diff options
67 files changed, 427 insertions, 252 deletions
diff --git a/Acl/Dbal/AclProvider.php b/Acl/Dbal/AclProvider.php index 8413843..ada4f22 100644 --- a/Acl/Dbal/AclProvider.php +++ b/Acl/Dbal/AclProvider.php @@ -339,7 +339,7 @@ QUERY; * @param ObjectIdentityInterface $oid * @return integer */ - protected final function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid) + final protected function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid) { return $this->connection->executeQuery($this->getSelectObjectIdentityIdSql($oid))->fetchColumn(); } diff --git a/Acl/Domain/Acl.php b/Acl/Domain/Acl.php index 6d53131..4665c0e 100644 --- a/Acl/Domain/Acl.php +++ b/Acl/Domain/Acl.php @@ -19,7 +19,6 @@ use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface; use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; - /** * An ACL implementation. * diff --git a/Acl/Domain/ObjectIdentity.php b/Acl/Domain/ObjectIdentity.php index e37e82b..da98f5e 100644 --- a/Acl/Domain/ObjectIdentity.php +++ b/Acl/Domain/ObjectIdentity.php @@ -52,7 +52,7 @@ final class ObjectIdentity implements ObjectIdentityInterface * @throws \InvalidArgumentException * @return ObjectIdentity */ - static public function fromDomainObject($domainObject) + public static function fromDomainObject($domainObject) { if (!is_object($domainObject)) { throw new InvalidDomainObjectException('$domainObject must be an object.'); diff --git a/Acl/Domain/UserSecurityIdentity.php b/Acl/Domain/UserSecurityIdentity.php index 040e43b..ebb0056 100644 --- a/Acl/Domain/UserSecurityIdentity.php +++ b/Acl/Domain/UserSecurityIdentity.php @@ -51,7 +51,7 @@ final class UserSecurityIdentity implements SecurityIdentityInterface * @param UserInterface $user * @return UserSecurityIdentity */ - static public function fromAccount(UserInterface $user) + public static function fromAccount(UserInterface $user) { return new self($user->getUsername(), ClassUtils::getRealClass($user)); } @@ -62,7 +62,7 @@ final class UserSecurityIdentity implements SecurityIdentityInterface * @param TokenInterface $token * @return UserSecurityIdentity */ - static public function fromToken(TokenInterface $token) + public static function fromToken(TokenInterface $token) { $user = $token->getUser(); diff --git a/Acl/Model/AclCacheInterface.php b/Acl/Model/AclCacheInterface.php index dd515ce..ea9604e 100644 --- a/Acl/Model/AclCacheInterface.php +++ b/Acl/Model/AclCacheInterface.php @@ -23,7 +23,7 @@ interface AclCacheInterface * * @param string $primaryKey a serialized primary key */ - function evictFromCacheById($primaryKey); + public function evictFromCacheById($primaryKey); /** * Removes an ACL from the cache @@ -32,7 +32,7 @@ interface AclCacheInterface * * @param ObjectIdentityInterface $oid */ - function evictFromCacheByIdentity(ObjectIdentityInterface $oid); + public function evictFromCacheByIdentity(ObjectIdentityInterface $oid); /** * Retrieves an ACL for the given object identity primary key from the cache @@ -40,7 +40,7 @@ interface AclCacheInterface * @param integer $primaryKey * @return AclInterface */ - function getFromCacheById($primaryKey); + public function getFromCacheById($primaryKey); /** * Retrieves an ACL for the given object identity from the cache @@ -48,17 +48,17 @@ interface AclCacheInterface * @param ObjectIdentityInterface $oid * @return AclInterface */ - function getFromCacheByIdentity(ObjectIdentityInterface $oid); + public function getFromCacheByIdentity(ObjectIdentityInterface $oid); /** * Stores a new ACL in the cache * * @param AclInterface $acl */ - function putInCache(AclInterface $acl); + public function putInCache(AclInterface $acl); /** * Removes all ACLs from the cache */ - function clearCache(); + public function clearCache(); } diff --git a/Acl/Model/AclInterface.php b/Acl/Model/AclInterface.php index 9094560..fffe591 100644 --- a/Acl/Model/AclInterface.php +++ b/Acl/Model/AclInterface.php @@ -28,7 +28,7 @@ interface AclInterface extends \Serializable * * @return array */ - function getClassAces(); + public function getClassAces(); /** * Returns all class-field-based ACEs associated with this ACL @@ -36,14 +36,14 @@ interface AclInterface extends \Serializable * @param string $field * @return array */ - function getClassFieldAces($field); + public function getClassFieldAces($field); /** * Returns all object-based ACEs associated with this ACL * * @return array */ - function getObjectAces(); + public function getObjectAces(); /** * Returns all object-field-based ACEs associated with this ACL @@ -51,28 +51,28 @@ interface AclInterface extends \Serializable * @param string $field * @return array */ - function getObjectFieldAces($field); + public function getObjectFieldAces($field); /** * Returns the object identity associated with this ACL * * @return ObjectIdentityInterface */ - function getObjectIdentity(); + public function getObjectIdentity(); /** * Returns the parent ACL, or null if there is none. * * @return AclInterface|null */ - function getParentAcl(); + public function getParentAcl(); /** * Whether this ACL is inheriting ACEs from a parent ACL. * * @return Boolean */ - function isEntriesInheriting(); + public function isEntriesInheriting(); /** * Determines whether field access is granted @@ -83,7 +83,7 @@ interface AclInterface extends \Serializable * @param Boolean $administrativeMode * @return Boolean */ - function isFieldGranted($field, array $masks, array $securityIdentities, $administrativeMode = false); + public function isFieldGranted($field, array $masks, array $securityIdentities, $administrativeMode = false); /** * Determines whether access is granted @@ -94,7 +94,7 @@ interface AclInterface extends \Serializable * @param Boolean $administrativeMode * @return Boolean */ - function isGranted(array $masks, array $securityIdentities, $administrativeMode = false); + public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false); /** * Whether the ACL has loaded ACEs for all of the passed security identities @@ -102,5 +102,5 @@ interface AclInterface extends \Serializable * @param mixed $securityIdentities an implementation of SecurityIdentityInterface, or an array thereof * @return Boolean */ - function isSidLoaded($securityIdentities); + public function isSidLoaded($securityIdentities); } diff --git a/Acl/Model/AclProviderInterface.php b/Acl/Model/AclProviderInterface.php index 2f878e1..bdb40b7 100644 --- a/Acl/Model/AclProviderInterface.php +++ b/Acl/Model/AclProviderInterface.php @@ -25,7 +25,7 @@ interface AclProviderInterface * @param Boolean $directChildrenOnly * @return array returns an array of child 'ObjectIdentity's */ - function findChildren(ObjectIdentityInterface $parentOid, $directChildrenOnly = false); + public function findChildren(ObjectIdentityInterface $parentOid, $directChildrenOnly = false); /** * Returns the ACL that belongs to the given object identity @@ -35,7 +35,7 @@ interface AclProviderInterface * @param array $sids * @return AclInterface */ - function findAcl(ObjectIdentityInterface $oid, array $sids = array()); + public function findAcl(ObjectIdentityInterface $oid, array $sids = array()); /** * Returns the ACLs that belong to the given object identities @@ -45,5 +45,5 @@ interface AclProviderInterface * @param array $sids an array of SecurityIdentityInterface implementations * @return \SplObjectStorage mapping the passed object identities to ACLs */ - function findAcls(array $oids, array $sids = array()); + public function findAcls(array $oids, array $sids = array()); } diff --git a/Acl/Model/AuditLoggerInterface.php b/Acl/Model/AuditLoggerInterface.php index 7cab6f1..09bcbb8 100644 --- a/Acl/Model/AuditLoggerInterface.php +++ b/Acl/Model/AuditLoggerInterface.php @@ -25,5 +25,5 @@ interface AuditLoggerInterface * @param Boolean $granted * @param EntryInterface $ace */ - function logIfNeeded($granted, EntryInterface $ace); + public function logIfNeeded($granted, EntryInterface $ace); } diff --git a/Acl/Model/AuditableAclInterface.php b/Acl/Model/AuditableAclInterface.php index 5da593e..14b4c04 100644 --- a/Acl/Model/AuditableAclInterface.php +++ b/Acl/Model/AuditableAclInterface.php @@ -25,7 +25,7 @@ interface AuditableAclInterface extends MutableAclInterface * @param Boolean $auditSuccess * @param Boolean $auditFailure */ - function updateClassAuditing($index, $auditSuccess, $auditFailure); + public function updateClassAuditing($index, $auditSuccess, $auditFailure); /** * Updates auditing for class-field-based ACE @@ -35,7 +35,7 @@ interface AuditableAclInterface extends MutableAclInterface * @param Boolean $auditSuccess * @param Boolean $auditFailure */ - function updateClassFieldAuditing($index, $field, $auditSuccess, $auditFailure); + public function updateClassFieldAuditing($index, $field, $auditSuccess, $auditFailure); /** * Updates auditing for object-based ACE @@ -44,7 +44,7 @@ interface AuditableAclInterface extends MutableAclInterface * @param Boolean $auditSuccess * @param Boolean $auditFailure */ - function updateObjectAuditing($index, $auditSuccess, $auditFailure); + public function updateObjectAuditing($index, $auditSuccess, $auditFailure); /** * Updates auditing for object-field-based ACE @@ -54,5 +54,5 @@ interface AuditableAclInterface extends MutableAclInterface * @param Boolean $auditSuccess * @param Boolean $auditFailure */ - function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure); + public function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure); } diff --git a/Acl/Model/AuditableEntryInterface.php b/Acl/Model/AuditableEntryInterface.php index 40c4484..e957965 100644 --- a/Acl/Model/AuditableEntryInterface.php +++ b/Acl/Model/AuditableEntryInterface.php @@ -23,12 +23,12 @@ interface AuditableEntryInterface extends EntryInterface * * @return Boolean */ - function isAuditFailure(); + public function isAuditFailure(); /** * Whether auditing for successful denies is turned on * * @return Boolean */ - function isAuditSuccess(); + public function isAuditSuccess(); } diff --git a/Acl/Model/DomainObjectInterface.php b/Acl/Model/DomainObjectInterface.php index 50bc4c3..195cb4e 100644 --- a/Acl/Model/DomainObjectInterface.php +++ b/Acl/Model/DomainObjectInterface.php @@ -25,5 +25,5 @@ interface DomainObjectInterface * * @return string */ - function getObjectIdentifier(); + public function getObjectIdentifier(); } diff --git a/Acl/Model/EntryInterface.php b/Acl/Model/EntryInterface.php index 6fe0dc8..98b754c 100644 --- a/Acl/Model/EntryInterface.php +++ b/Acl/Model/EntryInterface.php @@ -26,40 +26,40 @@ interface EntryInterface extends \Serializable * * @return AclInterface */ - function getAcl(); + public function getAcl(); /** * The primary key of this ACE * * @return integer */ - function getId(); + public function getId(); /** * The permission mask of this ACE * * @return integer */ - function getMask(); + public function getMask(); /** * The security identity associated with this ACE * * @return SecurityIdentityInterface */ - function getSecurityIdentity(); + public function getSecurityIdentity(); /** * The strategy for comparing masks * * @return string */ - function getStrategy(); + public function getStrategy(); /** * Returns whether this ACE is granting, or denying * * @return Boolean */ - function isGranting(); + public function isGranting(); } diff --git a/Acl/Model/FieldEntryInterface.php b/Acl/Model/FieldEntryInterface.php index a35ddb4..8382ae1 100644 --- a/Acl/Model/FieldEntryInterface.php +++ b/Acl/Model/FieldEntryInterface.php @@ -23,5 +23,5 @@ interface FieldEntryInterface extends EntryInterface * * @return string */ - function getField(); + public function getField(); } diff --git a/Acl/Model/MutableAclInterface.php b/Acl/Model/MutableAclInterface.php index f84e817..9028aa9 100644 --- a/Acl/Model/MutableAclInterface.php +++ b/Acl/Model/MutableAclInterface.php @@ -26,7 +26,7 @@ interface MutableAclInterface extends AclInterface * * @param integer $index */ - function deleteClassAce($index); + public function deleteClassAce($index); /** * Deletes a class-field-based ACE @@ -34,14 +34,14 @@ interface MutableAclInterface extends AclInterface * @param integer $index * @param string $field */ - function deleteClassFieldAce($index, $field); + public function deleteClassFieldAce($index, $field); /** * Deletes an object-based ACE * * @param integer $index */ - function deleteObjectAce($index); + public function deleteObjectAce($index); /** * Deletes an object-field-based ACE @@ -49,14 +49,14 @@ interface MutableAclInterface extends AclInterface * @param integer $index * @param string $field */ - function deleteObjectFieldAce($index, $field); + public function deleteObjectFieldAce($index, $field); /** * Returns the primary key of this ACL * * @return integer */ - function getId(); + public function getId(); /** * Inserts a class-based ACE @@ -67,7 +67,7 @@ interface MutableAclInterface extends AclInterface * @param Boolean $granting * @param string $strategy */ - function insertClassAce(SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); + public function insertClassAce(SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); /** * Inserts a class-field-based ACE @@ -79,7 +79,7 @@ interface MutableAclInterface extends AclInterface * @param Boolean $granting * @param string $strategy */ - function insertClassFieldAce($field, SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); + public function insertClassFieldAce($field, SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); /** * Inserts an object-based ACE @@ -90,7 +90,7 @@ interface MutableAclInterface extends AclInterface * @param Boolean $granting * @param string $strategy */ - function insertObjectAce(SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); + public function insertObjectAce(SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); /** * Inserts an object-field-based ACE @@ -102,14 +102,14 @@ interface MutableAclInterface extends AclInterface * @param Boolean $granting * @param string $strategy */ - function insertObjectFieldAce($field, SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); + public function insertObjectFieldAce($field, SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null); /** * Sets whether entries are inherited * * @param Boolean $boolean */ - function setEntriesInheriting($boolean); + public function setEntriesInheriting($boolean); /** * Sets the parent ACL @@ -117,7 +117,7 @@ interface MutableAclInterface extends AclInterface * @param AclInterface|null $acl * @return void */ - function setParentAcl(AclInterface $acl = null); + public function setParentAcl(AclInterface $acl = null); /** * Updates a class-based ACE @@ -126,7 +126,7 @@ interface MutableAclInterface extends AclInterface * @param integer $mask * @param string $strategy if null the strategy should not be changed */ - function updateClassAce($index, $mask, $strategy = null); + public function updateClassAce($index, $mask, $strategy = null); /** * Updates a class-field-based ACE @@ -136,7 +136,7 @@ interface MutableAclInterface extends AclInterface * @param integer $mask * @param string $strategy if null the strategy should not be changed */ - function updateClassFieldAce($index, $field, $mask, $strategy = null); + public function updateClassFieldAce($index, $field, $mask, $strategy = null); /** * Updates an object-based ACE @@ -145,7 +145,7 @@ interface MutableAclInterface extends AclInterface * @param integer $mask * @param string $strategy if null the strategy should not be changed */ - function updateObjectAce($index, $mask, $strategy = null); + public function updateObjectAce($index, $mask, $strategy = null); /** * Updates an object-field-based ACE @@ -155,5 +155,5 @@ interface MutableAclInterface extends AclInterface * @param integer $mask * @param string $strategy if null the strategy should not be changed */ - function updateObjectFieldAce($index, $field, $mask, $strategy = null); + public function updateObjectFieldAce($index, $field, $mask, $strategy = null); } diff --git a/Acl/Model/MutableAclProviderInterface.php b/Acl/Model/MutableAclProviderInterface.php index 04cf237..cb34b72 100644 --- a/Acl/Model/MutableAclProviderInterface.php +++ b/Acl/Model/MutableAclProviderInterface.php @@ -26,7 +26,7 @@ interface MutableAclProviderInterface extends AclProviderInterface * @param ObjectIdentityInterface $oid * @return MutableAclInterface */ - function createAcl(ObjectIdentityInterface $oid); + public function createAcl(ObjectIdentityInterface $oid); /** * Deletes the ACL for a given object identity. @@ -36,7 +36,7 @@ interface MutableAclProviderInterface extends AclProviderInterface * * @param ObjectIdentityInterface $oid */ - function deleteAcl(ObjectIdentityInterface $oid); + public function deleteAcl(ObjectIdentityInterface $oid); /** * Persists any changes which were made to the ACL, or any associated @@ -46,5 +46,5 @@ interface MutableAclProviderInterface extends AclProviderInterface * * @param MutableAclInterface $acl */ - function updateAcl(MutableAclInterface $acl); + public function updateAcl(MutableAclInterface $acl); } diff --git a/Acl/Model/ObjectIdentityInterface.php b/Acl/Model/ObjectIdentityInterface.php index 7e892bf..8ad0eba 100644 --- a/Acl/Model/ObjectIdentityInterface.php +++ b/Acl/Model/ObjectIdentityInterface.php @@ -30,7 +30,7 @@ interface ObjectIdentityInterface * @param ObjectIdentityInterface $identity * @return Boolean */ - function equals(ObjectIdentityInterface $identity); + public function equals(ObjectIdentityInterface $identity); /** * Obtains a unique identifier for this object. The identifier must not be @@ -38,12 +38,12 @@ interface ObjectIdentityInterface * * @return string cannot return null */ - function getIdentifier(); + public function getIdentifier(); /** * Returns a type for the domain object. Typically, this is the PHP class name. * * @return string cannot return null */ - function getType(); + public function getType(); } diff --git a/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php b/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php index e53c3da..b0f7f78 100644 --- a/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php +++ b/Acl/Model/ObjectIdentityRetrievalStrategyInterface.php @@ -24,5 +24,5 @@ interface ObjectIdentityRetrievalStrategyInterface * @param object $domainObject * @return ObjectIdentityInterface */ - function getObjectIdentity($domainObject); + public function getObjectIdentity($domainObject); } diff --git a/Acl/Model/PermissionGrantingStrategyInterface.php b/Acl/Model/PermissionGrantingStrategyInterface.php index 7afdfac..7f8f81b 100644 --- a/Acl/Model/PermissionGrantingStrategyInterface.php +++ b/Acl/Model/PermissionGrantingStrategyInterface.php @@ -27,7 +27,7 @@ interface PermissionGrantingStrategyInterface * @param Boolean $administrativeMode * @return Boolean */ - function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false); + public function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false); /** * Determines whether access to a domain object's field is to be granted @@ -40,5 +40,5 @@ interface PermissionGrantingStrategyInterface * * @return Boolean */ - function isFieldGranted(AclInterface $acl, $field, array $masks, array $sids, $administrativeMode = false); + public function isFieldGranted(AclInterface $acl, $field, array $masks, array $sids, $administrativeMode = false); } diff --git a/Acl/Model/SecurityIdentityInterface.php b/Acl/Model/SecurityIdentityInterface.php index 5bf6189..0a24a54 100644 --- a/Acl/Model/SecurityIdentityInterface.php +++ b/Acl/Model/SecurityIdentityInterface.php @@ -26,5 +26,5 @@ interface SecurityIdentityInterface * * @param SecurityIdentityInterface $identity */ - function equals(SecurityIdentityInterface $identity); + public function equals(SecurityIdentityInterface $identity); } diff --git a/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php b/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php index 3bbbaa4..c20f04b 100644 --- a/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php +++ b/Acl/Model/SecurityIdentityRetrievalStrategyInterface.php @@ -30,5 +30,5 @@ interface SecurityIdentityRetrievalStrategyInterface * @param TokenInterface $token * @return array of SecurityIdentityInterface implementations */ - function getSecurityIdentities(TokenInterface $token); + public function getSecurityIdentities(TokenInterface $token); } diff --git a/Acl/Permission/MaskBuilder.php b/Acl/Permission/MaskBuilder.php index 6921558..df1fa7c 100644 --- a/Acl/Permission/MaskBuilder.php +++ b/Acl/Permission/MaskBuilder.php @@ -175,7 +175,7 @@ class MaskBuilder * @throws \RuntimeException * @return string */ - static public function getCode($mask) + public static function getCode($mask) { if (!is_int($mask)) { throw new \InvalidArgumentException('$mask must be an integer.'); diff --git a/Acl/Permission/PermissionMapInterface.php b/Acl/Permission/PermissionMapInterface.php index c2e49d5..44c15cc 100644 --- a/Acl/Permission/PermissionMapInterface.php +++ b/Acl/Permission/PermissionMapInterface.php @@ -28,7 +28,7 @@ interface PermissionMapInterface * @param object $object * @return array may return null if permission/object combination is not supported */ - function getMasks($permission, $object); + public function getMasks($permission, $object); /** * Whether this map contains the given permission @@ -36,5 +36,5 @@ interface PermissionMapInterface * @param string $permission * @return Boolean */ - function contains($permission); + public function contains($permission); } diff --git a/Acl/Resources/bin/generateSql.php b/Acl/Resources/bin/generateSql.php index 25ded7a..d65874b 100644 --- a/Acl/Resources/bin/generateSql.php +++ b/Acl/Resources/bin/generateSql.php @@ -25,7 +25,6 @@ $loader->registerNamespaces(array( )); $loader->register(); - $schema = new Schema(array( 'class_table_name' => 'acl_classes', 'entry_table_name' => 'acl_entries', diff --git a/CHANGELOG.md b/CHANGELOG.md index 2389ac3..0093677 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,3 +20,8 @@ CHANGELOG * `ObjectIdentity::fromDomainObject`, `UserSecurityIdentity::fromAccount` and `UserSecurityIdentity::fromToken` now return correct identities for proxies objects (e.g. Doctrine proxies) + * [BC BREAK] moved the default authentication success and failure handling to + seperate classes. The order of arguments in the constructor of the + `AbstractAuthenticationListener` has changed. + * [BC BREAK] moved the default logout sucess handling to a seperate class. The + order of arguments in the constructor of `LogoutListener` has changed. diff --git a/Core/Authentication/AuthenticationManagerInterface.php b/Core/Authentication/AuthenticationManagerInterface.php index 36cdc92..d8f4716 100644 --- a/Core/Authentication/AuthenticationManagerInterface.php +++ b/Core/Authentication/AuthenticationManagerInterface.php @@ -31,5 +31,5 @@ interface AuthenticationManagerInterface * * @throws AuthenticationException if the authentication fails */ - function authenticate(TokenInterface $token); + public function authenticate(TokenInterface $token); } diff --git a/Core/Authentication/AuthenticationTrustResolverInterface.php b/Core/Authentication/AuthenticationTrustResolverInterface.php index adcef3c..ac07db0 100644 --- a/Core/Authentication/AuthenticationTrustResolverInterface.php +++ b/Core/Authentication/AuthenticationTrustResolverInterface.php @@ -30,7 +30,7 @@ interface AuthenticationTrustResolverInterface * * @return Boolean */ - function isAnonymous(TokenInterface $token = null); + public function isAnonymous(TokenInterface $token = null); /** * Resolves whether the passed token implementation is authenticated @@ -40,7 +40,7 @@ interface AuthenticationTrustResolverInterface * * @return Boolean */ - function isRememberMe(TokenInterface $token = null); + public function isRememberMe(TokenInterface $token = null); /** * Resolves whether the passed token implementation is fully authenticated. @@ -49,5 +49,5 @@ interface AuthenticationTrustResolverInterface * * @return Boolean */ - function isFullFledged(TokenInterface $token = null); + public function isFullFledged(TokenInterface $token = null); } diff --git a/Core/Authentication/RememberMe/PersistentTokenInterface.php b/Core/Authentication/RememberMe/PersistentTokenInterface.php