diff options
| -rw-r--r-- | Acl/Dbal/AclProvider.php | 4 | ||||
| -rw-r--r-- | Acl/Dbal/MutableAclProvider.php | 77 | ||||
| -rw-r--r-- | Acl/Permission/MaskBuilder.php | 54 | ||||
| -rw-r--r-- | Acl/README.md | 2 | ||||
| -rw-r--r-- | Acl/Tests/Dbal/MutableAclProviderTest.php | 30 | ||||
| -rw-r--r-- | Acl/Tests/Domain/AuditLoggerTest.php | 6 | ||||
| -rw-r--r-- | Acl/composer.json | 2 | ||||
| -rw-r--r-- | Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php | 21 | ||||
| -rw-r--r-- | Core/Authorization/Voter/ExpressionVoter.php | 4 | ||||
| -rw-r--r-- | Core/Encoder/BasePasswordEncoder.php | 2 | ||||
| -rw-r--r-- | Core/README.md | 2 | ||||
| -rw-r--r-- | Core/composer.json | 2 | ||||
| -rw-r--r-- | Csrf/README.md | 2 | ||||
| -rw-r--r-- | Csrf/composer.json | 2 | ||||
| -rw-r--r-- | Http/README.md | 2 | ||||
| -rw-r--r-- | Http/Tests/Firewall/SwitchUserListenerTest.php | 8 | ||||
| -rw-r--r-- | Http/composer.json | 2 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | composer.json | 2 |
19 files changed, 167 insertions, 59 deletions
diff --git a/Acl/Dbal/AclProvider.php b/Acl/Dbal/AclProvider.php index 5d45655..b4791fa 100644 --- a/Acl/Dbal/AclProvider.php +++ b/Acl/Dbal/AclProvider.php @@ -165,13 +165,13 @@ class AclProvider implements AclProviderInterface if ((self::MAX_BATCH_SIZE === count($currentBatch) || ($i + 1) === $c) && count($currentBatch) > 0) { try { $loadedBatch = $this->lookupObjectIdentities($currentBatch, $sids, $oidLookup); - } catch (AclNotFoundException $aclNotFoundexception) { + } catch (AclNotFoundException $aclNotFoundException) { if ($result->count()) { $partialResultException = new NotAllAclsFoundException('The provider could not find ACLs for all object identities.'); $partialResultException->setPartialResult($result); throw $partialResultException; } else { - throw $aclNotFoundexception; + throw $aclNotFoundException; } } foreach ($loadedBatch as $loadedOid) { diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php index 29d3cfd..e4b2a75 100644 --- a/Acl/Dbal/MutableAclProvider.php +++ b/Acl/Dbal/MutableAclProvider.php @@ -109,6 +109,18 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf } /** + * Deletes the security identity from the database. + * ACL entries have the CASCADE option on their foreign key so they will also get deleted + * + * @param SecurityIdentityInterface $sid + * @throws \InvalidArgumentException + */ + public function deleteSecurityIdentity(SecurityIdentityInterface $sid) + { + $this->connection->executeQuery($this->getDeleteSecurityIdentityIdSql($sid)); + } + + /** * {@inheritDoc} */ public function findAcls(array $oids, array $sids = array()) @@ -253,7 +265,7 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf } // check properties for deleted, and created ACEs, and perform deletions - // we need to perfom deletions before updating existing ACEs, in order to + // we need to perform deletions before updating existing ACEs, in order to // preserve uniqueness of the order field if (isset($propertyChanges['classAces'])) { $this->updateOldAceProperty('classAces', $propertyChanges['classAces']); @@ -352,6 +364,17 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf } /** + * Updates a user security identity when the user's username changes + * + * @param UserSecurityIdentity $usid + * @param string $oldUsername + */ + public function updateUserSecurityIdentity(UserSecurityIdentity $usid, $oldUsername) + { + $this->connection->executeQuery($this->getUpdateUserSecurityIdentitySql($usid, $oldUsername)); + } + + /** * Constructs the SQL for deleting access control entries. * * @param integer $oidPK @@ -360,7 +383,7 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf protected function getDeleteAccessControlEntriesSql($oidPK) { return sprintf( - 'DELETE FROM %s WHERE object_identity_id = %d', + 'DELETE FROM %s WHERE object_identity_id = %d', $this->options['entry_table_name'], $oidPK ); @@ -612,6 +635,21 @@ QUERY; } /** + * Constructs the SQL to delete a security identity. + * + * @param SecurityIdentityInterface $sid + * @throws \InvalidArgumentException + * @return string + */ + protected function getDeleteSecurityIdentityIdSql(SecurityIdentityInterface $sid) + { + $select = $this->getSelectSecurityIdentityIdSql($sid); + $delete = preg_replace('/^SELECT id FROM/', 'DELETE FROM', $select); + + return $delete; + } + + /** * Constructs the SQL for updating an object identity. * * @param integer $pk @@ -634,6 +672,31 @@ QUERY; } /** + * Constructs the SQL for updating a user security identity. + * + * @param UserSecurityIdentity $usid + * @param string $oldUsername + * @return string + */ + protected function getUpdateUserSecurityIdentitySql(UserSecurityIdentity $usid, $oldUsername) + { + if ($usid->getUsername() == $oldUsername) { + throw new \InvalidArgumentException('There are no changes.'); + } + + $oldIdentifier = $usid->getClass().'