once()) ->method('checkCredentials') - ->with($enteredCredentials, $mockedUser); + ->with($enteredCredentials, $mockedUser) + // authentication works! + ->will($this->returnValue(true)); $authedToken = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $authenticatorB->expects($this->once()) ->method('createAuthenticatedToken') @@ -81,6 +83,39 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase } /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + */ + public function testCheckCredentialsReturningNonTrueFailsAuthentication() + { + $providerKey = 'my_uncool_firewall'; + + $authenticator = $this->getMock('Symfony\Component\Security\Guard\GuardAuthenticatorInterface'); + + // make sure the authenticator is used + $this->preAuthenticationToken->expects($this->any()) + ->method('getGuardProviderKey') + // the 0 index, to match the only authenticator + ->will($this->returnValue('my_uncool_firewall_0')); + + $this->preAuthenticationToken->expects($this->atLeastOnce()) + ->method('getCredentials') + ->will($this->returnValue('non-null-value')); + + $mockedUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $authenticator->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($mockedUser)); + // checkCredentials is called + $authenticator->expects($this->once()) + ->method('checkCredentials') + // authentication fails :( + ->will($this->returnValue(null)); + + $provider = new GuardAuthenticationProvider(array($authenticator), $this->userProvider, $providerKey, $this->userChecker); + $provider->authenticate($this->preAuthenticationToken); + } + + /** * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationExpiredException */ public function testGuardWithNoLongerAuthenticatedTriggersLogout() |