diff options
| -rw-r--r-- | Core/Tests/Authentication/Token/AbstractTokenTest.php | 18 | ||||
| -rw-r--r-- | Core/Tests/User/UserTest.php | 34 | ||||
| -rw-r--r-- | Guard/GuardAuthenticatorInterface.php | 6 | ||||
| -rw-r--r-- | Guard/Provider/GuardAuthenticationProvider.php | 5 | ||||
| -rw-r--r-- | Guard/Tests/Provider/GuardAuthenticationProviderTest.php | 37 |
5 files changed, 45 insertions, 55 deletions
diff --git a/Core/Tests/Authentication/Token/AbstractTokenTest.php b/Core/Tests/Authentication/Token/AbstractTokenTest.php index 6f2b6ed..1a786d7 100644 --- a/Core/Tests/Authentication/Token/AbstractTokenTest.php +++ b/Core/Tests/Authentication/Token/AbstractTokenTest.php @@ -85,10 +85,6 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase $token->eraseCredentials(); } - /** - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::serialize - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::unserialize - */ public function testSerialize() { $token = $this->getToken(array('ROLE_FOO')); @@ -114,9 +110,6 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase ); } - /** - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::__construct - */ public function testConstructor() { $token = $this->getToken(array('ROLE_FOO')); @@ -129,10 +122,6 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase $this->assertEquals(array(new Role('ROLE_FOO'), new Role('ROLE_BAR')), $token->getRoles()); } - /** - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::isAuthenticated - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::setAuthenticated - */ public function testAuthenticatedFlag() { $token = $this->getToken(); @@ -145,13 +134,6 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase $this->assertFalse($token->isAuthenticated()); } - /** - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::getAttributes - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::setAttributes - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::hasAttribute - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::getAttribute - * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::setAttribute - */ public function testAttributes() { $attributes = array('foo' => 'bar'); diff --git a/Core/Tests/User/UserTest.php b/Core/Tests/User/UserTest.php index f514eda..b589b4a 100644 --- a/Core/Tests/User/UserTest.php +++ b/Core/Tests/User/UserTest.php @@ -16,7 +16,6 @@ use Symfony\Component\Security\Core\User\User; class UserTest extends \PHPUnit_Framework_TestCase { /** - * @covers Symfony\Component\Security\Core\User\User::__construct * @expectedException \InvalidArgumentException */ public function testConstructorException() @@ -24,10 +23,6 @@ class UserTest extends \PHPUnit_Framework_TestCase new User('', 'superpass'); } - /** - * @covers Symfony\Component\Security\Core\User\User::__construct - * @covers Symfony\Component\Security\Core\User\User::getRoles - */ public function testGetRoles() { $user = new User('fabien', 'superpass'); @@ -37,38 +32,24 @@ class UserTest extends \PHPUnit_Framework_TestCase $this->assertEquals(array('ROLE_ADMIN'), $user->getRoles()); } - /** - * @covers Symfony\Component\Security\Core\User\User::__construct - * @covers Symfony\Component\Security\Core\User\User::getPassword - */ public function testGetPassword() { $user = new User('fabien', 'superpass'); $this->assertEquals('superpass', $user->getPassword()); } - /** - * @covers Symfony\Component\Security\Core\User\User::__construct - * @covers Symfony\Component\Security\Core\User\User::getUsername - */ public function testGetUsername() { $user = new User('fabien', 'superpass'); $this->assertEquals('fabien', $user->getUsername()); } - /** - * @covers Symfony\Component\Security\Core\User\User::getSalt - */ public function testGetSalt() { $user = new User('fabien', 'superpass'); $this->assertEquals('', $user->getSalt()); } - /** - * @covers Symfony\Component\Security\Core\User\User::isAccountNonExpired - */ public function testIsAccountNonExpired() { $user = new User('fabien', 'superpass'); @@ -78,9 +59,6 @@ class UserTest extends \PHPUnit_Framework_TestCase $this->assertFalse($user->isAccountNonExpired()); } - /** - * @covers Symfony\Component\Security\Core\User\User::isCredentialsNonExpired - */ public function testIsCredentialsNonExpired() { $user = new User('fabien', 'superpass'); @@ -90,9 +68,6 @@ class UserTest extends \PHPUnit_Framework_TestCase $this->assertFalse($user->isCredentialsNonExpired()); } - /** - * @covers Symfony\Component\Security\Core\User\User::isAccountNonLocked - */ public function testIsAccountNonLocked() { $user = new User('fabien', 'superpass'); @@ -102,9 +77,6 @@ class UserTest extends \PHPUnit_Framework_TestCase $this->assertFalse($user->isAccountNonLocked()); } - /** - * @covers Symfony\Component\Security\Core\User\User::isEnabled - */ public function testIsEnabled() { $user = new User('fabien', 'superpass'); @@ -114,9 +86,6 @@ class UserTest extends \PHPUnit_Framework_TestCase $this->assertFalse($user->isEnabled()); } - /** - * @covers Symfony\Component\Security\Core\User\User::eraseCredentials - */ public function testEraseCredentials() { $user = new User('fabien', 'superpass'); @@ -124,9 +93,6 @@ class UserTest extends \PHPUnit_Framework_TestCase $this->assertEquals('superpass', $user->getPassword()); } - /** - * @covers Symfony\Component\Security\Core\User\User::__toString - */ public function testToString() { $user = new User('fabien', 'superpass'); diff --git a/Guard/GuardAuthenticatorInterface.php b/Guard/GuardAuthenticatorInterface.php index 2db313c..6e62ae6 100644 --- a/Guard/GuardAuthenticatorInterface.php +++ b/Guard/GuardAuthenticatorInterface.php @@ -73,7 +73,11 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface public function getUser($credentials, UserProviderInterface $userProvider); /** - * Throw an AuthenticationException if the credentials are invalid. + * Returns true if the credentials are valid. + * + * If any value other than true is returned, authentication will + * fail. You may also throw an AuthenticationException if you wish + * to cause authentication to fail. * * The *credentials* are the return value from getCredentials() * diff --git a/Guard/Provider/GuardAuthenticationProvider.php b/Guard/Provider/GuardAuthenticationProvider.php index 2a58085..4347e02 100644 --- a/Guard/Provider/GuardAuthenticationProvider.php +++ b/Guard/Provider/GuardAuthenticationProvider.php @@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Guard\Provider; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Guard\GuardAuthenticatorInterface; use Symfony\Component\Security\Guard\Token\GuardTokenInterface; @@ -122,7 +123,9 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface } $this->userChecker->checkPreAuth($user); - $guardAuthenticator->checkCredentials($token->getCredentials(), $user); + if (true !== $guardAuthenticator->checkCredentials($token->getCredentials(), $user)) { + throw new BadCredentialsException(sprintf('Authentication failed because %s::checkCredentials() did not return true.', get_class($guardAuthenticator))); + } $this->userChecker->checkPostAuth($user); // turn the UserInterface into a TokenInterface diff --git a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php index 33c00e5..bfcf24b 100644 --- a/Guard/Tests/Provider/GuardAuthenticationProviderTest.php +++ b/Guard/Tests/Provider/GuardAuthenticationProviderTest.php @@ -60,7 +60,9 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase // checkCredentials is called $authenticatorB->expects($this->once()) ->method('checkCredentials') - ->with($enteredCredentials, $mockedUser); + ->with($enteredCredentials, $mockedUser) + // authentication works! + ->will($this->returnValue(true)); $authedToken = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); $authenticatorB->expects($this->once()) ->method('createAuthenticatedToken') @@ -81,6 +83,39 @@ class GuardAuthenticationProviderTest extends \PHPUnit_Framework_TestCase } /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + */ + public function testCheckCredentialsReturningNonTrueFailsAuthentication() + { + $providerKey = 'my_uncool_firewall'; + + $authenticator = $this->getMock('Symfony\Component\Security\Guard\GuardAuthenticatorInterface'); + + // make sure the authenticator is used + $this->preAuthenticationToken->expects($this->any()) + ->method('getGuardProviderKey') + // the 0 index, to match the only authenticator + ->will($this->returnValue('my_uncool_firewall_0')); + + $this->preAuthenticationToken->expects($this->atLeastOnce()) + ->method('getCredentials') + ->will($this->returnValue('non-null-value')); + + $mockedUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $authenticator->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($mockedUser)); + // checkCredentials is called + $authenticator->expects($this->once()) + ->method('checkCredentials') + // authentication fails :( + ->will($this->returnValue(null)); + + $provider = new GuardAuthenticationProvider(array($authenticator), $this->userProvider, $providerKey, $this->userChecker); + $provider->authenticate($this->preAuthenticationToken); + } + + /** * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationExpiredException */ public function testGuardWithNoLongerAuthenticatedTriggersLogout() |