index 38acbc3..6e9d891 100644 --- a/Core/Authentication/RememberMe/PersistentTokenInterface.php +++ b/Core/Authentication/RememberMe/PersistentTokenInterface.php @@ -23,29 +23,29 @@ interface PersistentTokenInterface * Returns the class of the user * @return string */ - function getClass(); + public function getClass(); /** * Returns the username * @return string */ - function getUsername(); + public function getUsername(); /** * Returns the series * @return string */ - function getSeries(); + public function getSeries(); /** * Returns the token value * @return string */ - function getTokenValue(); + public function getTokenValue(); /** * Returns the last time the cookie was used * @return \DateTime */ - function getLastUsed(); + public function getLastUsed(); } diff --git a/Core/Authentication/RememberMe/TokenProviderInterface.php b/Core/Authentication/RememberMe/TokenProviderInterface.php index db40a1c..c8cfbd1 100644 --- a/Core/Authentication/RememberMe/TokenProviderInterface.php +++ b/Core/Authentication/RememberMe/TokenProviderInterface.php @@ -27,14 +27,14 @@ interface TokenProviderInterface * * @return PersistentTokenInterface */ - function loadTokenBySeries($series); + public function loadTokenBySeries($series); /** * Deletes all tokens belonging to series. * * @param string $series */ - function deleteTokenBySeries($series); + public function deleteTokenBySeries($series); /** * Updates the token according to this data. @@ -43,12 +43,12 @@ interface TokenProviderInterface * @param string $tokenValue * @param DateTime $lastUsed */ - function updateToken($series, $tokenValue, \DateTime $lastUsed); + public function updateToken($series, $tokenValue, \DateTime $lastUsed); /** * Creates a new token. * * @param PersistentTokenInterface $token */ - function createNewToken(PersistentTokenInterface $token); + public function createNewToken(PersistentTokenInterface $token); } diff --git a/Core/Authentication/Token/TokenInterface.php b/Core/Authentication/Token/TokenInterface.php index 3dafccc..dec31d5 100644 --- a/Core/Authentication/Token/TokenInterface.php +++ b/Core/Authentication/Token/TokenInterface.php @@ -26,21 +26,21 @@ interface TokenInterface extends \Serializable * * @return string */ - function __toString(); + public function __toString(); /** * Returns the user roles. * * @return Role[] An array of Role instances. */ - function getRoles(); + public function getRoles(); /** * Returns the user credentials. * * @return mixed The user credentials */ - function getCredentials(); + public function getCredentials(); /** * Returns a user representation. @@ -48,54 +48,54 @@ interface TokenInterface extends \Serializable * @return mixed either returns an object which implements __toString(), or * a primitive string is returned. */ - function getUser(); + public function getUser(); /** * Sets a user. * * @param mixed $user */ - function setUser($user); + public function setUser($user); /** * Returns the username. * * @return string */ - function getUsername(); + public function getUsername(); /** * Returns whether the user is authenticated or not. * * @return Boolean true if the token has been authenticated, false otherwise */ - function isAuthenticated(); + public function isAuthenticated(); /** * Sets the authenticated flag. * * @param Boolean $isAuthenticated The authenticated flag */ - function setAuthenticated($isAuthenticated); + public function setAuthenticated($isAuthenticated); /** * Removes sensitive information from the token. */ - function eraseCredentials(); + public function eraseCredentials(); /** * Returns the token attributes. * * @return array The token attributes */ - function getAttributes(); + public function getAttributes(); /** * Sets the token attributes. * * @param array $attributes The token attributes */ - function setAttributes(array $attributes); + public function setAttributes(array $attributes); /** * Returns true if the attribute exists. @@ -104,7 +104,7 @@ interface TokenInterface extends \Serializable * * @return Boolean true if the attribute exists, false otherwise */ - function hasAttribute($name); + public function hasAttribute($name); /** * Returns an attribute value. @@ -115,7 +115,7 @@ interface TokenInterface extends \Serializable * * @throws \InvalidArgumentException When attribute doesn't exist for this token */ - function getAttribute($name); + public function getAttribute($name); /** * Sets an attribute. @@ -123,5 +123,5 @@ interface TokenInterface extends \Serializable * @param string $name The attribute name * @param mixed $value The attribute value */ - function setAttribute($name, $value); + public function setAttribute($name, $value); } diff --git a/Core/Authorization/AccessDecisionManagerInterface.php b/Core/Authorization/AccessDecisionManagerInterface.php index 648047a..742ea74 100644 --- a/Core/Authorization/AccessDecisionManagerInterface.php +++ b/Core/Authorization/AccessDecisionManagerInterface.php @@ -29,7 +29,7 @@ interface AccessDecisionManagerInterface * * @return Boolean true if the access is granted, false otherwise */ - function decide(TokenInterface $token, array $attributes, $object = null); + public function decide(TokenInterface $token, array $attributes, $object = null); /** * Checks if the access decision manager supports the given attribute. @@ -38,7 +38,7 @@ interface AccessDecisionManagerInterface * * @return Boolean true if this decision manager supports the attribute, false otherwise */ - function supportsAttribute($attribute); + public function supportsAttribute($attribute); /** * Checks if the access decision manager supports the given class. @@ -47,5 +47,5 @@ interface AccessDecisionManagerInterface * * @return true if this decision manager can process the class */ - function supportsClass($class); + public function supportsClass($class); } diff --git a/Core/Authorization/Voter/VoterInterface.php b/Core/Authorization/Voter/VoterInterface.php index 41d9e64..1fc93e5 100644 --- a/Core/Authorization/Voter/VoterInterface.php +++ b/Core/Authorization/Voter/VoterInterface.php @@ -31,7 +31,7 @@ interface VoterInterface * * @return Boolean true if this Voter supports the attribute, false otherwise */ - function supportsAttribute($attribute); + public function supportsAttribute($attribute); /** * Checks if the voter supports the given class. @@ -40,7 +40,7 @@ interface VoterInterface * * @return true if this Voter can process the class */ - function supportsClass($class); + public function supportsClass($class); /** * Returns the vote for the given parameters. @@ -54,5 +54,5 @@ interface VoterInterface * * @return integer either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED */ - function vote(TokenInterface $token, $object, array $attributes); + public function vote(TokenInterface $token, $object, array $attributes); } diff --git a/Core/Encoder/EncoderFactory.php b/Core/Encoder/EncoderFactory.php index 7d34cc7..9429441 100644 --- a/Core/Encoder/EncoderFactory.php +++ b/Core/Encoder/EncoderFactory.