diff options
| author | Johannes Schmitt <schmittjoh@gmail.com> | 2011-03-07 18:17:46 +0100 |
|---|---|---|
| committer | Johannes M. Schmitt <schmittjoh@gmail.com> | 2011-03-10 10:25:32 +0100 |
| commit | f0335ae722034233c2f49179bc6a9bf8ada62633 (patch) | |
| tree | 677ee84bc31216f3a7998e62fdc7838a2076fe4c /Http | |
| parent | c224430de65547bc9a25293b6a8caf2b9029f05c (diff) | |
| download | symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.zip symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.gz symfony-security-f0335ae722034233c2f49179bc6a9bf8ada62633.tar.bz2 | |
[Security] various changes, see below
- visibility changes from protected to private
- AccountInterface -> UserInterface
- SecurityContext::vote() -> SecurityContext::isGranted()
Diffstat (limited to 'Http')
25 files changed, 150 insertions, 182 deletions
diff --git a/Http/AccessMap.php b/Http/AccessMap.php index ef7a4f0..6d12b42 100644 --- a/Http/AccessMap.php +++ b/Http/AccessMap.php @@ -22,7 +22,7 @@ use Symfony\Component\HttpFoundation\Request; */ class AccessMap { - protected $map = array(); + private $map = array(); /** * Constructor. diff --git a/Http/EntryPoint/BasicAuthenticationEntryPoint.php b/Http/EntryPoint/BasicAuthenticationEntryPoint.php index 4fcfe6f..8f82426 100644 --- a/Http/EntryPoint/BasicAuthenticationEntryPoint.php +++ b/Http/EntryPoint/BasicAuthenticationEntryPoint.php @@ -24,7 +24,7 @@ use Symfony\Component\HttpFoundation\Request; */ class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $realmName; + private $realmName; public function __construct($realmName) { diff --git a/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/Http/EntryPoint/DigestAuthenticationEntryPoint.php index a1dcf4b..a4488ab 100644 --- a/Http/EntryPoint/DigestAuthenticationEntryPoint.php +++ b/Http/EntryPoint/DigestAuthenticationEntryPoint.php @@ -26,10 +26,10 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface; */ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $key; - protected $realmName; - protected $nonceValiditySeconds; - protected $logger; + private $key; + private $realmName; + private $nonceValiditySeconds; + private $logger; public function __construct($realmName, $key, $nonceValiditySeconds = 300, LoggerInterface $logger = null) { @@ -62,14 +62,4 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac return $response; } - - public function getKey() - { - return $this->key; - } - - public function getRealmName() - { - return $this->realmName; - } } diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php index 55a32db..e43eca4 100644 --- a/Http/EntryPoint/FormAuthenticationEntryPoint.php +++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php @@ -26,8 +26,8 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; */ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $loginPath; - protected $useForward; + private $loginPath; + private $useForward; /** * Constructor diff --git a/Http/EntryPoint/RetryAuthenticationEntryPoint.php b/Http/EntryPoint/RetryAuthenticationEntryPoint.php index 328617e..48959bf 100644 --- a/Http/EntryPoint/RetryAuthenticationEntryPoint.php +++ b/Http/EntryPoint/RetryAuthenticationEntryPoint.php @@ -27,8 +27,8 @@ use Symfony\Component\HttpFoundation\Request; */ class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface { - protected $httpPort; - protected $httpsPort; + private $httpPort; + private $httpsPort; public function __construct($httpPort = 80, $httpsPort = 443) { diff --git a/Http/Firewall.php b/Http/Firewall.php index 76889ba..66b3ce6 100644 --- a/Http/Firewall.php +++ b/Http/Firewall.php @@ -31,9 +31,9 @@ use Symfony\Component\HttpFoundation\Request; */ class Firewall { - protected $map; - protected $dispatcher; - protected $currentListeners; + private $map; + private $dispatcher; + private $currentListeners; /** * Constructor. diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 501dcd9..4e1f443 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -35,8 +35,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; * Subclasses likely have to implement the following: * - an TokenInterface to hold authentication related data * - an AuthenticationProvider to perform the actual authentication of the - * token, retrieve the AccountInterface implementation from a database, and - * perform the specific account checks using the AccountChecker + * token, retrieve the UserInterface implementation from a database, and + * perform the specific account checks using the UserChecker * * By default, this listener only is active for a specific path, e.g. * /login_check. If you want to change this behavior, you can overwrite the @@ -47,16 +47,16 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ abstract class