-'.$oldUsername; + $newIdentifier = $usid->getClass().'-'.$usid->getUsername(); + + return sprintf( + 'UPDATE %s SET identifier = %s WHERE identifier = %s AND username = %s', + $this->options['sid_table_name'], + $this->connection->quote($newIdentifier), + $this->connection->quote($oldIdentifier), + $this->connection->getDatabasePlatform()->convertBooleans(true) + ); + } + + /** * Constructs the SQL for updating an ACE. * * @param integer $pk @@ -806,7 +869,7 @@ QUERY; * @param string $name * @param array $changes */ - private function updateOldFieldAceProperty($ane, array $changes) + private function updateOldFieldAceProperty($name, array $changes) { $currentIds = array(); foreach ($changes[1] as $field => $new) { @@ -925,11 +988,12 @@ QUERY; if (isset($propertyChanges['aceOrder']) && $propertyChanges['aceOrder'][1] > $propertyChanges['aceOrder'][0] && $propertyChanges == $aces->offsetGet($ace)) { - $aces->next(); - if ($aces->valid()) { + + $aces->next(); + if ($aces->valid()) { $this->updateAce($aces, $aces->current()); - } } + } if (isset($propertyChanges['mask'])) { $sets[] = sprintf('mask = %d', $propertyChanges['mask'][1]); @@ -949,5 +1013,4 @@ QUERY; $this->connection->executeQuery($this->getUpdateAccessControlEntrySql($ace->getId(), $sets)); } - } diff --git a/Acl/Permission/MaskBuilder.php b/Acl/Permission/MaskBuilder.php index 017e7c0..1f6ab1e 100644 --- a/Acl/Permission/MaskBuilder.php +++ b/Acl/Permission/MaskBuilder.php @@ -96,13 +96,7 @@ class MaskBuilder */ public function add($mask) { - if (is_string($mask) && defined($name = 'static::MASK_'.strtoupper($mask))) { - $mask = constant($name); - } elseif (!is_int($mask)) { - throw new \InvalidArgumentException('$mask must be an integer.'); - } - - $this->mask |= $mask; + $this->mask |= $this->getMask($mask); return $this; } @@ -152,13 +146,7 @@ class MaskBuilder */ public function remove($mask) { - if (is_string($mask) && defined($name = 'static::MASK_'.strtoupper($mask))) { - $mask = constant($name); - } elseif (!is_int($mask)) { - throw new \InvalidArgumentException('$mask must be an integer.'); - } - - $this->mask &= ~$mask; + $this->mask &= ~$this->getMask($mask); return $this; } @@ -191,19 +179,43 @@ class MaskBuilder $reflection = new \ReflectionClass(get_called_class()); foreach ($reflection->getConstants() as $name => $cMask) { - if (0 !== strpos($name, 'MASK_')) { + if (0 !== strpos($name, 'MASK_') || $mask !== $cMask) { continue; } - if ($mask === $cMask) { - if (!defined($cName = 'static::CODE_'.substr($name, 5))) { - throw new \RuntimeException('There was no code defined for this mask.'); - } - - return constant($cName); + if (!defined($cName = 'static::CODE_'.substr($name, 5))) { + throw new \RuntimeException('There was no code defined for this mask.'); } + + return constant($cName); } throw new \InvalidArgumentException(sprintf('The mask "%d" is not supported.', $mask)); } + + /** + * Returns the mask for the passed code + * + * @param mixed $code + * + * @return integer + * + * @throws \InvalidArgumentException + */ + private function getMask($code) + { + if (is_string($code)) { + if (!defined($name = sprintf('static::MASK_%s', strtoupper($code)))) { + throw new \InvalidArgumentException(sprintf('The code "%s" is not supported', $code)); + } + + return constant($name); + } + + if (!is_int($code)) { + throw new \InvalidArgumentException('$code must be an integer.'); + } + + return $code; + } } diff --git a/Acl/README.md b/Acl/README.md index 87e5092..6c009a3 100644 --- a/Acl/README.md +++ b/Acl/README.md @@ -11,7 +11,7 @@ Resources Documentation: -http://symfony.com/doc/2.4/book/security.html +http://symfony.com/doc/2.5/book/security.html Tests ----- diff --git a/Acl/Tests/Dbal/MutableAclProviderTest.php b/Acl/Tests/Dbal/MutableAclProviderTest.php index 440f69c..8c920cf 100644 --- a/Acl/Tests/Dbal/MutableAclProviderTest.php +++ b/Acl/Tests/Dbal/MutableAclProviderTest.php @@ -407,6 +407,36 @@ class MutableAclProviderTest extends \PHPUnit_Framework_TestCase $provider->updateAcl($acl); } + public function testUpdateUserSecurityIdentity() + { + $provider = $this->getProvider(); + $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); + $sid = new UserSecurityIdentity('johannes', 'FooClass'); + $acl->setEntriesInheriting(!