diff options
Diffstat (limited to 'Http/Firewall')
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 20 | ||||
| -rw-r--r-- | Http/Firewall/AbstractPreAuthenticatedListener.php | 30 | ||||
| -rw-r--r-- | Http/Firewall/AccessListener.php | 12 | ||||
| -rw-r--r-- | Http/Firewall/AnonymousAuthenticationListener.php | 16 | ||||
| -rw-r--r-- | Http/Firewall/BasicAuthenticationListener.php | 20 | ||||
| -rw-r--r-- | Http/Firewall/ChannelListener.php | 6 | ||||
| -rw-r--r-- | Http/Firewall/ContextListener.php | 44 | ||||
| -rw-r--r-- | Http/Firewall/DigestAuthenticationListener.php | 26 | ||||
| -rw-r--r-- | Http/Firewall/ExceptionListener.php | 28 | ||||
| -rw-r--r-- | Http/Firewall/LogoutListener.php | 14 | ||||
| -rw-r--r-- | Http/Firewall/RememberMeListener.php | 20 | ||||
| -rw-r--r-- | Http/Firewall/RemoteUserAuthenticationListener.php | 6 | ||||
| -rw-r--r-- | Http/Firewall/SimpleFormAuthenticationListener.php | 9 | ||||
| -rw-r--r-- | Http/Firewall/SimplePreAuthenticationListener.php | 31 | ||||
| -rw-r--r-- | Http/Firewall/SwitchUserListener.php | 23 | ||||
| -rw-r--r-- | Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 9 | ||||
| -rw-r--r-- | Http/Firewall/X509AuthenticationListener.php | 6 |
17 files changed, 164 insertions, 156 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 39c6951..09a4f55 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -16,8 +16,8 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerI use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Core\Security; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\SessionUnavailableException; @@ -56,7 +56,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface protected $providerKey; protected $httpUtils; - private $securityContext; + private $tokenStorage; private $sessionStrategy; private $dispatcher; private $successHandler; @@ -66,7 +66,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface /** * Constructor. * - * @param SecurityContextInterface $securityContext A SecurityContext instance + * @param TokenStorageInterface $tokenStorage A TokenStorageInterface instance * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance * @param SessionAuthenticationStrategyInterface $sessionStrategy * @param HttpUtils $httpUtils An HttpUtilsInterface instance @@ -80,13 +80,13 @@ abstract class AbstractAuthenticationListener implements ListenerInterface * * @throws \InvalidArgumentException */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->authenticationManager = $authenticationManager; $this->sessionStrategy = $sessionStrategy; $this->providerKey = $providerKey; @@ -193,12 +193,12 @@ abstract class AbstractAuthenticationListener implements ListenerInterface private function onFailure(Request $request, AuthenticationException $failed) { if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication request failed: %s', $failed->getMessage())); + $this->logger->info('Authentication request failed.', array('exception' => $failed)); } - $token = $this->securityContext->getToken(); + $token = $this->tokenStorage->getToken(); if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { - $this->securityContext->setToken(null); + $this->tokenStorage->setToken(null); } $response = $this->failureHandler->onAuthenticationFailure($request, $failed); @@ -213,10 +213,10 @@ abstract class AbstractAuthenticationListener implements ListenerInterface private function onSuccess(Request $request, TokenInterface $token) { if (null !== $this->logger) { - $this->logger->info(sprintf('User "%s" has been authenticated successfully', $token->getUsername())); + $this->logger->info('User has been authenticated successfully.', array('username' => $token->getUsername())); } - $this->securityContext->setToken($token); + $this->tokenStorage->setToken($token); $session = $request->getSession(); $session->remove(Security::AUTHENTICATION_ERROR); diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php index f040107..5ed8aa7 100644 --- a/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -11,9 +11,9 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; use Symfony\Component\Security\Http\SecurityEvents; @@ -33,14 +33,14 @@ use Symfony\Component\Security\Core\Exception\BadCredentialsException; abstract class AbstractPreAuthenticatedListener implements ListenerInterface { protected $logger; - private $securityContext; + private $tokenStorage; private $authenticationManager; private $providerKey; private $dispatcher; - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, $providerKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->authenticationManager = $authenticationManager; $this->providerKey = $providerKey; $this->logger = $logger; @@ -56,10 +56,6 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface { $request = $event->getRequest(); - if (null !== $this->logger) { - $this->logger->debug(sprintf('Checking secure context token: %s', $this->securityContext->getToken())); - } - try { list($user, $credentials) = $this->getPreAuthenticatedData($request); } catch (BadCredentialsException $exception) { @@ -68,23 +64,27 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface return; } - if (null !== $token = $this->securityContext->getToken()) { + if (null !