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\User\UserInterface; - /** * A generic encoder factory implementation * diff --git a/Core/Encoder/EncoderFactoryInterface.php b/Core/Encoder/EncoderFactoryInterface.php index 125e57b..f6b4a25 100644 --- a/Core/Encoder/EncoderFactoryInterface.php +++ b/Core/Encoder/EncoderFactoryInterface.php @@ -29,5 +29,5 @@ interface EncoderFactoryInterface * * @throws \RuntimeException when no password encoder could be found for the user */ - function getEncoder($user); + public function getEncoder($user); } diff --git a/Core/Encoder/PasswordEncoderInterface.php b/Core/Encoder/PasswordEncoderInterface.php index dae6c69..78b4e42 100644 --- a/Core/Encoder/PasswordEncoderInterface.php +++ b/Core/Encoder/PasswordEncoderInterface.php @@ -26,7 +26,7 @@ interface PasswordEncoderInterface * * @return string The encoded password */ - function encodePassword($raw, $salt); + public function encodePassword($raw, $salt); /** * Checks a raw password against an encoded password. @@ -37,5 +37,5 @@ interface PasswordEncoderInterface * * @return Boolean true if the password is valid, false otherwise */ - function isPasswordValid($encoded, $raw, $salt); + public function isPasswordValid($encoded, $raw, $salt); } diff --git a/Core/Role/RoleHierarchyInterface.php b/Core/Role/RoleHierarchyInterface.php index d873b80..c495a7f 100644 --- a/Core/Role/RoleHierarchyInterface.php +++ b/Core/Role/RoleHierarchyInterface.php @@ -28,5 +28,5 @@ interface RoleHierarchyInterface * * @return array An array of all reachable roles */ - function getReachableRoles(array $roles); + public function getReachableRoles(array $roles); } diff --git a/Core/Role/RoleInterface.php b/Core/Role/RoleInterface.php index debda3a..a3cb266 100644 --- a/Core/Role/RoleInterface.php +++ b/Core/Role/RoleInterface.php @@ -31,5 +31,5 @@ interface RoleInterface * * @return string|null A string representation of the role, or null */ - function getRole(); + public function getRole(); } diff --git a/Core/SecurityContext.php b/Core/SecurityContext.php index bc6493b..1ec43e6 100644 --- a/Core/SecurityContext.php +++ b/Core/SecurityContext.php @@ -55,7 +55,7 @@ class SecurityContext implements SecurityContextInterface * * @return Boolean */ - public final function isGranted($attributes, $object = null) + final public function isGranted($attributes, $object = null) { if (null === $this->token) { throw new AuthenticationCredentialsNotFoundException('The security context contains no authentication token. One possible reason may be that there is no firewall configured for this URL.'); diff --git a/Core/SecurityContextInterface.php b/Core/SecurityContextInterface.php index 77c5bf8..78d6477 100644 --- a/Core/SecurityContextInterface.php +++ b/Core/SecurityContextInterface.php @@ -29,14 +29,14 @@ interface SecurityContextInterface * * @return TokenInterface|null A TokenInterface instance or null if no authentication information is available */ - function getToken(); + public function getToken(); /** * Sets the authentication token. * * @param TokenInterface $token */ - function setToken(TokenInterface $token = null); + public function setToken(TokenInterface $token = null); /** * Checks if the attributes are granted against the current authentication token and optionally supplied object. @@ -46,5 +46,5 @@ interface SecurityContextInterface * * @return Boolean */ - function isGranted($attributes, $object = null); + public function isGranted($attributes, $object = null); } diff --git a/Core/User/AdvancedUserInterface.php b/Core/User/AdvancedUserInterface.php index e951c65..5b3a51a 100644 --- a/Core/User/AdvancedUserInterface.php +++ b/Core/User/AdvancedUserInterface.php @@ -47,7 +47,7 @@ interface AdvancedUserInterface extends UserInterface * * @see AccountExpiredException */ - function isAccountNonExpired(); + public function isAccountNonExpired(); /** * Checks whether the user is locked. @@ -59,7 +59,7 @@ interface AdvancedUserInterface extends UserInterface * * @see LockedException */ - function isAccountNonLocked(); + public function isAccountNonLocked(); /** * Checks whether the user's credentials (password) has expired. @@ -71,7 +71,7 @@ interface AdvancedUserInterface extends UserInterface * * @see CredentialsExpiredException */ - function isCredentialsNonExpired(); + public function isCredentialsNonExpired(); /** * Checks whether the user is enabled. @@ -83,5 +83,5 @@ interface AdvancedUserInterface extends UserInterface * * @see DisabledException */ - function isEnabled(); + public function isEnabled(); } diff --git a/Core/User/EquatableInterface.php b/Core/User/EquatableInterface.php index e2bde9e..645b77c 100644 --- a/Core/User/EquatableInterface.php +++ b/Core/User/EquatableInterface.php @@ -33,5 +33,5 @@ interface EquatableInterface * * @return Boolean */ - function isEqualTo(UserInterface $user); + public function isEqualTo(UserInterface $user); } diff --git a/Core/User/UserCheckerInterface.php b/Core/User/UserCheckerInterface.php index 61f0f6e..3dd8d51 100644 --- a/Core/User/UserCheckerInterface.php +++ b/Core/User/UserCheckerInterface.php @@ -25,12 +25,12 @@ interface UserCheckerInterface * * @param UserInterface $user a UserInterface instance */ - function checkPreAuth(UserInterface $user); + public function checkPreAuth(UserInterface $user); /** * Checks the user account after authentication. * * @param UserInterface $user a UserInterface instance */ - function checkPostAuth(UserInterface $user); + public function checkPostAuth(UserInterface $user); } diff --git a/Core/User/UserInterface.php b/Core/User/UserInterface.php index ce3b3a8..ed96ca9 100644 --- a/Core/User/UserInterface.php +++ b/Core/User/UserInterface.php @@ -47,7 +47,7 @@ interface UserInterface * * @return Role[] The user roles */ - function getRoles(); + public function getRoles(); /** * Returns the password used to authenticate the user. @@ -57,7 +57,7 @@ interface UserInterface * * @return string The password */ - function getPassword(); + public function getPassword(); /** * Returns the salt that was originally used to encode the password. @@ -66,14 +66,14 @@ interface UserInterface * * @return string The salt */ - function getSalt(); + public function getSalt(); /** * Returns the username used to authenticate the user. * * @return string The username */ - function getUsername(); + public function getUsername(); /** * Removes sensitive data from the user. @@ -83,5 +83,5 @@ interface UserInterface * * @return void */ - function eraseCredentials(); + public function eraseCredentials(); } diff --git a/Core/User/UserProviderInterface.php b/Core/User/UserProviderInterface.php index dbd7924..6669c43 100644 --- a/Core/User/UserProviderInterface.php +++ b/Core/User/UserProviderInterface.php @@ -48,7 +48,7 @@ interface UserProviderInterface * @throws UsernameNotFoundException if the user is not found * */ - function loadUserByUsername($username); + public function loadUserByUsername($username); /** * Refreshes the user for the account interface. @@ -63,7 +63,7 @@ interface UserProviderInterface * * @throws UnsupportedUserException if the account is not supported */ - function refreshUser(UserInterface $user); + public function refreshUser(UserInterface $user); /** * Whether this provider supports the given user class @@ -72,5 +72,5 @@ interface UserProviderInterface * * @return Boolean */ - function supportsClass($class); + public function supportsClass($class); } diff --git a/Core/Validator/Constraint/UserPassword.php b/Core/Validator/Constraint/UserPassword.php index ef6e1ec..3279e02 100644 --- a/Core/Validator/Constraint/UserPassword.php +++ b/Core/Validator/Constraint/UserPassword.php @@ -18,7 +18,7 @@ use Symfony\Component\Validator\Constraint; */ class UserPassword extends Constraint { - public $message = 'This value should be the user current password'; + public $message = 'This value should be the user current password.'; public function validatedBy() { diff --git a/Http/AccessMapInterface.php b/Http/AccessMapInterface.php index dbd7282..7d15fee 100644 --- a/Http/AccessMapInterface.php +++ b/Http/AccessMapInterface.php @@ -29,5 +29,5 @@ interface AccessMapInterface * * @return array A tuple of security attributes and the required channel */ - function getPatterns(Request $request); + public function getPatterns(Request $request); } diff --git a/Http/Authentication/AuthenticationFailureHandlerInterface.php b/Http/Authentication/AuthenticationFailureHandlerInterface.php index 9cd7496..8dbd29a 100644 --- a/Http/Authentication/AuthenticationFailureHandlerInterface.php +++ b/Http/Authentication/AuthenticationFailureHandlerInterface.php @@ -33,7 +33,7 @@ interface AuthenticationFailureHandlerInterface * @param Request $request * @param AuthenticationException $exception * - * @return Response|null the response to return + * @return Response The response to return, never null */ - function onAuthenticationFailure(Request $request, AuthenticationException $exception); + public function onAuthenticationFailure(Request $request, AuthenticationException $exception); } diff --git a/Http/Authentication/AuthenticationSuccessHandlerInterface.php