$acl->isEntriesInheriting()); + + $acl->insertObjectAce($sid, 1); + $acl->insertClassAce($sid, 5, 0, false); + $acl->insertObjectAce($sid, 2, 1, true); + $acl->insertClassFieldAce('field', $sid, 2, 0, true); + $provider->updateAcl($acl); + + $newSid = new UserSecurityIdentity('mathieu', 'FooClass'); + $provider->updateUserSecurityIdentity($newSid, 'johannes'); + + $reloadProvider = $this->getProvider(); + $reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo')); + + $this->assertNotSame($acl, $reloadedAcl); + $this->assertSame($acl->isEntriesInheriting(), $reloadedAcl->isEntriesInheriting()); + + $aces = $acl->getObjectAces(); + $reloadedAces = $reloadedAcl->getObjectAces(); + $this->assertEquals(count($aces), count($reloadedAces)); + foreach ($reloadedAces as $ace) { + $this->assertTrue($ace->getSecurityIdentity()->equals($newSid)); + } + } + /** * Data must have the following format: * array( diff --git a/Acl/Tests/Domain/AuditLoggerTest.php b/Acl/Tests/Domain/AuditLoggerTest.php index fe56b8c..15538d3 100644 --- a/Acl/Tests/Domain/AuditLoggerTest.php +++ b/Acl/Tests/Domain/AuditLoggerTest.php @@ -26,12 +26,12 @@ class AuditLoggerTest extends \PHPUnit_Framework_TestCase ->expects($this->once()) ->method('isAuditSuccess') ->will($this->returnValue($audit)) - ; + ; - $ace + $ace ->expects($this->never()) ->method('isAuditFailure') - ; + ; } else { $ace ->expects($this->never()) diff --git a/Acl/composer.json b/Acl/composer.json index 0e68d9e..5f5787f 100644 --- a/Acl/composer.json +++ b/Acl/composer.json @@ -36,7 +36,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.4-dev" + "dev-master": "2.5-dev" } } } diff --git a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php index 3affd78..f4d0959 100644 --- a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php +++ b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php @@ -47,23 +47,22 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn $this->providerKey = $providerKey; } - /** - * {@inheritdoc} - */ - public function authenticate(TokenInterface $token) - { - if (!$this->supports($token)) { - return null; - } - + /** + * {@inheritdoc} + */ + public function authenticate(TokenInterface $token) + { + if (!$this->supports($token)) { + return null; + } if (!$user = $token->getUser()) { throw new BadCredentialsException('No pre-authenticated principal found in request.'); } -/* + /* if (null === $token->getCredentials()) { throw new BadCredentialsException('No pre-authenticated credentials found in request.'); } -*/ + */ $user = $this->userProvider->loadUserByUsername($user); $this->userChecker->checkPostAuth($user); diff --git a/Core/Authorization/Voter/ExpressionVoter.php b/Core/Authorization/Voter/ExpressionVoter.php index 09953ac..bf6683d 100644 --- a/Core/Authorization/Voter/ExpressionVoter.php +++ b/Core/Authorization/Voter/ExpressionVoter.php @@ -32,7 +32,9 @@ class ExpressionVoter implements VoterInterface /** * Constructor. * - * @param ExpressionLanguage $expressionLanguage + * @param ExpressionLanguage $expressionLanguage + * @param AuthenticationTrustResolverInterface $trustResolver + * @param RoleHierarchyInterface $roleHierarchy */ public function __construct(ExpressionLanguage $expressionLanguage, AuthenticationTrustResolverInterface $trustResolver, RoleHierarchyInterface $roleHierarchy = null) { diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php index b83eb30..aa29876 100644 --- a/Core/Encoder/BasePasswordEncoder.php +++ b/Core/Encoder/BasePasswordEncoder.php @@ -89,6 +89,8 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface /** * Checks if the password is too long. * + * @param string $password The password + * * @return Boolean true if the password is too long, false otherwise */ protected function isPasswordTooLong($password) diff --git a/Core/README.md b/Core/README.md index 7fc281d..4585a5d 100644 --- a/Core/README.md +++ b/Core/README.md @@ -11,7 +11,7 @@ Resources Documentation: -http://symfony.com/doc/2.4/book/security.html +http://symfony.com/doc/2.5/book/security.html Tests ----- diff --git a/Core/composer.json b/Core/composer.json index acadcf7..249d4c1 100644 --- a/Core/composer.json +++ b/Core/composer.json @@ -40,7 +40,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.4-dev" + "dev-master": "2.5-dev" } } } diff --git a/Csrf/README.md b/Csrf/README.md index 2b51362..95a1062 100644 --- a/Csrf/README.md +++ b/Csrf/README.md @@ -9,7 +9,7 @@ Resources Documentation: -http://symfony.com/doc/2.4/book/security.html +http://symfony.com/doc/2.5/book/security.html Tests ----- diff --git a/Csrf/composer.json b/Csrf/composer.json index 3cfc2b4..398a2d3 100644 --- a/Csrf/composer.json +++ b/Csrf/composer.json @@ -32,7 +32,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.4-dev" + "dev-master": "2.5-dev" } } } diff --git a/Http/README.md b/Http/README.md index 187f2b4..c0760d4 100644 --- a/Http/README.md +++ b/Http/README.md @@ -11,7 +11,7 @@ Resources Documentation: -http://symfony.com/doc/2.4/book/security.html +http://symfony.com/doc/2.5/book/security.html Tests ----- diff --git a/Http/Tests/Firewall/SwitchUserListenerTest.php b/Http/Tests/Firewall/SwitchUserListenerTest.php index f331f0e..110e05c 100644 --- a/Http/Tests/Firewall/SwitchUserListenerTest.php +++ b/Http/Tests/Firewall/SwitchUserListenerTest.php @@ -87,7 +87,7 @@ class SwitchUserListenerTest extends \PHPUnit_Framework_TestCase $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('_exit')); $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/')); - $this->request->query->expects($this->once())->method('remove','_switch_user'); + $this->request->query->expects($this->once())->method('remove', '_switch_user'); $this->request->query->expects($this->any())->method('all')->will($this->returnValue(array())); $this->request->server->expects($this->once())->method('set')->with('QUERY_STRING', ''); @@ -103,7 +103,7 @@ class SwitchUserListenerTest extends \PHPUnit_Framework_TestCase /** * @expectedException \Symfony\Component\Security\Core\Exception\AccessDeniedException */ - public function testSwitchUserIsDissallowed() + public function testSwitchUserIsDisallowed() { $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface'))); @@ -126,7 +126,7 @@ class SwitchUserListenerTest extends \PHPUnit_Framework_TestCase $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token)); $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('kuba')); - $this->request->query->expects($this->once())->method('remove','_switch_user'); + $this->request->query->expects($this->once())->method('remove', '_switch_user'); $this->request->query->expects($this->any())->method('all')->will($this->returnValue(array())); $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/')); @@ -156,7 +156,7 @@ class SwitchUserListenerTest extends \PHPUnit_Framework_TestCase $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token)); $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('kuba')); - $this->request->query->expects($this->once())->method('remove','_switch_user'); + $this->request->query->expects($this->once())->method('remove', '_switch_user'); $this->request->query->expects($this->any())->method('all')->will($this->returnValue(array('page'=>3,'section'=>2))); $this->request->expects($this->any())->method('getUri')->will($this->returnValue('/')); $this->request->server->expects($this->once())->method('set')->with('QUERY_STRING', 'page=3§ion=2'); diff --git a/Http/composer.json b/Http/composer.json index 716c443..c544ad1 100644 --- a/Http/composer.json +++ b/Http/composer.json @@ -38,7 +38,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.4-dev" + "dev-master": "2.5-dev" } } } @@ -11,7 +11,7 @@ Resources Documentation: -http://symfony.com/doc/2.4/book/security.html +http://symfony.com/doc/2.5/book/security.html Tests ----- diff --git a/composer.json b/composer.json index 18c69ba..a8a99f5 100644 --- a/composer.json +++ b/composer.json @@ -52,7 +52,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.4-dev" + "dev-master": "2.5-dev" } } } |