AbstractAuthenticationListener implements ListenerInterface { - protected $securityContext; - protected $authenticationManager; - protected $sessionStrategy; - protected $providerKey; - protected $eventDispatcher; protected $options; - protected $successHandler; - protected $failureHandler; protected $logger; - protected $rememberMeServices; + private $securityContext; + private $authenticationManager; + private $sessionStrategy; + private $providerKey; + private $eventDispatcher; + private $successHandler; + private $failureHandler; + private $rememberMeServices; /** * Constructor. @@ -173,7 +173,18 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return $this->options['check_path'] === $request->getPathInfo(); } - protected function onFailure($event, Request $request, AuthenticationException $failed) + /** + * Performs authentication. + * + * @param Request $request A Request instance + * + * @return TokenInterface The authenticated token, or null if full authentication is not possible + * + * @throws AuthenticationException if the authentication fails + */ + abstract protected function attemptAuthentication(Request $request); + + private function onFailure($event, Request $request, AuthenticationException $failed) { if (null !== $this->logger) { $this->logger->debug(sprintf('Authentication request failed: %s', $failed->getMessage())); @@ -209,7 +220,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return new RedirectResponse(0 !== strpos($this->options['failure_path'], 'http') ? $request->getUriForPath($this->options['failure_path']) : $this->options['failure_path'], 302); } - protected function onSuccess(EventInterface $event, Request $request, TokenInterface $token) + private function onSuccess(EventInterface $event, Request $request, TokenInterface $token) { if (null !== $this->logger) { $this->logger->debug('User has been authenticated successfully'); @@ -246,7 +257,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface * * @return string */ - protected function determineTargetUrl(Request $request) + private function determineTargetUrl(Request $request) { if ($this->options['always_use_default_target_path']) { return $this->options['default_target_path']; @@ -269,15 +280,4 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return $this->options['default_target_path']; } - - /** - * Performs authentication. - * - * @param Request $request A Request instance - * - * @return TokenInterface The authenticated token, or null if full authentication is not possible - * - * @throws AuthenticationException if the authentication fails - */ - abstract protected function attemptAuthentication(Request $request); } diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php index afced74..716f575 100644 --- a/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -30,11 +30,11 @@ use Symfony\Component\HttpFoundation\Request; */ abstract class AbstractPreAuthenticatedListener implements ListenerInterface { - protected $securityContext; - protected $authenticationManager; - protected $providerKey; protected $logger; - protected $eventDispatcher; + private $securityContext; + private $authenticationManager; + private $providerKey; + private $eventDispatcher; public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, LoggerInterface $logger = null) { @@ -80,11 +80,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface list($user, $credentials) = $this->getPreAuthenticatedData($request); if (null !== $token = $this->securityContext->getToken()) { - if ($token->isImmutable()) { - return; - } - - if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && (string) $token === $user) { + if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && $token->getUsername() === $user) { return; } } diff --git a/Http/Firewall/AccessListener.php b/Http/Firewall/AccessListener.php index cb3e023..3bbbc4b 100644 --- a/Http/Firewall/AccessListener.php +++ b/Http/Firewall/AccessListener.php @@ -28,11 +28,11 @@ use Symfony\Component\Security\Core\Exception\AccessDeniedException; */ class AccessListener implements ListenerInterface { - protected $context; - protected $accessDecisionManager; - protected $map; - protected $authManager; - protected $logger; + private $context; + private $accessDecisionManager; + private $map; + private $authManager; + private $logger; public function __construct(SecurityContext $context, AccessDecisionManagerInterface $accessDecisionManager, AccessMap $map, AuthenticationManagerInterface $authManager, LoggerInterface $logger = null) { @@ -53,7 +53,7 @@ class AccessListener implements ListenerInterface { $dispatcher->connect('core.security', array($this, 'handle'), 0); } - + /** * {@inheritDoc} */ diff --git