diff options
Diffstat (limited to 'Core')
39 files changed, 378 insertions, 426 deletions
diff --git a/Core/Authentication/AuthenticationManagerInterface.php b/Core/Authentication/AuthenticationManagerInterface.php index 5f407f2..36cdc92 100644 --- a/Core/Authentication/AuthenticationManagerInterface.php +++ b/Core/Authentication/AuthenticationManagerInterface.php @@ -27,7 +27,7 @@ interface AuthenticationManagerInterface * * @param TokenInterface $token The TokenInterface instance to authenticate * - * @return TokenInterface An authenticated TokenInterface instance + * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ diff --git a/Core/Authentication/AuthenticationProviderManager.php b/Core/Authentication/AuthenticationProviderManager.php index ac1e36d..1d85e87 100644 --- a/Core/Authentication/AuthenticationProviderManager.php +++ b/Core/Authentication/AuthenticationProviderManager.php @@ -25,8 +25,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AuthenticationProviderManager implements AuthenticationManagerInterface { - protected $providers; - protected $eraseCredentials; + private $providers; + private $eraseCredentials; /** * Constructor. @@ -34,9 +34,13 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface * @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances * @param Boolean $eraseCredentials Whether to erase credentials after authentication or not */ - public function __construct(array $providers = array(), $eraseCredentials = true) + public function __construct(array $providers, $eraseCredentials = true) { - $this->setProviders($providers); + if (!$providers) { + throw new \InvalidArgumentException('You must at least add one authentication provider.'); + } + + $this->providers = $providers; $this->eraseCredentials = (Boolean) $eraseCredentials; } @@ -45,10 +49,6 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface */ public function authenticate(TokenInterface $token) { - if (!count($this->providers)) { - throw new \LogicException('You must add at least one provider.'); - } - $lastException = null; $result = null; @@ -84,37 +84,4 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface throw $lastException; } - - /** - * Returns the list of current providers. - * - * @return AuthenticationProviderInterface[] An array of AuthenticationProviderInterface instances - */ - public function all() - { - return $this->providers; - } - - /** - * Sets the providers instances. - * - * @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances - */ - public function setProviders(array $providers) - { - $this->providers = array(); - foreach ($providers as $provider) { - $this->add($provider); - } - } - - /** - * Adds a provider. - * - * @param AuthenticationProviderInterface $provider A AuthenticationProviderInterface instance - */ - public function add(AuthenticationProviderInterface $provider) - { - $this->providers[] = $provider; - } } diff --git a/Core/Authentication/AuthenticationTrustResolver.php b/Core/Authentication/AuthenticationTrustResolver.php index f2e00cc..8ca28fb 100644 --- a/Core/Authentication/AuthenticationTrustResolver.php +++ b/Core/Authentication/AuthenticationTrustResolver.php @@ -20,8 +20,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface { - protected $anonymousClass; - protected $rememberMeClass; + private $anonymousClass; + private $rememberMeClass; /** * Constructor diff --git a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php index ad1ad60..c48a27e 100644 --- a/Core/Authentication/Provider/AnonymousAuthenticationProvider.php +++ b/Core/Authentication/Provider/AnonymousAuthenticationProvider.php @@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; */ class AnonymousAuthenticationProvider implements AuthenticationProviderInterface { - protected $key; + private $key; /** * Constructor. diff --git a/Core/Authentication/Provider/DaoAuthenticationProvider.php b/Core/Authentication/Provider/DaoAuthenticationProvider.php index ce0d220..21bec82 100644 --- a/Core/Authentication/Provider/DaoAuthenticationProvider.php +++ b/Core/Authentication/Provider/DaoAuthenticationProvider.php @@ -14,8 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -29,19 +29,19 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; */ class DaoAuthenticationProvider extends UserAuthenticationProvider { - protected $encoderFactory; - protected $userProvider; + private $encoderFactory; + private $userProvider; /** * Constructor. * * @param UserProviderInterface $userProvider A UserProviderInterface instance - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance + * @param UserCheckerInterface $userChecker An UserCheckerInterface instance * @param EncoderFactoryInterface $encoderFactory A EncoderFactoryInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) + public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true) { - parent::__construct($accountChecker, $providerKey, $hideUserNotFoundExceptions); + parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions); $this->encoderFactory = $encoderFactory; $this->userProvider = $userProvider; @@ -50,19 +50,19 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider /** * {@inheritdoc} */ - protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token) + protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { - $user = $token->getUser(); - if ($user instanceof AccountInterface) { - if ($account->getPassword() !== $user->getPassword()) { + $currentUser = $token->getUser(); + if ($currentUser instanceof UserInterface) { + if ($currentUser->getPassword() !== $user->getPassword()) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { - if (!$presentedPassword = (string) $token->getCredentials()) { + if (!$presentedPassword = $token->getCredentials()) { throw new BadCredentialsException('Bad credentials'); } - if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) { + if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) { throw new BadCredentialsException('Bad credentials'); } } @@ -74,15 +74,15 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider protected function retrieveUser($username, UsernamePasswordToken $token) { $user = $token->getUser(); - if ($user instanceof AccountInterface) { + if ($user instanceof UserInterface) { return $user; } try { $user = $this->userProvider->loadUserByUsername($username); - if (!$user instanceof AccountInterface) { - throw new AuthenticationServiceException('The user provider must return an AccountInterface object.'); + if (!