== $this->logger) { + $this->logger->debug('Checking current security token.', array('token' => (string) $this->tokenStorage->getToken())); + } + + if (null !== $token = $this->tokenStorage->getToken()) { if ($token instanceof PreAuthenticatedToken && $this->providerKey == $token->getProviderKey() && $token->isAuthenticated() && $token->getUsername() === $user) { return; } } if (null !== $this->logger) { - $this->logger->debug(sprintf('Trying to pre-authenticate user "%s"', $user)); + $this->logger->debug('Trying to pre-authenticate user.', array('username' => (string) $user)); } try { $token = $this->authenticationManager->authenticate(new PreAuthenticatedToken($user, $credentials, $this->providerKey)); if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication success: %s', $token)); + $this->logger->info('Pre-authentication successful.', array('token' => (string) $token)); } - $this->securityContext->setToken($token); + $this->tokenStorage->setToken($token); if (null !== $this->dispatcher) { $loginEvent = new InteractiveLoginEvent($request, $token); @@ -102,12 +102,12 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface */ private function clearToken(AuthenticationException $exception) { - $token = $this->securityContext->getToken(); + $token = $this->tokenStorage->getToken(); if ($token instanceof PreAuthenticatedToken && $this->providerKey === $token->getProviderKey()) { - $this->securityContext->setToken(null); + $this->tokenStorage->setToken(null); if (null !== $this->logger) { - $this->logger->info(sprintf('Cleared security context due to exception: %s', $exception->getMessage())); + $this->logger->info('Cleared security token due to an exception.', array('exception' => $exception)); } } } diff --git a/Http/Firewall/AccessListener.php b/Http/Firewall/AccessListener.php index ecb6a09..6fd68f3 100644 --- a/Http/Firewall/AccessListener.php +++ b/Http/Firewall/AccessListener.php @@ -11,10 +11,10 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\Security\Http\AccessMapInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Exception\AccessDeniedException; @@ -26,14 +26,14 @@ use Symfony\Component\Security\Core\Exception\AccessDeniedException; */ class AccessListener implements ListenerInterface { - private $context; + private $tokenStorage; private $accessDecisionManager; private $map; private $authManager; - public function __construct(SecurityContextInterface $context, AccessDecisionManagerInterface $accessDecisionManager, AccessMapInterface $map, AuthenticationManagerInterface $authManager) + public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionManagerInterface $accessDecisionManager, AccessMapInterface $map, AuthenticationManagerInterface $authManager) { - $this->context = $context; + $this->tokenStorage = $tokenStorage; $this->accessDecisionManager = $accessDecisionManager; $this->map = $map; $this->authManager = $authManager; @@ -49,7 +49,7 @@ class AccessListener implements ListenerInterface */ public function handle(GetResponseEvent $event) { - if (null === $token = $this->context->getToken()) { + if (null === $token = $this->tokenStorage->getToken()) { throw new AuthenticationCredentialsNotFoundException('A Token was not found in the SecurityContext.'); } @@ -63,7 +63,7 @@ class AccessListener implements ListenerInterface if (!$token->isAuthenticated()) { $token = $this->authManager->authenticate($token); - $this->context->setToken($token); + $this->tokenStorage->setToken($token); } if (!$this->accessDecisionManager->decide($token, $attributes, $request)) { diff --git a/Http/Firewall/AnonymousAuthenticationListener.php b/Http/Firewall/AnonymousAuthenticationListener.php index 68f8987..f7feee8 100644 --- a/Http/Firewall/AnonymousAuthenticationListener.php +++ b/Http/Firewall/AnonymousAuthenticationListener.php @@ -12,8 +12,8 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Core\SecurityContextInterface; use Psr\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; @@ -26,14 +26,14 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; */ class AnonymousAuthenticationListener implements ListenerInterface { - private $context; + private $tokenStorage; private $key; private $authenticationManager; private $logger; - public function __construct(SecurityContextInterface $context, $key, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null) + public function __construct(TokenStorageInterface $tokenStorage, $key, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null) { - $this->context = $context; + $this->tokenStorage = $tokenStorage; $this->key = $key; $this->authenticationManager = $authenticationManager; $this->logger = $logger; @@ -46,7 +46,7 @@ class AnonymousAuthenticationListener implements ListenerInterface */ public function handle(GetResponseEvent $event) { - if (null !== $this->context->getToken()) { + if (null !== $this->tokenStorage->getToken()) { return; } @@ -56,14 +56,14 @@ class AnonymousAuthenticationListener implements ListenerInterface $token = $this->authenticationManager->authenticate($token); } - $this->context->setToken($token); + $this->tokenStorage->setToken($token); if (null !== $this->logger) { - $this->logger->info('Populated SecurityContext with an anonymous Token'); + $this->logger->info('Populated the TokenStorage with an anonymous Token.'); } } catch (AuthenticationException $failed) { if (null !