a/Http/Firewall/AnonymousAuthenticationListener.php b/Http/Firewall/AnonymousAuthenticationListener.php index 352872a..9450006 100644 --- a/Http/Firewall/AnonymousAuthenticationListener.php +++ b/Http/Firewall/AnonymousAuthenticationListener.php @@ -25,9 +25,9 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; */ class AnonymousAuthenticationListener implements ListenerInterface { - protected $context; - protected $key; - protected $logger; + private $context; + private $key; + private $logger; public function __construct(SecurityContextInterface $context, $key, LoggerInterface $logger = null) { diff --git a/Http/Firewall/BasicAuthenticationListener.php b/Http/Firewall/BasicAuthenticationListener.php index 8b5afd2..3ae3e51 100644 --- a/Http/Firewall/BasicAuthenticationListener.php +++ b/Http/Firewall/BasicAuthenticationListener.php @@ -27,12 +27,12 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; */ class BasicAuthenticationListener implements ListenerInterface { - protected $securityContext; - protected $authenticationManager; - protected $providerKey; - protected $authenticationEntryPoint; - protected $logger; - protected $ignoreFailure; + private $securityContext; + private $authenticationManager; + private $providerKey; + private $authenticationEntryPoint; + private $logger; + private $ignoreFailure; public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null) { @@ -80,11 +80,7 @@ class BasicAuthenticationListener implements ListenerInterface } if (null !== $token = $this->securityContext->getToken()) { - if ($token->isImmutable()) { - return; - } - - if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) { + if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $username) { return; } } diff --git a/Http/Firewall/ChannelListener.php b/Http/Firewall/ChannelListener.php index 43c578e..b0db398 100644 --- a/Http/Firewall/ChannelListener.php +++ b/Http/Firewall/ChannelListener.php @@ -25,9 +25,9 @@ use Symfony\Component\EventDispatcher\EventInterface; */ class ChannelListener implements ListenerInterface { - protected $map; - protected $authenticationEntryPoint; - protected $logger; + private $map; + private $authenticationEntryPoint; + private $logger; public function __construct(AccessMap $map, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null) { diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php index bd9cd2f..d868278 100644 --- a/Http/Firewall/ContextListener.php +++ b/Http/Firewall/ContextListener.php @@ -19,9 +19,9 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\SecurityContext; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * ContextListener manages the SecurityContext persistence through a session. @@ -31,10 +31,10 @@ use Symfony\Component\Security\Core\User\AccountInterface; */ class ContextListener implements ListenerInterface { - protected $context; - protected $contextKey; - protected $logger; - protected $userProviders; + private $context; + private $contextKey; + private $logger; + private $userProviders; public function __construct(SecurityContext $context, array $userProviders, $contextKey, LoggerInterface $logger = null) { @@ -89,7 +89,7 @@ class ContextListener implements ListenerInterface $token = unserialize($token); - if (null !== $token && false === $token->isImmutable()) { + if (null !== $token) { $token = $this->refreshUser($token); } @@ -132,10 +132,10 @@ class ContextListener implements ListenerInterface * * @return TokenInterface|null */ - protected function refreshUser(TokenInterface $token) + private function refreshUser(TokenInterface $token) { $user = $token->getUser(); - if (!$user instanceof AccountInterface) { + if (!$user instanceof UserInterface) { return $token; } @@ -145,21 +145,14 @@ class ContextListener implements ListenerInterface foreach ($this->userProviders as $provider) { try { - $cUser = $provider->loadUserByAccount($user); - - $token->setRoles($cUser->getRoles()); - $token->setUser($cUser); - - if (false === $cUser->equals($user)) { - $token->setAuthenticated(false); - } + $token->setUser($provider->loadUser($user)); if (null !== $this->logger) { $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user)); } return $token; - } catch (UnsupportedAccountException $unsupported) { + } catch (UnsupportedUserException $unsupported) { // let's try the next user provider } catch (UsernameNotFoundException $notFound) { if (null !