diff options
| -rw-r--r-- | Authentication/Provider/DaoAuthenticationProvider.php | 23 | ||||
| -rw-r--r-- | Authentication/Provider/UserAuthenticationProvider.php | 23 | ||||
| -rw-r--r-- | Authentication/Token/Token.php | 13 | ||||
| -rw-r--r-- | Authentication/Token/TokenInterface.php | 7 | ||||
| -rw-r--r-- | Authentication/Token/UsernamePasswordToken.php | 3 | ||||
| -rw-r--r-- | Exception/UnsupportedAccountException.php | 13 | ||||
| -rw-r--r-- | User/AccountInterface.php | 2 | ||||
| -rw-r--r-- | User/InMemoryUserProvider.php | 26 | ||||
| -rw-r--r-- | User/UserProviderInterface.php | 32 |
9 files changed, 60 insertions, 82 deletions
diff --git a/Authentication/Provider/DaoAuthenticationProvider.php b/Authentication/Provider/DaoAuthenticationProvider.php index 34880b2..4f93440 100644 --- a/Authentication/Provider/DaoAuthenticationProvider.php +++ b/Authentication/Provider/DaoAuthenticationProvider.php @@ -78,28 +78,21 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider { $user = $token->getUser(); if ($user instanceof AccountInterface) { - return array($user, $token->getUserProviderName()); + return $user; } - $result = null; try { - $result = $this->userProvider->loadUserByUsername($username); + $user = $this->userProvider->loadUserByUsername($username); + + if (!$user instanceof AccountInterface) { + throw new AuthenticationServiceException('The user provider must return an AccountInterface object.'); + } + + return $user; } catch (UsernameNotFoundException $notFound) { throw $notFound; } catch (\Exception $repositoryProblem) { throw new AuthenticationServiceException($repositoryProblem->getMessage(), $token, 0, $repositoryProblem); } - - if (!is_array($result) || 2 !== count($result)) { - throw new AuthenticationServiceException('User provider did not return an array, or array had invalid format.'); - } - if (!$result[0] instanceof AccountInterface) { - throw new AuthenticationServiceException('The user provider must return an AccountInterface object.'); - } - if (empty($result[1])) { - throw new AuthenticationServiceException('The user provider must return a non-empty user provider name.'); - } - - return $result; } } diff --git a/Authentication/Provider/UserAuthenticationProvider.php b/Authentication/Provider/UserAuthenticationProvider.php index f621e42..b5e2dbb 100644 --- a/Authentication/Provider/UserAuthenticationProvider.php +++ b/Authentication/Provider/UserAuthenticationProvider.php @@ -54,7 +54,17 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter $username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token; try { - $result = $this->retrieveUser($username, $token); + $user = $this->retrieveUser($username, $token); + + if (!$user instanceof AccountInterface) { + throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.'); + } + + $this->accountChecker->checkPreAuth($user); + $this->checkAuthentication($user, $token); + $this->accountChecker->checkPostAuth($user); + + return new UsernamePasswordToken($user, $token->getCredentials(), $user->getRoles()); } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $notFound); @@ -62,17 +72,6 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter throw $notFound; } - - if (!is_array($result) || 2 !== count($result)) { - throw new AuthenticationServiceException('retrieveUser() did not return an array, or array had invalid format.'); - } - list($user, $userProviderName) = $result; - - $this->accountChecker->checkPreAuth($user); - $this->checkAuthentication($user, $token); - $this->accountChecker->checkPostAuth($user); - - return new UsernamePasswordToken($user, $token->getCredentials(), $userProviderName, $user->getRoles()); } /** diff --git a/Authentication/Token/Token.php b/Authentication/Token/Token.php index 37b7ded..8927c80 100644 --- a/Authentication/Token/Token.php +++ b/Authentication/Token/Token.php @@ -26,7 +26,6 @@ abstract class Token implements TokenInterface protected $roles; protected $authenticated; protected $user; - protected $userProviderName; protected $credentials; protected $immutable; @@ -167,14 +166,6 @@ abstract class Token implements TokenInterface } /** - * {@inheritDoc} - */ - public function getUserProviderName() - { - return $this->userProviderName; - } - - /** * {@inheritdoc} */ public function isImmutable() @@ -195,7 +186,7 @@ abstract class Token implements TokenInterface */ public function serialize() { - return serialize(array($this->user, $this->userProviderName, $this->credentials, $this->authenticated, $this->roles, $this->immutable)); + return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable)); } /** @@ -203,6 +194,6 @@ abstract class Token implements TokenInterface */ public function unserialize($serialized) { - list($this->user, $this->userProviderName, $this->credentials, $this->authenticated, $this->roles, $this->immutable) = unserialize($serialized); + list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable) = unserialize($serialized); } } diff --git a/Authentication/Token/TokenInterface.php b/Authentication/Token/TokenInterface.php index 4f37522..2b50693 100644 --- a/Authentication/Token/TokenInterface.php +++ b/Authentication/Token/TokenInterface.php @@ -66,13 +66,6 @@ interface TokenInterface extends \Serializable function setUser($user); /** - * Returns a unique id for the user provider that was used to retrieve the user - * - * @return string - */ - function getUserProviderName(); - - /** * Checks if the user is authenticated or not. * * @return