$user instanceof UserInterface) { + throw new AuthenticationServiceException('The user provider must return an UserInterface object.'); } return $user; diff --git a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php index cca52fc..bf2df86 100644 --- a/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php +++ b/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php @@ -11,9 +11,9 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -30,20 +30,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderInterface { - protected $userProvider; - protected $accountChecker; - protected $providerKey; + private $userProvider; + private $userChecker; + private $providerKey; /** * Constructor. * * @param UserProviderInterface $userProvider A UserProviderInterface instance - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance + * @param UserCheckerInterface $userChecker An UserCheckerInterface instance */ - public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey) + public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey) { $this->userProvider = $userProvider; - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; } @@ -66,7 +66,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn */ $user = $this->userProvider->loadUserByUsername($user); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); diff --git a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php index 95ee588..940288b 100644 --- a/Core/Authentication/Provider/RememberMeAuthenticationProvider.php +++ b/Core/Authentication/Provider/RememberMeAuthenticationProvider.php @@ -1,21 +1,21 @@ <?php namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Core\Exception\BadCredentialsException; class RememberMeAuthenticationProvider implements AuthenticationProviderInterface { - protected $accountChecker; - protected $key; - protected $providerKey; + private $userChecker; + private $key; + private $providerKey; - public function __construct(AccountCheckerInterface $accountChecker, $key, $providerKey) + public function __construct(UserCheckerInterface $userChecker, $key, $providerKey) { - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->key = $key; $this->providerKey = $providerKey; } @@ -31,11 +31,12 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac } $user = $token->getUser(); - $this->accountChecker->checkPreAuth($user); - $this->accountChecker->checkPostAuth($user); - $token->setAuthenticated(true); + $this->userChecker->checkPostAuth($user); - return $token; + $authenticatedToken = new RememberMeToken($user, $this->providerKey, $this->key); + $authenticatedToken->setAttributes($token->getAttributes()); + + return $authenticatedToken; } public function supports(TokenInterface $token) diff --git a/Core/Authentication/Provider/UserAuthenticationProvider.php b/Core/Authentication/Provider/UserAuthenticationProvider.php index 14a6fdf..7b6079d 100644 --- a/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; -use Symfony\Component\Security\Core\User\AccountInterface; -use Symfony\Component\Security\Core\User\AccountCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -27,23 +27,23 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ abstract class UserAuthenticationProvider implements AuthenticationProviderInterface { - protected $hideUserNotFoundExceptions; - protected $accountChecker; - protected $providerKey; + private $hideUserNotFoundExceptions; + private $userChecker; + private $providerKey; /** * Constructor. * - * @param AccountCheckerInterface $accountChecker An AccountCheckerInterface interface + * @param UserCheckerInterface $userChecker An UserCheckerInterface interface * @param Boolean $hideUserNotFoundExceptions Whether to hide user not found exception or not */ - public function __construct(AccountCheckerInterface $accountChecker, $providerKey, $hideUserNotFoundExceptions = true) + public function __construct(UserCheckerInterface $userChecker, $providerKey, $hideUserNotFoundExceptions = true) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->accountChecker = $accountChecker; + $this->userChecker = $userChecker; $this->providerKey = $providerKey; $this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions; } @@ -57,18 +57,21 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter return null; } - $username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token; + $username = $token->getUsername(); + if (empty($username)) { + $username = 'NONE_PROVIDED'; + } try { $user = $this->retrieveUser($username, $token); - if (!$user instanceof AccountInterface) { - throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.'); + if (!$user instanceof UserInterface) { + throw new AuthenticationServiceException('retrieveUser() must return an UserInterface.'); } - $this->accountChecker->checkPreAuth($user); + $this->userChecker->checkPreAuth($user); $this->checkAuthentication($user, $token); - $this->accountChecker->checkPostAuth($user); + $this->userChecker->checkPostAuth($user); $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); $authenticatedToken->setAttributes($token->getAttributes()); @@ -107,10 +110,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter * Does additional checks on the user and token (like validating the * credentials). * - * @param AccountInterface $account The retrieved AccountInterface instance + * @param UserInterface $user The retrieved UserInterface instance * @param UsernamePasswordToken $token The UsernamePasswordToken token to be authenticated * * @throws AuthenticationException if the credentials could not be validated */ - abstract protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token); + abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token); } diff --git a/Core/Authentication/RememberMe/InMemoryTokenProvider.php b/Core/Authentication/RememberMe/InMemoryTokenProvider.php index 80c10d1..c432b0e 100644 --- a/Core/Authentication/RememberMe/InMemoryTokenProvider.php +++ b/Core/Authentication/RememberMe/InMemoryTokenProvider.php @@ -11,7 +11,7 @@ use Symfony\Component\Security\Core\Exception\TokenNotFoundException; */ class InMemoryTokenProvider implements TokenProviderInterface { - protected $tokens = array(); + private $tokens = array(); public function loadTokenBySeries($series) { diff --git a/Core/Authentication/Token/Token.php b/Core/Authentication/Token/AbstractToken.php index ac0879f..ee6b207 100644 --- a/Core/Authentication/Token/Token.php +++ b/Core/Authentication/Token/AbstractToken.php @@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Core\Authentication\Token; use Symfony\Component\Security\Core\Role\RoleInterface; use