diff options
Diffstat (limited to 'Http')
35 files changed, 343 insertions, 111 deletions
diff --git a/Http/Authentication/AuthenticationFailureHandlerInterface.php b/Http/Authentication/AuthenticationFailureHandlerInterface.php index 5b619bc..d5d0067 100644 --- a/Http/Authentication/AuthenticationFailureHandlerInterface.php +++ b/Http/Authentication/AuthenticationFailureHandlerInterface.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + namespace Symfony\Component\Security\Http\Authentication; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -27,4 +36,4 @@ interface AuthenticationFailureHandlerInterface * @return Response the response to return */ function onAuthenticationFailure(Request $request, AuthenticationException $exception); -}
\ No newline at end of file +} diff --git a/Http/Authentication/AuthenticationSuccessHandlerInterface.php b/Http/Authentication/AuthenticationSuccessHandlerInterface.php index 4cdd976..3d7c561 100644 --- a/Http/Authentication/AuthenticationSuccessHandlerInterface.php +++ b/Http/Authentication/AuthenticationSuccessHandlerInterface.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + namespace Symfony\Component\Security\Http\Authentication; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -27,4 +36,4 @@ interface AuthenticationSuccessHandlerInterface * @return Response the response to return */ function onAuthenticationSuccess(Request $request, TokenInterface $token); -}
\ No newline at end of file +} diff --git a/Http/Authorization/AccessDeniedHandlerInterface.php b/Http/Authorization/AccessDeniedHandlerInterface.php index 42ac266..798e611 100644 --- a/Http/Authorization/AccessDeniedHandlerInterface.php +++ b/Http/Authorization/AccessDeniedHandlerInterface.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + namespace Symfony\Component\Security\Http\Authorization; use Symfony\Component\HttpFoundation\Request; diff --git a/Http/EntryPoint/BasicAuthenticationEntryPoint.php b/Http/EntryPoint/BasicAuthenticationEntryPoint.php index 4f13c90..6ba3872 100644 --- a/Http/EntryPoint/BasicAuthenticationEntryPoint.php +++ b/Http/EntryPoint/BasicAuthenticationEntryPoint.php @@ -34,7 +34,7 @@ class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface { $response = new Response(); $response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName)); - $response->setStatusCode(401, $authException->getMessage()); + $response->setStatusCode(401, $authException ? $authException->getMessage() : null); return $response; } diff --git a/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/Http/EntryPoint/DigestAuthenticationEntryPoint.php index e422cb0..66f1e42 100644 --- a/Http/EntryPoint/DigestAuthenticationEntryPoint.php +++ b/Http/EntryPoint/DigestAuthenticationEntryPoint.php @@ -57,7 +57,7 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac $response = new Response(); $response->headers->set('WWW-Authenticate', $authenticateHeader); - $response->setStatusCode(401, $authException->getMessage()); + $response->setStatusCode(401, $authException ? $authException->getMessage() : null); return $response; } diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php index 12f077f..2170e9e 100644 --- a/Http/EntryPoint/FormAuthenticationEntryPoint.php +++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php @@ -12,10 +12,9 @@ namespace Symfony\Component\Security\Http\EntryPoint; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; +use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\HttpKernel\HttpKernelInterface; /** @@ -28,17 +27,20 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface private $loginPath; private $useForward; private $httpKernel; + private $httpUtils; /** * Constructor * * @param HttpKernelInterface $kernel + * @param HttpUtils $httpUtils An HttpUtils instance * @param string $loginPath The path to the login form * @param Boolean $useForward Whether to forward or redirect to the login form */ - public function __construct(HttpKernelInterface $kernel, $loginPath, $useForward = false) + public function __construct(HttpKernelInterface $kernel, HttpUtils $httpUtils, $loginPath, $useForward = false) { $this->httpKernel = $kernel; + $this->httpUtils = $httpUtils; $this->loginPath = $loginPath; $this->useForward = (Boolean) $useForward; } @@ -49,9 +51,11 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface public function start(Request $request, AuthenticationException $authException = null) { if ($this->useForward) { - return $this->httpKernel->handle(Request::create($this->loginPath), HttpKernelInterface::SUB_REQUEST); + $subRequest = $this->httpUtils->createRequest($request, $this->loginPath); + + return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); } - return new RedirectResponse(0 !