summaryrefslogtreecommitdiffstats
path: root/Http/Firewall
diff options
context:
space:
mode:
Diffstat (limited to 'Http/Firewall')
-rw-r--r--Http/Firewall/AbstractAuthenticationListener.php89
-rw-r--r--Http/Firewall/AbstractPreAuthenticatedListener.php2
-rw-r--r--Http/Firewall/ExceptionListener.php7
-rw-r--r--Http/Firewall/ListenerInterface.php2
-rw-r--r--Http/Firewall/LogoutListener.php16
-rw-r--r--Http/Firewall/UsernamePasswordFormAuthenticationListener.php8
6 files changed, 27 insertions, 97 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php
index a7301db..1af1646 100644
--- a/Http/Firewall/AbstractAuthenticationListener.php
+++ b/Http/Firewall/AbstractAuthenticationListener.php
@@ -70,14 +70,14 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
* @param SessionAuthenticationStrategyInterface $sessionStrategy
* @param HttpUtils $httpUtils An HttpUtilsInterface instance
* @param string $providerKey
+ * @param AuthenticationSuccessHandlerInterface $successHandler
+ * @param AuthenticationFailureHandlerInterface $failureHandler
* @param array $options An array of options for the processing of a
* successful, or failed authentication attempt
- * @param AuthenticationSuccessHandlerInterface $successHandler
- * @param AuthenticationFailureHandlerInterface $failureHandler
- * @param LoggerInterface $logger A LoggerInterface instance
- * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
+ * @param LoggerInterface $logger A LoggerInterface instance
+ * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
*/
- public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
+ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
{
if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
@@ -91,13 +91,6 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
$this->failureHandler = $failureHandler;
$this->options = array_merge(array(
'check_path' => '/login_check',
- 'login_path' => '/login',
- 'always_use_default_target_path' => false,
- 'default_target_path' => '/',
- 'target_path_parameter' => '_target_path',
- 'use_referer' => false,
- 'failure_path' => null,
- 'failure_forward' => false,
), $options);
$this->logger = $logger;
$this->dispatcher = $dispatcher;
@@ -119,7 +112,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
*
* @param GetResponseEvent $event A GetResponseEvent instance
*/
- public final function handle(GetResponseEvent $event)
+ final public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
@@ -191,34 +184,13 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
$this->securityContext->setToken(null);
- if (null !== $this->failureHandler) {
- if (null !== $response = $this->failureHandler->onAuthenticationFailure($request, $failed)) {
- return $response;
- }
- }
-
- if (null === $this->options['failure_path']) {
- $this->options['failure_path'] = $this->options['login_path'];
- }
-
- if ($this->options['failure_forward']) {
- if (null !== $this->logger) {
- $this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path']));
- }
-
- $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
- $subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed);
-
- return $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
- }
+ $response = $this->failureHandler->onAuthenticationFailure($request, $failed);
- if (null !== $this->logger) {
- $this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path']));
+ if (!$response instanceof Response) {
+ throw new \RuntimeException('Authentication Failure Handler did not return a Response.');
}
- $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed);
-
- return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
+ return $response;
}
private function onSuccess(GetResponseEvent $event, Request $request, TokenInterface $token)
@@ -238,12 +210,10 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
$this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent);
}
- $response = null;
- if (null !== $this->successHandler) {
- $response = $this->successHandler->onAuthenticationSuccess($request, $token);
- }
- if (null === $response) {
- $response = $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request));
+ $response = $this->successHandler->onAuthenticationSuccess($request, $token);
+
+ if (!$response instanceof Response) {
+ throw new \RuntimeException('Authentication Success Handler did not return a Response.');
}
if (null !== $this->rememberMeServices) {
@@ -252,35 +222,4 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
return $response;
}
-
- /**
- * Builds the target URL according to the defined options.