Symfony\Component\Security\Core\Role\Role; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * Base class for Token instances. @@ -21,15 +21,12 @@ use Symfony\Component\Security\Core\User\AccountInterface; * @author Fabien Potencier <fabien@symfony.com> * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -abstract class Token implements TokenInterface +abstract class AbstractToken implements TokenInterface { - protected $roles; - protected $authenticated; - protected $user; - protected $credentials; - protected $immutable; - protected $providerKey; - protected $attributes; + private $user; + private $roles; + private $authenticated; + private $attributes; /** * Constructor. @@ -38,156 +35,97 @@ abstract class Token implements TokenInterface */ public function __construct(array $roles = array()) { - $this->setRoles($roles); $this->authenticated = false; - $this->immutable = false; $this->attributes = array(); - } - /** - * Adds a Role to the token. - * - * @param RoleInterface $role A RoleInterface instance - */ - public function addRole(RoleInterface $role) - { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); - } - - $this->roles[] = $role; - } - - /** - * {@inheritdoc} - */ - public function getRoles() - { - return $this->roles; - } - - /** - * {@inheritDoc} - */ - public function setRoles(array $roles) - { $this->roles = array(); - foreach ($roles as $role) { if (is_string($role)) { $role = new Role($role); + } else if (!$role instanceof RoleInterface) { + throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or RoleInterface instances, but got %s.', gettype($role))); } - $this->addRole($role); + $this->roles[] = $role; } } /** * {@inheritdoc} */ - public function __toString() - { - if ($this->user instanceof AccountInterface) { - return $this->user->getUsername(); - } - - return (string) $this->user; - } - - /** - * {@inheritdoc} - */ - public function isAuthenticated() + public function getRoles() { - return $this->authenticated; + return $this->roles; } /** * {@inheritdoc} */ - public function setAuthenticated($authenticated) + public function getUsername() { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if ($this->user instanceof UserInterface) { + return $this->user->getUsername(); } - $this->authenticated = (Boolean) $authenticated; - } - - /** - * {@inheritdoc} - */ - public function getCredentials() - { - return $this->credentials; + return (string) $this->user; } - /** - * {@inheritdoc} - */ public function getUser() { return $this->user; } - /** - * {@inheritDoc} - */ public function setUser($user) { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if (!($user instanceof UserInterface || (is_object($user) && method_exists($user, '__toString')) || is_string($user))) { + throw new \InvalidArgumentException('$user must be an instanceof of UserInterface, an object implementing a __toString method, or a primitive string.'); } - if (!is_string($user) && !is_object($user)) { - throw new \InvalidArgumentException('$user must be an object, or a primitive string.'); - } else if (is_object($user) && !$user instanceof AccountInterface && !method_exists($user, '__toString')) { - throw new \InvalidArgumentException('If $user is an object, it must implement __toString().'); - } - - $this->user = $user; - } - - /** - * {@inheritdoc} - */ - public function eraseCredentials() - { - if ($this->immutable) { - throw new \LogicException('This token is considered immutable.'); + if (null === $this->user) { + $changed = false; + } else if ($this->user instanceof UserInterface) { + if (!$user instanceof UserInterface) { + $changed = true; + } else { + $changed = !$this->user->equals($user); + } + } else if ($user instanceof UserInterface) { + $changed = true; + } else { + $changed = (string) $this->user !== (string) $user; } - if ($this->getCredentials() instanceof AccountInterface) { - $this->getCredentials()->eraseCredentials(); + if ($changed) { + $this->setAuthenticated(false); } - if ($this->getUser() instanceof AccountInterface) { - $this->getUser()->eraseCredentials(); - } + $this->user = $user; } /** * {@inheritdoc} */ - public function isImmutable() + public function isAuthenticated() { - return $this->immutable; + return $this->authenticated; } /** * {@inheritdoc} */ - public function setImmutable() + public function setAuthenticated($authenticated) { - $this->immutable = true; + $this->authenticated = (Boolean) $authenticated; } /** * {@inheritdoc} */ - public function getProviderKey() + public function eraseCredentials() { - return $this->providerKey; + if ($this->getUser() instanceof UserInterface) { + $this->getUser()->eraseCredentials(); + } } /** @@ -195,7 +133,7 @@ abstract class Token implements TokenInterface */ public function serialize() { - return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes)); + return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes)); } /** @@ -203,7 +141,7 @@ abstract class Token implements TokenInterface */ public function unserialize($serialized) { - list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes) = unserialize($serialized); + list($this->user, $this->authenticated, $this->roles, $this->attributes) = unserialize($serialized); } /** @@ -266,4 +204,20 @@ abstract class Token implements TokenInterface { $this->attributes[$name] = $value; } + + /** + * {@inheritDoc} + */ + public function __toString() + { + $class = get_class($this); + $class = substr($class, strrpos($class, '\\')+1); + + $roles = array(); + foreach ($this->roles as $role) { + $roles[] = $role->getRole(); + } + + return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUsername(), json_encode($this->authenticated), implode(', ', $roles)); + } } diff --git a/Core/Authentication/Token/AnonymousToken.php b/Core/Authentication/Token/AnonymousToken.php index a22460f..92d95de 100644 --- a/Core/Authentication/Token/AnonymousToken.php +++ b/Core/Authentication/Token/AnonymousToken.php @@ -16,10 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class AnonymousToken extends Token +use Symfony\Component\Security\Core\User\UserInterface; + +class AnonymousToken extends AbstractToken { - protected $user; - protected $key; + private $key; /** * Constructor. @@ -33,9 +34,8 @@ class AnonymousToken extends Token parent::__construct($roles); $this->key = $key; - $this->user = $user; - - parent::setAuthenticated(true); + $this->setUser($user); + $this->setAuthenticated(true); } /** @@ -55,4 +55,21 @@ class AnonymousToken extends Token { return $this->key; } + + /** + * {@inheritDoc} + */ + public function serialize() + { + return serialize(array($this->key, parent::serialize())); + } + + /** + * {@inheritDoc} + */ + public function unserialize($str) + { + list($this->key, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authentication/Token/PreAuthenticatedToken.php b/Core/Authentication/Token/PreAuthenticatedToken.php index 0db56bd..ff0572f 100644 --- a/Core/Authentication/Token/PreAuthenticatedToken.php +++ b/Core/Authentication/Token/PreAuthenticatedToken.php @@ -16,21 +16,39 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class PreAuthenticatedToken extends Token +class PreAuthenticatedToken extends AbstractToken { + private $credentials; + private $providerKey; + /** * Constructor. */ - public function __construct($user, $credentials, $providerKey, array $roles = null) + public function __construct($user, $credentials, $providerKey, array $roles = array()) { - parent::__construct(null === $roles ? array() : $roles); - if (null !