diff options
89 files changed, 1384 insertions, 287 deletions
diff --git a/Acl/Dbal/AclProvider.php b/Acl/Dbal/AclProvider.php index 822a160..1d1cb16 100644 --- a/Acl/Dbal/AclProvider.php +++ b/Acl/Dbal/AclProvider.php @@ -165,8 +165,17 @@ class AclProvider implements AclProviderInterface // Is it time to load the current batch? if ((self::MAX_BATCH_SIZE === count($currentBatch) || ($i + 1) === $c) && count($currentBatch) > 0) { - $loadedBatch = $this->lookupObjectIdentities($currentBatch, $sids, $oidLookup); - + try { + $loadedBatch = $this->lookupObjectIdentities($currentBatch, $sids, $oidLookup); + } catch (AclNotFoundException $aclNotFoundexception) { + if ($result->count()) { + $partialResultException = new NotAllAclsFoundException('The provider could not find ACLs for all object identities.'); + $partialResultException->setPartialResult($result); + throw $partialResultException; + } else { + throw $aclNotFoundexception; + } + } foreach ($loadedBatch as $loadedOid) { $loadedAcl = $loadedBatch->offsetGet($loadedOid); diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php index 0ac4fa7..29d3cfd 100644 --- a/Acl/Dbal/MutableAclProvider.php +++ b/Acl/Dbal/MutableAclProvider.php @@ -252,6 +252,22 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf } } + // check properties for deleted, and created ACEs, and perform deletions + // we need to perfom deletions before updating existing ACEs, in order to + // preserve uniqueness of the order field + if (isset($propertyChanges['classAces'])) { + $this->updateOldAceProperty('classAces', $propertyChanges['classAces']); + } + if (isset($propertyChanges['classFieldAces'])) { + $this->updateOldFieldAceProperty('classFieldAces', $propertyChanges['classFieldAces']); + } + if (isset($propertyChanges['objectAces'])) { + $this->updateOldAceProperty('objectAces', $propertyChanges['objectAces']); + } + if (isset($propertyChanges['objectFieldAces'])) { + $this->updateOldFieldAceProperty('objectFieldAces', $propertyChanges['objectFieldAces']); + } + // this includes only updates of existing ACEs, but neither the creation, nor // the deletion of ACEs; these are tracked by changes to the ACL's respective // properties (classAces, classFieldAces, objectAces, objectFieldAces) @@ -259,20 +275,20 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf $this->updateAces($propertyChanges['aces']); } - // check properties for deleted, and created ACEs + // check properties for deleted, and created ACEs, and perform creations if (isset($propertyChanges['classAces'])) { - $this->updateAceProperty('classAces', $propertyChanges['classAces']); + $this->updateNewAceProperty('classAces', $propertyChanges['classAces']); $sharedPropertyChanges['classAces'] = $propertyChanges['classAces']; } if (isset($propertyChanges['classFieldAces'])) { - $this->updateFieldAceProperty('classFieldAces', $propertyChanges['classFieldAces']); + $this->updateNewFieldAceProperty('classFieldAces', $propertyChanges['classFieldAces']); $sharedPropertyChanges['classFieldAces'] = $propertyChanges['classFieldAces']; } if (isset($propertyChanges['objectAces'])) { - $this->updateAceProperty('objectAces', $propertyChanges['objectAces']); + $this->updateNewAceProperty('objectAces', $propertyChanges['objectAces']); } if (isset($propertyChanges['objectFieldAces'])) { - $this->updateFieldAceProperty('objectFieldAces', $propertyChanges['objectFieldAces']); + $this->updateNewFieldAceProperty('objectFieldAces', $propertyChanges['objectFieldAces']); } // if there have been changes to shared properties, we need to synchronize other @@ -740,12 +756,12 @@ QUERY; } /** - * This processes changes on an ACE related property (classFieldAces, or objectFieldAces). + * This processes new entries changes on an ACE related property (classFieldAces, or objectFieldAces). * * @param string $name * @param array $changes */ - private function updateFieldAceProperty($name, array $changes) + private function updateNewFieldAceProperty($name, array $changes) { $sids = new \SplObjectStorage(); $classIds = new \SplObjectStorage(); @@ -782,9 +798,29 @@ QUERY; } } } + } + + /** + * This process old entries changes on an ACE related property (classFieldAces, or objectFieldAces). + * + * @param string $name + * @param array $changes + */ + private function updateOldFieldAceProperty($ane, array $changes) + { + $currentIds = array(); + foreach ($changes[1] as $field => $new) { + for ($i = 0, $c = count($new); $i < $c; $i++) { + $ace = $new[$i]; + + if (null !== $ace->getId()) { + $currentIds[$ace->getId()] = true; + } + } + } foreach ($changes[0] as $old) { - for ($i=0,$c=count($old); $i<$c; $i++) { + for ($i = 0, $c = count($old); $i < $c; $i++) { $ace = $old[$i]; if (!isset($currentIds[$ace->getId()])) { @@ -796,12 +832,12 @@ QUERY; } /** - * This processes changes on an ACE related property (classAces, or objectAces). + * This processes new entries changes on an ACE related property (classAces, or objectAces). * * @param string $name * @param array $changes */ - private function updateAceProperty($name, array $changes) + private function updateNewAceProperty($name, array $changes) { list($old, $new) = $changes; @@ -838,8 +874,28 @@ QUERY; $currentIds[$ace->getId()] = true; } } + } - for ($i=0,$c=count($old); $i<$c; $i++) { + /** + * This processes old entries changes on an ACE related property (classAces, or objectAces). + * + * @param string $name + * @param array $changes + */ + private function updateOldAceProperty($name, array $changes) + { + list($old, $new) = $changes; + $currentIds = array(); + + for ($i=0,$c=count($new); $i<$c; $i++) { + $ace = $new[$i]; + + if (null !== $ace->getId()) { + $currentIds[$ace->getId()] = true; + } + } + + for ($i = 0, $c = count($old); $i < $c; $i++) { $ace = $old[$i]; if (!isset($currentIds[$ace->getId()])) { @@ -857,26 +913,41 @@ QUERY; private function updateAces(\SplObjectStorage $aces) { foreach ($aces as $ace) { - $propertyChanges = $aces->offsetGet($ace); - $sets = array(); + $this->updateAce($aces, $ace); + } + } - if (isset($propertyChanges['mask'])) { - $sets[] = sprintf('mask = %d', $propertyChanges['mask'][1]); - } - if (isset($propertyChanges['strategy'])) { - $sets[] = sprintf('granting_strategy = %s', $this->connection->quote($propertyChanges['strategy'])); - } - if (isset($propertyChanges['aceOrder'])) { - $sets[] = sprintf('ace_order = %d', $propertyChanges['aceOrder'][1]); - } - if (isset($propertyChanges['auditSuccess'])) { - $sets[] = sprintf('audit_success = %s', $this->connection->getDatabasePlatform()->convertBooleans($propertyChanges['auditSuccess'][1])); - } - if (isset($propertyChanges['auditFailure'])) { - $sets[] = sprintf('audit_failure = %s', $this->connection->getDatabasePlatform()->convertBooleans($propertyChanges['auditFailure'][1])); + private function updateAce(\SplObjectStorage $aces, $ace) + { + $propertyChanges = $aces->offsetGet($ace); + $sets = array(); + + if (isset($propertyChanges['aceOrder']) + && $propertyChanges['aceOrder'][1] > $propertyChanges['aceOrder'][0] + && $propertyChanges == $aces->offsetGet($ace)) { + $aces->next(); + if ($aces->valid()) { + $this->updateAce($aces, $aces->current()); + } } - $this->connection->executeQuery($this->getUpdateAccessControlEntrySql($ace->getId(), $sets)); + if (isset($propertyChanges['mask'])) { + $sets[] = sprintf('mask = %d', $propertyChanges['mask'][1]); } + if (isset($propertyChanges['strategy'])) { + $sets[] = sprintf('granting_strategy = %s', $this->connection->quote($propertyChanges['strategy'])); + } + if (isset($propertyChanges['aceOrder'])) { + $sets[] = sprintf('ace_order = %d', $propertyChanges['aceOrder'][1]); + } + if (isset($propertyChanges['auditSuccess'])) { + $sets[] = sprintf('audit_success = %s', $this->connection->getDatabasePlatform()->convertBooleans($propertyChanges['auditSuccess'][1])); + } + if (isset($propertyChanges['auditFailure'])) { + $sets[] = sprintf('audit_failure = %s', $this->connection->getDatabasePlatform()->convertBooleans($propertyChanges['auditFailure'][1])); + } + + $this->connection->executeQuery($this->getUpdateAccessControlEntrySql($ace->getId(), $sets)); } + } diff --git a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php index 4175907..234bddb 100644 --- a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php +++ b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php @@ -22,6 +22,13 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac private $key; private $providerKey; + /** + * Constructor. + * + * @param UserCheckerInterface $userChecker An UserCheckerInterface interface + * @param string $key A key + * @param string $providerKey A provider key + */ public function __construct(UserCheckerInterface $userChecker, $key, $providerKey) { $this->userChecker = $userChecker; @@ -29,6 +36,9 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac $this->providerKey = $providerKey; } + /** + * {@inheritdoc} + */ public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { @@ -48,6 +58,9 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac return $authenticatedToken; } + /** + * {@inheritdoc} + */ public function supports(TokenInterface $token) { return $token instanceof RememberMeToken && $token->getProviderKey() === $this->providerKey; diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php index 626f50b..18c3e70 100644 --- a/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -19,6 +19,7 @@ use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Role\SwitchUserRole; /** * UserProviderInterface retrieves users for UsernamePasswordToken tokens. @@ -92,7 +93,7 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter throw $e; } - $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); + $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token)); $authenticatedToken->setAttributes($token->getAttributes()); return $authenticatedToken; @@ -107,6 +108,29 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter } /** + * Retrieves roles from user and appends SwitchUserRole if original token contained one. + * + * @param UserInterface $user The user + * @param TokenInterface $token The token + * + * @return Role[] The user roles + */ + private function getRoles(UserInterface $user, TokenInterface $token) + { + $roles = $user->getRoles(); + + foreach ($token->getRoles() as $role) { + if ($role instanceof SwitchUserRole) { + $roles[] = $role; + + break; + } + } + + return $roles; + } + + /** * Retrieves the user from an implementation-specific location. * * @param string $username The username to retrieve diff --git a/Core/Authentication/RememberMe/InMemoryTokenProvider.php b/Core/Authentication/RememberMe/InMemoryTokenProvider.php index a15c2b4..719d7a1 100644 --- a/Core/Authentication/RememberMe/InMemoryTokenProvider.php +++ b/Core/Authentication/RememberMe/InMemoryTokenProvider.php @@ -22,6 +22,9 @@ class InMemoryTokenProvider implements TokenProviderInterface { private $tokens = array(); + /** + * {@inheritdoc} + */ public function loadTokenBySeries($series) { if (!isset($this->tokens[$series])) { @@ -31,6 +34,9 @@ class InMemoryTokenProvider implements TokenProviderInterface return $this->tokens[$series]; } + /** + * {@inheritdoc} + */ public function updateToken($series, $tokenValue, \DateTime $lastUsed) { if (!isset($this->tokens[$series])) { @@ -47,11 +53,17 @@ class InMemoryTokenProvider implements TokenProviderInterface $this->tokens[$series] = $token; } + /** + * {@inheritdoc} + */ public function deleteTokenBySeries($series) { unset($this->tokens[$series]); } + /** + * {@inheritdoc} + */ public function createNewToken(PersistentTokenInterface $token) { $this->tokens[$token->getSeries()] = $token; diff --git a/Core/Authentication/RememberMe/PersistentToken.php b/Core/Authentication/RememberMe/PersistentToken.php index 8919be9..5df71ec 100644 --- a/Core/Authentication/RememberMe/PersistentToken.php +++ b/Core/Authentication/RememberMe/PersistentToken.php @@ -58,9 +58,7 @@ final class PersistentToken implements PersistentTokenInterface } /** - * Returns the class of the user - * - * @return string + * {@inheritdoc} */ public function getClass() { @@ -68,9 +66,7 @@ final class PersistentToken implements PersistentTokenInterface } /** - * Returns the username - * - * @return string + * {@inheritdoc} */ public function getUsername() { @@ -78,9 +74,7 @@ final class PersistentToken implements PersistentTokenInterface } /** - * Returns the series - * - * @return string + * {@inheritdoc} */ public function getSeries() { @@ -88,9 +82,7 @@ final class PersistentToken implements PersistentTokenInterface } /** - * Returns the token value - * - * @return string + * {@inheritdoc} */ public function getTokenValue() { @@ -98,9 +90,7 @@ final class PersistentToken implements PersistentTokenInterface } /** - * Returns the time the token was last used - * - * @return \DateTime + * {@inheritdoc} */ public function getLastUsed() { diff --git a/Core/Authentication/RememberMe/PersistentTokenInterface.php b/Core/Authentication/RememberMe/PersistentTokenInterface.php index 6e9d891..ad52753 100644 --- a/Core/Authentication/RememberMe/PersistentTokenInterface.php +++ b/Core/Authentication/RememberMe/PersistentTokenInterface.php @@ -20,31 +20,36 @@ namespace Symfony\Component\Security\Core\Authentication\RememberMe; interface PersistentTokenInterface { /** - * Returns the class of the user + * Returns the class of the user. + * * @return string */ public function getClass(); /** - * Returns the username + * Returns the username. + * * @return string */ public function getUsername(); /** - * Returns the series + * Returns the series. + * * @return string */ public function getSeries(); /** - * Returns the token value + * Returns the token value. + * * @return string */ public function getTokenValue(); /** - * Returns the last time the cookie was used + * Returns the time the token was last used. + * * @return \DateTime */ public function getLastUsed(); diff --git a/Core/Authentication/Token/AbstractToken.php b/Core/Authentication/Token/AbstractToken.php index 1d65819..e4c46d5 100644 --- a/Core/Authentication/Token/AbstractToken.php +++ b/Core/Authentication/Token/AbstractToken.php @@ -74,6 +74,9 @@ abstract class AbstractToken implements TokenInterface return (string) $this->user; } + /** + * {@inheritdoc} + */ public function getUser() { return $this->user; @@ -146,7 +149,14 @@ abstract class AbstractToken implements TokenInterface */ public function