== $this->logger) { - $this->logger->info(sprintf('Anonymous authentication failed: %s', $failed->getMessage())); + $this->logger->info('Anonymous authentication failed.', array('exception' => $failed)); } } } diff --git a/Http/Firewall/BasicAuthenticationListener.php b/Http/Firewall/BasicAuthenticationListener.php index bfc4abc..11ae8f9 100644 --- a/Http/Firewall/BasicAuthenticationListener.php +++ b/Http/Firewall/BasicAuthenticationListener.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Psr\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; @@ -26,20 +26,20 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; */ class BasicAuthenticationListener implements ListenerInterface { - private $securityContext; + private $tokenStorage; private $authenticationManager; private $providerKey; private $authenticationEntryPoint; private $logger; private $ignoreFailure; - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->authenticationManager = $authenticationManager; $this->providerKey = $providerKey; $this->authenticationEntryPoint = $authenticationEntryPoint; @@ -60,27 +60,27 @@ class BasicAuthenticationListener implements ListenerInterface return; } - if (null !== $token = $this->securityContext->getToken()) { + if (null !== $token = $this->tokenStorage->getToken()) { if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $username) { return; } } if (null !== $this->logger) { - $this->logger->info(sprintf('Basic Authentication Authorization header found for user "%s"', $username)); + $this->logger->info('Basic authentication Authorization header found for user.', array('username' => $username)); } try { $token = $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey)); - $this->securityContext->setToken($token); + $this->tokenStorage->setToken($token); } catch (AuthenticationException $failed) { - $token = $this->securityContext->getToken(); + $token = $this->tokenStorage->getToken(); if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { - $this->securityContext->setToken(null); + $this->tokenStorage->setToken(null); } if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication request failed for user "%s": %s', $username, $failed->getMessage())); + $this->logger->info('Basic authentication failed for user.', array('username' => $username, 'exception' => $failed)); } if ($this->ignoreFailure) { diff --git a/Http/Firewall/ChannelListener.php b/Http/Firewall/ChannelListener.php index 9e4a6ee..637a7f5 100644 --- a/Http/Firewall/ChannelListener.php +++ b/Http/Firewall/ChannelListener.php @@ -44,11 +44,11 @@ class ChannelListener implements ListenerInterface { $request = $event->getRequest(); - list($attributes, $channel) = $this->map->getPatterns($request); + list(, $channel) = $this->map->getPatterns($request); if ('https' === $channel && !$request->isSecure()) { if (null !== $this->logger) { - $this->logger->info('Redirecting to HTTPS'); + $this->logger->info('Redirecting to HTTPS.'); } $response = $this->authenticationEntryPoint->start($request); @@ -60,7 +60,7 @@ class ChannelListener implements ListenerInterface if ('http' === $channel && $request->isSecure()) { if (null !== $this->logger) { - $this->logger->info('Redirecting to HTTP'); + $this->logger->info('Redirecting to HTTP.'); } $response = $this->authenticationEntryPoint->start($request); diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php index 732bbf7..013586c 100644 --- a/Http/Firewall/ContextListener.php +++ b/Http/Firewall/ContextListener.php @@ -16,10 +16,10 @@ use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\Event\FilterResponseEvent; use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\Exception\UnsupportedUserException; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; @@ -32,14 +32,15 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; */ class ContextListener implements ListenerInterface { - private $context; + private $tokenStorage; private $contextKey; + private $sessionKey; private $logger; private $userProviders; private $dispatcher; private $registered; - public function __construct(SecurityContextInterface $context, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) + public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { if (empty($contextKey)) { throw new \InvalidArgumentException('$contextKey must not be empty.'); @@ -51,15 +52,16 @@ class ContextListener implements ListenerInterface } } - $this->context = $context; + $this->tokenStorage = $tokenStorage; $this->userProviders = $userProviders; $this->contextKey = $contextKey; + $this->sessionKey = '_security_'.$contextKey; $this->logger = $logger; $this->dispatcher = $dispatcher; } /** - * Reads the SecurityContext from the session. + * Reads the Security Token from the session. * * @param GetResponseEvent $event A GetResponseEvent instance */ @@ -73,8 +75,8 @@ class ContextListener implements ListenerInterface $request = $event->getRequest(); $session = $request->hasPreviousSession() ? $request->getSession() : null; - if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) { - $this->context->setToken(null); + if (null === $session || null === $token = $session->get($this->sessionKey)) { + $this->tokenStorage->setToken(null); return; } @@ -82,20 +84,20 @@ class ContextListener implements ListenerInterface $token = unserialize($token); if (null !