diff options
| -rw-r--r-- | CHANGELOG.md | 5 | ||||
| -rw-r--r-- | Core/Authorization/DebugAccessDecisionManager.php | 38 | ||||
| -rw-r--r-- | Core/Encoder/EncoderFactory.php | 40 | ||||
| -rw-r--r-- | Core/Exception/AccessDeniedException.php | 35 | ||||
| -rw-r--r-- | Core/Tests/Authorization/DebugAccessDecisionManagerTest.php | 14 | ||||
| -rw-r--r-- | Core/composer.json | 2 | ||||
| -rw-r--r-- | Csrf/composer.json | 2 | ||||
| -rw-r--r-- | Guard/composer.json | 2 | ||||
| -rw-r--r-- | Http/Firewall/AccessListener.php | 6 | ||||
| -rw-r--r-- | Http/Firewall/SwitchUserListener.php | 5 | ||||
| -rw-r--r-- | Http/composer.json | 4 | ||||
| -rw-r--r-- | composer.json | 2 |
12 files changed, 103 insertions, 52 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 107ed1d..6bebfba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ CHANGELOG ========= +3.2.0 +----- + + * added `$attributes` and `$subject` with getters/setters to `Symfony\Component\Security\Core\Exception\AccessDeniedException` + 3.0.0 ----- diff --git a/Core/Authorization/DebugAccessDecisionManager.php b/Core/Authorization/DebugAccessDecisionManager.php index aa15443..219ca76 100644 --- a/Core/Authorization/DebugAccessDecisionManager.php +++ b/Core/Authorization/DebugAccessDecisionManager.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Core\Authorization; -use Doctrine\Common\Util\ClassUtils; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; /** @@ -50,7 +49,7 @@ class DebugAccessDecisionManager implements AccessDecisionManagerInterface $this->decisionLog[] = array( 'attributes' => $attributes, - 'object' => $this->getStringRepresentation($object), + 'object' => $object, 'result' => $result, ); @@ -96,39 +95,4 @@ class DebugAccessDecisionManager implements AccessDecisionManagerInterface { return $this->decisionLog; } - - /** - * @param mixed $object - * - * @return string - */ - private function getStringRepresentation($object) - { - if (null === $object) { - return 'NULL'; - } - - if (!is_object($object)) { - if (is_bool($object)) { - return sprintf('%s (%s)', gettype($object), $object ? 'true' : 'false'); - } - if (is_scalar($object)) { - return sprintf('%s (%s)', gettype($object), $object); - } - - return gettype($object); - } - - $objectClass = class_exists('Doctrine\Common\Util\ClassUtils') ? ClassUtils::getClass($object) : get_class($object); - - if (method_exists($object, 'getId')) { - $objectAsString = sprintf('ID: %s', $object->getId()); - } elseif (method_exists($object, '__toString')) { - $objectAsString = (string) $object; - } else { - $objectAsString = sprintf('object hash: %s', spl_object_hash($object)); - } - - return sprintf('%s (%s)', $objectClass, $objectAsString); - } } diff --git a/Core/Encoder/EncoderFactory.php b/Core/Encoder/EncoderFactory.php index 0568d41..7794b2f 100644 --- a/Core/Encoder/EncoderFactory.php +++ b/Core/Encoder/EncoderFactory.php @@ -69,6 +69,9 @@ class EncoderFactory implements EncoderFactoryInterface */ private function createEncoder(array $config) { + if (isset($config['algorithm'])) { + $config = $this->getEncoderConfigFromAlgorithm($config); + } if (!isset($config['class'])) { throw new \InvalidArgumentException(sprintf('"class" must be set in %s.', json_encode($config))); } @@ -80,4 +83,41 @@ class EncoderFactory implements EncoderFactoryInterface return $reflection->newInstanceArgs($config['arguments']); } + + private function getEncoderConfigFromAlgorithm($config) + { + switch ($config['algorithm']) { + case 'plaintext': + return array( + 'class' => PlaintextPasswordEncoder::class, + 'arguments' => array($config['ignore_case']), + ); + + case 'pbkdf2': + return array( + 'class' => Pbkdf2PasswordEncoder::class, + 'arguments' => array( + $config['hash_algorithm'], + $config['encode_as_base64'], + $config['iterations'], + $config['key_length'], + ), + ); + + case 'bcrypt': + return array( + 'class' => BCryptPasswordEncoder::class, + 'arguments' => array($config['cost']), + ); + } + + return array( + 'class' => MessageDigestPasswordEncoder::class, + 'arguments' => array( + $config['algorithm'], + $config['encode_as_base64'], + $config['iterations'], + ), + ); + } } diff --git a/Core/Exception/AccessDeniedException.php b/Core/Exception/AccessDeniedException.php index 736a36b..a16044f 100644 --- a/Core/Exception/AccessDeniedException.php +++ b/Core/Exception/AccessDeniedException.php @@ -18,8 +18,43 @@ namespace Symfony\Component\Security\Core\Exception; */ class AccessDeniedException extends \RuntimeException { + private $attributes = array(); + private $subject; + public function __construct($message = 'Access Denied.', \Exception $previous = null) { parent::__construct($message, 403, $previous); } + + /** + * @return array + */ + public function getAttributes() + { + return $this->attributes; + } + + /** + * @param