serialize() { - return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes)); + return serialize( + array( + is_object($this->user) ? clone $this->user : $this->user, + $this->authenticated, + $this->roles, + $this->attributes + ) + ); } /** diff --git a/Core/Authentication/Token/AnonymousToken.php b/Core/Authentication/Token/AnonymousToken.php index cabb6d5..d39fec8 100644 --- a/Core/Authentication/Token/AnonymousToken.php +++ b/Core/Authentication/Token/AnonymousToken.php @@ -18,7 +18,6 @@ use Symfony\Component\Security\Core\Role\RoleInterface; * * @author Fabien Potencier <fabien@symfony.com> */ - class AnonymousToken extends AbstractToken { private $key; diff --git a/Core/Authentication/Token/PreAuthenticatedToken.php b/Core/Authentication/Token/PreAuthenticatedToken.php index ff0572f..abcd2bf 100644 --- a/Core/Authentication/Token/PreAuthenticatedToken.php +++ b/Core/Authentication/Token/PreAuthenticatedToken.php @@ -41,11 +41,19 @@ class PreAuthenticatedToken extends AbstractToken } } + /** + * Returns the provider key. + * + * @return string The provider key + */ public function getProviderKey() { return $this->providerKey; } + /** + * {@inheritdoc} + */ public function getCredentials() { return $this->credentials; @@ -61,11 +69,17 @@ class PreAuthenticatedToken extends AbstractToken $this->credentials = null; } + /** + * {@inheritdoc} + */ public function serialize() { return serialize(array($this->credentials, $this->providerKey, parent::serialize())); } + /** + * {@inheritdoc} + */ public function unserialize($str) { list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); diff --git a/Core/Authentication/Token/RememberMeToken.php b/Core/Authentication/Token/RememberMeToken.php index 6f3d821..609fdad 100644 --- a/Core/Authentication/Token/RememberMeToken.php +++ b/Core/Authentication/Token/RememberMeToken.php @@ -51,6 +51,9 @@ class RememberMeToken extends AbstractToken parent::setAuthenticated(true); } + /** + * {@inheritdoc} + */ public function setAuthenticated($authenticated) { if ($authenticated) { @@ -60,16 +63,29 @@ class RememberMeToken extends AbstractToken parent::setAuthenticated(false); } + /** + * Returns the provider key. + * + * @return string The provider key + */ public function getProviderKey() { return $this->providerKey; } + /** + * Returns the key. + * + * @return string The Key + */ public function getKey() { return $this->key; } + /** + * {@inheritdoc} + */ public function getCredentials() { return ''; diff --git a/Core/Authentication/Token/UsernamePasswordToken.php b/Core/Authentication/Token/UsernamePasswordToken.php index 3854242..b6dfce4 100644 --- a/Core/Authentication/Token/UsernamePasswordToken.php +++ b/Core/Authentication/Token/UsernamePasswordToken.php @@ -60,11 +60,19 @@ class UsernamePasswordToken extends AbstractToken parent::setAuthenticated(false); } + /** + * {@inheritdoc} + */ public function getCredentials() { return $this->credentials; } + /** + * Returns the provider key. + * + * @return string The provider key + */ public function getProviderKey() { return $this->providerKey; diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index a355421..5a0f122 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; /** * @author Elnur Abdurrakhimov <elnur@elnur.pro> @@ -29,6 +29,7 @@ class BCryptPasswordEncoder extends BasePasswordEncoder * * @param integer $cost The algorithmic cost that should be used * + * @throws \RuntimeException When no BCrypt encoder is available * @throws \InvalidArgumentException if cost is out of range */ public function __construct($cost) @@ -42,7 +43,7 @@ class BCryptPasswordEncoder extends BasePasswordEncoder throw new \InvalidArgumentException('Cost must be in the range of 4-31.'); } - $this->cost = sprintf('%02d', $cost); + $this->cost = $cost; } /** @@ -64,6 +65,10 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } + $options = array('cost' => $this->cost); if ($salt) { @@ -78,6 +83,6 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - return password_verify($raw, $encoded); + return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded); } } diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php index c26c9ce..b83eb30 100644 --- a/Core/Encoder/BasePasswordEncoder.php +++ b/Core/Encoder/BasePasswordEncoder.php @@ -20,6 +20,8 @@ use Symfony\Component\Security\Core\Util\StringUtils; */ abstract class BasePasswordEncoder implements PasswordEncoderInterface { + const MAX_PASSWORD_LENGTH = 4096; + /** * Demerges a merge password and salt string. * @@ -83,4 +85,14 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface { return StringUtils::equals($password1, $password2); } + + /** + * Checks if the password is too long. + * + * @return Boolean true if the password is too long, false otherwise + */ + protected function isPasswordTooLong($password) + { + return strlen($password) > self::MAX_PASSWORD_LENGTH; + } } diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index a8bd553..a7e5546 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * MessageDigestPasswordEncoder uses a message digest algorithm. * @@ -41,6 +43,10 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } + if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); } @@ -61,6 +67,6 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); + return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } } diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php index 4f37ba3..8a5a958 100644 --- a/Core/Encoder/Pbkdf2PasswordEncoder.php +++ b/Core/Encoder/Pbkdf2PasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2). * @@ -54,6 +56,10 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } + if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); } @@ -72,7 +78,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); + return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php index c21f3cd..22f3da4 100644 --- a/Core/Encoder/PlaintextPasswordEncoder.php +++ b/Core/Encoder/PlaintextPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * PlaintextPasswordEncoder does not do any encoding. * @@ -35,6 +37,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } + return $this->mergePasswordAndSalt($raw, $salt); } @@ -43,6 +49,10 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { + if ($this->isPasswordTooLong($raw)) { + return false; + } + $pass2 = $this->mergePasswordAndSalt($raw, $salt); if (!$this->ignorePasswordCase) { diff --git a/Core/Exception/NonceExpiredException.php b/Core/Exception/NonceExpiredException.php index da6fba8..2f6681f 100644 --- a/Core/Exception/NonceExpiredException.php +++ b/Core/Exception/NonceExpiredException.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Core\Exception; -use Symfony\Component\Security\Core\Exception\AuthenticationException; - /** * NonceExpiredException is thrown when an authentication is rejected because * the digest nonce has expired. diff --git a/Core/Role/RoleHierarchy.php b/Core/Role/RoleHierarchy.php index a368a44..2e7df0e 100644 --- a/Core/Role/RoleHierarchy.php +++ b/Core/Role/RoleHierarchy.php @@ -34,11 +34,7 @@ class RoleHierarchy implements RoleHierarchyInterface } /** - * Returns an array of all roles reachable by the given ones. - * - * @param RoleInterface[] $roles An array of RoleInterface instances - * - * @return RoleInterface[] An array of RoleInterface instances + * {@inheritdoc} */ public function getReachableRoles(array $roles) { diff --git a/Core/Role/RoleHierarchyInterface.php b/Core/Role/RoleHierarchyInterface.php index 2ea6ca3..c994009 100644 --- a/Core/Role/RoleHierarchyInterface.php +++ b/Core/Role/RoleHierarchyInterface.php @@ -19,7 +19,7 @@ namespace Symfony\Component\Security\Core\Role; interface RoleHierarchyInterface { /** - * Returns an array of all reachable roles. + * Returns an array of all reachable roles by the given ones. * * Reachable roles are the roles directly assigned but also all roles that * are transitively reachable from them in the role hierarchy. diff --git a/Core/SecurityContext.php b/Core/SecurityContext.php index 1ec43e6..c55cecf 100644 --- a/Core/SecurityContext.php +++ b/Core/SecurityContext.php @@ -46,14 +46,9 @@ class SecurityContext implements SecurityContextInterface } /** - * Checks if the attributes are granted against the current token. + * {@inheritdoc} * * @throws AuthenticationCredentialsNotFoundException when the security context has no authentication token. - * - * @param mixed $attributes - * @param mixed|null $object - * - * @return Boolean */ final public function isGranted($attributes, $object = null) { @@ -73,9 +68,7 @@ class SecurityContext implements SecurityContextInterface } /** - * Gets the currently authenticated token. - * - * @return TokenInterface|null A TokenInterface instance or null if no authentication information is available + * {@inheritdoc} */ public function getToken() { @@ -83,9 +76,7 @@ class SecurityContext implements SecurityContextInterface } /** - * Sets the currently authenticated token. - * - * @param TokenInterface $token A TokenInterface token, or null if no further authentication information should be stored + * {@inheritdoc} */ public function setToken(TokenInterface $token = null) { diff --git a/Core/SecurityContextInterface.php b/Core/SecurityContextInterface.php index 78d6477..434f9a5 100644 --- a/Core/SecurityContextInterface.php +++ b/Core/SecurityContextInterface.php @@ -34,14 +34,14 @@ interface SecurityContextInterface /** * Sets the authentication token. * - * @param TokenInterface $token + * @param TokenInterface $token A TokenInterface token, or null if no further authentication information should be stored */ public function setToken(TokenInterface $token = null); /** * Checks if the attributes are granted against the current authentication token and optionally supplied object. * - * @param array $attributes + * @param mixed $attributes * @param mixed $object * * @return Boolean diff --git a/Core/User/InMemoryUserProvider.php b/Core/User/InMemoryUserProvider.php index e87f80c..074c21e 100644 --- a/Core/User/InMemoryUserProvider.php +++ b/Core/User/InMemoryUserProvider.php @@ -56,7 +56,7 @@ class InMemoryUserProvider implements UserProviderInterface public function createUser(UserInterface $user) { if (isset($this->users[strtolower($user->getUsername())])) { - throw new \LogicException('Another user with the same username already exist.'); + throw new \LogicException('Another user with the same username already exists.'); } $this->users[strtolower($user->getUsername())] = $user; diff --git a/Core/User/UserChecker.php b/Core/User/UserChecker.php index 8dde3a6..ac577a3 100644 --- a/Core/User/UserChecker.php +++ b/Core/User/UserChecker.php @@ -32,22 +32,6 @@ class UserChecker implements UserCheckerInterface return; } - if (!$user->isCredentialsNonExpired()) { - $ex = new CredentialsExpiredException('User credentials have expired.'); - $ex->setUser($user); - throw $ex; - } - } - - /** - * {@inheritdoc} - */ - public function checkPostAuth(UserInterface $user) - { - if (!$user instanceof AdvancedUserInterface) { - return; - } - if (!$user->isAccountNonLocked()) { $ex = new LockedException('User account is locked.'); $ex->setUser($user); @@ -66,4 +50,20 @@ class UserChecker implements UserCheckerInterface throw $ex; } } + + /** + * {@inheritdoc} + */ + public function checkPostAuth(UserInterface $user) + { + if (!$user instanceof AdvancedUserInterface) { + return; + } + + if (!$user->isCredentialsNonExpired()) { + $ex = new CredentialsExpiredException('User credentials have expired.'); + $ex->setUser($user); + throw $ex; + } + } } diff --git a/Core/Validator/Constraints/UserPassword.php b/Core/Validator/Constraints/UserPassword.php index ed29b0c..76c4b3b 100644 --- a/Core/Validator/Constraints/UserPassword.php +++ b/Core/Validator/Constraints/UserPassword.php @@ -21,6 +21,9 @@ class UserPassword extends Constraint public $message = 'This value should be the user current password.'; public $service = 'security.validator.user_password'; + /** + * {@inheritdoc} + */ public function validatedBy() { return $this->service; diff --git a/Core/Validator/Constraints/UserPasswordValidator.php b/Core/Validator/Constraints/UserPasswordValidator.php index a4e0f90..ab455f3 100644 --- a/Core/Validator/Constraints/UserPasswordValidator.php +++ b/Core/Validator/Constraints/UserPasswordValidator.php @@ -29,6 +29,9 @@ class UserPasswordValidator extends ConstraintValidator $this->encoderFactory = $encoderFactory; } + /** + * {@inheritdoc} + */ public function validate($password, Constraint $constraint) { $user = $this->securityContext->getToken()->getUser(); diff --git a/Http/AccessMap.php b/Http/AccessMap.php index de78e15..051a8c2 100644 --- a/Http/AccessMap.php +++ b/Http/AccessMap.php @@ -36,6 +36,9 @@ class AccessMap implements AccessMapInterface $this->map[] = array($requestMatcher, $roles, $channel); } + /** + * {@inheritDoc} + */ public function getPatterns(Request $request) { foreach ($this->map as $elements) { diff --git a/Http/Authentication/DefaultAuthenticationFailureHandler.php b/Http/Authentication/DefaultAuthenticationFailureHandler.php index 64f84f0..70dcd1e 100644 --- a/Http/Authentication/DefaultAuthenticationFailureHandler.php +++ b/Http/Authentication/DefaultAuthenticationFailureHandler.php @@ -64,7 +64,7 @@ class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandle { if ($failureUrl = $request->get($this->options['failure_path_parameter'], null, true)) { $this->options['failure_path'] = $failureUrl; - } + } if (null === $this->options['failure_path']) { $this->options['failure_path'] = $this->options['login_path']; diff --git a/Http/Authentication/DefaultAuthenticationSuccessHandler.php b/Http/Authentication/DefaultAuthenticationSuccessHandler.php index dd7a7d5..0c084b9 100644 --- a/Http/Authentication/DefaultAuthenticationSuccessHandler.php +++ b/Http/Authentication/DefaultAuthenticationSuccessHandler.php @@ -18,9 +18,6 @@ use Symfony\Component\Security\Http\HttpUtils; /** * Class with the default authentication success handling logic. * - * Can be optionally be extended from by the developer to alter the behaviour - * while keeping the default behaviour. - * * @author Fabien Potencier <fabien@symfony.com> * @author Johannes M. Schmitt <schmittjoh@gmail.com> * @author Alexander <iam.asm89@gmail.com> diff --git a/Http/Authorization/AccessDeniedHandlerInterface.php b/Http/Authorization/AccessDeniedHandlerInterface.php index 5f60fd6..a5ea9db 100644 --- a/Http/Authorization/AccessDeniedHandlerInterface.php +++ b/Http/Authorization/AccessDeniedHandlerInterface.php @@ -12,8 +12,8 @@ namespace Symfony\Component\Security\Http\Authorization; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\Security\Core\Exception\AccessDeniedException; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Security\Core\Exception\AccessDeniedException; /** * This is used by the ExceptionListener to translate an AccessDeniedException diff --git a/Http/EntryPoint/BasicAuthenticationEntryPoint.php b/Http/EntryPoint/BasicAuthenticationEntryPoint.php index 44ece5e..2dc3d11 100644 --- a/Http/EntryPoint/BasicAuthenticationEntryPoint.php +++ b/Http/EntryPoint/BasicAuthenticationEntryPoint.php @@ -12,7 +12,6 @@ namespace Symfony\Component\Security\Http\EntryPoint; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Request; @@ -30,6 +29,9 @@ class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface $this->realmName = $realmName; } + /** + * {@inheritdoc} + */ public function start(Request $request, AuthenticationException $authException = null) { $response = new Response(); diff --git a/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/Http/EntryPoint/DigestAuthenticationEntryPoint.php index 1131b58..71a6313 100644 --- a/Http/EntryPoint/DigestAuthenticationEntryPoint.php +++ b/Http/EntryPoint/DigestAuthenticationEntryPoint.php @@ -12,7 +12,6 @@ namespace Symfony\Component\Security\Http\EntryPoint; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Security\Core\Exception\NonceExpiredException; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Request; @@ -38,6 +37,9 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac $this->logger = $logger; } + /** + * {@inheritdoc} + */ public function start(Request $request, AuthenticationException $authException = null) { $expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000; @@ -62,11 +64,17 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac return $response; } + /** + * @return string + */ public function getKey() { return $this->key; } + /** + * @return string + */ public function getRealmName() { return $this->realmName; diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php index 3eaae82..b78f0a9 100644 --- a/Http/EntryPoint/FormAuthenticationEntryPoint.php +++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php @@ -13,7 +13,6 @@ namespace Symfony\Component\Security\Http\EntryPoint; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\HttpKernel\HttpKernelInterface; @@ -30,7 +29,7 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface private $httpUtils; /** - * Constructor + * Constructor. * * @param HttpKernelInterface $kernel * @param HttpUtils $httpUtils An HttpUtils instance diff --git a/Http/EntryPoint/RetryAuthenticationEntryPoint.php b/Http/EntryPoint/RetryAuthenticationEntryPoint.php index 532601a..d1a0a28 100644 --- a/Http/EntryPoint/RetryAuthenticationEntryPoint.php +++ b/Http/EntryPoint/RetryAuthenticationEntryPoint.php @@ -12,7 +12,6 @@ namespace Symfony\Component\Security\Http\EntryPoint; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; @@ -34,6 +33,9 @@ class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface $this->httpsPort = $httpsPort; } + /** + * {@inheritdoc} + */ public function start(Request $request, AuthenticationException $authException = null) { $scheme = $request->isSecure() ? 'http' : 'https'; diff --git a/Http/Event/InteractiveLoginEvent.php b/Http/Event/InteractiveLoginEvent.php index 2225d92..575352c 100644 --- a/Http/Event/InteractiveLoginEvent.php +++ b/Http/Event/InteractiveLoginEvent.php @@ -15,10 +15,14 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\EventDispatcher\Event; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +/** + * InteractiveLoginEvent + * + * @author Fabien Potencier <fabien@symfony.com> + */ class InteractiveLoginEvent extends Event { private $request; - private $authenticationToken; /** diff --git a/Http/Event/SwitchUserEvent.php b/Http/Event/SwitchUserEvent.php index 4a7dcaf..a553154 100644 --- a/Http/Event/SwitchUserEvent.php +++ b/Http/Event/SwitchUserEvent.php @@ -15,10 +15,14 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\EventDispatcher\Event; +/** + * SwitchUserEvent + * + * @author Fabien Potencier <fabien@symfony.com> + */ class SwitchUserEvent extends Event { private $request; - private $targetUser; public function __construct(Request $request, UserInterface $targetUser) @@ -27,11 +31,17 @@ class SwitchUserEvent extends Event $this->targetUser = $targetUser; } + /** + * @return Request + */ public function getRequest() { return $this->request; } + /** + * @return UserInterface + */ public function getTargetUser() { return $this->targetUser; diff --git a/Http/Firewall.php b/Http/Firewall.php index 31c1da5..4f1cf30 100644 --- a/Http/Firewall.php +++ b/Http/Firewall.php @@ -71,6 +71,9 @@ class Firewall implements EventSubscriberInterface } } + /** + * {@inheritDoc} + */ public static function getSubscribedEvents() { return array(KernelEvents::REQUEST => array('onKernelRequest', 8)); diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php index fdc2e8c..94ae901 100644 --- a/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -97,7 +97,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface /** * Clears a PreAuthenticatedToken for this provider (if present) - * + * * @param AuthenticationException $exception */ private function clearToken(AuthenticationException $exception) diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php index 81ccbdc..60ab3df 100644 --- a/Http/Firewall/ContextListener.php +++ b/Http/Firewall/ContextListener.php @@ -156,10 +156,11 @@ class ContextListener implements ListenerInterface foreach ($this->userProviders as $provider) { try { - $token->setUser($provider->refreshUser($user)); + $refreshedUser = $provider->refreshUser($user); + $token->setUser($refreshedUser); if (null !== $this->logger) { - $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user->getUsername())); + $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $refreshedUser->getUsername())); } return $token; @@ -167,7 +168,7 @@ class ContextListener implements ListenerInterface // let's try the next user provider } catch (UsernameNotFoundException $notFound) { if (null !== $this->logger) { - $this->logger->warning(sprintf('Username "%s" could not be found.', $user->getUsername())); + $this->logger->warning(sprintf('Username "%s" could not be found.', $notFound->getUsername())); } return null; diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index abbb460..e7e2989 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -81,86 +81,92 @@ class ExceptionListener $event->getDispatcher()->removeListener(KernelEvents::EXCEPTION, array($this, 'onKernelException')); $exception = $event->getException(); - $request = $event->getRequest(); + do { + if ($exception instanceof AuthenticationException) { + return $this->handleAuthenticationException($event, $exception); + } elseif ($exception instanceof AccessDeniedException) { + return $this->handleAccessDeniedException($event, $exception); + } elseif ($exception instanceof LogoutException) { + return $this->handleLogoutException($event, $exception); + } + } while (null !== $exception = $exception->getPrevious()); + } + + private function handleAuthenticationException(GetResponseForExceptionEvent $event, AuthenticationException $exception) + { + if (null !== $this->logger) { + $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); + } - // determine the actual cause for the exception - while (null !== $previous = $exception->getPrevious()) { - $exception = $previous; + try { + $event->setResponse($this->startAuthentication($event->getRequest(), $exception)); + } catch (\Exception $e) { + $event->setException($e); } + } - if ($exception instanceof AuthenticationException) { + private function handleAccessDeniedException(GetResponseForExceptionEvent $event, AccessDeniedException $exception) + { + $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); + + $token = $this->context->getToken(); + if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); + $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); } try { - $response = $this->startAuthentication($request, $exception); + $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); + $insufficientAuthenticationException->setToken($token); + + $event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException)); } catch (\Exception $e) { $event->setException($e); - - return; } - } elseif ($exception instanceof AccessDeniedException) { - $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); - $token = $this->context->getToken(); - if (!$this->authenticationTrustResolver->isFullFledged($token)) { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); - } + return; + } + + if (null !== $this->logger) { + $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); + } - try { - $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); - $insufficientAuthenticationException->setToken($token); - $response = $this->startAuthentication($request, $insufficientAuthenticationException); - } catch (\Exception $e) { - $event->setException($e); + try { + if (null !== $this->accessDeniedHandler) { + $response = $this->accessDeniedHandler->handle($event->getRequest(), $exception); - return; - } - } else { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); + if ($response instanceof Response) { + $event->setResponse($response); } + } elseif (null !== $this->errorPage) { + $subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage); + $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); - try { - if (null !== $this->accessDeniedHandler) { - $response = $this->accessDeniedHandler->handle($request, $exception); - - if (!$response instanceof Response) { - return; - } - } elseif (null !== $this->errorPage) { - $subRequest = $this->httpUtils->createRequest($request, $this->errorPage); - $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); - - $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true); - } else { - return; - } - } catch (\Exception $e) { - if (null !== $this->logger) { - $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); - } - - $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); - - return; - } + $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true)); } - } elseif ($exception instanceof LogoutException) { + } catch (\Exception $e) { if (null !== $this->logger) { - $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); + $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); } - return; - } else { - return; + $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); } + } - $event->setResponse($response); + private function handleLogoutException(GetResponseForExceptionEvent $event, LogoutException $exception) + { + if (null !== $this->logger) { + $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); + } } + /** + * @param Request $request + * @param AuthenticationException $authException + * + * @return Response + * @throws AuthenticationException + */ private function startAuthentication(Request $request, AuthenticationException $authException) { if (null === $this->authenticationEntryPoint) { @@ -181,9 +187,12 @@ class ExceptionListener return $this->authenticationEntryPoint->start($request, $authException); } + /** + * @param Request $request + */ protected function setTargetPath(Request $request) { - // session isn't required when using http basic authentication mechanism for example + // session isn't required when using HTTP basic authentication mechanism for example if ($request->hasSession() && $request->isMethodSafe()) { $request->getSession()->set('_security.'.$this->providerKey.'.target_path', $request->getUri()); } diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php index 653c644..7dc9503 100644 --- a/Http/Firewall/LogoutListener.php +++ b/Http/Firewall/LogoutListener.php @@ -20,7 +20,6 @@ use Symfony\Component\Security\Core\Exception\LogoutException; use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface; use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; -use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; /** * LogoutListener logout users. @@ -37,7 +36,7 @@ class LogoutListener implements ListenerInterface private $csrfProvider; /** - * Constructor + * Constructor. * * @param SecurityContextInterface $securityContext * @param HttpUtils $httpUtils An HttpUtilsInterface instance @@ -77,9 +76,8 @@ class LogoutListener implements ListenerInterface * * @param GetResponseEvent $event A GetResponseEvent instance * - * @throws InvalidCsrfTokenException if the CSRF token is invalid + * @throws LogoutException if the CSRF token is invalid * @throws \RuntimeException if the LogoutSuccessHandlerInterface instance does not return a response - * @throws LogoutException */ public function handle(GetResponseEvent $event) { diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php index 5a856e2..6ca3842 100644 --- a/Http/Firewall/RememberMeListener.php +++ b/Http/Firewall/RememberMeListener.php @@ -35,7 +35,7 @@ class RememberMeListener implements ListenerInterface private $dispatcher; /** - * Constructor + * Constructor. * * @param SecurityContextInterface $securityContext * @param RememberMeServicesInterface $rememberMeServices diff --git a/Http/Firewall/X509AuthenticationListener.php b/Http/Firewall/X509AuthenticationListener.php index 0b5a6ae..5aabf75 100644 --- a/Http/Firewall/X509AuthenticationListener.php +++ b/Http/Firewall/X509AuthenticationListener.php @@ -36,6 +36,9 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener $this->credentialKey = $credentialKey; } + /** + * {@inheritdoc} + */ protected function getPreAuthenticatedData(Request $request) { if (!