== $this->logger) { - $this->logger->debug('Read SecurityContext from the session'); + $this->logger->debug('Read existing security token from the session.', array('key' => $this->sessionKey)); } if ($token instanceof TokenInterface) { $token = $this->refreshUser($token); } elseif (null !== $token) { if (null !== $this->logger) { - $this->logger->warning(sprintf('Session includes a "%s" where a security token is expected', is_object($token) ? get_class($token) : gettype($token))); + $this->logger->warning('Expected a security token from the session, got something else.', array('key' => $this->sessionKey, 'received' => $token)); } $token = null; } - $this->context->setToken($token); + $this->tokenStorage->setToken($token); } /** @@ -116,10 +118,6 @@ class ContextListener implements ListenerInterface $this->dispatcher->removeListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse')); $this->registered = false; - if (null !== $this->logger) { - $this->logger->debug('Write SecurityContext in the session'); - } - $request = $event->getRequest(); $session = $request->getSession(); @@ -127,12 +125,16 @@ class ContextListener implements ListenerInterface return; } - if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) { + if ((null === $token = $this->tokenStorage->getToken()) || ($token instanceof AnonymousToken)) { if ($request->hasPreviousSession()) { - $session->remove('_security_'.$this->contextKey); + $session->remove($this->sessionKey); } } else { - $session->set('_security_'.$this->contextKey, serialize($token)); + $session->set($this->sessionKey, serialize($token)); + + if (null !== $this->logger) { + $this->logger->debug('Stored the security token in the session.', array('key' => $this->sessionKey)); + } } } @@ -152,17 +154,13 @@ class ContextListener implements ListenerInterface return $token; } - if (null !== $this->logger) { - $this->logger->debug(sprintf('Reloading user from user provider.')); - } - foreach ($this->userProviders as $provider) { try { $refreshedUser = $provider->refreshUser($user); $token->setUser($refreshedUser); if (null !== $this->logger) { - $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $refreshedUser->getUsername())); + $this->logger->debug('User was reloaded from a user provider.', array('username' => $refreshedUser->getUsername(), 'provider' => get_class($provider))); } return $token; @@ -170,7 +168,7 @@ class ContextListener implements ListenerInterface // let's try the next user provider } catch (UsernameNotFoundException $notFound) { if (null !== $this->logger) { - $this->logger->warning(sprintf('Username "%s" could not be found.', $notFound->getUsername())); + $this->logger->warning('Username could not be found in the selected user provider.', array('username' => $notFound->getUsername(), 'provider' => get_class($provider))); } return; diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index 8541fb3..c5aaca3 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -11,12 +11,12 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint; use Psr\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; @@ -31,19 +31,19 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; */ class DigestAuthenticationListener implements ListenerInterface { - private $securityContext; + private $tokenStorage; private $provider; private $providerKey; private $authenticationEntryPoint; private $logger; - public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, $providerKey, DigestAuthenticationEntryPoint $authenticationEntryPoint, LoggerInterface $logger = null) + public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, $providerKey, DigestAuthenticationEntryPoint $authenticationEntryPoint, LoggerInterface $logger = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->provider = $provider; $this->providerKey = $providerKey; $this->authenticationEntryPoint = $authenticationEntryPoint; @@ -67,14 +67,14 @@ class DigestAuthenticationListener implements ListenerInterface $digestAuth = new DigestData($header); - if (null !== $token = $this->securityContext->getToken()) { + if (null !== $token = $this->tokenStorage->getToken()) { if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $digestAuth->getUsername()) { return; } } if (null !== $this->logger) { - $this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header)); + $this->logger->debug('Digest Authorization header received from user agent.', array('header' => $header)); } try { @@ -89,7 +89,7 @@ class DigestAuthenticationListener implements ListenerInterface $user = $this->provider->loadUserByUsername($digestAuth->getUsername()); if (null === $user) { - throw new AuthenticationServiceException('AuthenticationDao returned null, which is an interface contract violation'); + throw new AuthenticationServiceException('Digest User provider returned null, which is an interface contract violation'); } $serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod()); @@ -101,7 +101,7 @@ class DigestAuthenticationListener implements ListenerInterface if ($serverDigestMd5 !== $digestAuth->getResponse()) { if (null !