== $roles) { - $this->setAuthenticated(true); + parent::__construct($roles); + + if (empty($providerKey)) { + throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->user = $user; + $this->setUser($user); $this->credentials = $credentials; $this->providerKey = $providerKey; + + if ($roles) { + $this->setAuthenticated(true); + } + } + + public function getProviderKey() + { + return $this->providerKey; + } + + public function getCredentials() + { + return $this->credentials; } /** @@ -42,4 +60,15 @@ class PreAuthenticatedToken extends Token $this->credentials = null; } + + public function serialize() + { + return serialize(array($this->credentials, $this->providerKey, parent::serialize())); + } + + public function unserialize($str) + { + list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authentication/Token/RememberMeToken.php b/Core/Authentication/Token/RememberMeToken.php index ce1ed5d..7978427 100644 --- a/Core/Authentication/Token/RememberMeToken.php +++ b/Core/Authentication/Token/RememberMeToken.php @@ -11,69 +11,77 @@ namespace Symfony\Component\Security\Core\Authentication\Token; -use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentTokenInterface; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** - * Base class for "Remember Me" tokens + * Authentication Token for "Remember-Me". * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class RememberMeToken extends Token +class RememberMeToken extends AbstractToken { - protected $key; - - /** - * The persistent token which resulted in this authentication token. - * - * @var PersistentTokenInterface - */ - protected $persistentToken; + private $key; + private $providerKey; /** * Constructor. * - * @param string $username + * @param UserInterface $user + * @param string $providerKey * @param string $key */ - public function __construct(AccountInterface $user, $providerKey, $key) { + public function __construct(UserInterface $user, $providerKey, $key) { parent::__construct($user->getRoles()); if (empty($key)) { throw new \InvalidArgumentException('$key must not be empty.'); } + if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->setUser($user); $this->providerKey = $providerKey; $this->key = $key; - $this->setAuthenticated(true); + + $this->setUser($user); + parent::setAuthenticated(true); } - public function getKey() + public function setAuthenticated($authenticated) { - return $this->key; + if ($authenticated) { + throw new \RuntimeException('You cannot set this token to authenticated after creation.'); + } + + parent::setAuthenticated(false); } - public function getPersistentToken() + public function getProviderKey() { - return $this->persistentToken; + return $this->providerKey; } - public function setPersistentToken(PersistentTokenInterface $persistentToken) + public function getKey() { - $this->persistentToken = $persistentToken; + return $this->key; } + public function getCredentials() + { + return ''; + } /** * {@inheritdoc} */ public function serialize() { - return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key)); + return serialize(array( + $this->key, + $this->providerKey, + parent::serialize(), + )); } /** @@ -81,6 +89,7 @@ class RememberMeToken extends Token */ public function unserialize($serialized) { - list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key) = unserialize($serialized); + list($this->key, $this->providerKey, $parentStr) = unserialize($serialized); + parent::unserialize($parentStr); } }
\ No newline at end of file diff --git a/Core/Authentication/Token/TokenInterface.php b/Core/Authentication/Token/TokenInterface.php index f3947dd..63e2243 100644 --- a/Core/Authentication/Token/TokenInterface.php +++ b/Core/Authentication/Token/TokenInterface.php @@ -11,19 +11,22 @@ namespace Symfony\Component\Security\Core\Authentication\Token; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * TokenInterface is the interface for the user authentication information. * * @author Fabien Potencier <fabien@symfony.com> + * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ interface TokenInterface extends \Serializable { /** - * Returns a string representation of the token. + * Returns a string representation ofthe Token. * - * @return string A string representation + * This is only to be used for debugging purposes. + * + * @return string */ function __toString(); @@ -35,14 +38,6 @@ interface TokenInterface extends \Serializable function getRoles(); /** - * Sets the user's roles - * - * @param array $roles - * @return void - */ - function setRoles(array $roles); - - /** * Returns the user credentials. * * @return mixed The user credentials @@ -58,14 +53,20 @@ interface TokenInterface extends \Serializable function getUser(); /** - * Sets the user. + * Sets a user. * - * @param mixed $user can either be an object which implements __toString(), or - * only a primitive string + * @param mixed $user */ function setUser($user); /** + * Returns the username. + * + * @return string + */ + function getUsername(); + + /** * Checks if the user is authenticated or not. * * @return Boolean true if the token has been authenticated, false otherwise @@ -80,22 +81,6 @@ interface TokenInterface extends \Serializable function setAuthenticated($isAuthenticated); /** - * Whether this token is considered immutable - * - * @return Boolean - */ - function isImmutable(); - - /** - * Marks this token as immutable. This change cannot be reversed. - * - * You'll need to create a new token if you want a mutable token again. - * - * @return void - */ - function setImmutable(); - - /** * Removes sensitive information from the token. */ function eraseCredentials(); diff --git