$request->server->has($this->userKey)) { diff --git a/Http/FirewallMap.php b/Http/FirewallMap.php index dfc0984..0554bed 100644 --- a/Http/FirewallMap.php +++ b/Http/FirewallMap.php @@ -25,11 +25,19 @@ class FirewallMap implements FirewallMapInterface { private $map = array(); + /** + * @param RequestMatcherInterface $requestMatcher + * @param array $listeners + * @param ExceptionListener $exceptionListener + */ public function add(RequestMatcherInterface $requestMatcher = null, array $listeners = array(), ExceptionListener $exceptionListener = null) { $this->map[] = array($requestMatcher, $listeners, $exceptionListener); } + /** + * {@inheritDoc} + */ public function getListeners(Request $request) { foreach ($this->map as $elements) { diff --git a/Http/HttpUtils.php b/Http/HttpUtils.php index c3ff865..0c8b21b 100644 --- a/Http/HttpUtils.php +++ b/Http/HttpUtils.php @@ -20,7 +20,6 @@ use Symfony\Component\Routing\Matcher\RequestMatcherInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\Exception\MethodNotAllowedException; use Symfony\Component\Routing\Exception\ResourceNotFoundException; -use Symfony\Component\HttpFoundation\Response; /** * Encapsulates the logic needed to create sub-requests, redirect the user, and match URLs. @@ -36,7 +35,9 @@ class HttpUtils * Constructor. * * @param UrlGeneratorInterface $urlGenerator A UrlGeneratorInterface instance - * @param UrlMatcherInterface|RequestMatcherInterface $urlMatcher The Url or Request matcher + * @param UrlMatcherInterface|RequestMatcherInterface $urlMatcher The URL or Request matcher + * + * @throws \InvalidArgumentException */ public function __construct(UrlGeneratorInterface $urlGenerator = null, $urlMatcher = null) { @@ -54,7 +55,7 @@ class HttpUtils * @param string $path A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo)) * @param integer $status The status code * - * @return Response A RedirectResponse instance + * @return RedirectResponse A RedirectResponse instance */ public function createRedirectResponse(Request $request, $path, $status = 302) { @@ -123,9 +124,11 @@ class HttpUtils * Generates a URI, based on the given path or absolute URL. * * @param Request $request A Request instance - * @param string $path A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo)) + * @param string $path A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo)) * * @return string An absolute URL + * + * @throws \LogicException */ public function generateUri($request, $path) { @@ -143,7 +146,7 @@ class HttpUtils $url = $this->urlGenerator->generate($path, $request->attributes->all(), UrlGeneratorInterface::ABSOLUTE_URL); - // unnecessary query string parameters must be removed from url + // unnecessary query string parameters must be removed from URL // (ie. query parameters that are presents in $attributes) // fortunately, they all are, so we have to remove entire query string $position = strpos($url, '?'); diff --git a/Http/Logout/DefaultLogoutSuccessHandler.php b/Http/Logout/DefaultLogoutSuccessHandler.php index e06cb6d..70f15cf 100644 --- a/Http/Logout/DefaultLogoutSuccessHandler.php +++ b/Http/Logout/DefaultLogoutSuccessHandler.php @@ -13,7 +13,6 @@ namespace Symfony\Component\Security\Http\Logout; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Http\HttpUtils; -use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; /** * Default logout success handler will redirect users to a configured path. diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php index ae61dd7..740d3d6 100644 --- a/Http/RememberMe/AbstractRememberMeServices.php +++ b/Http/RememberMe/AbstractRememberMeServices.php @@ -40,7 +40,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface private $userProviders; /** - * Constructor + * Constructor. * * @param array $userProviders * @param string $key @@ -80,6 +80,9 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface return $this->options['remember_me_parameter']; } + /** + * @return string + */ public function getKey() { return $this->key; @@ -94,6 +97,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface * @return TokenInterface|null * * @throws CookieTheftException + * @throws \RuntimeException */ final public function autoLogin(Request $request) { @@ -219,6 +223,9 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface */ abstract protected function processAutoLoginCookie(array $cookieParts, Request $request); + /** + * @param Request $request + */ protected function onLoginFail(Request $request) { } @@ -284,7 +291,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface } /** - * Checks whether remember-me capabilities where requested + * Checks whether remember-me capabilities were requested * * @param Request $request * diff --git a/Http/RememberMe/ResponseListener.php b/Http/RememberMe/ResponseListener.php index 03c71c7..6087587 100644 --- a/Http/RememberMe/ResponseListener.php +++ b/Http/RememberMe/ResponseListener.php @@ -22,6 +22,9 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface; */ class ResponseListener implements EventSubscriberInterface { + /** + * @param FilterResponseEvent $event + */ public function onKernelResponse(FilterResponseEvent $event) { $request = $event->getRequest(); @@ -32,6 +35,9 @@ class ResponseListener implements EventSubscriberInterface } } + /** + * {@inheritDoc} + */ public static function getSubscribedEvents() { return array(KernelEvents::RESPONSE => 'onKernelResponse'); diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php index 5a66fe4..df0ea1b 100644 --- a/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/Http/RememberMe/TokenBasedRememberMeServices.php @@ -116,7 +116,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices * * @param string $class * @param string $username The username - * @param integer $expires The unixtime when the cookie expires + * @param integer $expires The Unix timestamp when the cookie expires * @param string $password The encoded password * * @throws \RuntimeException if username contains invalid chars @@ -138,7 +138,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices * * @param string $class * @param string $username The username - * @param integer $expires The unixtime when the cookie expires + * @param integer $expires The Unix timestamp when the cookie expires * @param string $password The encoded password * * @throws \RuntimeException when the private key is empty @@ -1,4 +1,4 @@ -Copyright (c) 2004-2013 Fabien Potencier +Copyright (c) 2004-2014 Fabien Potencier Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/Resources/translations/security.bg.xlf b/Resources/translations/security.bg.xlf new file mode 100644 index 0000000..06692ea --- /dev/null +++ b/Resources/translations/security.bg.xlf @@ -0,0 +1,71 @@ +<?xml version="1.0"?> +<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> + <file source-language="en" datatype="plaintext" original="file.ext"> + <body> + <trans-unit id="1"> + <source>An authentication exception occurred.</source> + <target>Грешка при автентикация.</target> + </trans-unit> + <trans-unit id="2"> + <source>Authentication credentials could not be found.</source> + <target>Удостоверението за автентикация не е открито.</target> + </trans-unit> + <trans-unit id="3"> + <source>Authentication request could not be processed due to a system problem.</source> + <target>Заявката за автентикация не може да бъде обработената поради системна грешка.</target> + </trans-unit> + <trans-unit id="4"> + <source>Invalid credentials.</source> + <target>Невалидно удостоверение за автентикация.</target> + </trans-unit> + <trans-unit id="5"> + <source>Cookie has already been used by someone else.</source> + <target>Това cookie вече се ползва от някой друг.</target> + </trans-unit> + <trans-unit id="6"> + <source>Not privileged to request the resource.</source> + <target>Нямате права за достъп до този ресурс.</target> + </trans-unit> + <trans-unit id="7"> + <source>Invalid CSRF token.</source> + <target>Невалиден CSRF токен.</target> + </trans-unit> + <trans-unit id="8"> + <source>Digest nonce has expired.</source> + <target>Digest nonce е изтекъл.</target> + </trans-unit> + <trans-unit id="9"> + <source>No authentication provider found to support the authentication token.</source> + <target>Не е открит провайдър, който да поддържа този токен за автентикация.</target> + </trans-unit> + <trans-unit id="10"> + <source>No session available, it either timed out or cookies are not enabled.</source> + <target>Сесията не е достъпна, или времето за достъп е изтекло, или кукитата не са разрешени.</target> + </trans-unit> + <trans-unit id="11"> + <source>No token could be found.</source> + <target>Токена не е открит.</target> + </trans-unit> + <trans-unit id="12"> + <source>Username could not be found.</source> + <target>Потребителското име не е открито.</target> + </trans-unit> + <trans-unit id="13"> + <source>Account has expired.</source> + <target>Акаунта е изтекъл.</target> + </trans-unit> + <trans-unit id="14"> + <source>Credentials have expired.</source> + <target>Удостоверението за автентикация е изтекло.</target> + </trans-unit> + <trans-unit id="15"> + <source>Account is disabled.</source> + <target>Акаунта е деактивиран.</target> + </trans-unit> + <trans-unit id="16"> + <source>Account is locked.</source> + <target>Акаунта е заключен.</target> + </trans-unit> + </body> + </file> +</xliff> diff --git a/Resources/translations/security.da.xlf b/Resources/translations/security.da.xlf index 9c7b886..2ac4150 100644 --- a/Resources/translations/security.da.xlf +++ b/Resources/translations/security.da.xlf @@ -1,6 +1,6 @@ <?xml version="1.0"?> <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> - <file source-language="no" datatype="plaintext" original="file.ext"> + <file source-language="en" datatype="plaintext" original="file.ext"> <body> <trans-unit id="1"> <source>An authentication exception occurred.</source> diff --git a/Resources/translations/security.hr.xlf b/Resources/translations/security.hr.xlf new file mode 100644 index 0000000..147b6e3 --- /dev/null +++ b/Resources/translations/security.hr.xlf @@ -0,0 +1,71 @@ +<?xml version="1.0"?> +<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> + <file source-language="en" datatype="plaintext" original="file.ext"> + <body> + <trans-unit id="1"> + <source>An authentication exception occurred.</source> + <target>Dogodila se autentifikacijske iznimka.</target> + </trans-unit> + <trans-unit id="2"> + <source>Authentication credentials could not be found.</source> + <target>Autentifikacijski podaci nisu pronađeni.</target> + </trans-unit> + <trans-unit id="3"> + <source>Authentication request could not be processed due to a system problem.</source> + <target>Autentifikacijski zahtjev nije moguće provesti uslijed sistemskog problema.</target> + </trans-unit> + <trans-unit id="4"> + <source>Invalid credentials.</source> + <target>Neispravni akreditacijski podaci.</target> + </trans-unit> + <trans-unit id="5"> + <source>Cookie has already been used by someone else.</source> + <target>Cookie je već netko drugi iskoristio.</target> + </trans-unit> + <trans-unit id="6"> + <source>Not privileged to request the resource.</source> + <target>Nemate privilegije zahtijevati resurs.</target> + </trans-unit> + <trans-unit id="7"> + <source>Invalid CSRF token.</source> + <target>Neispravan CSRF token.</target> + </trans-unit> + <trans-unit id="8"> + <source>Digest nonce has expired.</source> + <target>Digest nonce je isteko.</target> + </trans-unit> + <trans-unit id="9"> + <source>No authentication provider found to support the authentication token.</source> + <target>Nije pronađen autentifikacijski provider koji bi podržao autentifikacijski token.</target> + </trans-unit> + <trans-unit id="10"> + <source>No session available, it either timed out or cookies are not enabled.</source> + <target>Sesija nije dostupna, ili je istekla ili cookies nisu omogućeni.</target> + </trans-unit> + <trans-unit id="11"> + <source>No token could be found.</source> + <target>Token nije pronađen.</target> + </trans-unit> + <trans-unit id="12"> + <source>Username could not be found.</source> + <target>Korisničko ime nije pronađeno.</target> + </trans-unit> + <trans-unit id="13"> + <source>Account has expired.</source> + <target>Račun je isteko.</target> + </trans-unit> + <trans-unit id="14"> + <source>Credentials have expired.</source> + <target>Akreditacijski podaci su istekli.</target> + </trans-unit> + <trans-unit id="15"> + <source>Account is disabled.</source> + <target>Račun je onemogućen.</target> + </trans-unit> + <trans-unit id="16"> + <source>Account is locked.</source> + <target>Račun je zaključan.</target> + </trans-unit> + </body> + </file> +</xliff> diff --git a/Resources/translations/security.id.xlf b/Resources/translations/security.id.xlf new file mode 100644 index 0000000..ab1153b --- /dev/null +++ b/Resources/translations/security.id.xlf @@ -0,0 +1,71 @@ +<?xml version="1.0"?> +<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> + <file source-language="en" datatype="plaintext" original="file.ext"> + <body> + <trans-unit id="1"> + <source>An authentication exception occurred.</source> + <target>Terjadi sebuah pengecualian otentikasi.</target> + </trans-unit> + <trans-unit id="2"> + <source>Authentication credentials could not be found.</source> + <target>Kredensial otentikasi tidak bisa ditemukan.</target> + </trans-unit> + <trans-unit id="3"> + <source>Authentication request could not be processed due to a system problem.</source> + <target>Permintaan otentikasi tidak bisa diproses karena masalah sistem.</target> + </trans-unit> + <trans-unit id="4"> + <source>Invalid credentials.</source> + <target>Kredensial salah.</target> + </trans-unit> + <trans-unit id="5"> + <source>Cookie has already been used by someone else.</source> + <target>Cookie sudah digunakan oleh orang lain.</target> + </trans-unit> + <trans-unit id="6"> + <source>Not privileged to request the resource.</source> + <target>Tidak berhak untuk meminta sumber daya.</target> + </trans-unit> + <trans-unit id="7"> + <source>Invalid CSRF token.</source> + <target>Token CSRF salah.</target> + </trans-unit> + <trans-unit id="8"> + <source>Digest nonce has expired.</source> + <target>Digest nonce telah berakhir.</target> + </trans-unit> + <trans-unit id="9"> + <source>No authentication provider found to support the authentication token.</source> + <target>Tidak ditemukan penyedia otentikasi untuk mendukung token otentikasi.</target> + </trans-unit> + <trans-unit id="10"> + <source>No session available, it either timed out or cookies are not enabled.</source> + <target>Tidak ada sesi yang tersedia, mungkin waktu sudah habis atau cookie tidak diaktifkan</target> + </trans-unit> + <trans-unit id="11"> + <source>No token could be found.</source> + <target>Tidak ada token yang bisa ditemukan.</target> + </trans-unit> + <trans-unit id="12"> + <source>Username could not be found.</source> + <target>Username tidak bisa ditemukan.</target> + </trans-unit> + <trans-unit id="13"> + <source>Account has expired.</source> + <target>Akun telah berakhir.</target> + </trans-unit> + <trans-unit id="14"> + <source>Credentials have expired.</source> + <target>Kredensial telah berakhir.