== strpos($this->loginPath, 'http') ? $request->getUriForPath($this->loginPath) : $this->loginPath, 302); + return $this->httpUtils->createRedirectResponse($request, $this->loginPath); } } diff --git a/Http/EntryPoint/RetryAuthenticationEntryPoint.php b/Http/EntryPoint/RetryAuthenticationEntryPoint.php index cb549e6..12ba538 100644 --- a/Http/EntryPoint/RetryAuthenticationEntryPoint.php +++ b/Http/EntryPoint/RetryAuthenticationEntryPoint.php @@ -40,7 +40,7 @@ class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface $scheme = $request->isSecure() ? 'http' : 'https'; if ('http' === $scheme && 80 != $this->httpPort) { $port = ':'.$this->httpPort; - } elseif ('https' === $scheme && 443 != $this->httpPort) { + } elseif ('https' === $scheme && 443 != $this->httpsPort) { $port = ':'.$this->httpsPort; } else { $port = ''; diff --git a/Http/Event/InteractiveLoginEvent.php b/Http/Event/InteractiveLoginEvent.php index 1d16cb6..f242501 100644 --- a/Http/Event/InteractiveLoginEvent.php +++ b/Http/Event/InteractiveLoginEvent.php @@ -36,4 +36,4 @@ class InteractiveLoginEvent extends Event { return $this->authenticationToken; } -}
\ No newline at end of file +} diff --git a/Http/Event/SwitchUserEvent.php b/Http/Event/SwitchUserEvent.php index 03ca003..4a7dcaf 100644 --- a/Http/Event/SwitchUserEvent.php +++ b/Http/Event/SwitchUserEvent.php @@ -36,4 +36,4 @@ class SwitchUserEvent extends Event { return $this->targetUser; } -}
\ No newline at end of file +} diff --git a/Http/Firewall.php b/Http/Firewall.php index 774303d..9d05f86 100644 --- a/Http/Firewall.php +++ b/Http/Firewall.php @@ -30,7 +30,6 @@ class Firewall { private $map; private $dispatcher; - private $currentListeners; /** * Constructor. @@ -42,7 +41,6 @@ class Firewall { $this->map = $map; $this->dispatcher = $dispatcher; - $this->currentListeners = array(); } /** @@ -50,7 +48,7 @@ class Firewall * * @param GetResponseEvent $event An GetResponseEvent instance */ - public function onCoreRequest(GetResponseEvent $event) + public function onKernelRequest(GetResponseEvent $event) { if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { return; diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 2b2db40..f5969d8 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -18,17 +18,17 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\Exception\SessionUnavailableException; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\HttpKernelInterface; -use Symfony\Component\HttpKernel\Events as KernelEvents; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; -use Symfony\Component\Security\Http\Events; +use Symfony\Component\Security\Http\SecurityEvents; +use Symfony\Component\Security\Http\HttpUtils; /** * The AbstractAuthenticationListener is the preferred base class for all @@ -59,17 +59,24 @@ abstract class AbstractAuthenticationListener implements ListenerInterface private $successHandler; private $failureHandler; private $rememberMeServices; + private $httpUtils; /** * Constructor. * - * @param SecurityContextInterface $securityContext A SecurityContext instance - * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance - * @param array $options An array of options for the processing of a successful, or failed authentication attempt - * @param LoggerInterface $logger A LoggerInterface instance - * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance + * @param SecurityContextInterface $securityContext A SecurityContext instance + * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance + * @param SessionAuthenticationStrategyInterface $sessionStrategy + * @param HttpUtils $httpUtils An HttpUtilsInterface instance + * @param string $providerKey + * @param array $options An array of options for the processing of a + * successful, or failed authentication attempt + * @param AuthenticationSuccessHandlerInterface $successHandler + * @param AuthenticationFailureHandlerInterface $failureHandler + * @param LoggerInterface $logger A LoggerInterface instance + * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) + public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); @@ -93,6 +100,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface ), $options); $this->logger = $logger; $this->dispatcher = $dispatcher; + $this->httpUtils = $httpUtils; } /** @@ -118,7 +126,15 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return; } + if (!$request->hasSession()) { + throw new \RuntimeException('This authentication method requires a session.'); + } + try { + if (!$request->hasPreviousSession()) { + throw new SessionUnavailableException('Your session has timed-out, or you have disabled cookies.'); + } + if (null === $returnValue = $this->attemptAuthentication($request)) { return; } @@ -152,7 +168,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface */ protected function requiresAuthentication(Request $request) { - return $this->options['check_path'] === $request->getPathInfo(); + return $this->httpUtils->checkRequestPath($request, $this->options['check_path']); } /** @@ -169,7 +185,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface private function onFailure(GetResponseEvent $event, Request $request, AuthenticationException $failed) { if (null !