== $this->logger) { - $this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse())); + $this->logger->debug("Unexpected response from the DigestAuth received; is the header returning a clear text passwords?", array('expected' => $serverDigestMd5, 'received' => $digestAuth->getResponse())); } $this->fail($event, $request, new BadCredentialsException('Incorrect response')); @@ -116,21 +116,21 @@ class DigestAuthenticationListener implements ListenerInterface } if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication success for user "%s" with response "%s"', $digestAuth->getUsername(), $digestAuth->getResponse())); + $this->logger->info('Digest authentication successful.', array('username' => $digestAuth->getUsername(), 'received' => $digestAuth->getResponse())); } - $this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey)); + $this->tokenStorage->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey)); } private function fail(GetResponseEvent $event, Request $request, AuthenticationException $authException) { - $token = $this->securityContext->getToken(); + $token = $this->tokenStorage->getToken(); if ($token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey()) { - $this->securityContext->setToken(null); + $this->tokenStorage->setToken(null); } if (null !== $this->logger) { - $this->logger->info($authException); + $this->logger->info('Digest authentication failed.', array('exception' => $authException)); } $event->setResponse($this->authenticationEntryPoint->start($request, $authException)); diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index e52f927..213a837 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -14,8 +14,8 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface; use Symfony\Component\Security\Core\Security; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Security\Core\Exception\AccountStatusException; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -39,7 +39,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; */ class ExceptionListener { - private $context; + private $tokenStorage; private $providerKey; private $accessDeniedHandler; private $authenticationEntryPoint; @@ -48,9 +48,9 @@ class ExceptionListener private $logger; private $httpUtils; - public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) { - $this->context = $context; + $this->tokenStorage = $tokenStorage; $this->accessDeniedHandler = $accessDeniedHandler; $this->httpUtils = $httpUtils; $this->providerKey = $providerKey; @@ -102,7 +102,7 @@ class ExceptionListener private function handleAuthenticationException(GetResponseForExceptionEvent $event, AuthenticationException $exception) { if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); + $this->logger->info('An AuthenticationException was thrown; redirecting to authentication entry point.', array('exception' => $exception)); } try { @@ -116,10 +116,10 @@ class ExceptionListener { $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); - $token = $this->context->getToken(); + $token = $this->tokenStorage->getToken(); if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); + $this->logger->debug('Access denied, the user is not fully authenticated; redirecting to authentication entry point.', array('exception' => $exception)); } try { @@ -135,7 +135,7 @@ class ExceptionListener } if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); + $this->logger->debug('Access denied, the user is neither anonymous, nor remember-me.', array('exception' => $exception)); } try { @@ -153,7 +153,7 @@ class ExceptionListener } } catch (\Exception $e) { if (null !== $this->logger) { - $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); + $this->logger->error('An exception was thrown when handling an AccessDeniedException.', array('exception' => $e)); } $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); @@ -163,7 +163,7 @@ class ExceptionListener private function handleLogoutException(LogoutException $exception) { if (null !== $this->logger) { - $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); + $this->logger->info('A LogoutException was thrown.', array('exception' => $exception)); } } @@ -182,14 +182,18 @@ class ExceptionListener } if (null !== $this->logger) { - $this->logger->debug('Calling Authentication entry point'); + $this->logger->debug('Calling Authentication entry point.'); } $this->setTargetPath($request); if ($authException instanceof AccountStatusException) { // remove the security token to prevent infinite redirect loops - $this->context->setToken(null); + $this->tokenStorage->setToken(null); + + if (null !== $this->logger) { + $this->logger->info('The security token was removed due to an AccountStatusException.', array('exception' => $authException)); + } } return $this->authenticationEntryPoint->start($request, $authException); diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php index 3a45e37..96f5685 100644 --- a/Http/Firewall/LogoutListener.php +++ b/Http/Firewall/LogoutListener.php @@ -16,8 +16,8 @@ use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\GetResponseEvent; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\InvalidArgumentException; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Exception\LogoutException; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; @@ -32,7 +32,7 @@ use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; */ class LogoutListener implements ListenerInterface { - private $securityContext; + private $tokenStorage; private $options; private $handlers; private $successHandler; @@ -42,13 +42,13 @@ class LogoutListener implements ListenerInterface /** * Constructor. * - * @param SecurityContextInterface $securityContext + * @param TokenStorageInterface $tokenStorage * @param HttpUtils $httpUtils An HttpUtilsInterface instance * @param LogoutSuccessHandlerInterface $successHandler A LogoutSuccessHandlerInterface instance * @param array $options An array of options to process a logout attempt * @param CsrfTokenManagerInterface $csrfTokenManager A CsrfTokenManagerInterface instance */ - public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), $csrfTokenManager = null) + public function __construct(TokenStorageInterface $tokenStorage, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), $csrfTokenManager = null) { if ($csrfTokenManager instanceof CsrfProviderInterface) { $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); @@ -56,7 +56,7 @@ class LogoutListener implements ListenerInterface throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); } - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->httpUtils = $httpUtils; $this->options = array_merge(array( 'csrf_parameter' => '_csrf_token', @@ -111,13 +111,13 @@ class LogoutListener implements ListenerInterface } // handle multiple logout attempts gracefully - if ($token = $this->securityContext->getToken()) { + if ($token = $this->tokenStorage->getToken()) { foreach ($this->handlers as $handler) { $handler->logout($request, $response, $token); } } - $this->securityContext->setToken(null); + $this->tokenStorage->setToken(null); $event->setResponse($response); } diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php index 7ec73e7..e34627c 100644 --- a/Http/Firewall/RememberMeListener.php +++ b/Http/Firewall/RememberMeListener.php @@ -14,8 +14,8 @@ namespace Symfony\Component\Security\Http\Firewall; use Psr\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; use Symfony\Component\Security\Http\SecurityEvents; @@ -28,7 +28,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; */ class RememberMeListener implements ListenerInterface { - private $securityContext; + private $tokenStorage; private $rememberMeServices; private $authenticationManager; private $logger; @@ -38,16 +38,16 @@ class RememberMeListener implements ListenerInterface /** * Constructor. * - * @param SecurityContextInterface $securityContext + * @param TokenStorageInterface $tokenStorage * @param RememberMeServicesInterface $rememberMeServices * @param AuthenticationManagerInterface $authenticationManager * @param LoggerInterface $logger * @param EventDispatcherInterface $dispatcher * @param bool $catchExceptions */ - public function __construct(SecurityContextInterface $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true) + public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true) { - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->rememberMeServices = $rememberMeServices; $this->authenticationManager = $authenticationManager; $this->logger = $logger; @@ -62,7 +62,7 @@ class RememberMeListener implements ListenerInterface */ public function handle(GetResponseEvent $event) { - if (null !== $this->securityContext->getToken()) { + if (null !== $this->tokenStorage->getToken()) { return; } @@ -73,7 +73,7 @@ class RememberMeListener implements ListenerInterface try { $token = $this->authenticationManager->authenticate($token); - $this->securityContext->setToken($token); + $this->tokenStorage->setToken($token); if (null !== $this->dispatcher) { $loginEvent = new InteractiveLoginEvent($request, $token); @@ -81,14 +81,14 @@ class RememberMeListener implements ListenerInterface } if (null !== $this->logger) { - $this->logger->debug('SecurityContext populated with remember-me token.'); + $this->logger->debug('Populated the token storage with a remember-me token.'); } } catch (AuthenticationException $failed) { if (null !== $this->logger) { $this->logger->warning( - 'SecurityContext not populated with remember-me token as the' + 'The token storage was not populated with remember-me token as the' .' AuthenticationManager rejected the AuthenticationToken returned' - .' by the RememberMeServices: '.$failed->getMessage() + .' by the RememberMeServices.', array('exception' => $failed) ); } diff --git a/Http/Firewall/RemoteUserAuthenticationListener.php b/Http/Firewall/RemoteUserAuthenticationListener.php index f190a17..c42badf 100644 --- a/Http/Firewall/RemoteUserAuthenticationListener.php +++ b/Http/Firewall/RemoteUserAuthenticationListener.