diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-07-20 09:42:41 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-07-20 09:42:41 +0200 |
| commit | 710089319e7e5fa16c5b5654e17da5c5a0e02fe4 (patch) | |
| tree | b9ee3eb667ca868e0d795a42532ef79176c88287 /Http | |
| parent | 794336a0c44bba2d62cd9bedcf90a4b039ed5bdd (diff) | |
| parent | fe2f6100bba95f9bc77ab93bfc0dcda064cfa780 (diff) | |
| download | symfony-security-710089319e7e5fa16c5b5654e17da5c5a0e02fe4.zip symfony-security-710089319e7e5fa16c5b5654e17da5c5a0e02fe4.tar.gz symfony-security-710089319e7e5fa16c5b5654e17da5c5a0e02fe4.tar.bz2 | |
Merge branch '2.3'
* 2.3:
[PropertyAccess] added moves to pluralMap
[Security] fixed issue where authentication listeners clear unrelated tokens
added greek translation
[DependencyInjection] Add exception for service name not dumpable in PHP
bumped Symfony version to 2.3.3-DEV
fix issue #8499 modelChoiceList call getPrimaryKey on a non object
updated VERSION for 2.3.2
updated CHANGELOG for 2.3.2
[DependencyInjection] Add exception for service name not dumpable in PHP
fixed typo
bumped Symfony version to 2.2.5
updated VERSION for 2.2.4
update CONTRIBUTORS for 2.2.4
updated CHANGELOG for 2.2.4
Fixed NativeSessionStorage:regenerate when does not exists
removed extraneous whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 5 | ||||
| -rw-r--r-- | Http/Firewall/AbstractPreAuthenticatedListener.php | 19 | ||||
| -rw-r--r-- | Http/Firewall/BasicAuthenticationListener.php | 5 | ||||
| -rw-r--r-- | Http/Firewall/DigestAuthenticationListener.php | 5 |
4 files changed, 30 insertions, 4 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 4e71e99..92618e5 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -194,7 +194,10 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->logger->info(sprintf('Authentication request failed: %s', $failed->getMessage())); } - $this->securityContext->setToken(null); + $token = $this->securityContext->getToken(); + if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { + $this->securityContext->setToken(null); + } $response = $this->failureHandler->onAuthenticationFailure($request, $failed); diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php index c6e47d0..28f6411 100644 --- a/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -21,6 +21,7 @@ use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Psr\Log\LoggerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\EventDispatcher\EventDispatcherInterface; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; /** * AbstractPreAuthenticatedListener is the base class for all listener that @@ -59,7 +60,12 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface $this->logger->debug(sprintf('Checking secure context token: %s', $this->securityContext->getToken())); } - list($user, $credentials) = $this->getPreAuthenticatedData($request); + try { + list($user, $credentials) = $this->getPreAuthenticatedData($request); + } catch (BadCredentialsException $exception) { + $this->clearToken(); + return; + } if (null !== $token = $this->securityContext->getToken()) { if ($token instanceof PreAuthenticatedToken && $this->providerKey == $token->getProviderKey() && $token->isAuthenticated() && $token->getUsername() === $user) { @@ -84,6 +90,17 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface $this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent); } } catch (AuthenticationException $failed) { + $this->clearToken(); + } + } + + /** + * Clears a PreAuthenticatedToken for this provider (if present) + */ + protected function clearToken() + { + $token = $this->securityContext->getToken(); + if ($token instanceof PreAuthenticatedToken && $this->providerKey === $token->getProviderKey()) { $this->securityContext->setToken(null); if (null !== $this->logger) { diff --git a/Http/Firewall/BasicAuthenticationListener.php b/Http/Firewall/BasicAuthenticationListener.php index 5b1c8b3..bfc4abc 100644 --- a/Http/Firewall/BasicAuthenticationListener.php +++ b/Http/Firewall/BasicAuthenticationListener.php @@ -74,7 +74,10 @@ class BasicAuthenticationListener implements ListenerInterface $token = $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey)); $this->securityContext->setToken($token); } catch (AuthenticationException $failed) { - $this->securityContext->setToken(null); + $token = $this->securityContext->getToken(); + if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { + $this->securityContext->setToken(null); + } if (null !== $this->logger) { $this->logger->info(sprintf('Authentication request failed for user "%s": %s', $username, $failed->getMessage())); diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index 7ab3dcf..ea85e77 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -124,7 +124,10 @@ class DigestAuthenticationListener implements ListenerInterface private function fail(GetResponseEvent $event, Request $request, AuthenticationException $authException) { - $this->securityContext->setToken(null); + $token = $this->securityContext->getToken(); + if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { + $this->securityContext->setToken(null); + } if (null !== $this->logger) { $this->logger->info($authException); |