== $this->logger) { - $this->logger->debug(sprintf('Authentication request failed: %s', $failed->getMessage())); + $this->logger->info(sprintf('Authentication request failed: %s', $failed->getMessage())); } $this->securityContext->setToken(null); @@ -187,7 +203,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path'])); } - $subRequest = Request::create($this->options['failure_path']); + $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']); $subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed); return $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST); @@ -199,13 +215,13 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed); - return new RedirectResponse(0 !== strpos($this->options['failure_path'], 'http') ? $request->getUriForPath($this->options['failure_path']) : $this->options['failure_path'], 302); + return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']); } private function onSuccess(GetResponseEvent $event, Request $request, TokenInterface $token) { if (null !== $this->logger) { - $this->logger->debug('User has been authenticated successfully'); + $this->logger->info(sprintf('User "%s" has been authenticated successfully', $token->getUsername())); } $this->securityContext->setToken($token); @@ -216,14 +232,13 @@ abstract class AbstractAuthenticationListener implements ListenerInterface if (null !== $this->dispatcher) { $loginEvent = new InteractiveLoginEvent($request, $token); - $this->dispatcher->dispatch(Events::onSecurityInteractiveLogin, $loginEvent); + $this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent); } if (null !== $this->successHandler) { $response = $this->successHandler->onAuthenticationSuccess($request, $token); } else { - $path = $this->determineTargetUrl($request); - $response = new RedirectResponse(0 !== strpos($path, 'http') ? $request->getUriForPath($path) : $path, 302); + $response = $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request)); } if (null !== $this->rememberMeServices) { diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php index 88faa27..66d0ea1 100644 --- a/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -16,9 +16,8 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterfac use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; -use Symfony\Component\Security\Http\Events; +use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\Events as KernelEvents; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\EventDispatcher\EventDispatcherInterface; @@ -76,19 +75,19 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface $token = $this->authenticationManager->authenticate(new PreAuthenticatedToken($user, $credentials, $this->providerKey)); if (null !== $this->logger) { - $this->logger->debug(sprintf('Authentication success: %s', $token)); + $this->logger->info(sprintf('Authentication success: %s', $token)); } $this->securityContext->setToken($token); if (null !== $this->dispatcher) { $loginEvent = new InteractiveLoginEvent($request, $token); - $this->dispatcher->dispatch(Events::onSecurityInteractiveLogin, $loginEvent); + $this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent); } } catch (AuthenticationException $failed) { $this->securityContext->setToken(null); if (null !== $this->logger) { - $this->logger->debug(sprintf("Cleared security context due to exception: %s", $failed->getMessage())); + $this->logger->info(sprintf("Cleared security context due to exception: %s", $failed->getMessage())); } } } diff --git a/Http/Firewall/AccessListener.php b/Http/Firewall/AccessListener.php index bbcd932..877b6c3 100644 --- a/Http/Firewall/AccessListener.php +++ b/Http/Firewall/AccessListener.php @@ -11,13 +11,12 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Security\Core\SecurityContext; +use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\Security\Http\AccessMap; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\Events; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Exception\AccessDeniedException; @@ -34,7 +33,7 @@ class AccessListener implements ListenerInterface private $authManager; private $logger; - public function __construct(SecurityContext $context, AccessDecisionManagerInterface $accessDecisionManager, AccessMap $map, AuthenticationManagerInterface $authManager, LoggerInterface $logger = null) + public function __construct(SecurityContextInterface $context, AccessDecisionManagerInterface $accessDecisionManager, AccessMap $map, AuthenticationManagerInterface $authManager, LoggerInterface $logger = null) { $this->context = $context; $this->accessDecisionManager = $accessDecisionManager; diff --git a/Http/Firewall/AnonymousAuthenticationListener.php b/Http/Firewall/AnonymousAuthenticationListener.php index 36cf878..d00865d 100644 --- a/Http/Firewall/AnonymousAuthenticationListener.php +++ b/Http/Firewall/AnonymousAuthenticationListener.php @@ -14,7 +14,6 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\Events; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; /** @@ -50,7 +49,7 @@ class AnonymousAuthenticationListener implements ListenerInterface $this->context->setToken(new AnonymousToken($this->key, 'anon.', array())); if (null !