Boolean true if the token has been authenticated, false otherwise diff --git a/Authentication/Token/UsernamePasswordToken.php b/Authentication/Token/UsernamePasswordToken.php index ce11cb3..021a90e 100644 --- a/Authentication/Token/UsernamePasswordToken.php +++ b/Authentication/Token/UsernamePasswordToken.php @@ -21,13 +21,12 @@ class UsernamePasswordToken extends Token /** * Constructor. */ - public function __construct($user, $credentials, $userProviderName = null, array $roles = array()) + public function __construct($user, $credentials, array $roles = array()) { parent::__construct($roles); $this->setUser($user); $this->credentials = $credentials; - $this->userProviderName = $userProviderName; parent::setAuthenticated((Boolean) count($roles)); } diff --git a/Exception/UnsupportedAccountException.php b/Exception/UnsupportedAccountException.php new file mode 100644 index 0000000..841e0b7 --- /dev/null +++ b/Exception/UnsupportedAccountException.php @@ -0,0 +1,13 @@ +<?php + +namespace Symfony\Component\Security\Exception; + +/** + * This exception is thrown when an account is reloaded from a provider which + * doesn't support the passed implementation of AccountInterface. + * + * @author Johannes M. Schmitt <schmittjoh@gmail.com> + */ +class UnsupportedAccountException extends AuthenticationServiceException +{ +}
\ No newline at end of file diff --git a/User/AccountInterface.php b/User/AccountInterface.php index e22393f..b901b08 100644 --- a/User/AccountInterface.php +++ b/User/AccountInterface.php @@ -55,6 +55,8 @@ interface AccountInterface /** * Removes sensitive data from the user. + * + * @return void */ function eraseCredentials(); diff --git a/User/InMemoryUserProvider.php b/User/InMemoryUserProvider.php index 1017a7c..fe9dc30 100644 --- a/User/InMemoryUserProvider.php +++ b/User/InMemoryUserProvider.php @@ -3,6 +3,7 @@ namespace Symfony\Component\Security\User; use Symfony\Component\Security\Exception\UsernameNotFoundException; +use Symfony\Component\Security\Exception\UnsupportedAccountException; /* * This file is part of the Symfony package. @@ -24,7 +25,6 @@ use Symfony\Component\Security\Exception\UsernameNotFoundException; class InMemoryUserProvider implements UserProviderInterface { protected $users; - protected $name; /** * Constructor. @@ -35,7 +35,7 @@ class InMemoryUserProvider implements UserProviderInterface * @param array $users An array of users * @param string $name */ - public function __construct($name, array $users = array()) + public function __construct(array $users = array()) { foreach ($users as $username => $attributes) { $password = isset($attributes['password']) ? $attributes['password'] : null; @@ -45,8 +45,6 @@ class InMemoryUserProvider implements UserProviderInterface $this->createUser($user); } - - $this->name = $name; } /** @@ -64,14 +62,6 @@ class InMemoryUserProvider implements UserProviderInterface } /** - * {@inheritDoc} - */ - public function isAggregate() - { - return false; - } - - /** * {@inheritdoc} */ public function loadUserByUsername($username) @@ -82,15 +72,19 @@ class InMemoryUserProvider implements UserProviderInterface $user = $this->users[strtolower($username)]; - return array(new User($user->getUsername(), $user->getPassword(), $user->getRoles(), $user->isEnabled(), $user->isAccountNonExpired(), - $user->isCredentialsNonExpired(), $user->isAccountNonLocked()), $this->name); + return new User($user->getUsername(), $user->getPassword(), $user->getRoles(), $user->isEnabled(), $user->isAccountNonExpired(), + $user->isCredentialsNonExpired(), $user->isAccountNonLocked()); } /** * {@inheritDoc} */ - public function supports($providerName) + public function reloadUserByAccount(AccountInterface $account) { - return $this->name === $providerName; + if (!$account instanceof User) { + throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account))); + } + + return $this->loadUserByUsername((string) $account); } } diff --git a/User/UserProviderInterface.php b/User/UserProviderInterface.php index a91ace5..511197a 100644 --- a/User/UserProviderInterface.php +++ b/User/UserProviderInterface.php @@ -20,33 +20,27 @@ namespace Symfony\Component\Security\User; interface UserProviderInterface { /** - * Whether this provider is an aggregate of user providers - * - * @return Boolean - */ - function isAggregate(); - - /** * Loads the user for the given username. * * This method must throw UsernameNotFoundException if the user is not * found. * - * @param string $username The username - * - * @return array of the form: array(AccountInterface, string) with the - * implementation of AccountInterface, and the name of the provider - * that was used to retrieve it - * * @throws UsernameNotFoundException if the user is not found + * @param string $username The username + * @return AccountInterface */ function loadUserByUsername($username); /** - * Determines whether this provider supports the given provider name - * - * @param string $providerName - * @return Boolean + * Loads the user for the account interface. + * + * It is up to the implementation if it decides to reload the user data + * from the database, or if it simply merges the passed User into the + * identity map of an entity manager. + * + * @throws UnsupportedAccountException if the account is not supported + * @param AccountInterface $user + * @return AccountInterface */ - function supports($providerName); -} + function reloadUserByAccount(AccountInterface $user); +}
\ No newline at end of file |