b/Http/Authentication/AuthenticationSuccessHandlerInterface.php index 8917f3e..5c08e73 100644 --- a/Http/Authentication/AuthenticationSuccessHandlerInterface.php +++ b/Http/Authentication/AuthenticationSuccessHandlerInterface.php @@ -33,7 +33,7 @@ interface AuthenticationSuccessHandlerInterface * @param Request $request * @param TokenInterface $token * - * @return Response|null the response to return + * @return Response never null */ - function onAuthenticationSuccess(Request $request, TokenInterface $token); + public function onAuthenticationSuccess(Request $request, TokenInterface $token); } diff --git a/Http/Authentication/DefaultAuthenticationFailureHandler.php b/Http/Authentication/DefaultAuthenticationFailureHandler.php new file mode 100644 index 0000000..61d77a8 --- /dev/null +++ b/Http/Authentication/DefaultAuthenticationFailureHandler.php @@ -0,0 +1,87 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Authentication; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\HttpKernelInterface; +use Symfony\Component\HttpKernel\Log\LoggerInterface; +use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\SecurityContextInterface; +use Symfony\Component\Security\Http\HttpUtils; + +/** + * Class with the default authentication failure handling logic. + * + * Can be optionally be extended from by the developer to alter the behaviour + * while keeping the default behaviour. + * + * @author Fabien Potencier <fabien@symfony.com> + * @author Johannes M. Schmitt <schmittjoh@gmail.com> + * @author Alexander <iam.asm89@gmail.com> + */ +class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface +{ + protected $httpKernel; + protected $httpUtils; + protected $logger; + protected $options; + + /** + * Constructor. + * + * @param HttpKernelInterface $httpKernel + * @param HttpUtils $httpUtils + * @param array $options Options for processing a failed authentication attempt. + * @param LoggerInterface $logger Optional logger + */ + public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options, LoggerInterface $logger = null) + { + $this->httpKernel = $httpKernel; + $this->httpUtils = $httpUtils; + $this->logger = $logger; + + $this->options = array_merge(array( + 'failure_path' => null, + 'failure_forward' => false, + 'login_path' => '/login', + ), $options); + } + + /** + * {@inheritDoc} + */ + public function onAuthenticationFailure(Request $request, AuthenticationException $exception) + { + if (null === $this->options['failure_path']) { + $this->options['failure_path'] = $this->options['login_path']; + } + + if ($this->options['failure_forward']) { + if (null !== $this->logger) { + $this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path'])); + } + + $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']); + $subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception); + + return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); + } + + if (null !== $this->logger) { + $this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path'])); + } + + $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception); + + return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']); + } +} diff --git a/Http/Authentication/DefaultAuthenticationSuccessHandler.php b/Http/Authentication/DefaultAuthenticationSuccessHandler.php new file mode 100644 index 0000000..66d6bda --- /dev/null +++ b/Http/Authentication/DefaultAuthenticationSuccessHandler.php @@ -0,0 +1,111 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Authentication; + +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\Security\Http\HttpUtils; + +/** + * Class with the default authentication success handling logic. + * + * Can be optionally be extended from by the developer to alter the behaviour + * while keeping the default behaviour. + * + * @author Fabien Potencier <fabien@symfony.com> + * @author Johannes M. Schmitt <schmittjoh@gmail.com> + * @author Alexander <iam.asm89@gmail.com> + */ +class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface +{ + protected $httpUtils; + protected $options; + protected $providerKey; + + /** + * Constructor. + * + * @param HttpUtils $httpUtils + * @param array $options Options for processing a successful authentication attempt. + */ + public function __construct(HttpUtils $httpUtils, array $options) + { + $this->httpUtils = $httpUtils; + + $this->options = array_merge(array( + 'always_use_default_target_path' => false, + 'default_target_path' => '/', + 'login_path' => '/login', + 'target_path_parameter' => '_target_path', + 'use_referer' => false, + ), $options); + } + + /** + * {@inheritDoc} + */ + public function onAuthenticationSuccess(Request $request, TokenInterface $token) + { + return $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request)); + } + + + /** + * Get the provider key. + * + * @return string + */ + public function getProviderKey() + { + return $this->providerKey; + } + + /** + * Set the provider key. + * + * @param string $providerKey + */ + public function setProviderKey($providerKey) + { + $this->providerKey = $providerKey; + } + + /** + * Builds the target URL according to the defined options. + * + * @param Request $request + * + * @return string + */ + protected function determineTargetUrl(Request $request) + { + if ($this->options['always_use_default_target_path']) { + return $this->options['default_target_path']; + } + + if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) { + return $targetUrl; + } + + if (null !== $this->providerKey && $targetUrl = $request->getSession()->get('_security.'.$this->providerKey.'.target_path')) { + $request->getSession()->remove('_security.'.$this->providerKey.'.target_path'); + + return $targetUrl; + } + + if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $request->getUriForPath($this->options['login_path'])) { + return $targetUrl; + } + + return $this->options['default_target_path']; + } +} diff --git a/Http/Authorization/AccessDeniedHandlerInterface.php b/Http/Authorization/AccessDeniedHandlerInterface.php index 8670cbb..a10a5d0 100644 --- a/Http/Authorization/AccessDeniedHandlerInterface.php +++ b/Http/Authorization/AccessDeniedHandlerInterface.php @@ -30,5 +30,5 @@ interface AccessDeniedHandlerInterface * * @return Response may return null */ - function handle(Request $request, AccessDeniedException $accessDeniedException); + public function handle(Request $request, AccessDeniedException $accessDeniedException); } diff --git a/Http/EntryPoint/AuthenticationEntryPointInterface.php b/Http/EntryPoint/AuthenticationEntryPointInterface.php index 9fc3501..d190fc7 100644 --- a/Http/EntryPoint/AuthenticationEntryPointInterface.php +++ b/Http/EntryPoint/AuthenticationEntryPointInterface.php @@ -30,5 +30,5 @@ interface AuthenticationEntryPointInterface * * @return Response */ - function start(Request $request, AuthenticationException $authException = null); + public function start(Request $request, AuthenticationException $authException = null); } diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index a7301db..1af1646 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -70,14 +70,14 @@ abstract class AbstractAuthenticationListener implements ListenerInterface * @param SessionAuthenticationStrategyInterface $sessionStrategy * @param HttpUtils $httpUtils An HttpUtilsInterface instance * @param string $providerKey + * @param AuthenticationSuccessHandlerInterface $successHandler + * @param AuthenticationFailureHandlerInterface $failureHandler * @param array $options An array of options for the processing of a * successful, or failed authentication attempt - * @param AuthenticationSuccessHandlerInterface $successHandler - * @param AuthenticationFailureHandlerInterface $failureHandler - * @param LoggerInterface $logger A LoggerInterface instance - * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance + * @param LoggerInterface $logger A LoggerInterface instance + * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) + public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); @@ -91,13 +91,6 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->failureHandler = $failureHandler; $this->options = array_merge(array( 'check_path' => '/login_check', - 'login_path' => '/login', - 'always_use_default_target_path' => false, - 'default_target_path' => '/', - 'target_path_parameter' => '_target_path', - 'use_referer' => false, - 'failure_path' => null, - 'failure_forward' => false, ), $options); $this->logger = $logger; $this->dispatcher = $dispatcher; @@ -119,7 +112,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface * * @param GetResponseEvent $event A GetResponseEvent instance */ - public final function handle(GetResponseEvent $event) + final public function handle(GetResponseEvent $event) { $request = $event->getRequest(); @@ -191,34 +184,13 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->securityContext->setToken(null); - if (null !