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Psr\Log\LoggerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -28,9 +28,9 @@ class RemoteUserAuthenticationListener extends AbstractPreAuthenticatedListener { private $userKey; - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, $userKey = 'REMOTE_USER', LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, $providerKey, $userKey = 'REMOTE_USER', LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { - parent::__construct($securityContext, $authenticationManager, $providerKey, $logger, $dispatcher); + parent::__construct($tokenStorage, $authenticationManager, $providerKey, $logger, $dispatcher); $this->userKey = $userKey; } diff --git a/Http/Firewall/SimpleFormAuthenticationListener.php b/Http/Firewall/SimpleFormAuthenticationListener.php index 7f27b7f..4733b6a 100644 --- a/Http/Firewall/SimpleFormAuthenticationListener.php +++ b/Http/Firewall/SimpleFormAuthenticationListener.php @@ -23,8 +23,8 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerI use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Security; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Psr\Log\LoggerInterface; @@ -40,7 +40,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener /** * Constructor. * - * @param SecurityContextInterface $securityContext A SecurityContext instance + * @param TokenStorageInterface $tokenStorage A TokenStorageInterface instance * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance * @param SessionAuthenticationStrategyInterface $sessionStrategy * @param HttpUtils $httpUtils An HttpUtilsInterface instance @@ -57,7 +57,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener * @throws \InvalidArgumentException In case no simple authenticator is provided * @throws InvalidArgumentException In case an invalid CSRF token manager is passed */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null) { if (!$simpleAuthenticator) { throw new \InvalidArgumentException('Missing simple authenticator'); @@ -79,7 +79,8 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener 'intention' => 'authenticate', 'post_only' => true, ), $options); - parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher); + + parent::__construct($tokenStorage, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher); } /** diff --git a/Http/Firewall/SimplePreAuthenticationListener.php b/Http/Firewall/SimplePreAuthenticationListener.php index e80cc98..8f1f6fd 100644 --- a/Http/Firewall/SimplePreAuthenticationListener.php +++ b/Http/Firewall/SimplePreAuthenticationListener.php @@ -11,16 +11,19 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Psr\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface; +use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; +use Symfony\Component\Security\Http\SecurityEvents; +use Symfony\Component\EventDispatcher\EventDispatcherInterface; /** * SimplePreAuthenticationListener implements simple proxying to an authenticator. @@ -29,32 +32,35 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerI */ class SimplePreAuthenticationListener implements ListenerInterface { - private $securityContext; + private $tokenStorage; private $authenticationManager; private $providerKey; private $simpleAuthenticator; private $logger; + private $dispatcher; /** * Constructor. * - * @param SecurityContextInterface $securityContext A SecurityContext instance + * @param TokenStorageInterface $tokenStorage A TokenStorageInterface instance * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance * @param string $providerKey * @param SimplePreAuthenticatorInterface $simpleAuthenticator A SimplePreAuthenticatorInterface instance * @param LoggerInterface $logger A LoggerInterface instance + * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, SimplePreAuthenticatorInterface $simpleAuthenticator, LoggerInterface $logger = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, $providerKey, SimplePreAuthenticatorInterface $simpleAuthenticator, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->authenticationManager = $authenticationManager; $this->providerKey = $providerKey; $this->simpleAuthenticator = $simpleAuthenticator; $this->logger = $logger; + $this->dispatcher = $dispatcher; } /** @@ -67,10 +73,10 @@ class SimplePreAuthenticationListener implements ListenerInterface $request = $event->getRequest(); if (null !== $this->logger) { - $this->logger->info(sprintf('Attempting simple pre-authorization %s', $this->providerKey)); + $this->logger->info('Attempting SimplePreAuthentication.', array('key' => $this->providerKey, 'authenticator' => get_class($this->simpleAuthenticator))); } - if (null !== $this->securityContext->getToken() && !$this->securityContext->getToken() instanceof AnonymousToken) { + if (null !== $this->tokenStorage->getToken() && !$this->tokenStorage->getToken() instanceof AnonymousToken) { return; } @@ -83,12 +89,17 @@ class SimplePreAuthenticationListener implements ListenerInterface } $token = $this->authenticationManager->authenticate($token); - $this->securityContext->setToken($token); + $this->tokenStorage->setToken($token); + + if (null !== $this->dispatcher) { + $loginEvent = new InteractiveLoginEvent($request, $token); + $this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent); + } } catch (AuthenticationException $e) { - $this->securityContext->setToken(null); + $this->tokenStorage->setToken(null); if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication request failed: %s', $e->getMessage())); + $this->logger->info('SimplePreAuthentication request failed.', array('exception' => $e, 'authenticator' => get_class($this->simpleAuthenticator))); } if ($this->simpleAuthenticator instanceof AuthenticationFailureHandlerInterface) { diff --git a/Http/Firewall/SwitchUserListener.php b/Http/Firewall/SwitchUserListener.php index b46b1bc..5fc56e7 100644 --- a/Http/Firewall/SwitchUserListener.php +++ b/Http/Firewall/SwitchUserListener.php @@ -12,7 +12,6 