diff options
| -rw-r--r-- | Acl/Permission/BasicPermissionMap.php | 107 | ||||
| -rw-r--r-- | CHANGELOG.md | 6 | ||||
| -rw-r--r-- | Core/Encoder/Pbkdf2PasswordEncoder.php | 2 | ||||
| -rw-r--r-- | Core/User/ChainUserProvider.php | 8 | ||||
| -rw-r--r-- | Core/Validator/Constraint/UserPassword.php | 29 | ||||
| -rw-r--r-- | Core/Validator/Constraint/UserPasswordValidator.php | 29 | ||||
| -rw-r--r-- | Http/EntryPoint/FormAuthenticationEntryPoint.php | 7 | ||||
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 10 | ||||
| -rw-r--r-- | Http/Firewall/ExceptionListener.php | 2 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | Tests/Core/Encoder/BCryptPasswordEncoderTest.php | 2 | ||||
| -rw-r--r-- | Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php | 7 | ||||
| -rw-r--r-- | Tests/Http/Firewall/DigestDataTest.php | 12 | ||||
| -rw-r--r-- | composer.json | 8 |
14 files changed, 104 insertions, 127 deletions
diff --git a/Acl/Permission/BasicPermissionMap.php b/Acl/Permission/BasicPermissionMap.php index b2bcf65..e29f360 100644 --- a/Acl/Permission/BasicPermissionMap.php +++ b/Acl/Permission/BasicPermissionMap.php @@ -28,58 +28,63 @@ class BasicPermissionMap implements PermissionMapInterface const PERMISSION_MASTER = 'MASTER'; const PERMISSION_OWNER = 'OWNER'; - private $map = array( - self::PERMISSION_VIEW => array( - MaskBuilder::MASK_VIEW, - MaskBuilder::MASK_EDIT, - MaskBuilder::MASK_OPERATOR, - MaskBuilder::MASK_MASTER, - MaskBuilder::MASK_OWNER, - ), + protected $map; - self::PERMISSION_EDIT => array( - MaskBuilder::MASK_EDIT, - MaskBuilder::MASK_OPERATOR, - MaskBuilder::MASK_MASTER, - MaskBuilder::MASK_OWNER, - ), - - self::PERMISSION_CREATE => array( - MaskBuilder::MASK_CREATE, - MaskBuilder::MASK_OPERATOR, - MaskBuilder::MASK_MASTER, - MaskBuilder::MASK_OWNER, - ), - - self::PERMISSION_DELETE => array( - MaskBuilder::MASK_DELETE, - MaskBuilder::MASK_OPERATOR, - MaskBuilder::MASK_MASTER, - MaskBuilder::MASK_OWNER, - ), - - self::PERMISSION_UNDELETE => array( - MaskBuilder::MASK_UNDELETE, - MaskBuilder::MASK_OPERATOR, - MaskBuilder::MASK_MASTER, - MaskBuilder::MASK_OWNER, - ), - - self::PERMISSION_OPERATOR => array( - MaskBuilder::MASK_OPERATOR, - MaskBuilder::MASK_MASTER, - MaskBuilder::MASK_OWNER, - ), - - self::PERMISSION_MASTER => array( - MaskBuilder::MASK_MASTER, - MaskBuilder::MASK_OWNER, - ), - - self::PERMISSION_OWNER => array( - MaskBuilder::MASK_OWNER, - ), - ); + public function __construct() + { + $this->map = array( + self::PERMISSION_VIEW => array( + MaskBuilder::MASK_VIEW, + MaskBuilder::MASK_EDIT, + MaskBuilder::MASK_OPERATOR, + MaskBuilder::MASK_MASTER, + MaskBuilder::MASK_OWNER, + ), + + self::PERMISSION_EDIT => array( + MaskBuilder::MASK_EDIT, + MaskBuilder::MASK_OPERATOR, + MaskBuilder::MASK_MASTER, + MaskBuilder::MASK_OWNER, + ), + + self::PERMISSION_CREATE => array( + MaskBuilder::MASK_CREATE, + MaskBuilder::MASK_OPERATOR, + MaskBuilder::MASK_MASTER, + MaskBuilder::MASK_OWNER, + ), + + self::PERMISSION_DELETE => array( + MaskBuilder::MASK_DELETE, + MaskBuilder::MASK_OPERATOR, + MaskBuilder::MASK_MASTER, + MaskBuilder::MASK_OWNER, + ), + + self::PERMISSION_UNDELETE => array( + MaskBuilder::MASK_UNDELETE, + MaskBuilder::MASK_OPERATOR, + MaskBuilder::MASK_MASTER, + MaskBuilder::MASK_OWNER, + ), + + self::PERMISSION_OPERATOR => array( + MaskBuilder::MASK_OPERATOR, + MaskBuilder::MASK_MASTER, + MaskBuilder::MASK_OWNER, + ), + + self::PERMISSION_MASTER => array( + MaskBuilder::MASK_MASTER, + MaskBuilder::MASK_OWNER, + ), + + self::PERMISSION_OWNER => array( + MaskBuilder::MASK_OWNER, + ), + ); + } /** * {@inheritDoc} diff --git a/CHANGELOG.md b/CHANGELOG.md index 82c4312..e29de9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ CHANGELOG ========= +2.3.0 +----- + + * [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication + * added a `require_previous_session` option to `AbstractAuthenticationListener` + 2.2.0 ----- diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php index 656545f..4f37ba3 100644 --- a/Core/Encoder/Pbkdf2PasswordEncoder.php +++ b/Core/Encoder/Pbkdf2PasswordEncoder.php @@ -82,7 +82,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder $digest = ''; for ($i = 1; $i <= $blocks; $i++) { - $ib = $block = hash_hmac($algorithm, $salt . pack('N', $i), $password, true); + $ib = $block = hash_hmac($algorithm, $salt.pack('N', $i), $password, true); // Iterations for ($j = 1; $j < $iterations; $j++) { diff --git a/Core/User/ChainUserProvider.php b/Core/User/ChainUserProvider.php index 3ff1ea9..fc72074 100644 --- a/Core/User/ChainUserProvider.php +++ b/Core/User/ChainUserProvider.php @@ -32,6 +32,14 @@ class ChainUserProvider implements UserProviderInterface } /** + * @return array + */ + public function getProviders() + { + return $this->providers; + } + + /** * {@inheritDoc} */ public function loadUserByUsername($username) diff --git a/Core/Validator/Constraint/UserPassword.php b/Core/Validator/Constraint/UserPassword.php deleted file mode 100644 index 93ca24d..0000000 --- a/Core/Validator/Constraint/UserPassword.php +++ /dev/null @@ -1,29 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Validator\Constraint; - -use Symfony\Component\Security\Core\Validator\Constraints\UserPassword as BaseUserPassword; - -/** - * @Annotation - * - * @deprecated Deprecated since version 2.2, to be removed in 2.3. - */ -class UserPassword extends BaseUserPassword -{ - public function __construct($options = null) - { - trigger_error('UserPassword class in Symfony\Component\Security\Core\Validator\Constraint namespace is deprecated since version 2.2 and will be removed in 2.3. Use the Symfony\Component\Security\Core\Validator\Constraints\UserPassword class instead.', E_USER_DEPRECATED); - - parent::__construct($options); - } -} diff --git a/Core/Validator/Constraint/UserPasswordValidator.php b/Core/Validator/Constraint/UserPasswordValidator.php deleted file mode 100644 index 0195fe5..0000000 --- a/Core/Validator/Constraint/UserPasswordValidator.php +++ /dev/null @@ -1,29 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Validator\Constraint; - -use Symfony\Component\Security\Core\SecurityContextInterface; -use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; -use Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator as BaseUserPasswordValidator; - -/** - * @deprecated Deprecated since version 2.2, to be removed in 2.3. - */ -class UserPasswordValidator extends BaseUserPasswordValidator -{ - public function __construct(SecurityContextInterface $securityContext, EncoderFactoryInterface $encoderFactory) - { - trigger_error('UserPasswordValidator class in Symfony\Component\Security\Core\Validator\Constraint namespace is deprecated since version 2.2 and will be removed in 2.3. Use the Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator class instead.', E_USER_DEPRECATED); - - parent::__construct($securityContext, $encoderFactory); - } -} diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php index 2170e9e..3eaae82 100644 --- a/Http/EntryPoint/FormAuthenticationEntryPoint.php +++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php @@ -53,7 +53,12 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface if ($this->useForward) { $subRequest = $this->httpUtils->createRequest($request, $this->loginPath); - return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); + $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); + if (200 === $response->getStatusCode()) { + $response->headers->set('X-Status-Code', 401); + } + + return $response; } return $this->httpUtils->createRedirectResponse($request, $this->loginPath); diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 80f47f7..562ba10 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -92,6 +92,14 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->failureHandler = $failureHandler; $this->options = array_merge(array( 'check_path' => '/login_check', + 'login_path' => '/login', + 'always_use_default_target_path' => false, + 'default_target_path' => '/', + 'target_path_parameter' => '_target_path', + 'use_referer' => false, + 'failure_path' => null, + 'failure_forward' => false, + 'require_previous_session' => true, ), $options); $this->logger = $logger; $this->dispatcher = $dispatcher; @@ -129,7 +137,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface } try { - if (!$request->hasPreviousSession()) { + if ($this->options['require_previous_session'] && !$request->hasPreviousSession()) { throw new SessionUnavailableException('Your session has timed out, or you have disabled cookies.'); } diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 0f81d1b..6554595 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -181,7 +181,7 @@ class ExceptionListener { // session isn't required when using http basic authentication mechanism for example if ($request->hasSession() && $request->isMethodSafe()) { - $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri()); + $request->getSession()->set('_security.'.$this->providerKey.'