== $this->failureHandler) { - if (null !== $response = $this->failureHandler->onAuthenticationFailure($request, $failed)) { - return $response; - } - } - - if (null === $this->options['failure_path']) { - $this->options['failure_path'] = $this->options['login_path']; - } - - if ($this->options['failure_forward']) { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path'])); - } - - $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']); - $subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed); - - return $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST); - } + $response = $this->failureHandler->onAuthenticationFailure($request, $failed); - if (null !== $this->logger) { - $this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path'])); + if (!$response instanceof Response) { + throw new \RuntimeException('Authentication Failure Handler did not return a Response.'); } - $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed); - - return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']); + return $response; } private function onSuccess(GetResponseEvent $event, Request $request, TokenInterface $token) @@ -238,12 +210,10 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent); } - $response = null; - if (null !== $this->successHandler) { - $response = $this->successHandler->onAuthenticationSuccess($request, $token); - } - if (null === $response) { - $response = $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request)); + $response = $this->successHandler->onAuthenticationSuccess($request, $token); + + if (!$response instanceof Response) { + throw new \RuntimeException('Authentication Success Handler did not return a Response.'); } if (null !== $this->rememberMeServices) { @@ -252,35 +222,4 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return $response; } - - /** - * Builds the target URL according to the defined options. - * - * @param Request $request - * - * @return string - */ - private function determineTargetUrl(Request $request) - { - if ($this->options['always_use_default_target_path']) { - return $this->options['default_target_path']; - } - - if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) { - return $targetUrl; - } - - $session = $request->getSession(); - if ($targetUrl = $session->get('_security.' . $this->providerKey . '.target_path')) { - $session->remove('_security.' . $this->providerKey . '.target_path'); - - return $targetUrl; - } - - if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $request->getUriForPath($this->options['login_path'])) { - return $targetUrl; - } - - return $this->options['default_target_path']; - } } diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php index 66d0ea1..66041be 100644 --- a/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -51,7 +51,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface * * @param GetResponseEvent $event A GetResponseEvent instance */ - public final function handle(GetResponseEvent $event) + final public function handle(GetResponseEvent $event) { $request = $event->getRequest(); diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 9a53827..f134f9c 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -97,6 +97,8 @@ class ExceptionListener return; } } elseif ($exception instanceof AccessDeniedException) { + $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); + $token = $this->context->getToken(); if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { @@ -127,10 +129,7 @@ class ExceptionListener $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true); - $response->setStatusCode(403); } else { - $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); - return; } } catch (\Exception $e) { @@ -148,8 +147,6 @@ class ExceptionListener $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); } - $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); - return; } else { return; diff --git a/Http/Firewall/ListenerInterface.php b/Http/Firewall/ListenerInterface.php index ccde86e..b670474 100644 --- a/Http/Firewall/ListenerInterface.php +++ b/Http/Firewall/ListenerInterface.php @@ -25,5 +25,5 @@ interface ListenerInterface * * @param GetResponseEvent $event */ - function handle(GetResponseEvent $event); + public function handle(GetResponseEvent $event); } diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php index d145fa1..32a0511 100644 --- a/Http/Firewall/LogoutListener.php +++ b/Http/Firewall/LogoutListener.php @@ -40,11 +40,11 @@ class LogoutListener implements ListenerInterface * * @param SecurityContextInterface $securityContext * @param HttpUtils $httpUtils An HttpUtilsInterface instance - * @param array $options An array of options to process a logout attempt * @param LogoutSuccessHandlerInterface $successHandler A LogoutSuccessHandlerInterface instance + * @param array $options An array of options to process a logout attempt * @param CsrfProviderInterface $csrfProvider A CsrfProviderInterface instance */ - public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, array $options = array(), LogoutSuccessHandlerInterface $successHandler = null, CsrfProviderInterface $csrfProvider = null) + public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), CsrfProviderInterface $csrfProvider = null) { $this->securityContext = $securityContext; $this->httpUtils = $httpUtils; @@ -52,7 +52,6 @@ class LogoutListener implements ListenerInterface 'csrf_parameter' => '_csrf_token', 'intention' => 'logout', 'logout_path' => '/logout', - 'target_url' => '/', ), $options); $this->successHandler = $successHandler; $this->csrfProvider = $csrfProvider; @@ -95,14 +94,9 @@ class LogoutListener implements ListenerInterface } } - if (null !== $this->successHandler) { - $response = $this->successHandler->onLogoutSuccess($request); - - if (!$response instanceof Response) { - throw new \RuntimeException('Logout Success Handler did not return a Response.'); - } - } else { - $response = $this->httpUtils->createRedirectResponse($request, $this->options['target_url']); + $response = $this->successHandler->onLogoutSuccess($request); + if (!$response instanceof Response) { + throw new \RuntimeException('Logout Success Handler did not return a Response.'); } // handle multiple logout attempts gracefully diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 4bcb785..22330a8 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -37,21 +37,21 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL /** * {@inheritdoc} */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null) + public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null) { - parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, array_merge(array( + parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array( 'username_parameter' => '_username', 'password_parameter' => '_password', 'csrf_parameter' => '_csrf_token', 'intention' => 'authenticate', 'post_only' => true, - ), $options), $successHandler, $failureHandler, $logger, $dispatcher); + ), $options), $logger, $dispatcher); $this->csrfProvider = $csrfProvider; } /** - * @{inheritdoc} + * {@inheritdoc} */ protected function requiresAuthentication(Request $request) { diff --git a/Http/FirewallMapInterface.php b/Http/FirewallMapInterface.php index 5a42ff1..336125f 100644 --- a/Http/FirewallMapInterface.php +++ b/Http/FirewallMapInterface.php @@ -34,5 +34,5 @@ interface FirewallMapInterface * * @return array of the format array(array(AuthenticationListener), ExceptionListener) */ - function getListeners(Request $request); + public function getListeners(Request $request); } diff --git a/Http/Logout/DefaultLogoutSuccessHandler.php b/Http/Logout/DefaultLogoutSuccessHandler.php new file mode 100644 index 0000000..e06cb6d --- /dev/null +++ b/Http/Logout/DefaultLogoutSuccessHandler.php @@ -0,0 +1,47 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Logout; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\Security\Http\HttpUtils; +use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; + +/** + * Default logout success handler will redirect users to a configured path. + * + * @author Fabien Potencier <fabien@symfony.com> + * @author Alexander <iam.asm89@gmail.com> + */ +class DefaultLogoutSuccessHandler implements LogoutSuccessHandlerInterface +{ + protected $httpUtils; + protected $targetUrl; + + /** + * @param HttpUtils $httpUtils + * @param string $targetUrl + */ + public function __construct(HttpUtils $httpUtils, $targetUrl = '/') + { + $this->httpUtils = $httpUtils; + + $this->targetUrl = $targetUrl; + } + + /** + * {@inheritDoc} + */ + public function onLogoutSuccess(Request $request) + { + return $this->httpUtils->createRedirectResponse($request, $this->targetUrl); + } +} diff --git a/Http/Logout/LogoutHandlerInterface.php b/Http/Logout/LogoutHandlerInterface.php index 71be388..5e1cea8 100644 --- a/Http/Logout/LogoutHandlerInterface.php +++ b/Http/Logout/LogoutHandlerInterface.php @@ -31,5 +31,5 @@ interface LogoutHandlerInterface * @param Response $response * @param TokenInterface $token */ - function logout(Request $request, Response $response, TokenInterface $token); + public function logout(Request $request, Response $response, TokenInterface $token); } diff --git a/Http/Logout/LogoutSuccessHandlerInterface.php b/Http/Logout/LogoutSuccessHandlerInterface.php index fb1dd64..61642a8 100644 --- a/Http/Logout/LogoutSuccessHandlerInterface.php +++ b/Http/Logout/LogoutSuccessHandlerInterface.php @@ -33,5 +33,5 @@ interface LogoutSuccessHandlerInterface * * @return Response never null */ - function onLogoutSuccess(Request $request); + public function onLogoutSuccess(Request $request); } diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php index d61a6ce..4f7c5b9 100644 --- a/Http/RememberMe/AbstractRememberMeServices.php +++ b/Http/RememberMe/AbstractRememberMeServices.php @@ -91,7 +91,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface * * @return TokenInterface */ - public final function autoLogin(Request $request) + final public function autoLogin(Request $request) { if (null === $cookie = $request->cookies->get($this->options['name'])) { return; @@ -156,7 +156,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface * * @param Request $request */ - public final function loginFail(Request $request) + final public function loginFail(Request $request) { $this->cancelCookie($request); $this->onLoginFail($request); @@ -170,7 +170,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface * @param Response $response * @param TokenInterface $token The token that resulted in a successful authentication */ - public final function loginSuccess(Request $request, Response $response, TokenInterface $token) + final public function loginSuccess(Request $request, Response $response, TokenInterface $token) { if (!$token->getUser() instanceof UserInterface) { if (null !== $this->logger) { @@ -221,7 +221,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface */ abstract protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token); - protected final function getUserProvider($class) + final protected function getUserProvider($class) { foreach ($this->userProviders as $provider) { if ($provider->supportsClass($class)) { diff --git a/Http/RememberMe/RememberMeServicesInterface.php b/Http/RememberMe/RememberMeServicesInterface.php index 0497c69..a00dcef 100644 --- a/Http/RememberMe/RememberMeServicesInterface.php +++ b/Http/RememberMe/RememberMeServicesInterface.php @@ -51,7 +51,7 @@ interface RememberMeServicesInterface * * @return TokenInterface */ - function autoLogin(Request $request); + public function autoLogin(Request $request); /** * Called whenever an interactive authentication attempt was made, but the @@ -61,7 +61,7 @@ interface RememberMeServicesInterface * * @param Request $request */ - function loginFail(Request $request); + public function loginFail(Request $request); /** * Called whenever an interactive authentication attempt is successful @@ -78,5 +78,5 @@ interface RememberMeServicesInterface * @param Response $response * @param TokenInterface $token */ - function loginSuccess(Request $request, Response $response, TokenInterface $token); + public function loginSuccess(Request $request, Response $response, TokenInterface $token); } diff --git a/Http/Session/SessionAuthenticationStrategyInterface.php b/Http/Session/SessionAuthenticationStrategyInterface.php index 34f5089..2bc292b 100644 --- a/Http/Session/SessionAuthenticationStrategyInterface.php +++ b/Http/Session/SessionAuthenticationStrategyInterface.php @@ -33,5 +33,5 @@ interface SessionAuthenticationStrategyInterface * @param Request $request * @param TokenInterface $token */ - function onAuthentication(Request $request, TokenInterface $token); + public function onAuthentication(Request $request, TokenInterface $token); } diff --git a/Tests/Acl/Domain/SecurityIdentityRetrievalStrategyTest.php b/Tests/Acl/Domain/SecurityIdentityRetrievalStrategyTest.php index 2083728..f649653 100644 --- a/Tests/Acl/Domain/SecurityIdentityRetrievalStrategyTest.php +++ b/Tests/Acl/Domain/SecurityIdentityRetrievalStrategyTest.php @@ -116,7 +116,6 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase ->will($this->returnValue($username)) ; - return $account; } @@ -177,7 +176,6 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase ; } - return new SecurityIdentityRetrievalStrategy($roleHierarchy, $trustResolver); } } diff --git a/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php b/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php index 8bff354..4da0337 100644 --- a/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php +++ b/Tests/Core/Authentication/Provider/DaoAuthenticationProviderTest.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Tests\Core\Authentication\Provider; - use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder; use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider; diff --git a/Tests/Http/Firewall/LogoutListenerTest.php b/Tests/Http/Firewall/LogoutListenerTest.php index 6ffeed9..aa0f5a7 100644 --- a/Tests/Http/Firewall/LogoutListenerTest.php +++ b/Tests/Http/Firewall/LogoutListenerTest.php @@ -103,7 +103,9 @@ class LogoutListenerTest extends \PHPUnit_Framework_TestCase public function testHandleMatchedPathWithoutSuccessHandlerAndCsrfValidation() { - list($listener, $context, $httpUtils, $options) = $this->getListener(); + $successHandler = $this->getSuccessHandler(); + + list($listener, $context, $httpUtils, $options) = $this->getListener($successHandler); list($event, $request) = $this->getGetResponseEvent(); @@ -112,9 +114,9 @@ class LogoutListenerTest extends \PHPUnit_Framework_TestCase ->with($request, $options['logout_path']) ->will($this->returnValue(true)); - $httpUtils->expects($this->once()) - ->method('createRedirectResponse') - ->with($request, $options['target_url']) + $successHandler->expects($this->once()) + ->method('onLogoutSuccess') + ->with($request) ->will($this->returnValue($response = new Response())); $context->expects($this->once()) @@ -231,13 +233,13 @@ class LogoutListenerTest extends \PHPUnit_Framework_TestCase $listener = new LogoutListener( $context = $this->getContext(), $httpUtils = $this->getHttpUtils(), + $successHandler ?: $this->getSuccessHandler(), $options = array( 'csrf_parameter' => '_csrf_token', 'intention' => 'logout', 'logout_path' => '/logout', 'target_url' => '/', ), - $successHandler, $csrfProvider ); |