array|string $attributes + */ + public function setAttributes($attributes) + { + $this->attributes = (array) $attributes; + } + + /** + * @return mixed + */ + public function getSubject() + { + return $this->subject; + } + + /** + * @param mixed $subject + */ + public function setSubject($subject) + { + $this->subject = $subject; + } } diff --git a/Core/Tests/Authorization/DebugAccessDecisionManagerTest.php b/Core/Tests/Authorization/DebugAccessDecisionManagerTest.php index f90f776..16661f7 100644 --- a/Core/Tests/Authorization/DebugAccessDecisionManagerTest.php +++ b/Core/Tests/Authorization/DebugAccessDecisionManagerTest.php @@ -32,12 +32,12 @@ class DebugAccessDecisionManagerTest extends \PHPUnit_Framework_TestCase { $object = new \stdClass(); - yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 'NULL', 'result' => false)), null); - yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 'boolean (true)', 'result' => false)), true); - yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 'string (jolie string)', 'result' => false)), 'jolie string'); - yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 'integer (12345)', 'result' => false)), 12345); - yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 'resource', 'result' => false)), fopen(__FILE__, 'r')); - yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 'array', 'result' => false)), array()); - yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => sprintf('stdClass (object hash: %s)', spl_object_hash($object)), 'result' => false)), $object); + yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => null, 'result' => false)), null); + yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => true, 'result' => false)), true); + yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 'jolie string', 'result' => false)), 'jolie string'); + yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => 12345, 'result' => false)), 12345); + yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => $x = fopen(__FILE__, 'r'), 'result' => false)), $x); + yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => $x = array(), 'result' => false)), $x); + yield array(array(array('attributes' => array('ATTRIBUTE_1'), 'object' => $object, 'result' => false)), $object); } } diff --git a/Core/composer.json b/Core/composer.json index e2915b0..25cc061 100644 --- a/Core/composer.json +++ b/Core/composer.json @@ -44,7 +44,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "3.1-dev" + "dev-master": "3.2-dev" } } } diff --git a/Csrf/composer.json b/Csrf/composer.json index d111fa1..4047fd5 100644 --- a/Csrf/composer.json +++ b/Csrf/composer.json @@ -36,7 +36,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "3.1-dev" + "dev-master": "3.2-dev" } } } diff --git a/Guard/composer.json b/Guard/composer.json index 7adb774..4980923 100644 --- a/Guard/composer.json +++ b/Guard/composer.json @@ -32,7 +32,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "3.1-dev" + "dev-master": "3.2-dev" } } } diff --git a/Http/Firewall/AccessListener.php b/Http/Firewall/AccessListener.php index c234317..75798b9 100644 --- a/Http/Firewall/AccessListener.php +++ b/Http/Firewall/AccessListener.php @@ -67,7 +67,11 @@ class AccessListener implements ListenerInterface } if (!$this->accessDecisionManager->decide($token, $attributes, $request)) { - throw new AccessDeniedException(); + $exception = new AccessDeniedException(); + $exception->setAttributes($attributes); + $exception->setSubject($request); + + throw $exception; } } } diff --git a/Http/Firewall/SwitchUserListener.php b/Http/Firewall/SwitchUserListener.php index 7de83d2..e9c3e40 100644 --- a/Http/Firewall/SwitchUserListener.php +++ b/Http/Firewall/SwitchUserListener.php @@ -122,7 +122,10 @@ class SwitchUserListener implements ListenerInterface } if (false === $this->accessDecisionManager->decide($token, array($this->role))) { - throw new AccessDeniedException(); + $exception = new AccessDeniedException(); + $exception->setAttributes($this->role); + + throw $exception; } $username = $request->get($this->usernameParameter); diff --git a/Http/composer.json b/Http/composer.json index f19d0e4..add5d3a 100644 --- a/Http/composer.json +++ b/Http/composer.json @@ -17,7 +17,7 @@ ], "require": { "php": ">=5.5.9", - "symfony/security-core": "~2.8|~3.0", + "symfony/security-core": "~3.2", "symfony/event-dispatcher": "~2.8|~3.0", "symfony/http-foundation": "~2.8|~3.0", "symfony/http-kernel": "~2.8|~3.0", @@ -43,7 +43,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "3.1-dev" + "dev-master": "3.2-dev" } } } diff --git a/composer.json b/composer.json index 7b3801f..430ea54 100644 --- a/composer.json +++ b/composer.json @@ -56,7 +56,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "3.1-dev" + "dev-master": "3.2-dev" } } } |