a/Core/Authentication/Token/UsernamePasswordToken.php b/Core/Authentication/Token/UsernamePasswordToken.php index 58b2b5b..67311db 100644 --- a/Core/Authentication/Token/UsernamePasswordToken.php +++ b/Core/Authentication/Token/UsernamePasswordToken.php @@ -16,8 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token; * * @author Fabien Potencier <fabien@symfony.com> */ -class UsernamePasswordToken extends Token +class UsernamePasswordToken extends AbstractToken { + private $credentials; + private $providerKey; + /** * Constructor. * @@ -28,11 +31,15 @@ class UsernamePasswordToken extends Token { parent::__construct($roles); + if (empty($providerKey)) { + throw new \InvalidArgumentException('$providerKey must not be empty.'); + } + $this->setUser($user); $this->credentials = $credentials; $this->providerKey = $providerKey; - parent::setAuthenticated((Boolean) count($roles)); + parent::setAuthenticated(count($roles) > 0); } /** @@ -47,6 +54,16 @@ class UsernamePasswordToken extends Token parent::setAuthenticated(false); } + public function getCredentials() + { + return $this->credentials; + } + + public function getProviderKey() + { + return $this->providerKey; + } + /** * {@inheritdoc} */ @@ -56,4 +73,15 @@ class UsernamePasswordToken extends Token $this->credentials = null; } + + public function serialize() + { + return serialize(array($this->credentials, $this->providerKey, parent::serialize())); + } + + public function unserialize($str) + { + list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); + parent::unserialize($parentStr); + } } diff --git a/Core/Authorization/AccessDecisionManager.php b/Core/Authorization/AccessDecisionManager.php index 7ae5378..c1b643e 100644 --- a/Core/Authorization/AccessDecisionManager.php +++ b/Core/Authorization/AccessDecisionManager.php @@ -22,10 +22,10 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class AccessDecisionManager implements AccessDecisionManagerInterface { - protected $voters; - protected $strategy; - protected $allowIfAllAbstainDecisions; - protected $allowIfEqualGrantedDeniedDecisions; + private $voters; + private $strategy; + private $allowIfAllAbstainDecisions; + private $allowIfEqualGrantedDeniedDecisions; /** * Constructor. @@ -34,8 +34,12 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * @param string $strategy The vote strategy * @param Boolean $allowIfAllAbstainDecisions Whether to grant access if all voters abstained or not */ - public function __construct(array $voters = array(), $strategy = 'affirmative', $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true) + public function __construct(array $voters, $strategy = 'affirmative', $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true) { + if (!$voters) { + throw new \InvalidArgumentException('You must at least add one voter.'); + } + $this->voters = $voters; $this->strategy = 'decide'.ucfirst($strategy); $this->allowIfAllAbstainDecisions = (Boolean) $allowIfAllAbstainDecisions; @@ -51,43 +55,6 @@ class AccessDecisionManager implements AccessDecisionManagerInterface } /** - * Returns all voters. - * - * @return VoterInterface[] $voters An array of VoterInterface instances - */ - public function getVoters() - { - return $this->voters; - } - - /** - * Sets voters. - * - * @param VoterInterface[] $voters An array of VoterInterface instances - */ - public function setVoters(array $voters) - { - if (!count($voters)) { - throw new \LogicException('You must have at least one voter.'); - } - - $this->voters = array(); - foreach ($voters as $voter) { - $this->addVoter($voter); - } - } - - /** - * Adds a voter. - * - * @param VoterInterface $voter A VoterInterface instance - */ - public function addVoter(VoterInterface $voter) - { - $this->voters[] = $voter; - } - - /** * {@inheritdoc} */ public function supportsAttribute($attribute) @@ -121,7 +88,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - protected function decideAffirmative(TokenInterface $token, array $attributes, $object = null) + private function decideAffirmative(TokenInterface $token, array $attributes, $object = null) { $deny = 0; foreach ($this->voters as $voter) { @@ -161,7 +128,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - protected function decideConsensus(TokenInterface $token, array $attributes, $object = null) + private function decideConsensus(TokenInterface $token, array $attributes, $object = null) { $grant = 0; $deny = 0; @@ -208,7 +175,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - protected function decideUnanimous(TokenInterface $token, array $attributes, $object = null) + private function decideUnanimous(TokenInterface $token, array $attributes, $object = null) { $grant = 0; foreach ($attributes as $attribute) { diff --git a/Core/Authorization/Voter/AuthenticatedVoter.php b/Core/Authorization/Voter/AuthenticatedVoter.php index 3b5ca97..d750e33 100644 --- a/Core/Authorization/Voter/AuthenticatedVoter.php +++ b/Core/Authorization/Voter/AuthenticatedVoter.php @@ -29,7 +29,7 @@ class AuthenticatedVoter implements VoterInterface const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED'; const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY'; - protected $authenticationTrustResolver; + private $authenticationTrustResolver; /** * Constructor. diff --git a/Core/Authorization/Voter/RoleHierarchyVoter.php b/Core/Authorization/Voter/RoleHierarchyVoter.php index 5c1e11e..c8f9b7e 100644 --- a/Core/Authorization/Voter/RoleHierarchyVoter.php +++ b/Core/Authorization/Voter/RoleHierarchyVoter.php @@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; */ class RoleHierarchyVoter extends RoleVoter { - protected $roleHierarchy; + private $roleHierarchy; public function __construct(RoleHierarchyInterface $roleHierarchy, $prefix = 'ROLE_') { diff --git a/Core/Authorization/Voter/RoleVoter.php b/Core/Authorization/Voter/RoleVoter.php index 3a1aa2d..722675d 100644 --- a/Core/Authorization/Voter/RoleVoter.php +++ b/Core/Authorization/Voter/RoleVoter.php @@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class RoleVoter implements VoterInterface { - protected $prefix; + private $prefix; /** * Constructor. diff --git a/Core/Encoder/EncoderFactory.php b/Core/Encoder/EncoderFactory.php index 80a7a61..d6441d9 100644 --- a/Core/Encoder/EncoderFactory.php +++ b/Core/Encoder/EncoderFactory.