== $this->logger) { - $this->logger->debug(sprintf('Populated SecurityContext with an anonymous Token')); + $this->logger->info(sprintf('Populated SecurityContext with an anonymous Token')); } } } diff --git a/Http/Firewall/BasicAuthenticationListener.php b/Http/Firewall/BasicAuthenticationListener.php index d35d8d5..9669853 100644 --- a/Http/Firewall/BasicAuthenticationListener.php +++ b/Http/Firewall/BasicAuthenticationListener.php @@ -16,7 +16,6 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterfac use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\Events; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -68,7 +67,7 @@ class BasicAuthenticationListener implements ListenerInterface } if (null !== $this->logger) { - $this->logger->debug(sprintf('Basic Authentication Authorization header found for user "%s"', $username)); + $this->logger->info(sprintf('Basic Authentication Authorization header found for user "%s"', $username)); } try { @@ -78,7 +77,7 @@ class BasicAuthenticationListener implements ListenerInterface $this->securityContext->setToken(null); if (null !== $this->logger) { - $this->logger->debug(sprintf('Authentication request failed: %s', $failed->getMessage())); + $this->logger->info(sprintf('Authentication request failed for user "%s": %s', $username, $failed->getMessage())); } if ($this->ignoreFailure) { diff --git a/Http/Firewall/ChannelListener.php b/Http/Firewall/ChannelListener.php index 1677a02..847753f 100644 --- a/Http/Firewall/ChannelListener.php +++ b/Http/Firewall/ChannelListener.php @@ -15,7 +15,6 @@ use Symfony\Component\Security\Http\AccessMap; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\Events; /** * ChannelListener switches the HTTP protocol based on the access control @@ -49,7 +48,7 @@ class ChannelListener implements ListenerInterface if ('https' === $channel && !$request->isSecure()) { if (null !== $this->logger) { - $this->logger->debug('Redirecting to HTTPS'); + $this->logger->info('Redirecting to HTTPS'); } $response = $this->authenticationEntryPoint->start($request); @@ -61,7 +60,7 @@ class ChannelListener implements ListenerInterface if ('http' === $channel && $request->isSecure()) { if (null !== $this->logger) { - $this->logger->debug('Redirecting to HTTP'); + $this->logger->info('Redirecting to HTTP'); } $response = $this->authenticationEntryPoint->start($request); diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php index 331a1e3..6fb77e9 100644 --- a/Http/Firewall/ContextListener.php +++ b/Http/Firewall/ContextListener.php @@ -16,7 +16,7 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\Event\FilterResponseEvent; -use Symfony\Component\HttpKernel\Events; +use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; @@ -47,9 +47,10 @@ class ContextListener implements ListenerInterface $this->context = $context; $this->userProviders = $userProviders; $this->contextKey = $contextKey; + $this->logger = $logger; if (null !== $dispatcher) { - $dispatcher->addListener(Events::onCoreResponse, $this); + $dispatcher->addListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse')); } } @@ -86,7 +87,7 @@ class ContextListener implements ListenerInterface * * @param FilterResponseEvent $event A FilterResponseEvent instance */ - public function onCoreResponse(FilterResponseEvent $event) + public function onKernelResponse(FilterResponseEvent $event) { if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { return; @@ -127,7 +128,7 @@ class ContextListener implements ListenerInterface foreach ($this->userProviders as $provider) { try { - $token->setUser($provider->loadUser($user)); + $token->setUser($provider->refreshUser($user)); if (null !== $this->logger) { $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user->getUsername())); @@ -138,7 +139,7 @@ class ContextListener implements ListenerInterface // let's try the next user provider } catch (UsernameNotFoundException $notFound) { if (null !== $this->logger) { - $this->logger->debug(sprintf('Username "%s" could not be found.', $user->getUsername())); + $this->logger->warn(sprintf('Username "%s" could not be found.', $user->getUsername())); } return null; diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index 867899e..5c529da 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -16,7 +16,6 @@ use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\Events; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; @@ -115,7 +114,7 @@ class DigestAuthenticationListener implements ListenerInterface } if (null !