11 files changed, 108 insertions, 36 deletions

diff --git a/Core/Authentication/AuthenticationProviderManager.php b/Core/Authentication/AuthenticationProviderManager.php
index a82b9fb..7ca46c0 100644
--- a/Core/Authentication/AuthenticationProviderManager.php
+++ b/Core/Authentication/AuthenticationProviderManager.php
@@ -11,6 +11,10 @@
 
 namespace Symfony\Component\Security\Core\Authentication;
 
+use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
+use Symfony\Component\Security\Core\Event\AuthenticationEvent;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
@@ -22,11 +26,13 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  * instances to authenticate a Token.
  *
  * @author Fabien Potencier <fabien@symfony.com>
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  */
 class AuthenticationProviderManager implements AuthenticationManagerInterface
 {
     private $providers;
     private $eraseCredentials;
+    private $eventDispatcher;
 
     /**
      * Constructor.
@@ -44,6 +50,11 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
         $this->eraseCredentials = (Boolean) $eraseCredentials;
     }
 
+    public function setEventDispatcher(EventDispatcherInterface $dispatcher)
+    {
+        $this->eventDispatcher = $dispatcher;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -77,6 +88,10 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
                 $result->eraseCredentials();
             }
 
+            if (null !== $this->eventDispatcher) {
+                $this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_SUCCESS, new AuthenticationEvent($result));
+            }
+
             return $result;
         }
 
@@ -84,6 +99,10 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
             $lastException = new ProviderNotFoundException(sprintf('No Authentication Provider found for token of class "%s".', get_class($token)));
         }
 
+        if (null !== $this->eventDispatcher) {
+            $this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_FAILURE, new AuthenticationFailureEvent($token, $lastException));
+        }
+
         $lastException->setExtraInformation($token);
 
         throw $lastException;
diff --git a/Core/Authentication/AuthenticationTrustResolver.php b/Core/Authentication/AuthenticationTrustResolver.php
index 8ca28fb..9b3ff3d 100644
--- a/Core/Authentication/AuthenticationTrustResolver.php
+++ b/Core/Authentication/AuthenticationTrustResolver.php
@@ -28,8 +28,6 @@ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterfac
      *
      * @param string $anonymousClass
      * @param string $rememberMeClass
-     *
-     * @return void
      */
     public function __construct($anonymousClass, $rememberMeClass)
     {
diff --git a/Core/Authentication/Provider/AuthenticationProviderInterface.php b/Core/Authentication/Provider/AuthenticationProviderInterface.php
index c843216..956adf1 100644
--- a/Core/Authentication/Provider/AuthenticationProviderInterface.php
+++ b/Core/Authentication/Provider/AuthenticationProviderInterface.php
@@ -15,7 +15,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 
 /**
- * AuthenticationProviderInterface is the interface for for all authentication
+ * AuthenticationProviderInterface is the interface for all authentication
  * providers.
  *
  * Concrete implementations processes specific Token instances.
diff --git a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
index b7f3125..4175907 100644
--- a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
+++ b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
@@ -1,12 +1,12 @@
 <?php
 
 /*
- * This file is part of the Symfony framework.
+ * This file is part of the Symfony package.
  *
  * (c) Fabien Potencier <fabien@symfony.com>
  *
- * This source file is subject to the MIT license that is bundled
- * with this source code in the file LICENSE.
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
  */
 
 namespace Symfony\Component\Security\Core\Authentication\Provider;
diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php
index 23aa816..32d7971 100644
--- a/Core/Authentication/Provider/UserAuthenticationProvider.php
+++ b/Core/Authentication/Provider/UserAuthenticationProvider.php
@@ -65,26 +65,34 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
 
         try {
             $user = $this->retrieveUser($username, $token);
-
-            if (!$user instanceof UserInterface) {
-                throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
+        } catch (UsernameNotFoundException $notFound) {
+            if ($this->hideUserNotFoundExceptions) {
+                throw new BadCredentialsException('Bad credentials', 0, $notFound);
             }
 