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * A generic encoder factory implementation @@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\User\AccountInterface; */ class EncoderFactory implements EncoderFactoryInterface { - protected $encoders; + private $encoders; public function __construct(array $encoders) { @@ -30,10 +30,10 @@ class EncoderFactory implements EncoderFactoryInterface /** * {@inheritDoc} */ - public function getEncoder(AccountInterface $account) + public function getEncoder(UserInterface $user) { foreach ($this->encoders as $class => $encoder) { - if (!$account instanceof $class) { + if (!$user instanceof $class) { continue; } @@ -44,7 +44,7 @@ class EncoderFactory implements EncoderFactoryInterface return $this->encoders[$class]; } - throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".', get_class($account))); + throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".', get_class($user))); } /** @@ -53,7 +53,7 @@ class EncoderFactory implements EncoderFactoryInterface * @param array $config * @return PasswordEncoderInterface */ - protected function createEncoder(array $config) + private function createEncoder(array $config) { if (!isset($config['class'])) { throw new \InvalidArgumentException(sprintf('"class" must be set in %s.', json_encode($config))); diff --git a/Core/Encoder/EncoderFactoryInterface.php b/Core/Encoder/EncoderFactoryInterface.php index a4b7d3b..62cc9aa 100644 --- a/Core/Encoder/EncoderFactoryInterface.php +++ b/Core/Encoder/EncoderFactoryInterface.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Encoder; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; /** * EncoderFactoryInterface to support different encoders for different accounts. @@ -23,8 +23,8 @@ interface EncoderFactoryInterface /** * Returns the password encoder to use for the given account * - * @param AccountInterface $account + * @param UserInterface $user * @return PasswordEncoderInterface never null */ - function getEncoder(AccountInterface $account); + function getEncoder(UserInterface $user); }
\ No newline at end of file diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index b69cf6e..a5b2c81 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -18,8 +18,8 @@ namespace Symfony\Component\Security\Core\Encoder; */ class MessageDigestPasswordEncoder extends BasePasswordEncoder { - protected $algorithm; - protected $encodeHashAsBase64; + private $algorithm; + private $encodeHashAsBase64; /** * Constructor. diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php index 48c19fb..21a9a97 100644 --- a/Core/Encoder/PlaintextPasswordEncoder.php +++ b/Core/Encoder/PlaintextPasswordEncoder.php @@ -18,7 +18,7 @@ namespace Symfony\Component\Security\Core\Encoder; */ class PlaintextPasswordEncoder extends BasePasswordEncoder { - protected $ignorePasswordCase; + private $ignorePasswordCase; public function __construct($ignorePasswordCase = false) { diff --git a/Core/Exception/AuthenticationException.php b/Core/Exception/AuthenticationException.php index a01d6b8..074dad0 100644 --- a/Core/Exception/AuthenticationException.php +++ b/Core/Exception/AuthenticationException.php @@ -18,7 +18,7 @@ namespace Symfony\Component\Security\Core\Exception; */ class AuthenticationException extends \RuntimeException implements \Serializable { - protected $extraInformation; + private $extraInformation; public function __construct($message, $extraInformation = null, $code = 0, \Exception $previous = null) { diff --git a/Core/Exception/UnsupportedAccountException.php b/Core/Exception/UnsupportedUserException.php index 9859c1d..5be9bc4 100644 --- a/Core/Exception/UnsupportedAccountException.php +++ b/Core/Exception/UnsupportedUserException.php @@ -13,10 +13,10 @@ namespace Symfony\Component\Security\Core\Exception; /** * This exception is thrown when an account is reloaded from a provider which - * doesn't support the passed implementation of AccountInterface. + * doesn't support the passed implementation of UserInterface. * * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -class UnsupportedAccountException extends AuthenticationServiceException +class UnsupportedUserException extends AuthenticationServiceException { }
\ No newline at end of file diff --git a/Core/Role/Role.php b/Core/Role/Role.php index 4e22340..5b50981 100644 --- a/Core/Role/Role.php +++ b/Core/Role/Role.php @@ -19,7 +19,7 @@ namespace Symfony\Component\Security\Core\Role; */ class Role implements RoleInterface { - protected $role; + private $role; /** * Constructor. diff --git a/Core/Role/RoleHierarchy.php b/Core/Role/RoleHierarchy.php index 5217b53..a368a44 100644 --- a/Core/Role/RoleHierarchy.php +++ b/Core/Role/RoleHierarchy.php @@ -18,8 +18,8 @@ namespace Symfony\Component\Security\Core\Role; */ class RoleHierarchy implements RoleHierarchyInterface { - protected $hierarchy; - protected $map; + private $hierarchy; + private $map; /** * Constructor. @@ -56,7 +56,7 @@ class RoleHierarchy implements RoleHierarchyInterface return $reachableRoles; } - protected function buildRoleMap() + private function buildRoleMap() { $this->map = array(); foreach ($this->hierarchy as $main => $roles) { diff --git a/Core/Role/SwitchUserRole.php b/Core/Role/SwitchUserRole.php index 1305841..c679584 100644 --- a/Core/Role/SwitchUserRole.php +++ b/Core/Role/SwitchUserRole.php @@ -21,7 +21,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; */ class SwitchUserRole extends Role { - protected $source; + private $source; /** * Constructor. diff --git a/Core/SecurityContext.php b/Core/SecurityContext.php index 68ee2e0..76ec4c1 100644 --- a/Core/SecurityContext.php +++ b/Core/SecurityContext.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core; -use Symfony\Component\Security\Core\User\AccountInterface; +use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; @@ -28,10 +28,10 @@ use Symfony\Component\Security\Acl\Voter\FieldVote; */ class SecurityContext implements SecurityContextInterface { - protected $token; - protected $accessDecisionManager; - protected $authenticationManager; - protected $alwaysAuthenticate; + private $token; + private $accessDecisionManager; + private $authenticationManager; + private $alwaysAuthenticate; /** * Constructor. @@ -45,7 +45,7 @@ class SecurityContext implements SecurityContextInterface $this->alwaysAuthenticate = $alwaysAuthenticate; } - public final function vote($attributes, $object = null) + public final function isGranted($attributes, $object = null) { if (null === $this->token) { throw new AuthenticationCredentialsNotFoundException('The security context contains no authentication token.'); diff --git a/Core/SecurityContextInterface.php b/Core/SecurityContextInterface.php index fd205d6..a811557 100644 --- a/Core/SecurityContextInterface.php +++ b/Core/SecurityContextInterface.php @@ -16,6 +16,6 @@ interface SecurityContextInterface const LAST_USERNAME = '_security.last_username'; function getToken(); - function setToken(TokenInterface $account); - function vote($attributes, $object = null); + function setToken(TokenInterface $token); + function isGranted($attributes, $object = null); }