== $this->logger) { - $this->logger->debug(sprintf('Authentication success for user "%s" with response "%s"', $digestAuth->getUsername(), $digestAuth->getResponse())); + $this->logger->info(sprintf('Authentication success for user "%s" with response "%s"', $digestAuth->getUsername(), $digestAuth->getResponse())); } $this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey)); @@ -126,7 +125,7 @@ class DigestAuthenticationListener implements ListenerInterface $this->securityContext->setToken(null); if (null !== $this->logger) { - $this->logger->debug($authException); + $this->logger->info($authException); } $event->setResponse($this->authenticationEntryPoint->start($request, $authException)); diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 4840a63..46ffde8 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -16,15 +16,17 @@ use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; -use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\AccessDeniedException; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; use Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException; +use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\HttpKernelInterface; -use Symfony\Component\HttpKernel\Events; +use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\EventDispatcher\EventDispatcherInterface; /** @@ -41,11 +43,13 @@ class ExceptionListener private $authenticationTrustResolver; private $errorPage; private $logger; + private $httpUtils; - public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) + public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) { $this->context = $context; $this->accessDeniedHandler = $accessDeniedHandler; + $this->httpUtils = $httpUtils; $this->authenticationEntryPoint = $authenticationEntryPoint; $this->authenticationTrustResolver = $trustResolver; $this->errorPage = $errorPage; @@ -53,13 +57,13 @@ class ExceptionListener } /** - * Registers a onCoreException listener to take care of security exceptions. + * Registers a onKernelException listener to take care of security exceptions. * * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance */ public function register(EventDispatcherInterface $dispatcher) { - $dispatcher->addListener(Events::onCoreException, $this); + $dispatcher->addListener(KernelEvents::EXCEPTION, array($this, 'onKernelException')); } /** @@ -67,11 +71,16 @@ class ExceptionListener * * @param GetResponseForExceptionEvent $event An GetResponseForExceptionEvent instance */ - public function onCoreException(GetResponseForExceptionEvent $event) + public function onKernelException(GetResponseForExceptionEvent $event) { $exception = $event->getException(); $request = $event->getRequest(); + // determine the actual cause for the exception + while (null !== $previous = $exception->getPrevious()) { + $exception = $previous; + } + if ($exception instanceof AuthenticationException) { if (null !== $this->logger) { $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); @@ -88,7 +97,7 @@ class ExceptionListener $token = $this->context->getToken(); if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { - $this->logger->info('Access denied (user is not fully authenticated); redirecting to authentication entry point'); + $this->logger->debug('Access denied (user is not fully authenticated); redirecting to authentication entry point'); } try { @@ -100,7 +109,7 @@ class ExceptionListener } } else { if (null !== $this->logger) { - $this->logger->info('Access is denied (and user is neither anonymous, nor remember-me)'); + $this->logger->debug('Access is denied (and user is neither anonymous, nor remember-me)'); } try { @@ -110,16 +119,16 @@ class ExceptionListener if (!$response instanceof Response) { return; } - } else { - if (null === $this->errorPage) { - return; - } - - $subRequest = Request::create($this->errorPage); + } elseif (null !== $this->errorPage) { + $subRequest = $this->httpUtils->createRequest($request, $this->errorPage); $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true); $response->setStatusCode(403); + } else { + $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); + + return; } } catch (\Exception $e) { if (null !== $this->logger) { @@ -140,8 +149,6 @@ class ExceptionListener private function startAuthentication(Request $request, AuthenticationException $authException) { - $this->context->setToken(null); - if (null === $this->authenticationEntryPoint) { throw $authException; } diff --git a/Http/Firewall/ListenerInterface.php b/Http/Firewall/ListenerInterface.php index 9d5084e..822f641 100644 --- a/Http/Firewall/ListenerInterface.php +++ b/Http/Firewall/ListenerInterface.php @@ -27,4 +27,4 @@ interface ListenerInterface * @param GetResponseEvent $event */ function handle(GetResponseEvent $event); -}