</target> + </trans-unit> + <trans-unit id="15"> + <source>Account is disabled.</source> + <target>Akun dinonaktifkan.</target> + </trans-unit> + <trans-unit id="16"> + <source>Account is locked.</source> + <target>Akun terkunci.</target> + </trans-unit> + </body> + </file> +</xliff> diff --git a/Resources/translations/security.ja.xlf b/Resources/translations/security.ja.xlf new file mode 100644 index 0000000..6a6b062 --- /dev/null +++ b/Resources/translations/security.ja.xlf @@ -0,0 +1,71 @@ +<?xml version="1.0"?> +<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> + <file source-language="en" datatype="plaintext" original="file.ext"> + <body> + <trans-unit id="1"> + <source>An authentication exception occurred.</source> + <target>認証エラーが発生しました。</target> + </trans-unit> + <trans-unit id="2"> + <source>Authentication credentials could not be found.</source> + <target>認証資格がありません。</target> + </trans-unit> + <trans-unit id="3"> + <source>Authentication request could not be processed due to a system problem.</source> + <target>システムの問題により認証要求を処理できませんでした。</target> + </trans-unit> + <trans-unit id="4"> + <source>Invalid credentials.</source> + <target>資格が無効です。</target> + </trans-unit> + <trans-unit id="5"> + <source>Cookie has already been used by someone else.</source> + <target>Cookie が別のユーザーで使用されています。</target> + </trans-unit> + <trans-unit id="6"> + <source>Not privileged to request the resource.</source> + <target>リソースをリクエストする権限がありません。</target> + </trans-unit> + <trans-unit id="7"> + <source>Invalid CSRF token.</source> + <target>CSRF トークンが無効です。</target> + </trans-unit> + <trans-unit id="8"> + <source>Digest nonce has expired.</source> + <target>Digest の nonce 値が期限切れです。</target> + </trans-unit> + <trans-unit id="9"> + <source>No authentication provider found to support the authentication token.</source> + <target>認証トークンをサポートする認証プロバイダーが見つかりません。</target> + </trans-unit> + <trans-unit id="10"> + <source>No session available, it either timed out or cookies are not enabled.</source> + <target>利用可能なセッションがありません。タイムアウトしたか、Cookie が無効になっています。</target> + </trans-unit> + <trans-unit id="11"> + <source>No token could be found.</source> + <target>トークンが見つかりません。</target> + </trans-unit> + <trans-unit id="12"> + <source>Username could not be found.</source> + <target>ユーザー名が見つかりません。</target> + </trans-unit> + <trans-unit id="13"> + <source>Account has expired.</source> + <target>アカウントが有効期限切れです。</target> + </trans-unit> + <trans-unit id="14"> + <source>Credentials have expired.</source> + <target>資格が有効期限切れです。</target> + </trans-unit> + <trans-unit id="15"> + <source>Account is disabled.</source> + <target>アカウントが無効です。</target> + </trans-unit> + <trans-unit id="16"> + <source>Account is locked.</source> + <target>アカウントはロックされています。</target> + </trans-unit> + </body> + </file> +</xliff> diff --git a/Resources/translations/security.no.xlf b/Resources/translations/security.no.xlf index 3857ab4..3369d43 100644 --- a/Resources/translations/security.no.xlf +++ b/Resources/translations/security.no.xlf @@ -1,6 +1,6 @@ <?xml version="1.0"?> <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> - <file source-language="no" datatype="plaintext" original="file.ext"> + <file source-language="en" datatype="plaintext" original="file.ext"> <body> <trans-unit id="1"> <source>An authentication exception occurred.</source> diff --git a/Resources/translations/security.pt_BR.xlf b/Resources/translations/security.pt_BR.xlf index 846fd49..61685d9 100644 --- a/Resources/translations/security.pt_BR.xlf +++ b/Resources/translations/security.pt_BR.xlf @@ -20,7 +20,7 @@ </trans-unit> <trans-unit id="5"> <source>Cookie has already been used by someone else.</source> - <target>Este cookie já esta em uso.</target> + <target>Este cookie já está em uso.</target> </trans-unit> <trans-unit id="6"> <source>Not privileged to request the resource.</source> @@ -40,7 +40,7 @@ </trans-unit> <trans-unit id="10"> <source>No session available, it either timed out or cookies are not enabled.</source> - <target>Nenhuma sessão disponível, ela expirou ou cookies estão desativados.</target> + <target>Nenhuma sessão disponível, ela expirou ou os cookies estão desativados.</target> </trans-unit> <trans-unit id="11"> <source>No token could be found.</source> @@ -52,7 +52,7 @@ </trans-unit> <trans-unit id="13"> <source>Account has expired.</source> - <target>A conta esta expirada.</target> + <target>A conta está expirada.</target> </trans-unit> <trans-unit id="14"> <source>Credentials have expired.</source> @@ -64,7 +64,7 @@ </trans-unit> <trans-unit id="16"> <source>Account is locked.</source> - <target>A conta esta travada.</target> + <target>A conta está travada.</target> </trans-unit> </body> </file> diff --git a/Resources/translations/security.vi.xlf b/Resources/translations/security.vi.xlf new file mode 100644 index 0000000..b85a439 --- /dev/null +++ b/Resources/translations/security.vi.xlf @@ -0,0 +1,71 @@ +<?xml version="1.0"?> +<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> + <file source-language="en" datatype="plaintext" original="file.ext"> + <body> + <trans-unit id="1"> + <source>An authentication exception occurred.</source> + <target>Có lỗi trong quá trình xác thực.</target> + </trans-unit> + <trans-unit id="2"> + <source>Authentication credentials could not be found.</source> + <target>Thông tin dùng để xác thực không tìm thấy.</target> + </trans-unit> + <trans-unit id="3"> + <source>Authentication request could not be processed due to a system problem.</source> + <target>Yêu cầu xác thực không thể thực hiện do lỗi của hệ thống.</target> + </trans-unit> + <trans-unit id="4"> + <source>Invalid credentials.</source> + <target>Thông tin dùng để xác thực không hợp lệ.</target> + </trans-unit> + <trans-unit id="5"> + <source>Cookie has already been used by someone else.</source> + <target>Cookie đã được dùng bởi người dùng khác.</target> + </trans-unit> + <trans-unit id="6"> + <source>Not privileged to request the resource.</source> + <target>Không được phép yêu cầu tài nguyên.</target> + </trans-unit> + <trans-unit id="7"> + <source>Invalid CSRF token.</source> + <target>Mã CSRF không hợp lệ.</target> + </trans-unit> + <trans-unit id="8"> + <source>Digest nonce has expired.</source> + <target>Mã dùng một lần đã hết hạn.</target> + </trans-unit> + <trans-unit id="9"> + <source>No authentication provider found to support the authentication token.</source> + <target>Không tìm thấy nhà cung cấp dịch vụ xác thực nào cho mã xác thực mà bạn sử dụng.</target> + </trans-unit> + <trans-unit id="10"> + <source>No session available, it either timed out or cookies are not enabled.</source> + <target>Không tìm thấy phiên làm việc. Phiên làm việc hoặc cookie có thể bị tắt.</target> + </trans-unit> + <trans-unit id="11"> + <source>No token could be found.</source> + <target>Không tìm thấy mã token.</target> + </trans-unit> + <trans-unit id="12"> + <source>Username could not be found.</source> + <target>Không tìm thấy tên người dùng username.</target> + </trans-unit> + <trans-unit id="13"> + <source>Account has expired.</source> + <target>Tài khoản đã hết hạn.</target> + </trans-unit> + <trans-unit id="14"> + <source>Credentials have expired.</source> + <target>Thông tin xác thực đã hết hạn.</target> + </trans-unit> + <trans-unit id="15"> + <source>Account is disabled.</source> + <target>Tài khoản bị tạm ngừng.</target> + </trans-unit> + <trans-unit id="16"> + <source>Account is locked.</source> + <target>Tài khoản bị khóa.</target> + </trans-unit> + </body> + </file> +</xliff> diff --git a/Resources/translations/security.zh_CN.xlf b/Resources/translations/security.zh_CN.xlf new file mode 100644 index 0000000..2d6affe --- /dev/null +++ b/Resources/translations/security.zh_CN.xlf @@ -0,0 +1,71 @@ +<?xml version="1.0"?> +<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2"> + <file source-language="en" datatype="plaintext" original="file.ext"> + <body> + <trans-unit id="1"> + <source>An authentication exception occurred.</source> + <target>身份验证发生异常。</target> + </trans-unit> + <trans-unit id="2"> + <source>Authentication credentials could not be found.</source> + <target>没有找到身份验证的凭证。</target> + </trans-unit> + <trans-unit id="3"> + <source>Authentication request could not be processed due to a system problem.</source> + <target>由于系统故障,身份验证的请求无法被处理。</target> + </trans-unit> + <trans-unit id="4"> + <source>Invalid credentials.</source> + <target>无效的凭证。</target> + </trans-unit> + <trans-unit id="5"> + <source>Cookie has already been used by someone else.</source> + <target>Cookie 已经被其他人使用。</target> + </trans-unit> + <trans-unit id="6"> + <source>Not privileged to request the resource.</source> + <target>没有权限请求此资源。</target> + </trans-unit> + <trans-unit id="7"> + <source>Invalid CSRF token.</source> + <target>无效的 CSRF token 。</target> + </trans-unit> + <trans-unit id="8"> + <source>Digest nonce has expired.</source> + <target>摘要随机串(digest nonce)已过期。</target> + </trans-unit> + <trans-unit id="9"> + <source>No authentication provider found to support the authentication token.</source> + <target>没有找到支持此 token 的身份验证服务提供方。</target> + </trans-unit> + <trans-unit id="10"> + <source>No session available, it either timed out or cookies are not enabled.</source> + <target>Session 不可用。会话超时或没有启用 cookies 。</target> + </trans-unit> + <trans-unit id="11"> + <source>No token could be found.</source> + <target>找不到 token 。</target> + </trans-unit> + <trans-unit id="12"> + <source>Username could not be found.</source> + <target>找不到用户名。</target> + </trans-unit> + <trans-unit id="13"> + <source>Account has expired.</source> + <target>帐号已过期。</target> + </trans-unit> + <trans-unit id="14"> + <source>Credentials have expired.</source> + <target>凭证已过期。</target> + </trans-unit> + <trans-unit id="15"> + <source>Account is disabled.</source> + <target>帐号已被禁用。</target> + </trans-unit> + <trans-unit id="16"> + <source>Account is locked.</source> + <target>帐号已被锁定。</target> + </trans-unit> + </body> + </file> +</xliff> diff --git a/Tests/Acl/Dbal/MutableAclProviderTest.php b/Tests/Acl/Dbal/MutableAclProviderTest.php index edcdd4d..00a2228 100644 --- a/Tests/Acl/Dbal/MutableAclProviderTest.php +++ b/Tests/Acl/Dbal/MutableAclProviderTest.php @@ -359,6 +359,54 @@ class MutableAclProviderTest extends \PHPUnit_Framework_TestCase $this->assertEquals($newParentParentAcl->getId(), $reloadedAcl->getParentAcl()->getParentAcl()->getId()); } + public function testUpdateAclInsertingMultipleObjectFieldAcesThrowsDBConstraintViolations() + { + $provider = $this->getProvider(); + $oid = new ObjectIdentity(1, 'Foo'); + $sid1 = new UserSecurityIdentity('johannes', 'FooClass'); + $sid2 = new UserSecurityIdentity('guilro', 'FooClass'); + $sid3 = new UserSecurityIdentity('bmaz', 'FooClass'); + $fieldName = 'fieldName'; + + $acl = $provider->createAcl($oid); + $acl->insertObjectFieldAce($fieldName, $sid1, 4); + $provider->updateAcl($acl); + + $acl = $provider->findAcl($oid); + $acl->insertObjectFieldAce($fieldName, $sid2, 4); + $provider->updateAcl($acl); + + $acl = $provider->findAcl($oid); + $acl->insertObjectFieldAce($fieldName, $sid3, 4); + $provider->updateAcl($acl); + } + + public function testUpdateAclDeletingObjectFieldAcesThrowsDBConstraintViolations() + { + $provider = $this->getProvider(); + $oid = new ObjectIdentity(1, 'Foo'); + $sid1 = new UserSecurityIdentity('johannes', 'FooClass'); + $sid2 = new UserSecurityIdentity('guilro', 'FooClass'); + $sid3 = new UserSecurityIdentity('bmaz', 'FooClass'); + $fieldName = 'fieldName'; + + $acl = $provider->createAcl($oid); + $acl->insertObjectFieldAce($fieldName, $sid1, 4); + $provider->updateAcl($acl); + + $acl = $provider->findAcl($oid); + $acl->insertObjectFieldAce($fieldName, $sid2, 4); + $provider->updateAcl($acl); + + $index = 0; + $acl->deleteObjectFieldAce($index, $fieldName); + $provider->updateAcl($acl); + + $acl = $provider->findAcl($oid); + $acl->insertObjectFieldAce($fieldName, $sid3, 4); + $provider->updateAcl($acl); + } + /** * Data must have the following format: * array( diff --git a/Tests/Acl/Domain/EntryTest.php b/Tests/Acl/Domain/EntryTest.php index 88dd89e..55c8f0a 100644 --- a/Tests/Acl/Domain/EntryTest.php +++ b/Tests/Acl/Domain/EntryTest.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Tests\Domain; +namespace Symfony\Component\Security\Tests\Acl\Domain; use Symfony\Component\Security\Acl\Domain\Entry; diff --git a/Tests/Acl/Permission/MaskBuilderTest.php b/Tests/Acl/Permission/MaskBuilderTest.php index 848a6f2..de034e3 100644 --- a/Tests/Acl/Permission/MaskBuilderTest.php +++ b/Tests/Acl/Permission/MaskBuilderTest.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Tests\Acl\Util; +namespace Symfony\Component\Security\Tests\Acl\Permission; use Symfony\Component\Security\Acl\Permission\MaskBuilder; @@ -76,7 +76,7 @@ class MaskBuilderTest extends \PHPUnit_Framework_TestCase public function testGetPattern() { - $builder = new MaskBuilder; + $builder = new MaskBuilder(); $this->assertEquals(MaskBuilder::ALL_OFF, $builder->getPattern()); $builder->add('view'); diff --git a/Tests/Core/Authentication/AuthenticationProviderManagerTest.php b/Tests/Core/Authentication/AuthenticationProviderManagerTest.php index 12eb568..32e6cf7 100644 --- a/Tests/Core/Authentication/AuthenticationProviderManagerTest.php +++ b/Tests/Core/Authentication/AuthenticationProviderManagerTest.php @@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; class AuthenticationProviderManagerTest extends \PHPUnit_Framework_TestCase { /** - * @expectedException InvalidArgumentException + * @expectedException \InvalidArgumentException */ public function testAuthenticateWithoutProviders() { @@ -129,7 +129,7 @@ class AuthenticationProviderManagerTest extends \PHPUnit_Framework_TestCase } elseif (null !