+            throw $notFound;
+        }
+
+        if (!$user instanceof UserInterface) {
+            throw new AuthenticationServiceException('retrieveUser() must return a UserInterface.');
+        }
+
+        try {
             $this->userChecker->checkPreAuth($user);
             $this->checkAuthentication($user, $token);
             $this->userChecker->checkPostAuth($user);
-
-            $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
-            $authenticatedToken->setAttributes($token->getAttributes());
-
-            return $authenticatedToken;
-        } catch (UsernameNotFoundException $notFound) {
+        } catch (BadCredentialsException $e) {
             if ($this->hideUserNotFoundExceptions) {
-                throw new BadCredentialsException('Bad credentials', 0, $notFound);
+                throw new BadCredentialsException('Bad credentials', 0, $e);
             }
 
-            throw $notFound;
+            throw $e;
         }
+
+        $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
+        $authenticatedToken->setAttributes($token->getAttributes());
+
+        return $authenticatedToken;
     }
 
     /**
diff --git a/Core/Authentication/RememberMe/InMemoryTokenProvider.php b/Core/Authentication/RememberMe/InMemoryTokenProvider.php
index 4653900..a15c2b4 100644
--- a/Core/Authentication/RememberMe/InMemoryTokenProvider.php
+++ b/Core/Authentication/RememberMe/InMemoryTokenProvider.php
@@ -1,12 +1,12 @@
 <?php
 
 /*
- * This file is part of the Symfony framework.
+ * This file is part of the Symfony package.
  *
  * (c) Fabien Potencier <fabien@symfony.com>
  *
- * This source file is subject to the MIT license that is bundled
- * with this source code in the file LICENSE.
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
  */
 
 namespace Symfony\Component\Security\Core\Authentication\RememberMe;
diff --git a/Core/Authentication/RememberMe/PersistentToken.php b/Core/Authentication/RememberMe/PersistentToken.php
index d9029f5..88b0413 100644
--- a/Core/Authentication/RememberMe/PersistentToken.php
+++ b/Core/Authentication/RememberMe/PersistentToken.php
@@ -1,7 +1,5 @@
 <?php
 
-namespace Symfony\Component\Security\Core\Authentication\RememberMe;
-
 /*
  * This file is part of the Symfony package.
  *
@@ -11,6 +9,8 @@ namespace Symfony\Component\Security\Core\Authentication\RememberMe;
  * file that was distributed with this source code.
  */
 
+namespace Symfony\Component\Security\Core\Authentication\RememberMe;
+
 /**
  * This class is only used by PersistentTokenRememberMeServices internally.
  *
@@ -27,11 +27,11 @@ final class PersistentToken implements PersistentTokenInterface
     /**
      * Constructor
      *
-     * @param string   $class
-     * @param string   $username
-     * @param string   $series
-     * @param string   $tokenValue
-     * @param DateTime $lastUsed
+     * @param string    $class
+     * @param string    $username
+     * @param string    $series
+     * @param string    $tokenValue
+     * @param \DateTime $lastUsed
      */
     public function __construct($class, $username, $series, $tokenValue, \DateTime $lastUsed)
     {
diff --git a/Core/Authentication/RememberMe/PersistentTokenInterface.php b/Core/Authentication/RememberMe/PersistentTokenInterface.php
index 327ffe2..6e9d891 100644
--- a/Core/Authentication/RememberMe/PersistentTokenInterface.php
+++ b/Core/Authentication/RememberMe/PersistentTokenInterface.php
@@ -1,7 +1,5 @@
 <?php
 
-namespace Symfony\Component\Security\Core\Authentication\RememberMe;
-
 /*
  * This file is part of the Symfony package.
  *
@@ -11,6 +9,8 @@ namespace Symfony\Component\Security\Core\Authentication\RememberMe;
  * file that was distributed with this source code.
  */
 
+namespace Symfony\Component\Security\Core\Authentication\RememberMe;
+
 /**
  * Interface to be implemented by persistent token classes (such as
  * Doctrine entities representing a remember-me token)
diff --git a/Core/Authentication/RememberMe/TokenProviderInterface.php b/Core/Authentication/RememberMe/TokenProviderInterface.php
index 7ef60ac..0c6f75e 100644
--- a/Core/Authentication/RememberMe/TokenProviderInterface.php
+++ b/Core/Authentication/RememberMe/TokenProviderInterface.php
@@ -1,7 +1,5 @@
 <?php
 