\ No newline at end of file diff --git a/Core/User/AdvancedAccountInterface.php b/Core/User/AdvancedUserInterface.php index 2c615b2..ba528a1 100644 --- a/Core/User/AdvancedAccountInterface.php +++ b/Core/User/AdvancedUserInterface.php @@ -12,11 +12,11 @@ namespace Symfony\Component\Security\Core\User; /** - * AdvancedAccountInterface adds status flags to a regular account. + * AdvancedUserInterface adds status flags to a regular account. * * @author Fabien Potencier <fabien@symfony.com> */ -interface AdvancedAccountInterface extends AccountInterface +interface AdvancedUserInterface extends UserInterface { /** * Checks whether the user's account has expired. diff --git a/Core/User/ChainUserProvider.php b/Core/User/ChainUserProvider.php index 296d099..6417f99 100644 --- a/Core/User/ChainUserProvider.php +++ b/Core/User/ChainUserProvider.php @@ -2,7 +2,7 @@ namespace Symfony\Component\Security\Core\User; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; /** @@ -15,7 +15,7 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; */ class ChainUserProvider implements UserProviderInterface { - protected $providers; + private $providers; public function __construct(array $providers) { @@ -41,17 +41,17 @@ class ChainUserProvider implements UserProviderInterface /** * {@inheritDoc} */ - public function loadUserByAccount(AccountInterface $account) + public function loadUser(UserInterface $user) { foreach ($this->providers as $provider) { try { - return $provider->loadUserByAccount($account); - } catch (UnsupportedAccountException $unsupported) { + return $provider->loadUser($user); + } catch (UnsupportedUserException $unsupported) { // try next one } } - throw new UnsupportedAccountException(sprintf('The account "%s" is not supported.', get_class($account))); + throw new UnsupportedUserException(sprintf('The account "%s" is not supported.', get_class($user))); } /** diff --git a/Core/User/EntityUserProvider.php b/Core/User/EntityUserProvider.php index 58bcc45..61dd708 100644 --- a/Core/User/EntityUserProvider.php +++ b/Core/User/EntityUserProvider.php @@ -12,7 +12,7 @@ namespace Symfony\Component\Security\Core\User; use Doctrine\ORM\EntityManager; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; /** @@ -25,9 +25,9 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; */ class EntityUserProvider implements UserProviderInterface { - protected $class; - protected $repository; - protected $property; + private $class; + private $repository; + private $property; public function __construct(EntityManager $em, $class, $property = null) { @@ -66,13 +66,13 @@ class EntityUserProvider implements UserProviderInterface /** * {@inheritDoc} */ - public function loadUserByAccount(AccountInterface $account) + public function loadUser(UserInterface $user) { - if (!$account instanceof $this->class) { - throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account))); + if (!$user instanceof $this->class) { + throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); } - return $this->loadUserByUsername($account->getUsername()); + return $this->loadUserByUsername($user->getUsername()); } /** diff --git a/Core/User/InMemoryUserProvider.php b/Core/User/InMemoryUserProvider.php index 7d4d1cc..26b4080 100644 --- a/Core/User/InMemoryUserProvider.php +++ b/Core/User/InMemoryUserProvider.php @@ -12,7 +12,7 @@ namespace Symfony\Component\Security\Core\User; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; -use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UnsupportedUserException; /** * InMemoryUserProvider is a simple non persistent user provider. @@ -24,7 +24,7 @@ use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; */ class InMemoryUserProvider implements UserProviderInterface { - protected $users; + private $users; /** * Constructor. @@ -50,9 +50,9 @@ class InMemoryUserProvider implements UserProviderInterface /** * Adds a new User to the provider. * - * @param AccountInterface $user A AccountInterface instance + * @param UserInterface $user A UserInterface instance */ - public function createUser(AccountInterface $user) + public function createUser(UserInterface $user) { if (isset($this->users[strtolower($user->getUsername())])) { throw new \LogicException('Another user with the same username already exist.'); @@ -79,13 +79,13 @@ class InMemoryUserProvider implements UserProviderInterface /** * {@inheritDoc} */ - public function loadUserByAccount(AccountInterface $account) + public function loadUser(UserInterface $user) { - if (!$account instanceof User) { - throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account))); + if (!$user instanceof User) { + throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); } - return $this->loadUserByUsername((string) $account); + return $this->loadUserByUsername($user->getUsername()); } /** diff --git a/Core/User/User.php b/Core/User/User.php index 02a2c06..7dcdee3 100644 --- a/Core/User/User.php +++ b/Core/User/User.php @@ -18,16 +18,16 @@ namespace Symfony\Component\Security\Core\User; * * @author Fabien Potencier <fabien@symfony.com> */ -class User implements AdvancedAccountInterface +final class User implements AdvancedUserInterface { - protected $username; - protected $password; - protected $accountNonExpired; - protected $credentialsNonExpired; - protected $accountNonLocked; - protected $roles; - - public function __construct($username, $password, array $roles = array(), $enabled = true, $accountNonExpired = true, $credentialsNonExpired = true, $accountNonLocked = true) + private $username; + private $password; + private $userNonExpired; + private $credentialsNonExpired; + private $userNonLocked; + private $roles; + + public function __construct($username, $password, array $roles = array(), $enabled = true, $userNonExpired = true, $credentialsNonExpired = true, $userNonLocked = true) { if (empty($username)) { throw new \InvalidArgumentException('The username cannot be empty.'); @@ -36,23 +36,15 @@ class User implements AdvancedAccountInterface $this->username = $username; $this->password = $password; $this->enabled = $enabled; - $this->accountNonExpired = $accountNonExpired; + $this->accountNonExpired = $userNonExpired; $this->credentialsNonExpired = $credentialsNonExpired; - $this->accountNonLocked = $accountNonLocked; + $this->accountNonLocked = $userNonLocked; $this->roles = $roles; } /** * {@inheritdoc} */ - public function __toString() - { - return $this->username; - } - - /** - * {@inheritdoc} - */ public function getRoles() { return $this->roles; @@ -124,37 +116,37 @@ class User implements AdvancedAccountInterface /** * {@inheritDoc} */ - public function equals(AccountInterface $account) + public function equals(UserInterface $user) { - if (!