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\Security\Core\Exception\AccessDeniedException; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; @@ -23,6 +22,7 @@ use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Role\SwitchUserRole; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Event\SwitchUserEvent; @@ -37,7 +37,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; */ class SwitchUserListener implements ListenerInterface { - private $securityContext; + private $tokenStorage; private $provider; private $userChecker; private $providerKey; @@ -47,16 +47,13 @@ class SwitchUserListener implements ListenerInterface private $logger; private $dispatcher; - /** - * Constructor. - */ - public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, UserCheckerInterface $userChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH', EventDispatcherInterface $dispatcher = null) + public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, UserCheckerInterface $userChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH', EventDispatcherInterface $dispatcher = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } - $this->securityContext = $securityContext; + $this->tokenStorage = $tokenStorage; $this->provider = $provider; $this->userChecker = $userChecker; $this->providerKey = $providerKey; @@ -83,10 +80,10 @@ class SwitchUserListener implements ListenerInterface } if ('_exit' === $request->get($this->usernameParameter)) { - $this->securityContext->setToken($this->attemptExitUser($request)); + $this->tokenStorage->setToken($this->attemptExitUser($request)); } else { try { - $this->securityContext->setToken($this->attemptSwitchUser($request)); + $this->tokenStorage->setToken($this->attemptSwitchUser($request)); } catch (AuthenticationException $e) { throw new \LogicException(sprintf('Switch User failed: "%s"', $e->getMessage())); } @@ -112,7 +109,7 @@ class SwitchUserListener implements ListenerInterface */ private function attemptSwitchUser(Request $request) { - $token = $this->securityContext->getToken(); + $token = $this->tokenStorage->getToken(); $originalToken = $this->getOriginalToken($token); if (false !== $originalToken) { @@ -130,14 +127,14 @@ class SwitchUserListener implements ListenerInterface $username = $request->get($this->usernameParameter); if (null !== $this->logger) { - $this->logger->info(sprintf('Attempt to switch to user "%s"', $username)); + $this->logger->info('Attempting to switch to user.', array('username' => $username)); } $user = $this->provider->loadUserByUsername($username); $this->userChecker->checkPostAuth($user); $roles = $user->getRoles(); - $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->securityContext->getToken()); + $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->tokenStorage->getToken()); $token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles); @@ -160,7 +157,7 @@ class SwitchUserListener implements ListenerInterface */ private function attemptExitUser(Request $request) { - if (false === $original = $this->getOriginalToken($this->securityContext->getToken())) { + if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) { throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.'); } diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index b857fb3..07ab85a 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -22,11 +22,11 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerI use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; use Symfony\Component\Security\Core\Security; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; /** @@ -39,10 +39,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL { private $csrfTokenManager; - /** - * {@inheritdoc} - */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null) { if ($csrfTokenManager instanceof CsrfProviderInterface) { $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); @@ -50,7 +47,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); } - parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array( + parent::__construct($tokenStorage, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array( 'username_parameter' => '_username', 'password_parameter' => '_password', 'csrf_parameter' => '_csrf_token', diff --git a/Http/Firewall/X509AuthenticationListener.php b/Http/Firewall/X509AuthenticationListener.php index 9c07be1..326c9af 100644 --- a/Http/Firewall/X509AuthenticationListener.php +++ b/Http/Firewall/X509AuthenticationListener.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Psr\Log\LoggerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Exception\BadCredentialsException; @@ -28,9 +28,9 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener private $userKey; private $credentialKey; - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, $userKey = 'SSL_CLIENT_S_DN_Email', $credentialKey = 'SSL_CLIENT_S_DN', LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, $providerKey, $userKey = 'SSL_CLIENT_S_DN_Email', $credentialKey = 'SSL_CLIENT_S_DN', LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { - parent::__construct($securityContext, $authenticationManager, $providerKey, $logger, $dispatcher); + parent::__construct($tokenStorage, $authenticationManager, $providerKey, $logger, $dispatcher); $this->userKey = $userKey; $this->credentialKey = $credentialKey; |