- *
- * @param Request $request
- *
- * @return string
- */
- private function determineTargetUrl(Request $request)
- {
- if ($this->options['always_use_default_target_path']) {
- return $this->options['default_target_path'];
- }
-
- if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {
- return $targetUrl;
- }
-
- $session = $request->getSession();
- if ($targetUrl = $session->get('_security.' . $this->providerKey . '.target_path')) {
- $session->remove('_security.' . $this->providerKey . '.target_path');
-
- return $targetUrl;
- }
-
- if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $request->getUriForPath($this->options['login_path'])) {
- return $targetUrl;
- }
-
- return $this->options['default_target_path'];
- }
}
diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php
index 66d0ea1..66041be 100644
--- a/Http/Firewall/AbstractPreAuthenticatedListener.php
+++ b/Http/Firewall/AbstractPreAuthenticatedListener.php
@@ -51,7 +51,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
*
* @param GetResponseEvent $event A GetResponseEvent instance
*/
- public final function handle(GetResponseEvent $event)
+ final public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index 9a53827..f134f9c 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -97,6 +97,8 @@ class ExceptionListener
return;
}
} elseif ($exception instanceof AccessDeniedException) {
+ $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
+
$token = $this->context->getToken();
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
if (null !== $this->logger) {
@@ -127,10 +129,7 @@ class ExceptionListener
$subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
$response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
- $response->setStatusCode(403);
} else {
- $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
-
return;
}
} catch (\Exception $e) {
@@ -148,8 +147,6 @@ class ExceptionListener
$this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
}
- $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
-
return;
} else {
return;
diff --git a/Http/Firewall/ListenerInterface.php b/Http/Firewall/ListenerInterface.php
index ccde86e..b670474 100644
--- a/Http/Firewall/ListenerInterface.php
+++ b/Http/Firewall/ListenerInterface.php
@@ -25,5 +25,5 @@ interface ListenerInterface
*
* @param GetResponseEvent $event
*/
- function handle(GetResponseEvent $event);
+ public function handle(GetResponseEvent $event);
}
diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php
index d145fa1..32a0511 100644
--- a/Http/Firewall/LogoutListener.php
+++ b/Http/Firewall/LogoutListener.php
@@ -40,11 +40,11 @@ class LogoutListener implements ListenerInterface
*
* @param SecurityContextInterface $securityContext
* @param HttpUtils $httpUtils An HttpUtilsInterface instance
- * @param array $options An array of options to process a logout attempt
* @param LogoutSuccessHandlerInterface $successHandler A LogoutSuccessHandlerInterface instance
+ * @param array $options An array of options to process a logout attempt
* @param CsrfProviderInterface $csrfProvider A CsrfProviderInterface instance
*/
- public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, array $options = array(), LogoutSuccessHandlerInterface $successHandler = null, CsrfProviderInterface $csrfProvider = null)
+ public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), CsrfProviderInterface $csrfProvider = null)
{
$this->securityContext = $securityContext;
$this->httpUtils = $httpUtils;
@@ -52,7 +52,6 @@ class LogoutListener implements ListenerInterface
'csrf_parameter' => '_csrf_token',
'intention' => 'logout',
'logout_path' => '/logout',
- 'target_url' => '/',
), $options);
$this->successHandler = $successHandler;
$this->csrfProvider = $csrfProvider;
@@ -95,14 +94,9 @@ class LogoutListener implements ListenerInterface
}
}
- if (null !== $this->successHandler) {
- $response = $this->successHandler->onLogoutSuccess($request);
-
- if (!$response instanceof Response) {
- throw new \RuntimeException('Logout Success Handler did not return a Response.');
- }
- } else {
- $response = $this->httpUtils->createRedirectResponse($request, $this->options['target_url']);
+ $response = $this->successHandler->onLogoutSuccess($request);
+ if (!$response instanceof Response) {
+ throw new \RuntimeException('Logout Success Handler did not return a Response.');
}
// handle multiple logout attempts gracefully
diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
index 4bcb785..22330a8 100644
--- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -37,21 +37,21 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
/**
* {@inheritdoc}
*/
- public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
+ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
{
- parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, array_merge(array(
+ parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
'username_parameter' => '_username',
'password_parameter' => '_password',
'csrf_parameter' => '_csrf_token',
'intention' => 'authenticate',
'post_only' => true,
- ), $options), $successHandler, $failureHandler, $logger, $dispatcher);
+ ), $options), $logger, $dispatcher);
$this->csrfProvider = $csrfProvider;
}
/**
- * @{inheritdoc}
+ * {@inheritdoc}
*/
protected function requiresAuthentication(Request $request)
{
generated by cgit v1.1 at 2025-06-06 03:44:00 +0000