-namespace Symfony\Component\Security\Core\Authentication\RememberMe;
-
 /*
  * This file is part of the Symfony package.
  *
@@ -11,6 +9,8 @@ namespace Symfony\Component\Security\Core\Authentication\RememberMe;
  * file that was distributed with this source code.
  */
 
+namespace Symfony\Component\Security\Core\Authentication\RememberMe;
+
 /**
  * Interface for TokenProviders
  *
@@ -39,9 +39,9 @@ interface TokenProviderInterface
     /**
      * Updates the token according to this data.
      *
-     * @param string   $series
-     * @param string   $tokenValue
-     * @param DateTime $lastUsed
+     * @param string    $series
+     * @param string    $tokenValue
+     * @param \DateTime $lastUsed
      */
     public function updateToken($series, $tokenValue, \DateTime $lastUsed);
 
diff --git a/Core/Authentication/Token/AbstractToken.php b/Core/Authentication/Token/AbstractToken.php
index 8e008e5..ed6e8de 100644
--- a/Core/Authentication/Token/AbstractToken.php
+++ b/Core/Authentication/Token/AbstractToken.php
@@ -14,6 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Token;
 use Symfony\Component\Security\Core\Role\RoleInterface;
 use Symfony\Component\Security\Core\Role\Role;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\AdvancedUserInterface;
+use Symfony\Component\Security\Core\User\EquatableInterface;
 
 /**
  * Base class for Token instances.
@@ -96,7 +98,7 @@ abstract class AbstractToken implements TokenInterface
             if (!$user instanceof UserInterface) {
                 $changed = true;
             } else {
-                $changed = !$this->user->equals($user);
+                $changed = $this->hasUserChanged($user);
             }
         } elseif ($user instanceof UserInterface) {
             $changed = true;
@@ -229,4 +231,49 @@ abstract class AbstractToken implements TokenInterface
 
         return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUsername(), json_encode($this->authenticated), implode(', ', $roles));
     }
+
+    private function hasUserChanged(UserInterface $user)
+    {
+        if (!($this->user instanceof UserInterface)) {
+            throw new \BadMethodCallException('Method "hasUserChanged" should be called when current user class is instance of "UserInterface".');
+        }
+
+        if ($this->user instanceof EquatableInterface) {
+            return ! (Boolean) $this->user->isEqualTo($user);
+        }
+
+        if ($this->user->getPassword() !== $user->getPassword()) {
+            return true;
+        }
+
+        if ($this->user->getSalt() !== $user->getSalt()) {
+            return true;
+        }
+
+        if ($this->user->getUsername() !== $user->getUsername()) {
+            return true;
+        }
+
+        if ($this->user instanceof AdvancedUserInterface && $user instanceof AdvancedUserInterface) {
+            if ($this->user->isAccountNonExpired() !== $user->isAccountNonExpired()) {
+                return true;
+            }
+
+            if ($this->user->isAccountNonLocked() !== $user->isAccountNonLocked()) {
+                return true;
+            }
+
+            if ($this->user->isCredentialsNonExpired() !== $user->isCredentialsNonExpired()) {
+                return true;
+            }
+
+            if ($this->user->isEnabled() !== $user->isEnabled()) {
+                return true;
+            }
+        } elseif ($this->user instanceof AdvancedUserInterface xor $user instanceof AdvancedUserInterface) {
+            return true;
+        }
+
+        return false;
+    }
 }
diff --git a/Core/Authentication/Token/RememberMeToken.php b/Core/Authentication/Token/RememberMeToken.php
index 7ac9e1c..de50e5c 100644
--- a/Core/Authentication/Token/RememberMeToken.php
+++ b/Core/Authentication/Token/RememberMeToken.php
@@ -52,7 +52,7 @@ class RememberMeToken extends AbstractToken
     public function setAuthenticated($authenticated)
     {
         if ($authenticated) {
-            throw new \RuntimeException('You cannot set this token to authenticated after creation.');
+            throw new \LogicException('You cannot set this token to authenticated after creation.');
         }
 
         parent::setAuthenticated(false);