$account instanceof User) { + if (!$user instanceof User) { return false; } - if ($this->password !== $account->getPassword()) { + if ($this->password !== $user->getPassword()) { return false; } - if ($this->getSalt() !== $account->getSalt()) { + if ($this->getSalt() !== $user->getSalt()) { return false; } - if ($this->username !== $account->getUsername()) { + if ($this->username !== $user->getUsername()) { return false; } - if ($this->accountNonExpired !== $account->isAccountNonExpired()) { + if ($this->accountNonExpired !== $user->isAccountNonExpired()) { return false; } - if ($this->accountNonLocked !== $account->isAccountNonLocked()) { + if ($this->accountNonLocked !== $user->isAccountNonLocked()) { return false; } - if ($this->credentialsNonExpired !== $account->isCredentialsNonExpired()) { + if ($this->credentialsNonExpired !== $user->isCredentialsNonExpired()) { return false; } - if ($this->enabled !== $account->isEnabled()) { + if ($this->enabled !== $user->isEnabled()) { return false; } diff --git a/Core/User/AccountChecker.php b/Core/User/UserChecker.php index cf66f93..93897a1 100644 --- a/Core/User/AccountChecker.php +++ b/Core/User/UserChecker.php @@ -17,45 +17,45 @@ use Symfony\Component\Security\Core\Exception\DisabledException; use Symfony\Component\Security\Core\Exception\AccountExpiredException; /** - * AccountChecker checks the user account flags. + * UserChecker checks the user account flags. * * @author Fabien Potencier <fabien@symfony.com> */ -class AccountChecker implements AccountCheckerInterface +class UserChecker implements UserCheckerInterface { /** * {@inheritdoc} */ - public function checkPreAuth(AccountInterface $account) + public function checkPreAuth(UserInterface $user) { - if (!$account instanceof AdvancedAccountInterface) { + if (!$user instanceof AdvancedUserInterface) { return; } - if (!$account->isCredentialsNonExpired()) { - throw new CredentialsExpiredException('User credentials have expired.', $account); + if (!$user->isCredentialsNonExpired()) { + throw new CredentialsExpiredException('User credentials have expired.', $user); } } /** * {@inheritdoc} */ - public function checkPostAuth(AccountInterface $account) + public function checkPostAuth(UserInterface $user) { - if (!$account instanceof AdvancedAccountInterface) { + if (!$user instanceof AdvancedUserInterface) { return; } - if (!$account->isAccountNonLocked()) { - throw new LockedException('User account is locked.', $account); + if (!$user->isAccountNonLocked()) { + throw new LockedException('User account is locked.', $user); } - if (!$account->isEnabled()) { - throw new DisabledException('User account is disabled.', $account); + if (!$user->isEnabled()) { + throw new DisabledException('User account is disabled.', $user); } - if (!$account->isAccountNonExpired()) { - throw new AccountExpiredException('User account has expired.', $account); + if (!$user->isAccountNonExpired()) { + throw new AccountExpiredException('User account has expired.', $user); } } } diff --git a/Core/User/AccountCheckerInterface.php b/Core/User/UserCheckerInterface.php index 1e9abaa..25de94a 100644 --- a/Core/User/AccountCheckerInterface.php +++ b/Core/User/UserCheckerInterface.php @@ -12,25 +12,25 @@ namespace Symfony\Component\Security\Core\User; /** - * AccountCheckerInterface checks user account when authentication occurs. + * UserCheckerInterface checks user account when authentication occurs. * * This should not be used to make authentication decisions. * * @author Fabien Potencier <fabien@symfony.com> */ -interface AccountCheckerInterface +interface UserCheckerInterface { /** * Checks the user account before authentication. * - * @param AccountInterface $account An AccountInterface instance + * @param UserInterface $user An UserInterface instance */ - function checkPreAuth(AccountInterface $account); + function checkPreAuth(UserInterface $user); /** * Checks the user account after authentication. * - * @param AccountInterface $account An AccountInterface instance + * @param UserInterface $user An UserInterface instance */ - function checkPostAuth(AccountInterface $account); + function checkPostAuth(UserInterface $user); } diff --git a/Core/User/AccountInterface.php b/Core/User/UserInterface.php index 46ea6ae..9091bfc 100644 --- a/Core/User/AccountInterface.php +++ b/Core/User/UserInterface.php @@ -12,11 +12,11 @@ namespace Symfony\Component\Security\Core\User; /** - * AccountInterface is the interface that user classes must implement. + * UserInterface is the interface that user classes must implement. * * @author Fabien Potencier <fabien@symfony.com> */ -interface AccountInterface +interface UserInterface { /** * Returns the roles granted to the user. @@ -60,8 +60,8 @@ interface AccountInterface * However, you do not need to compare every attribute, but only those that * are relevant for assessing whether re-authentication is required. * - * @param AccountInterface $account + * @param UserInterface $user * @return Boolean */ - function equals(AccountInterface $account); + function equals(UserInterface $user); } diff --git a/Core/User/UserProviderInterface.php b/Core/User/UserProviderInterface.php index 6c5666f..79be191 100644 --- a/Core/User/UserProviderInterface.php +++ b/Core/User/UserProviderInterface.php @@ -28,7 +28,7 @@ interface UserProviderInterface * @throws UsernameNotFoundException if the user is not found * @param string $username The username * - * @return AccountInterface + * @return UserInterface */ function loadUserByUsername($username); @@ -39,12 +39,12 @@ interface UserProviderInterface * from the database, or if it simply merges the passed User into the * identity map of an entity manager. * - * @throws UnsupportedAccountException if the account is not supported - * @param AccountInterface $account + * @throws UnsupportedUserException if the account is not supported + * @param UserInterface $user * - * @return AccountInterface + * @return UserInterface */ - function loadUserByAccount(AccountInterface $account); + function loadUser(UserInterface $user); /** * Whether this provider supports the given user class |