\ No newline at end of file +} diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php index 8ff9c8b..06454a3 100644 --- a/Http/Firewall/LogoutListener.php +++ b/Http/Firewall/LogoutListener.php @@ -15,10 +15,10 @@ use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface; use Symfony\Component\Security\Core\SecurityContextInterface; +use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\Events; /** * LogoutListener logout users. @@ -32,18 +32,21 @@ class LogoutListener implements ListenerInterface private $targetUrl; private $handlers; private $successHandler; + private $httpUtils; /** * Constructor * * @param SecurityContextInterface $securityContext - * @param string $logoutPath The path that starts the logout process - * @param string $targetUrl The URL to redirect to after logout + * @param HttpUtils $httpUtils An HttpUtilsInterface instance + * @param string $logoutPath The path that starts the logout process + * @param string $targetUrl The URL to redirect to after logout * @param LogoutSuccessHandlerInterface $successHandler */ - public function __construct(SecurityContextInterface $securityContext, $logoutPath, $targetUrl = '/', LogoutSuccessHandlerInterface $successHandler = null) + public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, $logoutPath, $targetUrl = '/', LogoutSuccessHandlerInterface $successHandler = null) { $this->securityContext = $securityContext; + $this->httpUtils = $httpUtils; $this->logoutPath = $logoutPath; $this->targetUrl = $targetUrl; $this->successHandler = $successHandler; @@ -70,7 +73,7 @@ class LogoutListener implements ListenerInterface { $request = $event->getRequest(); - if ($this->logoutPath !== $request->getPathInfo()) { + if (!$this->httpUtils->checkRequestPath($request, $this->logoutPath)) { return; } @@ -81,7 +84,7 @@ class LogoutListener implements ListenerInterface throw new \RuntimeException('Logout Success Handler did not return a Response.'); } } else { - $response = new RedirectResponse(0 !== strpos($this->targetUrl, 'http') ? $request->getUriForPath($this->targetUrl) : $this->targetUrl, 302); + $response = $this->httpUtils->createRedirectResponse($request, $this->targetUrl); } // handle multiple logout attempts gracefully diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php index 10ed8c6..0b3bc78 100644 --- a/Http/Firewall/RememberMeListener.php +++ b/Http/Firewall/RememberMeListener.php @@ -6,7 +6,6 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\Event\FilterResponseEvent; -use Symfony\Component\HttpKernel\Events as KernelEvents; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; @@ -15,7 +14,7 @@ use Symfony\Component\Security\Core\Exception\CookieTheftException; use Symfony\Component\Security\Core\SecurityContext; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; -use Symfony\Component\Security\Http\Events; +use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\EventDispatcher\EventDispatcherInterface; /* @@ -80,7 +79,7 @@ class RememberMeListener implements ListenerInterface if (null !== $this->dispatcher) { $loginEvent = new InteractiveLoginEvent($request, $token); - $this->dispatcher->dispatch(Events::onSecurityInteractiveLogin, $loginEvent); + $this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent); } if (null !== $this->logger) { @@ -88,7 +87,7 @@ class RememberMeListener implements ListenerInterface } } catch (AuthenticationException $failed) { if (null !== $this->logger) { - $this->logger->debug( + $this->logger->warn( 'SecurityContext not populated with remember-me token as the' .' AuthenticationManager rejected the AuthenticationToken returned' .' by the RememberMeServices: '.$failed->getMessage() @@ -98,4 +97,4 @@ class RememberMeListener implements ListenerInterface $this->rememberMeServices->loginFail($request); } } -}
\ No newline at end of file +} diff --git a/Http/Firewall/SwitchUserListener.php b/Http/Firewall/SwitchUserListener.php index 0977cb1..8e45508 100644 --- a/Http/Firewall/SwitchUserListener.php +++ b/Http/Firewall/SwitchUserListener.php @@ -27,7 +27,7 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Event\SwitchUserEvent; -use Symfony\Component\Security\Http\Events; +use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\EventDispatcher\EventDispatcherInterface; /** @@ -88,7 +88,7 @@ class SwitchUserListener implements ListenerInterface $this->securityContext->setToken($this->attemptSwitchUser($request)); } catch (AuthenticationException $e) { if (null !== $this->logger) { - $this->logger->debug(sprintf('Switch User failed: "%s"', $e->getMessage())); + $this->logger->warn(sprintf('Switch User failed: "%s"', $e->getMessage())); } } } @@ -120,7 +120,7 @@ class SwitchUserListener implements ListenerInterface $username = $request->get($this->usernameParameter); if (null !== $this->logger) { - $this->logger->debug(sprintf('Attempt to switch to user "%s"', $username)); + $this->logger->info(sprintf('Attempt to switch to user "%s"', $username)); } $user = $this->provider->loadUserByUsername($username); @@ -133,7 +133,7 @@ class SwitchUserListener implements ListenerInterface if (null !== $this->dispatcher) { $switchEvent = new SwitchUserEvent($request, $token->getUser()); - $this->dispatcher->dispatch(Events::onSecuritySwitchUser, $switchEvent); + $this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent); } return $token; @@ -154,7 +154,7 @@ class SwitchUserListener implements ListenerInterface if (null !