9 files changed, 49 insertions, 26 deletions

diff --git a/Acl/Domain/UserSecurityIdentity.php b/Acl/Domain/UserSecurityIdentity.php
index b6cae4a..df2be38 100644
--- a/Acl/Domain/UserSecurityIdentity.php
+++ b/Acl/Domain/UserSecurityIdentity.php
@@ -45,7 +45,7 @@ final class UserSecurityIdentity implements SecurityIdentityInterface
     }
 
     /**
-     * Creates a user security identity from an UserInterface
+     * Creates a user security identity from a UserInterface
      *
      * @param UserInterface $user
      * @return UserSecurityIdentity
diff --git a/Core/Authentication/Provider/DaoAuthenticationProvider.php b/Core/Authentication/Provider/DaoAuthenticationProvider.php
index 54cfa3d..f17eaa4 100644
--- a/Core/Authentication/Provider/DaoAuthenticationProvider.php
+++ b/Core/Authentication/Provider/DaoAuthenticationProvider.php
@@ -83,7 +83,7 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider
             $user = $this->userProvider->loadUserByUsername($username);
 
             if (!$user instanceof UserInterface) {
-                throw new AuthenticationServiceException('The user provider must return an UserInterface object.');
+                throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
             }
 
             return $user;
diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php
index 8183c62..f0463ea 100644
--- a/Core/Authentication/Provider/UserAuthenticationProvider.php
+++ b/Core/Authentication/Provider/UserAuthenticationProvider.php
@@ -65,26 +65,34 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
 
         try {
             $user = $this->retrieveUser($username, $token);
-
-            if (!$user instanceof UserInterface) {
-                throw new AuthenticationServiceException('retrieveUser() must return an UserInterface.');
+        } catch (UsernameNotFoundException $notFound) {
+            if ($this->hideUserNotFoundExceptions) {
+                throw new BadCredentialsException('Bad credentials', 0, $notFound);
             }
 
+            throw $notFound;
+        }
+
+        if (!$user instanceof UserInterface) {
+            throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
+        }
+
+        try {
             $this->userChecker->checkPreAuth($user);
             $this->checkAuthentication($user, $token);
             $this->userChecker->checkPostAuth($user);
-
-            $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
-            $authenticatedToken->setAttributes($token->getAttributes());
-
-            return $authenticatedToken;
-        } catch (UsernameNotFoundException $notFound) {
+        } catch (BadCredentialsException $e) {
             if ($this->hideUserNotFoundExceptions) {
-                throw new BadCredentialsException('Bad credentials', 0, $notFound);
+                throw new BadCredentialsException('Bad credentials', 0, $e);
             }
 
-            throw $notFound;
+            throw $e;
         }
+
+        $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+        $authenticatedToken->setAttributes($token->getAttributes());
+
+        return $authenticatedToken;
     }
 
     /**
diff --git a/Core/User/UserCheckerInterface.php b/Core/User/UserCheckerInterface.php
index 25de94a..61f0f6e 100644
--- a/Core/User/UserCheckerInterface.php
+++ b/Core/User/UserCheckerInterface.php
@@ -23,14 +23,14 @@ interface UserCheckerInterface
     /**
      * Checks the user account before authentication.
      *
-     * @param UserInterface $user An UserInterface instance
+     * @param UserInterface $user a UserInterface instance
      */
     function checkPreAuth(UserInterface $user);
 
     /**
      * Checks the user account after authentication.
      *
-     * @param UserInterface $user An UserInterface instance
+     * @param UserInterface $user a UserInterface instance
      */
     function checkPostAuth(UserInterface $user);
 }
diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php
index 6fb77e9..5f94e43 100644
--- a/Http/Firewall/ContextListener.php
+++ b/Http/Firewall/ContextListener.php
@@ -93,19 +93,19 @@ class ContextListener implements ListenerInterface
             return;
         }
 
-        if (null === $token = $this->context->getToken()) {
-            return;
+        if (null !== $this->logger) {
+            $this->logger->debug('Write SecurityContext in the session');
         }
 
-        if (null === $token || $token instanceof AnonymousToken) {
+        if (null === $session = $event->getRequest()->getSession()) {
             return;
         }
 
-        if (null !== $this->logger) {
-            $this->logger->debug('Write SecurityContext in the session');
+        if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
+            $session->remove('_security_'.$this->contextKey);
+        } else {
+            $session->set('_security_'.$this->contextKey, serialize($token));
         }
-
-        $event->getRequest()->getSession()->set('_security_'.$this->contextKey, serialize($token));
     }
 
     /**
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index a36baf3..62f48cf 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -15,7 +15,9 @@ use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException;
@@ -158,6 +160,11 @@ class ExceptionListener
 
         $this->setTargetPath($request);
 
+        if ($authException instanceof AccountStatusException) {
+            // remove the security token to prevent infinite redirect loops
+            $this->context->setToken(null);
+        }
+
         return $this->authenticationEntryPoint->start($request, $authException);
     }
 
diff --git a/Http/HttpUtils.php b/Http/HttpUtils.php
index c11b283..b31fcf5 100644
--- a/Http/HttpUtils.php
+++ b/Http/HttpUtils.php
@@ -16,6 +16,8 @@ use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
 
 /**
  * Encapsulates the logic needed to create sub-requests, redirect the user, and match URLs.
@@ -97,7 +99,7 @@ class HttpUtils
      * Checks that a given path matches the Request.
      *
      * @param Request $request A Request instance
-     * @param string  $path    A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo))
+     * @param string  $path    A path (an absolute path (/foo) or a route name (foo))
      *
      * @return Boolean true if the path is the same as the one from the Request, false otherwise
      */
@@ -108,7 +110,9 @@ class HttpUtils
                 $parameters = $this->router->match($request->getPathInfo());
 
                 return $path === $parameters['_route'];
-            } catch (\Exception $e) {
+            } catch (MethodNotAllowedException $e) {
+                return false;
+            } catch (ResourceNotFoundException $e) {
                 return false;
             }
         }
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
index e75cf63..556fb6a 100644
--- a/Http/RememberMe/AbstractRememberMeServices.php
+++ b/Http/RememberMe/AbstractRememberMeServices.php
@@ -173,7 +173,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
     {
         if (!$token->getUser() instanceof UserInterface) {
             if (null !== $this->logger) {
-                $this->logger->debug('Remember-me ignores token since it does not contain an UserInterface implementation.');
+                $this->logger->debug('Remember-me ignores token since it does not contain a UserInterface implementation.');
             }
 
             return;
diff --git a/composer.json b/composer.json
index 9e2213c..eb78d19 100644
--- a/composer.json
+++ b/composer.json
@@ -27,5 +27,9 @@
         "symfony/finder": ">=2.1",
         "symfony/form": ">=2.1",
         "symfony/routing": ">=2.1"
-    }
+    },
+    "autoload": {
+        "psr-0": { "Symfony\\Component\\Security": "" }
+    },
+    "target-dir": "Symfony/Component/Security"
 }