== $exception) { $provider->expects($this->once()) ->method('authenticate') - ->will($this->throwException($this->getMock($exception, null, array(), '', false))) + ->will($this->throwException($this->getMock($exception, null, array(), '', true))) ; } diff --git a/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php b/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php index 8b27061..35b14e8 100644 --- a/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php +++ b/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php @@ -14,6 +14,7 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Provider; use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder; use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider; +use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase { @@ -37,7 +38,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') - ->will($this->throwException($this->getMock('Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException', null, array(), '', false))) + ->will($this->throwException(new UsernameNotFoundException())) ; $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); @@ -55,7 +56,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') - ->will($this->throwException($this->getMock('RuntimeException', null, array(), '', false))) + ->will($this->throwException(new \RuntimeException())) ; $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); @@ -115,7 +116,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->method('isPasswordValid') ; - $provider = $this->getProvider(false, false, $encoder); + $provider = $this->getProvider(null, null, $encoder); $method = new \ReflectionMethod($provider, 'checkAuthentication'); $method->setAccessible(true); @@ -142,7 +143,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue(true)) ; - $provider = $this->getProvider(false, false, $encoder); + $provider = $this->getProvider(null, null, $encoder); $method = new \ReflectionMethod($provider, 'checkAuthentication'); $method->setAccessible(true); @@ -171,7 +172,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue(false)) ; - $provider = $this->getProvider(false, false, $encoder); + $provider = $this->getProvider(null, null, $encoder); $method = new \ReflectionMethod($provider, 'checkAuthentication'); $method->setAccessible(true); @@ -206,7 +207,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue('newFoo')) ; - $provider = $this->getProvider(false, false, null); + $provider = $this->getProvider(); $reflection = new \ReflectionMethod($provider, 'checkAuthentication'); $reflection->setAccessible(true); $reflection->invoke($provider, $dbUser, $token); @@ -231,7 +232,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue('foo')) ; - $provider = $this->getProvider(false, false, null); + $provider = $this->getProvider(); $reflection = new \ReflectionMethod($provider, 'checkAuthentication'); $reflection->setAccessible(true); $reflection->invoke($provider, $dbUser, $token); @@ -245,7 +246,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue(true)) ; - $provider = $this->getProvider(false, false, $encoder); + $provider = $this->getProvider(null, null, $encoder); $method = new \ReflectionMethod($provider, 'checkAuthentication'); $method->setAccessible(true); @@ -270,17 +271,17 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase return $mock; } - protected function getProvider($user = false, $userChecker = false, $passwordEncoder = null) + protected function getProvider($user = null, $userChecker = null, $passwordEncoder = null) { $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); - if (false !== $user) { + if (null !== $user) { $userProvider->expects($this->once()) ->method('loadUserByUsername') ->will($this->returnValue($user)) ; } - if (false === $userChecker) { + if (null === $userChecker) { $userChecker = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'); } diff --git a/Tests/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php b/Tests/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php index f7ffb1e..17234b6 100644 --- a/Tests/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php +++ b/Tests/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php @@ -12,6 +12,7 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider; +use Symfony\Component\Security\Core\Exception\LockedException; class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_TestCase { @@ -79,7 +80,7 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); $userChecker->expects($this->once()) ->method('checkPostAuth') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\LockedException', null, array(), '', false))) + ->will($this->throwException(new LockedException())) ; $provider = $this->getProvider($user, $userChecker); @@ -114,17 +115,17 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test return $token; } - protected function getProvider($user = false, $userChecker = false) + protected function getProvider($user = null, $userChecker = null) { $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); - if (false !== $user) { + if (null !== $user) { $userProvider->expects($this->once()) ->method('loadUserByUsername') ->will($this->returnValue($user)) ; } - if (false === $userChecker) { + if (null === $userChecker) { $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); } diff --git a/Tests/Core/Authentication/Provider/RememberMeAuthenticationProviderTest.php b/Tests/Core/Authentication/Provider/RememberMeAuthenticationProviderTest.php index 5e250e0..88eefbb 100644 --- a/Tests/Core/Authentication/Provider/RememberMeAuthenticationProviderTest.php +++ b/Tests/Core/Authentication/Provider/RememberMeAuthenticationProviderTest.php @@ -12,7 +12,7 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\Provider\RememberMeAuthenticationProvider; -use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; +use Symfony\Component\Security\Core\Exception\AccountExpiredException; use Symfony\Component\Security\Core\Role\Role; class RememberMeAuthenticationProviderTest extends \PHPUnit_Framework_TestCase @@ -52,7 +52,7 @@ class RememberMeAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); $userChecker->expects($this->once()) ->method('checkPostAuth') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\AccountExpiredException', null, array(), '', false))) + ->will($this->throwException(new AccountExpiredException())) ; $provider = $this->getProvider($userChecker); diff --git a/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php b/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php index 1516a5f..32f5b10 100644 --- a/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php +++ b/Tests/Core/Authentication/Provider/UserAuthenticationProviderTest.php @@ -11,9 +11,12 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Provider; -use Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider; -use Symfony\Component\Security\Core\Role\Role; +use Symfony\Component\Security\Core\Exception\AccountExpiredException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; +use Symfony\Component\Security\Core\Exception\CredentialsExpiredException; +use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; +use Symfony\Component\Security\Core\Role\Role; +use Symfony\Component\Security\Core\Role\SwitchUserRole; class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase { @@ -40,7 +43,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $provider = $this->getProvider(false, false); $provider->expects($this->once()) ->method('retrieveUser') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\UsernameNotFoundException', null, array(), '', false))) + ->will($this->throwException(new UsernameNotFoundException())) ; $provider->authenticate($this->getSupportedToken()); @@ -54,7 +57,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $provider = $this->getProvider(false, true); $provider->expects($this->once()) ->method('retrieveUser') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\UsernameNotFoundException', null, array(), '', false))) + ->will($this->throwException(new UsernameNotFoundException())) ; $provider->authenticate($this->getSupportedToken()); @@ -82,7 +85,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); $userChecker->expects($this->once()) ->method('checkPreAuth') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\CredentialsExpiredException', null, array(), '', false))) + ->will($this->throwException(new CredentialsExpiredException())) ; $provider = $this->getProvider($userChecker); @@ -102,7 +105,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); $userChecker->expects($this->once()) ->method('checkPostAuth') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\AccountExpiredException', null, array(), '', false))) + ->will($this->throwException(new AccountExpiredException())) ; $provider = $this->getProvider($userChecker); @@ -127,7 +130,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ; $provider->expects($this->once()) ->method('checkAuthentication') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\BadCredentialsException', null, array(), '', false))) + ->will($this->throwException(new BadCredentialsException())) ; $provider->authenticate($this->getSupportedToken()); @@ -172,6 +175,11 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue('foo')) ; + $token->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array())) + ; + $authToken = $provider->authenticate($token); $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken); @@ -181,9 +189,45 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes'); } + public function testAuthenticateWithPreservingRoleSwitchUserRole() + { + $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array('ROLE_FOO'))) + ; + + $provider = $this->getProvider(); + $provider->expects($this->once()) + ->method('retrieveUser') + ->will($this->returnValue($user)) + ; + + $token = $this->getSupportedToken(); + $token->expects($this->once()) + ->method('getCredentials') + ->will($this->returnValue('foo')) + ; + + $switchUserRole = new SwitchUserRole('foo', $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')); + $token->expects($this->once()) + ->method('getRoles') + ->will($this->returnValue(array($switchUserRole))) + ; + + $authToken = $provider->authenticate($token); + + $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken); + $this->assertSame($user, $authToken->getUser()); + $this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false); + $this->assertContains($switchUserRole, $authToken->getRoles()); + $this->assertEquals('foo', $authToken->getCredentials()); + $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes'); + } + protected function getSupportedToken() { - $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getProviderKey'), array(), '', false); + $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getProviderKey', 'getRoles'), array(), '', false); $mock ->expects($this->any()) ->method('getProviderKey') diff --git a/Tests/Core/Authentication/Token/AbstractTokenTest.php b/Tests/Core/Authentication/Token/AbstractTokenTest.php index 783c27e..5683b78 100644 --- a/Tests/Core/Authentication/Token/AbstractTokenTest.php +++ b/Tests/Core/Authentication/Token/AbstractTokenTest.php @@ -11,7 +11,9 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Token; +use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; use Symfony\Component\Security\Core\Role\Role; +use Symfony\Component\Security\Core\Role\SwitchUserRole; class TestUser { @@ -28,6 +30,31 @@ class TestUser } } +class ConcreteToken extends AbstractToken +{ + private $credentials = 'credentials_value'; + + public function __construct($user, array $roles = array()) + { + parent::__construct($roles); + + $this->setUser($user); + } + + public function serialize() + { + return serialize(array($this->credentials, parent::serialize())); + } + + public function unserialize($serialized) + { + list($this->credentials, $parentStr) = unserialize($serialized); + parent::unserialize($parentStr); + } + + public function getCredentials() {} +} + class AbstractTokenTest extends \PHPUnit_Framework_TestCase { public function testGetUsername() @@ -71,6 +98,20 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase $this->assertEquals($token->getAttributes(), $uToken->getAttributes()); } + public function testSerializeParent() + { + $user = new TestUser('fabien'); + $token = new ConcreteToken($user, array('ROLE_FOO')); + + $parentToken = new ConcreteToken($user, array(new SwitchUserRole('ROLE_PREVIOUS', $token))); + $uToken = unserialize(serialize($parentToken)); + + $this->assertEquals( + current($parentToken->getRoles())->getSource()->getUser(), + current($uToken->getRoles())->getSource()->getUser() + ); + } + /** * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::__construct */ diff --git a/Tests/Core/Authentication/Token/RememerMeTokenTest.php b/Tests/Core/Authentication/Token/RememberMeTokenTest.php index 03275fa..cef3d28 100644 --- a/Tests/Core/Authentication/Token/RememerMeTokenTest.php +++ b/Tests/Core/Authentication/Token/RememberMeTokenTest.php @@ -53,7 +53,7 @@ class RememberMeTokenTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException PHPUnit_Framework_Error + * @expectedException \PHPUnit_Framework_Error * @dataProvider getUserArguments */ public function testConstructorUserCannotBeNull($user) diff --git a/Tests/Core/Authentication/Token/UsernamePasswordTokenTest.php b/Tests/Core/Authentication/Token/UsernamePasswordTokenTest.php index 3da20eb..67f431f 100644 --- a/Tests/Core/Authentication/Token/UsernamePasswordTokenTest.php +++ b/Tests/Core/Authentication/Token/UsernamePasswordTokenTest.php @@ -28,7 +28,7 @@ class UsernamePasswordTokenTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException LogicException + * @expectedException \LogicException */ public function testSetAuthenticatedToTrue() { diff --git a/Tests/Core/Authorization/AccessDecisionManagerTest.php b/Tests/Core/Authorization/AccessDecisionManagerTest.php index 1c706cc..b99423f 100644 --- a/Tests/Core/Authorization/AccessDecisionManagerTest.php +++ b/Tests/Core/Authorization/AccessDecisionManagerTest.php @@ -47,7 +47,7 @@ class AccessDecisionManagerTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException InvalidArgumentException + * @expectedException \InvalidArgumentException */ public function testSetVotersEmpty() { diff --git a/Tests/Core/Encoder/BCryptPasswordEncoderTest.php b/Tests/Core/Encoder/BCryptPasswordEncoderTest.php index 49c1051..dd962fd 100644 --- a/Tests/Core/Encoder/BCryptPasswordEncoderTest.php +++ b/Tests/Core/Encoder/BCryptPasswordEncoderTest.php @@ -70,4 +70,21 @@ class BCryptPasswordEncoderTest extends \PHPUnit_Framework_TestCase $this->markTestSkipped('Requires PHP >= 5.3.7'); } } + + /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + */ + public function testEncodePasswordLength() + { + $encoder = new BCryptPasswordEncoder(self::VALID_COST); + + $encoder->encodePassword(str_repeat('a', 5000), 'salt'); + } + + public function testCheckPasswordLength() + { + $encoder = new BCryptPasswordEncoder(self::VALID_COST); + + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); + } } diff --git