== $this->dispatcher) { $switchEvent = new SwitchUserEvent($request, $original->getUser()); - $this->dispatcher->dispatch(Events::onSecuritySwitchUser, $switchEvent); + $this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent); } return $original; diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 4ad456c..bd2cec1 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -17,6 +17,7 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; +use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; @@ -36,13 +37,13 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL /** * {@inheritdoc} */ - public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null) + public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null) { - parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $providerKey, array_merge(array( + parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, array_merge(array( 'username_parameter' => '_username', 'password_parameter' => '_password', 'csrf_parameter' => '_csrf_token', - 'csrf_page_id' => 'form_login', + 'intention' => 'authenticate', 'post_only' => true, ), $options), $successHandler, $failureHandler, $logger, $dispatcher); @@ -63,9 +64,9 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL } if (null !== $this->csrfProvider) { - $csrfToken = $request->get($this->options['csrf_parameter']); + $csrfToken = $request->get($this->options['csrf_parameter'], null, true); - if (false === $this->csrfProvider->isCsrfTokenValid($this->options['csrf_page_id'], $csrfToken)) { + if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } @@ -77,4 +78,4 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey)); } -}
\ No newline at end of file +} diff --git a/Http/FirewallMapInterface.php b/Http/FirewallMapInterface.php index 575b96f..99bac06 100644 --- a/Http/FirewallMapInterface.php +++ b/Http/FirewallMapInterface.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + namespace Symfony\Component\Security\Http; use Symfony\Component\HttpFoundation\Request; @@ -25,4 +34,4 @@ interface FirewallMapInterface * @return array of the format array(array(AuthenticationListener), ExceptionListener) */ function getListeners(Request $request); -}
\ No newline at end of file +} diff --git a/Http/HttpUtils.php b/Http/HttpUtils.php new file mode 100644 index 0000000..a293538 --- /dev/null +++ b/Http/HttpUtils.php @@ -0,0 +1,145 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http; + +use Symfony\Component\Security\Core\SecurityContextInterface; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RedirectResponse; +use Symfony\Component\Routing\RouterInterface; + +/** + * Encapsulates the logic needed to create sub-requests, redirect the user, and match URLs. + * + * @author Fabien Potencier <fabien@symfony.com> + */ +class HttpUtils +{ + private $router; + + /** + * Constructor. + * + * @param RouterInterface $router An RouterInterface instance + */ + public function __construct(RouterInterface $router = null) + { + $this->router = $router; + } + + /** + * Creates a redirect Response. + * + * @param Request $request A Request instance + * @param string $path A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo)) + * @param integer $status The status code + * + * @return Response A RedirectResponse instance + */ + public function createRedirectResponse(Request $request, $path, $status = 302) + { + if ('/' === $path[0]) { + $path = $request->getUriForPath($path); + } elseif (0 !== strpos($path, 'http')) { + $this->resetLocale($request); + $path = $this->generateUrl($path, true); + } + + return new RedirectResponse($path, $status); + } + + /** + * Creates a Request. + * + * @param Request $request The current Request instance + * @param string $path A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo)) + * + * @return Request A Request instance + */ + public function createRequest(Request $request, $path) + { + if ($path && '/' !== $path[0] && 0 !== strpos($path, 'http')) { + $this->resetLocale($request); + $path = $this->generateUrl($path, true); + } + + $newRequest = Request::create($path, 'get', array(), $request->cookies->all(), array(), $request->server->all()); + if ($session = $request->getSession()) { + $newRequest->setSession($session); + } + + if ($request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) { + $newRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $request->attributes->get(SecurityContextInterface::AUTHENTICATION_ERROR)); + } + if ($request->attributes->has(SecurityContextInterface::ACCESS_DENIED_ERROR)) { + $newRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $request->attributes->get(SecurityContextInterface::ACCESS_DENIED_ERROR)); + } + if ($request->attributes->has(SecurityContextInterface::LAST_USERNAME)) { + $newRequest->attributes->set(SecurityContextInterface::LAST_USERNAME, $request->attributes->get(SecurityContextInterface::LAST_USERNAME)); + } + + return $newRequest; + } + + /** + * Checks that a given path matches the Request. + * + * @param Request $request A Request instance + * @param string $path A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo)) + * + * @return Boolean true if the path is the same as the one from the Request, false otherwise + */ + public function checkRequestPath(Request $request, $path) + { + if ('/' !