.target_path', $request->getUri()); } } } @@ -11,7 +11,7 @@ Resources Documentation: -http://symfony.com/doc/2.2/book/security.html +http://symfony.com/doc/2.3/book/security.html Resources --------- diff --git a/Tests/Core/Encoder/BCryptPasswordEncoderTest.php b/Tests/Core/Encoder/BCryptPasswordEncoderTest.php index bfaf5fc..45c8f74 100644 --- a/Tests/Core/Encoder/BCryptPasswordEncoderTest.php +++ b/Tests/Core/Encoder/BCryptPasswordEncoderTest.php @@ -105,7 +105,7 @@ class BCryptPasswordEncoderTest extends \PHPUnit_Framework_TestCase $prefix = '$'.(version_compare(phpversion(), '5.3.7', '>=') ? '2y' : '2a').'$'; $salt = 'MDEyMzQ1Njc4OWFiY2RlZe'; - $expected = crypt(self::PASSWORD, $prefix . self::VALID_COST . '$' . $salt); + $expected = crypt(self::PASSWORD, $prefix.self::VALID_COST.'$'.$salt); $this->assertEquals($expected, $result); } diff --git a/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php b/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php index 1cf2c2d..cbec1bd 100644 --- a/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php +++ b/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php @@ -50,7 +50,7 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase { $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false); $subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false); - $response = $this->getMock('Symfony\Component\HttpFoundation\Response'); + $response = new \Symfony\Component\HttpFoundation\Response('', 200); $httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils'); $httpUtils @@ -70,6 +70,9 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase $entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true); - $this->assertEquals($response, $entryPoint->start($request)); + $entryPointResponse = $entryPoint->start($request); + + $this->assertEquals($response, $entryPointResponse); + $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code')); } } diff --git a/Tests/Http/Firewall/DigestDataTest.php b/Tests/Http/Firewall/DigestDataTest.php index cfb929c..8b63d9c 100644 --- a/Tests/Http/Firewall/DigestDataTest.php +++ b/Tests/Http/Firewall/DigestDataTest.php @@ -103,10 +103,10 @@ class DigestDataTest extends \PHPUnit_Framework_TestCase { $time = microtime(true); $key = 'ThisIsAKey'; - $nonce = base64_encode($time . ':' . md5($time . ':' . $key)); + $nonce = base64_encode($time.':'.md5($time.':'.$key)); $digestAuth = new DigestData( - 'username="user", realm="Welcome, robot!", nonce="' . $nonce . '", ' . + 'username="user", realm="Welcome, robot!", nonce="'.$nonce.'", ' . 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", ' . 'response="b52938fc9e6d7c01be7702ece9031b42"' ); @@ -143,10 +143,10 @@ class DigestDataTest extends \PHPUnit_Framework_TestCase { $time = microtime(true) + 10; $key = 'ThisIsAKey'; - $nonce = base64_encode($time . ':' . md5($time . ':' . $key)); + $nonce = base64_encode($time.':'.md5($time.':'.$key)); $digestAuth = new DigestData( - 'username="user", realm="Welcome, robot!", nonce="' . $nonce . '", ' . + 'username="user", realm="Welcome, robot!", nonce="'.$nonce.'", ' . 'uri="/path/info?p1=5&p2=5", cnonce="MDIwODkz", nc=00000001, qop="auth", ' . 'response="b52938fc9e6d7c01be7702ece9031b42"' ); @@ -164,10 +164,10 @@ class DigestDataTest extends \PHPUnit_Framework_TestCase private function calculateServerDigest($username, $realm, $password, $key, $nc, $cnonce, $qop, $method, $uri) { $time = microtime(true); - $nonce = base64_encode($time . ':' . md5($time . ':' . $key)); + $nonce = base64_encode($time.':'.md5($time.':'.$key)); $response = md5( - md5($username . ':' . $realm . ':' . $password) . ':' . $nonce . ':' . $nc . ':' . $cnonce . ':' . $qop . ':' . md5($method . ':' . $uri) + md5($username.':'.$realm.':'.$password).':'.$nonce.':'.$nc.':'.$cnonce.':'.$qop.':'.md5($method.':'.$uri) ); $digest = sprintf('username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%s, qop="%s", response="%s"', diff --git a/composer.json b/composer.json index 083ce94..dd4eecf 100644 --- a/composer.json +++ b/composer.json @@ -18,13 +18,13 @@ "require": { "php": ">=5.3.3", "symfony/event-dispatcher": "~2.1", - "symfony/http-foundation": ">=2.1,<2.3-dev", + "symfony/http-foundation": ">=2.1,<2.4-dev", "symfony/http-kernel": ">=2.1,<=2.3-dev" }, "require-dev": { "symfony/form": "~2.0", - "symfony/routing": ">=2.2,<2.3-dev", - "symfony/validator": ">=2.2,<2.3-dev", + "symfony/routing": ">=2.2,<2.4-dev", + "symfony/validator": ">=2.2,<2.4-dev", "doctrine/common": "~2.2", "doctrine/dbal": "~2.2", "psr/log": "~1.0" @@ -44,7 +44,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.2-dev" + "dev-master": "2.3-dev" } } } |