a/Tests/Core/Encoder/BasePasswordEncoderTest.php b/Tests/Core/Encoder/BasePasswordEncoderTest.php index 2ef1dcc..702efb0 100644 --- a/Tests/Core/Encoder/BasePasswordEncoderTest.php +++ b/Tests/Core/Encoder/BasePasswordEncoderTest.php @@ -46,13 +46,19 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException InvalidArgumentException + * @expectedException \InvalidArgumentException */ public function testMergePasswordAndSaltWithException() { $this->invokeMergePasswordAndSalt('password', '{foo}'); } + public function testIsPasswordTooLong() + { + $this->assertTrue($this->invokeIsPasswordTooLong(str_repeat('a', 10000))); + $this->assertFalse($this->invokeIsPasswordTooLong(str_repeat('a', 10))); + } + protected function invokeDemergePasswordAndSalt($password) { $encoder = new PasswordEncoder(); @@ -82,4 +88,14 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase return $m->invoke($encoder, $p1, $p2); } + + protected function invokeIsPasswordTooLong($p) + { + $encoder = new PasswordEncoder(); + $r = new \ReflectionObject($encoder); + $m = $r->getMethod('isPasswordTooLong'); + $m->setAccessible(true); + + return $m->invoke($encoder, $p); + } } diff --git a/Tests/Core/Encoder/MessageDigestPasswordEncoderTest.php b/Tests/Core/Encoder/MessageDigestPasswordEncoderTest.php index 64032c4..f37d3bc 100644 --- a/Tests/Core/Encoder/MessageDigestPasswordEncoderTest.php +++ b/Tests/Core/Encoder/MessageDigestPasswordEncoderTest.php @@ -35,11 +35,28 @@ class MessageDigestPasswordEncoderTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException LogicException + * @expectedException \LogicException */ public function testEncodePasswordAlgorithmDoesNotExist() { $encoder = new MessageDigestPasswordEncoder('foobar'); $encoder->encodePassword('password', ''); } + + /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + */ + public function testEncodePasswordLength() + { + $encoder = new MessageDigestPasswordEncoder(); + + $encoder->encodePassword(str_repeat('a', 5000), 'salt'); + } + + public function testCheckPasswordLength() + { + $encoder = new MessageDigestPasswordEncoder(); + + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); + } } diff --git a/Tests/Core/Encoder/Pbkdf2PasswordEncoderTest.php b/Tests/Core/Encoder/Pbkdf2PasswordEncoderTest.php index 2c98543..ca16f02 100644 --- a/Tests/Core/Encoder/Pbkdf2PasswordEncoderTest.php +++ b/Tests/Core/Encoder/Pbkdf2PasswordEncoderTest.php @@ -35,11 +35,28 @@ class Pbkdf2PasswordEncoderTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException LogicException + * @expectedException \LogicException */ public function testEncodePasswordAlgorithmDoesNotExist() { $encoder = new Pbkdf2PasswordEncoder('foobar'); $encoder->encodePassword('password', ''); } + + /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + */ + public function testEncodePasswordLength() + { + $encoder = new Pbkdf2PasswordEncoder('foobar'); + + $encoder->encodePassword(str_repeat('a', 5000), 'salt'); + } + + public function testCheckPasswordLength() + { + $encoder = new Pbkdf2PasswordEncoder('foobar'); + + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); + } } diff --git a/Tests/Core/Encoder/PlaintextPasswordEncoderTest.php b/Tests/Core/Encoder/PlaintextPasswordEncoderTest.php index af0008f..8b1b888 100644 --- a/Tests/Core/Encoder/PlaintextPasswordEncoderTest.php +++ b/Tests/Core/Encoder/PlaintextPasswordEncoderTest.php @@ -36,4 +36,21 @@ class PlaintextPasswordEncoderTest extends \PHPUnit_Framework_TestCase $this->assertSame('foo', $encoder->encodePassword('foo', '')); } + + /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + */ + public function testEncodePasswordLength() + { + $encoder = new PlaintextPasswordEncoder(); + + $encoder->encodePassword(str_repeat('a', 5000), 'salt'); + } + + public function testCheckPasswordLength() + { + $encoder = new PlaintextPasswordEncoder(); + + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); + } } diff --git a/Tests/Core/User/InMemoryProviderTest.php b/Tests/Core/User/InMemoryUserProviderTest.php index 5197a29..275426c 100644 --- a/Tests/Core/User/InMemoryProviderTest.php +++ b/Tests/Core/User/InMemoryUserProviderTest.php @@ -42,7 +42,7 @@ class InMemoryUserProviderTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException LogicException + * @expectedException \LogicException */ public function testCreateUserAlreadyExist() { diff --git a/Tests/Core/User/AccountCheckerTest.php b/Tests/Core/User/UserCheckerTest.php index f28067f..dca6311 100644 --- a/Tests/Core/User/AccountCheckerTest.php +++ b/Tests/Core/User/UserCheckerTest.php @@ -15,44 +15,44 @@ use Symfony\Component\Security\Core\User\UserChecker; class UserCheckerTest extends \PHPUnit_Framework_TestCase { - public function testCheckPreAuthNotAdvancedUserInterface() + public function testCheckPostAuthNotAdvancedUserInterface() { $checker = new UserChecker(); - $this->assertNull($checker->checkPreAuth($this->getMock('Symfony\Component\Security\Core\User\UserInterface'))); + $this->assertNull($checker->checkPostAuth($this->getMock('Symfony\Component\Security\Core\User\UserInterface'))); } - public function testCheckPreAuthPass() + public function testCheckPostAuthPass() { $checker = new UserChecker(); $account = $this->getMock('Symfony\Component\Security\Core\User\AdvancedUserInterface'); $account->expects($this->once())->method('isCredentialsNonExpired')->will($this->returnValue(true)); - $this->assertNull($checker->checkPreAuth($account)); + $this->assertNull($checker->checkPostAuth($account)); } /** * @expectedException \Symfony\Component\Security\Core\Exception\CredentialsExpiredException */ - public function testCheckPreAuthCredentialsExpired() + public function testCheckPostAuthCredentialsExpired() { $checker = new UserChecker(); $account = $this->getMock('Symfony\Component\Security\Core\User\AdvancedUserInterface'); $account->expects($this->once())->method('isCredentialsNonExpired')->will($this->returnValue(false)); - $checker->checkPreAuth($account); + $checker->checkPostAuth($account); } - public function testCheckPostAuthNotAdvancedUserInterface() + public function testCheckPreAuthNotAdvancedUserInterface() { $checker = new UserChecker(); - $this->assertNull($checker->checkPostAuth($this->getMock('Symfony\Component\Security\Core\User\UserInterface'))); + $this->assertNull($checker->checkPreAuth($this->getMock('Symfony\Component\Security\Core\User\UserInterface'))); } - public function testCheckPostAuthPass() + public function testCheckPreAuthPass() { $checker = new UserChecker(); @@ -61,26 +61,26 @@ class UserCheckerTest extends \PHPUnit_Framework_TestCase $account->expects($this->once())->method('isEnabled')->will($this->returnValue(true)); $account->expects($this->once())->method('isAccountNonExpired')->will($this->returnValue(true)); - $this->assertNull($checker->checkPostAuth($account)); + $this->assertNull($checker->checkPreAuth($account)); } /** * @expectedException \Symfony\Component\Security\Core\Exception\LockedException */ - public function testCheckPostAuthAccountLocked() + public function testCheckPreAuthAccountLocked() { $checker = new UserChecker(); $account = $this->getMock('Symfony\Component\Security\Core\User\AdvancedUserInterface'); $account->expects($this->once())->method('isAccountNonLocked')->will($this->returnValue(false)); - $checker->checkPostAuth($account); + $checker->checkPreAuth($account); } /** * @expectedException \Symfony\Component\Security\Core\Exception\DisabledException */ - public function testCheckPostAuthDisabled() + public function testCheckPreAuthDisabled() { $checker = new UserChecker(); @@ -88,13 +88,13 @@ class UserCheckerTest extends \PHPUnit_Framework_TestCase $account->expects($this->once())->method('isAccountNonLocked')->will($this->returnValue(true)); $account->expects($this->once())->method('isEnabled')->will($this->returnValue(false)); - $checker->checkPostAuth($account); + $checker->checkPreAuth($account); } /** * @expectedException \Symfony\Component\Security\Core\Exception\AccountExpiredException */ - public function testCheckPostAuthAccountExpired() + public function testCheckPreAuthAccountExpired() { $checker = new UserChecker(); @@ -103,6 +103,6 @@ class UserCheckerTest extends \PHPUnit_Framework_TestCase $account->expects($this->once())->method('isEnabled')->will($this->returnValue(true)); $account->expects($this->once())->method('isAccountNonExpired')->will($this->returnValue(false)); - $checker->checkPostAuth($account); + $checker->checkPreAuth($account); } } diff --git a/Tests/Core/User/UserTest.php b/Tests/Core/User/UserTest.php index 26e562f..d05f491 100644 --- a/Tests/Core/User/UserTest.php +++ b/Tests/Core/User/UserTest.php @@ -17,7 +17,7 @@ class UserTest extends \PHPUnit_Framework_TestCase { /** * @covers Symfony\Component\Security\Core\User\User::__construct - * @expectedException InvalidArgumentException + * @expectedException \InvalidArgumentException */ public function testConstructorException() { diff --git a/Tests/Core/Util/SecureRandomTest.php b/Tests/Core/Util/SecureRandomTest.php index c7ed016..05b4b02 100644 --- a/Tests/Core/Util/SecureRandomTest.php +++ b/Tests/Core/Util/SecureRandomTest.php @@ -68,7 +68,7 @@ class SecureRandomTest extends \PHPUnit_Framework_TestCase $runs[$i] = 0; } - $addRun = function($run) use (&$runs) { + $addRun = function ($run) use (&$runs) { if ($run > 6) { $run = 6; } @@ -111,8 +111,8 @@ class SecureRandomTest extends \PHPUnit_Framework_TestCase { $b = $this->getBitSequence($secureRandom, 20000); - $longestRun = 0; - $currentRun = $lastBit = null; + $longestRun = $currentRun = 0; + $lastBit = null; for ($i = 0; $i < 20000; $i++) { if ($lastBit === $b[$i]) { $currentRun += 1; diff --git a/Tests/Http/Authentication/DefaultAuthenticationFailureHandlerTest.php b/Tests/Http/Authentication/DefaultAuthenticationFailureHandlerTest.php index c51893f..e610b6b 100644 --- a/Tests/Http/Authentication/DefaultAuthenticationFailureHandlerTest.php +++ b/Tests/Http/Authentication/DefaultAuthenticationFailureHandlerTest.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Tests\Http; +namespace Symfony\Component\Security\Tests\Http\Authentication; use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler; use Symfony\Component\Security\Core\SecurityContextInterface; diff --git a/Tests/Http/Authentication/DefaultAuthenticationSuccessHandlerTest.php b/Tests/Http/Authentication/DefaultAuthenticationSuccessHandlerTest.php index 71d6ad4..e6bc6ca 100644 --- a/Tests/Http/Authentication/DefaultAuthenticationSuccessHandlerTest.php +++ b/Tests/Http/Authentication/DefaultAuthenticationSuccessHandlerTest.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Tests\Http; +namespace Symfony\Component\Security\Tests\Http\Authentication; use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler; diff --git a/Tests/Http/Firewall/ExceptionListenerTest.php b/Tests/Http/Firewall/ExceptionListenerTest.php new file mode 100644 index 0000000..b1c7622 --- /dev/null +++ b/Tests/Http/Firewall/ExceptionListenerTest.php @@ -0,0 +1,189 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Tests\Http\Firewall; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; +use Symfony\Component\HttpKernel\HttpKernelInterface; +use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface; +use Symfony\Component\Security\Core\Exception\AccessDeniedException; +use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\SecurityContextInterface; +use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface; +use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; +use Symfony\Component\Security\Http\Firewall\ExceptionListener; +use Symfony\Component\Security\Http\HttpUtils; + +class ExceptionListenerTest extends \PHPUnit_Framework_TestCase +{ + /** + * @dataProvider getAuthenticationExceptionProvider + */ + public function testAuthenticationExceptionWithoutEntryPoint(\Exception $exception, \Exception $eventException = null) + { + $event = $this->createEvent($exception); + + $listener = $this->createExceptionListener(); + $listener->onKernelException($event); + + $this->assertNull($event->getResponse()); + $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()); + } + + /** + * @dataProvider getAuthenticationExceptionProvider + */ + public function testAuthenticationExceptionWithEntryPoint(\Exception $exception, \Exception $eventException = null) + { + $event = $this->createEvent($exception = new AuthenticationException()); + + $listener = $this->createExceptionListener(null, null, null, $this->createEntryPoint()); + $listener->onKernelException($event); + + $this->assertEquals('OK', $event->getResponse()->getContent()); + $this->assertSame($exception, $event->getException()); + } + + public function getAuthenticationExceptionProvider() + { + return array( + array(new AuthenticationException()), + array(new \LogicException('random', 0, $e = new AuthenticationException()), $e), + array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AuthenticationException())), $e), + array(new \LogicException('random', 0, $e = new AuthenticationException('embed', 0, new AccessDeniedException())), $e), + array(new AuthenticationException('random', 0, new \LogicException())), + ); + } + + /** + * @dataProvider getAccessDeniedExceptionProvider + */ + public function testAccessDeniedExceptionFullFledgedAndWithoutAccessDeniedHandlerAndWithoutErrorPage(\Exception $exception, \Exception $eventException = null) + { + $event = $this->createEvent($exception); + + $listener = $this->createExceptionListener(null, $this->createTrustResolver(true)); + $listener->onKernelException($event); + + $this->assertNull($event->getResponse()); + $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious()); + } + + /** + * @dataProvider getAccessDeniedExceptionProvider + */ + public function testAccessDeniedExceptionFullFledgedAndWithoutAccessDeniedHandlerAndWithErrorPage(\Exception $exception, \Exception $eventException = null) + { + $kernel = $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'); + $kernel->expects($this->once())->method('handle')->will($this->returnValue(new Response('error'))); + + $event = $this->createEvent($exception, $kernel); + + $httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils'); + $httpUtils->expects($this->once())->method('createRequest')->will($this->returnValue(Request::create('/error'))); + + $listener = $this->createExceptionListener(null, $this->createTrustResolver(true), $httpUtils, null, '/error'); + $listener->onKernelException($event); + + $this->assertEquals('error', $event->getResponse()->getContent()); + $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious()); + } + + /** + * @dataProvider getAccessDeniedExceptionProvider + */ + public function testAccessDeniedExceptionFullFledgedAndWithAccessDeniedHandlerAndWithoutErrorPage(\Exception $exception, \Exception $eventException = null) + { + $event = $this->createEvent($exception); + + $accessDeniedHandler = $this->getMock('Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface'); + $accessDeniedHandler->expects($this->once())->method('handle')->will($this->returnValue(new Response('error'))); + + $listener = $this->createExceptionListener(null, $this->createTrustResolver(true), null, null, null, $accessDeniedHandler); + $listener->onKernelException($event); + + $this->assertEquals('error', $event->getResponse()->getContent()); + $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious()); + } + + /** + * @dataProvider getAccessDeniedExceptionProvider + */ + public function testAccessDeniedExceptionNotFullFledged(\Exception $exception, \Exception $eventException = null) + { + $event = $this->createEvent($exception); + + $context = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface'); + $context->expects($this->once())->method('getToken')->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'))); + + $listener = $this->createExceptionListener($context, $this->createTrustResolver(false), null, $this->createEntryPoint()); + $listener->onKernelException($event); + + $this->assertEquals('OK', $event->getResponse()->getContent()); + $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious()); + } + + public function getAccessDeniedExceptionProvider() + { + return array( + array(new AccessDeniedException()), + array(new \LogicException('random', 0, $e = new AccessDeniedException()), $e), + array(new \LogicException('random', 0, $e = new AccessDeniedException('embed', new AccessDeniedException())), $e), + array(new \LogicException('random', 0, $e = new AccessDeniedException('embed', new AuthenticationException())), $e), + array(new AccessDeniedException('random', new \LogicException())), + ); + } + + private function createEntryPoint() + { + $entryPoint = $this->getMock('Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface'); + $entryPoint->expects($this->once())->method('start')->will($this->returnValue(new Response('OK'))); + + return $entryPoint; + } + + private function createTrustResolver($fullFledged) + { + $trustResolver = $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface'); + $trustResolver->expects($this->once())->method('isFullFledged')->will($this->returnValue($fullFledged)); + + return $trustResolver; + } + + private function createEvent(\Exception $exception, $kernel = null) + { + if (null === $kernel) { + $kernel = $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'); + } + + $event = new GetResponseForExceptionEvent($kernel, Request::create('/'), HttpKernelInterface::MASTER_REQUEST, $exception); + + $dispatcher = $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface'); + $event->setDispatcher($dispatcher); + + return $event; + } + + private function createExceptionListener(SecurityContextInterface $context = null, AuthenticationTrustResolverInterface $trustResolver = null, HttpUtils $httpUtils = null, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null) + { + return new ExceptionListener( + $context ? $context : $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface'), + $trustResolver ? $trustResolver : $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface'), + $httpUtils ? $httpUtils : $this->getMock('Symfony\Component\Security\Http\HttpUtils'), + 'key', + $authenticationEntryPoint, + $errorPage, + $accessDeniedHandler + ); + } +} diff --git a/Tests/Http/Firewall/LogoutListenerTest.php b/Tests/Http/Firewall/LogoutListenerTest.php index ba94b6e..456b281 100644 --- a/Tests/Http/Firewall/LogoutListenerTest.php +++ b/Tests/Http/Firewall/LogoutListenerTest.php @@ -142,7 +142,7 @@ class LogoutListenerTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException RuntimeException + * @expectedException \RuntimeException */ public function testSuccessHandlerReturnsNonResponse() { diff --git a/Tests/Http/Firewall/X509AuthenticationListenerTest.php b/Tests/Http/Firewall/X509AuthenticationListenerTest.php index 81ac0f7..c48aeac 100644 --- a/Tests/Http/Firewall/X509AuthenticationListenerTest.php +++ b/Tests/Http/Firewall/X509AuthenticationListenerTest.php @@ -64,7 +64,7 @@ class X509AuthenticationListenerTest extends \PHPUnit_Framework_TestCase } /** - * @expectedException Symfony\Component\Security\Core\Exception\BadCredentialsException + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException */ public function testGetPreAuthenticatedDataNoUser() { diff --git a/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php b/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php index 8571686..02ca8d2 100644 --- a/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php +++ b/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php @@ -50,7 +50,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase public function testAutoLoginThrowsExceptionWhenImplementationDoesNotReturnUserInterface() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', 'foo'); $service @@ -113,8 +113,8 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase public function testLoginSuccessIsNotProcessedWhenTokenDoesNotContainUserInterfaceImplementation() { $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true, 'path' => null, 'domain' => null)); - $request = new Request; - $response = new Response; + $request = new Request(); + $response = new Response(); $account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $token @@ -136,8 +136,8 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase public function testLoginSuccessIsNotProcessedWhenRememberMeIsNotRequested() { $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo', 'path' => null, 'domain' => null)); - $request = new Request; - $response = new Response; + $request = new Request(); + $response = new Response(); $account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $token @@ -160,8 +160,8 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase public function testLoginSuccessWhenRememberMeAlwaysIsTrue() { $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true, 'path' => null, 'domain' => null)); - $request = new Request; - $response = new Response; + $request = new Request(); + $response = new Response(); $account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $token @@ -186,9 +186,9 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase { $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo[bar]', 'path' => null, 'domain' => null)); - $request = new Request; + $request = new Request(); $request->request->set('foo', array('bar' => $value)); - $response = new Response; + $response = new Response(); $account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $token @@ -213,9 +213,9 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase { $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo', 'path' => null, 'domain' => null)); - $request = new Request; + $request = new Request(); $request->request->set('foo', $value); - $response = new Response; + $response = new Response(); $account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $token diff --git a/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php b/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php index 7fc3021..26a878f 100644 --- a/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php +++ b/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php @@ -43,7 +43,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test public function testAutoLoginThrowsExceptionOnInvalidCookie() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => false, 'remember_me_parameter' => 'foo')); - $request = new Request; + $request = new Request(); $request->request->set('foo', 'true'); $request->cookies->set('foo', 'foo'); @@ -54,7 +54,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test public function testAutoLoginThrowsExceptionOnNonExistentToken() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => false, 'remember_me_parameter' => 'foo')); - $request = new Request; + $request = new Request(); $request->request->set('foo', 'true'); $request->cookies->set('foo', $this->encodeCookie(array( $series = 'fooseries', @@ -77,7 +77,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600, 'secure' => false, 'httponly' => false)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', $this->encodeCookie(array('fooseries', 'foovalue'))); $tokenProvider = $this->getMock('Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface'); @@ -102,7 +102,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', $this->encodeCookie(array('fooseries', 'foovalue'))); $tokenProvider = $this->getMock('Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface'); @@ -132,7 +132,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test public function testAutoLoginDoesNotAcceptAnExpiredCookie() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', $this->encodeCookie(array('fooseries', 'foovalue'))); $tokenProvider = $this->getMock('Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface'); @@ -166,7 +166,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test ; $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'secure' => false, 'httponly' => false, 'always_remember_me' => true, 'lifetime' => 3600)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', $this->encodeCookie(array('fooseries', 'foovalue'))); $tokenProvider = $this->getMock('Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface'); @@ -214,8 +214,8 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test public function testLogoutSimplyIgnoresNonSetRequestCookie() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null)); - $request = new Request; - $response = new Response; + $request = new Request(); + $response = new Response(); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $tokenProvider = $this->getMock('Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface'); @@ -236,9 +236,9 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test public function testLogoutSimplyIgnoresInvalidCookie() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', 'somefoovalue'); - $response = new Response; + $response = new Response(); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $tokenProvider = $this->getMock('Symfony\Component\Security\Core\Authentication\RememberMe\TokenProviderInterface'); @@ -266,8 +266,8 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test public function testLoginSuccessSetsCookieWhenLoggedInWithNonRememberMeTokenInterfaceImplementation() { $service = $this->getService(null, array('name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true)); - $request = new Request; - $response = new Response; + $request = new Request(); + $response = new Response(); $account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); $account diff --git a/Tests/Http/RememberMe/ResponseListenerTest.php b/Tests/Http/RememberMe/ResponseListenerTest.php index cbd3f1f..8b4667d 100644 --- a/Tests/Http/RememberMe/ResponseListenerTest.php +++ b/Tests/Http/RememberMe/ResponseListenerTest.php @@ -56,7 +56,7 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase { $listener = new ResponseListener(); - $this->assertSame(array(KernelEvents::RESPONSE => 'onKernelResponse'), $listener->getSubscribedEvents()); + $this->assertSame(array(KernelEvents::RESPONSE => 'onKernelResponse'), ResponseListener::getSubscribedEvents()); } private function getRequest(array $attributes = array()) diff --git a/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php b/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php index 4699257..3ff2ea6 100644 --- a/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php +++ b/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php @@ -39,7 +39,7 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase public function testAutoLoginThrowsExceptionOnInvalidCookie() { $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => false, 'remember_me_parameter' => 'foo')); - $request = new Request; + $request = new Request(); $request->request->set('foo', 'true'); $request->cookies->set('foo', 'foo'); @@ -51,7 +51,7 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', $this->getCookie('fooclass', 'foouser', time()+3600, 'foopass')); $userProvider @@ -68,7 +68,7 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', base64_encode('class:'.base64_encode('foouser').':123456789:fooHash')); $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); @@ -93,7 +93,7 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase { $userProvider = $this->getProvider(); $service = $this->getService($userProvider, array('name' => 'foo', 'path' => null, 'domain' => null, 'always_remember_me' => true, 'lifetime' => 3600)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', $this->getCookie('fooclass', 'foouser', time() - 1, 'foopass')); $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); @@ -137,7 +137,7 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase ; $service = $this->getService($userProvider, array('name' => 'foo', 'always_remember_me' => true, 'lifetime' => 3600)); - $request = new Request; + $request = new Request(); $request->cookies->set('foo', $this->getCookie('fooclass', 'foouser', time()+3600, 'foopass')); $returnedToken = $service->autoLogin($request); @@ -179,8 +179,8 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase public function testLoginSuccessIgnoresTokensWhichDoNotContainAnUserInterfaceImplementation() { $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true, 'path' => null, 'domain' => null)); - $request = new Request; - $response = new Response; + $request = new Request(); + $response = new Response(); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $token ->expects($this->once()) @@ -200,8 +200,8 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase public function testLoginSuccess() { $service = $this->getService(null, array('name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true)); - $request = new Request; - $response = new Response; + $request = new Request(); + $response = new Response(); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); |