diff options
| -rw-r--r-- | Core/Exception/AuthenticationExpiredException.php | 31 | ||||
| -rw-r--r-- | Guard/Provider/GuardAuthenticationProvider.php | 5 | ||||
| -rw-r--r-- | Guard/Tests/Provider/GuardAuthenticationProviderTest.php | 5 |
3 files changed, 37 insertions, 4 deletions
diff --git a/Core/Exception/AuthenticationExpiredException.php b/Core/Exception/AuthenticationExpiredException.php new file mode 100644 index 0000000..caf2e6c --- /dev/null +++ b/Core/Exception/AuthenticationExpiredException.php @@ -0,0 +1,31 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Core\Exception; + +/** + * AuthenticationServiceException is thrown when an authenticated token becomes un-authentcated between requests. + * + * In practice, this is due to the User changing between requests (e.g. password changes), + * causes the token to become un-authenticated. + * + * @author Ryan Weaver <ryan@knpuniversity.com> + */ +class AuthenticationExpiredException extends AccountStatusException +{ + /** + * {@inheritdoc} + */ + public function getMessageKey() + { + return 'Authentication expired because your account information has changed.'; + } +} diff --git a/Guard/Provider/GuardAuthenticationProvider.php b/Guard/Provider/GuardAuthenticationProvider.php index 646eea9..2a58085 100644 --- a/Guard/Provider/GuardAuthenticationProvider.php +++ b/Guard/Provider/GuardAuthenticationProvider.php @@ -21,6 +21,7 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Exception\AuthenticationExpiredException; /** * Responsible for accepting the PreAuthenticationGuardToken and calling @@ -81,8 +82,8 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface return $token; } - // cause the logout - the token is not authenticated - return new AnonymousToken($this->providerKey, 'anon.'); + // this AccountStatusException causes the user to be logged out + throw new AuthenticationExpiredException(); } // find the *one* GuardAuthenticator that this token originated from diff --git a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php index 24c946d..3bc002b 100644 --- a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php +++ b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php @@ -81,6 +81,9 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $this->assertSame($authedToken, $actualAuthedToken); } + /** + * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationExpiredException + */ public function testGuardWithNoLongerAuthenticatedTriggersLogout() { $providerKey = 'my_firewall_abc'; @@ -93,8 +96,6 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase $provider = new GuardAuthenticationProvider(array(), $this->userProvider, $providerKey, $this->userChecker); $actualToken = $provider->authenticate($token); - // this should return the anonymous user - $this->assertEquals(new AnonymousToken($providerKey, 'anon.'), $actualToken); } protected function setUp() |