== $this->logger) { diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index 537faaa..de5ba18 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -32,11 +32,11 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; */ class DigestAuthenticationListener implements ListenerInterface { - protected $securityContext; - protected $provider; - protected $providerKey; - protected $authenticationEntryPoint; - protected $logger; + private $securityContext; + private $provider; + private $providerKey; + private $authenticationEntryPoint; + private $logger; public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, $providerKey, DigestAuthenticationEntryPoint $authenticationEntryPoint, LoggerInterface $logger = null) { @@ -85,11 +85,7 @@ class DigestAuthenticationListener implements ListenerInterface $digestAuth = new DigestData($header); if (null !== $token = $this->securityContext->getToken()) { - if ($token->isImmutable()) { - return; - } - - if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $digestAuth->getUsername()) { + if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $digestAuth->getUsername()) { return; } } @@ -143,7 +139,7 @@ class DigestAuthenticationListener implements ListenerInterface $this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey)); } - protected function fail(EventInterface $event, Request $request, AuthenticationException $authException) + private function fail(EventInterface $event, Request $request, AuthenticationException $authException) { $this->securityContext->setToken(null); @@ -157,9 +153,9 @@ class DigestAuthenticationListener implements ListenerInterface class DigestData { - protected $elements; - protected $header; - protected $nonceExpiryTime; + private $elements; + private $header; + private $nonceExpiryTime; public function __construct($header) { diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 76a9c99..90f5a01 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -34,12 +34,12 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; */ class ExceptionListener implements ListenerInterface { - protected $context; - protected $accessDeniedHandler; - protected $authenticationEntryPoint; - protected $authenticationTrustResolver; - protected $errorPage; - protected $logger; + private $context; + private $accessDeniedHandler; + private $authenticationEntryPoint; + private $authenticationTrustResolver; + private $errorPage; + private $logger; public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) { @@ -148,7 +148,7 @@ class ExceptionListener implements ListenerInterface return $response; } - protected function startAuthentication(EventInterface $event, Request $request, AuthenticationException $authException) + private function startAuthentication(EventInterface $event, Request $request, AuthenticationException $authException) { $this->context->setToken(null); @@ -160,7 +160,7 @@ class ExceptionListener implements ListenerInterface $this->logger->debug('Calling Authentication entry point'); } - // session isn't required when using http basic authentification mecanism for example + // session isn't required when using http basic authentification mechanism for example if ($request->hasSession()) { $request->getSession()->set('_security.target_path', $request->getUri()); } diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php index 4025739..9963757 100644 --- a/Http/Firewall/LogoutListener.php +++ b/Http/Firewall/LogoutListener.php @@ -27,11 +27,11 @@ use Symfony\Component\HttpFoundation\RedirectResponse; */ class LogoutListener implements ListenerInterface { - protected $securityContext; - protected $logoutPath; - protected $targetUrl; - protected $handlers; - protected $successHandler; + private $securityContext; + private $logoutPath; + private $targetUrl; + private $handlers; + private $successHandler; /** * Constructor diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php index d44f353..6b23679 100644 --- a/Http/Firewall/RememberMeListener.php +++ b/Http/Firewall/RememberMeListener.php @@ -31,12 +31,12 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; */ class RememberMeListener implements ListenerInterface { - protected $securityContext; - protected $rememberMeServices; - protected $authenticationManager; - protected $logger; - protected $lastState; - protected $eventDispatcher; + private $securityContext; + private $rememberMeServices; + private $authenticationManager; + private $logger; + private $lastState; + private $eventDispatcher; /** * Constructor diff --git a/Http/Firewall/SwitchUserListener.php b/Http/Firewall/SwitchUserListener.php index 2adc676..96891bd 100644 --- a/Http/Firewall/SwitchUserListener.php +++ b/Http/Firewall/SwitchUserListener.php @@ -14,7 +14,7 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\EventDispatcher\Event; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; @@ -36,20 +36,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class SwitchUserListener implements ListenerInterface { - protected $securityContext; - protected $provider; - protected $accountChecker; - protected $providerKey; - protected $accessDecisionManager; - protected $usernameParameter; - protected $role; - protected $logger; - protected $eventDispatcher; + private $securityContext; + private $provider; + private $userChecker; + private $providerKey; + private $accessDecisionManager; + private $usernameParameter; + private $role; + private $logger; + private $eventDispatcher; /** * Constructor. */ - public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, AccountCheckerInterface $accountChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH') + public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, UserCheckerInterface $userChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH') { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); @@ -57,7 +57,7 @@ class SwitchUserListener implements ListenerInterface $this->securityContext = $securityContext; $this->provider = $provider; - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; $this->accessDecisionManager = $accessDecisionManager; $this->usernameParameter = $usernameParameter; @@ -125,11 +125,11 @@ class SwitchUserListener implements ListenerInterface * * @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise */ - protected function attemptSwitchUser(Request $request) + private function attemptSwitchUser(Request $request) { $token = $this->securityContext->getToken(); if (false !== $this->getOriginalToken($token)) { - throw new \LogicException(sprintf('You are already switched to "%s" user.', (string) $token)); + throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername())); } $this->accessDecisionManager->decide($token, array($this->role)); @@ -141,13 +141,12 @@ class SwitchUserListener implements ListenerInterface } $user = $this->provider->loadUserByUsername($username); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $roles = $user->getRoles(); $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->securityContext->getToken()); $token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles); - $token->setImmutable(true); if (null !== $this->eventDispatcher) { $this->eventDispatcher->notify(new Event($this, 'security.switch_user', array('request' => $request, 'target_user' => $token->getUser()))); @@ -163,7 +162,7 @@ class SwitchUserListener implements ListenerInterface * * @return TokenInterface The original TokenInterface instance */ - protected function attemptExitUser(Request $request) + private function attemptExitUser(Request $request) { if (false === $original = $this->getOriginalToken($this->securityContext->getToken())) { throw new AuthenticationCredentialsNotFoundException(sprintf('Could not find original Token object.')); @@ -183,7 +182,7 @@ class SwitchUserListener implements ListenerInterface * * @return TokenInterface|false The original TokenInterface instance, false if the current TokenInterface is not switched */ - protected function getOriginalToken(TokenInterface $token) + private function getOriginalToken(TokenInterface $token) { foreach ($token->getRoles() as $role) { if ($role instanceof SwitchUserRole) { diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 126ef41..3008273 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -30,7 +30,7 @@ use Symfony\Component\Security\Core\SecurityContextInterface; */ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationListener { - protected $csrfProvider; + private $csrfProvider; /** * {@inheritdoc} diff --git a/Http/FirewallMap.php b/Http/FirewallMap.php index c7a57f2..d5fc331 100644 --- a/Http/FirewallMap.php +++ b/Http/FirewallMap.php @@ -23,7 +23,7 @@ use Symfony\Component\Security\Http\Firewall\ExceptionListener; */ class FirewallMap implements FirewallMapInterface { - protected $map = array(); + private $map = array(); public function add(RequestMatcherInterface $requestMatcher = null, array $listeners = array(), ExceptionListener $exceptionListener = null) { diff --git a/Http/Logout/CookieClearingLogoutHandler.php b/Http/Logout/CookieClearingLogoutHandler.php index 8ca284d..ebdcbed 100644 --- a/Http/Logout/CookieClearingLogoutHandler.php +++ b/Http/Logout/CookieClearingLogoutHandler.php @@ -22,7 +22,7 @@ use Symfony\Component\HttpFoundation\Request; */ class CookieClearingLogoutHandler implements LogoutHandlerInterface { - protected $cookies; + private $cookies; /** * Constructor diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php index ff3306e..351ad03 100644 --- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -30,7 +30,7 @@ use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; */ class PersistentTokenBasedRememberMeServices extends RememberMeServices { - protected $tokenProvider; + private $tokenProvider; /** * Sets the token provider @@ -46,6 +46,21 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices /** * {@inheritDoc} */ + public function logout(Request $request, Response $response, TokenInterface $token) + { + parent::logout($request, $response, $token); + + if (null !== ($cookie = $request->cookies->get($this->options['name'])) + && count($parts = $this->decodeCookie($cookie)) === 2 + ) { + list($series, $tokenValue) = $parts; + $this->tokenProvider->deleteTokenBySeries($series); + } + } + + /** + * {@inheritDoc} + */ protected function processAutoLoginCookie(array $cookieParts, Request $request) { if (count($cookieParts) !== 2) { @@ -66,10 +81,8 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices } $user = $this->getUserProvider($persistentToken->getClass())->loadUserByUsername($persistentToken->getUsername()); - $authenticationToken = new RememberMeToken($user, $this->providerKey, $this->key); - $authenticationToken->setPersistentToken($persistentToken); - return $authenticationToken; + return new RememberMeToken($user, $this->providerKey, $this->key, $persistentToken); } /** @@ -115,21 +128,6 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices } /** - * {@inheritDoc} - */ - public function logout(Request $request, Response $response, TokenInterface $token) - { - parent::logout($request, $response, $token); - - if (null !== ($cookie = $request->cookies->get($this->options['name'])) - && count($parts = $this->decodeCookie($cookie)) === 2 - ) { - list($series, $tokenValue) = $parts; - $this->tokenProvider->deleteTokenBySeries($series); - } - } - - /** * Generates the value for the cookie * * @param string $series diff --git a/Http/RememberMe/RememberMeServices.php b/Http/RememberMe/RememberMeServices.php index 4370d92..e0ed52b 100644 --- a/Http/RememberMe/RememberMeServices.php +++ b/Http/RememberMe/RememberMeServices.php @@ -2,7 +2,7 @@ namespace Symfony\Component\Security\Http\RememberMe; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -30,11 +30,11 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout { const COOKIE_DELIMITER = ':'; - protected $userProviders; protected $options; protected $logger; - protected $key; protected $providerKey; + protected $key; + private $userProviders; /** * Constructor @@ -80,7 +80,7 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout * @param Request $request * @return TokenInterface */ - public function autoLogin(Request $request) + public final function autoLogin(Request $request) { if (null === $cookie = $request->cookies->get($this->options['name'])) { return; @@ -139,12 +139,12 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout * @param TokenInterface $token The token that resulted in a successful authentication * @return void */ - public function loginSuccess(Request $request, Response $response, TokenInterface $token) + public final function loginSuccess(Request $request, Response $response, TokenInterface $token) { if (!$token instanceof RememberMeToken) { - if (!$token->getUser() instanceof AccountInterface) { + if (!$token->getUser() instanceof UserInterface) { if (null !== $this->logger) { - $this->logger->debug('Remember-me ignores token since it does not contain an AccountInterface implementation.'); + $this->logger->debug('Remember-me ignores token since it does not contain an UserInterface implementation.'); } return; diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php index 40757f4..206e10b 100644 --- a/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/Http/RememberMe/TokenBasedRememberMeServices.php @@ -8,7 +8,7 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /* * This file is part of the Symfony package. @@ -50,8 +50,8 @@ class TokenBasedRememberMeServices extends RememberMeServices throw $ex; } - if (!$user instanceof AccountInterface) { - throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of AccountInterface, but returned "%s".', get_class($user))); + if (!$user instanceof UserInterface) { + throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) { @@ -76,7 +76,7 @@ class TokenBasedRememberMeServices extends RememberMeServices * * @return Boolean true if the two hashes are the same, false otherwise */ - protected function compareHashes($hash1, $hash2) + private function compareHashes($hash1, $hash2) { if (strlen($hash1) !== $c = strlen($hash2)) { return false; diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php index 1d25bd9..dea34be 100644 --- a/Http/Session/SessionAuthenticationStrategy.php +++ b/Http/Session/SessionAuthenticationStrategy.php @@ -21,7 +21,7 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte const MIGRATE = 'migrate'; const INVALIDATE = 'invalidate'; - protected $strategy; + private $strategy; public function __construct($strategy) { |