== $path[0]) { + try { + $parameters = $this->router->match($request->getPathInfo()); + + return $path === $parameters['_route']; + } catch (\Exception $e) { + return false; + } + } + + return $path === $request->getPathInfo(); + } + + // hack (don't have a better solution for now) + private function resetLocale(Request $request) + { + $context = $this->router->getContext(); + if ($context->getParameter('_locale')) { + return; + } + + try { + $parameters = $this->router->match($request->getPathInfo()); + + if (isset($parameters['_locale'])) { + $context->setParameter('_locale', $parameters['_locale']); + } elseif ($session = $request->getSession()) { + $context->setParameter('_locale', $session->getLocale()); + } + } catch (\Exception $e) { + // let's hope user doesn't use the locale in the path + } + } + + private function generateUrl($route, $absolute = false) + { + if (null === $this->router) { + throw new \LogicException('You must provide a RouterInterface instance to be able to use routes.'); + } + + return $this->router->generate($route, array(), $absolute); + } +} diff --git a/Http/Logout/LogoutHandlerInterface.php b/Http/Logout/LogoutHandlerInterface.php index e3f0995..6d5c519 100644 --- a/Http/Logout/LogoutHandlerInterface.php +++ b/Http/Logout/LogoutHandlerInterface.php @@ -33,4 +33,4 @@ interface LogoutHandlerInterface * @return void */ function logout(Request $request, Response $response, TokenInterface $token); -}
\ No newline at end of file +} diff --git a/Http/Logout/LogoutSuccessHandlerInterface.php b/Http/Logout/LogoutSuccessHandlerInterface.php index e3e80bc..5592771 100644 --- a/Http/Logout/LogoutSuccessHandlerInterface.php +++ b/Http/Logout/LogoutSuccessHandlerInterface.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + namespace Symfony\Component\Security\Http\Logout; use Symfony\Component\HttpFoundation\Request; @@ -25,4 +34,4 @@ interface LogoutSuccessHandlerInterface * @return Response never null */ function onLogoutSuccess(Request $request); -}
\ No newline at end of file +} diff --git a/Http/Logout/SessionLogoutHandler.php b/Http/Logout/SessionLogoutHandler.php index bfb5ecd..9fd49d1 100644 --- a/Http/Logout/SessionLogoutHandler.php +++ b/Http/Logout/SessionLogoutHandler.php @@ -34,4 +34,4 @@ class SessionLogoutHandler implements LogoutHandlerInterface { $request->getSession()->invalidate(); } -}
\ No newline at end of file +} diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php index a7c63ef..2118a86 100644 --- a/Http/RememberMe/AbstractRememberMeServices.php +++ b/Http/RememberMe/AbstractRememberMeServices.php @@ -112,7 +112,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface } if (null !== $this->logger) { - $this->logger->debug('Remember-me cookie accepted.'); + $this->logger->info('Remember-me cookie accepted.'); } return new RememberMeToken($user, $this->providerKey, $this->key); @@ -122,11 +122,11 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface throw $theft; } catch (UsernameNotFoundException $notFound) { if (null !== $this->logger) { - $this->logger->debug('User for remember-me cookie not found.'); + $this->logger->info('User for remember-me cookie not found.'); } } catch (UnsupportedUserException $unSupported) { if (null !== $this->logger) { - $this->logger->debug('User class for remember-me cookie not supported.'); + $this->logger->warn('User class for remember-me cookie not supported.'); } } catch (AuthenticationException $invalid) { if (null !== $this->logger) { @@ -285,7 +285,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface return true; } - $parameter = $request->request->get($this->options['remember_me_parameter']); + $parameter = $request->request->get($this->options['remember_me_parameter'], null, true); if ($parameter === null && null !== $this->logger) { $this->logger->debug(sprintf('Did not send remember-me cookie (remember-me parameter "%s" was not sent).', $this->options['remember_me_parameter'])); diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php index f2a0249..eb622a4 100644 --- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -150,4 +150,4 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices return base64_encode(hash('sha512', uniqid(mt_rand(), true), true)); } -}
\ No newline at end of file +} diff --git a/Http/RememberMe/RememberMeServicesInterface.php b/Http/RememberMe/RememberMeServicesInterface.php index 5c56c18..c6b0ada 100644 --- a/Http/RememberMe/RememberMeServicesInterface.php +++ b/Http/RememberMe/RememberMeServicesInterface.php @@ -80,4 +80,4 @@ interface RememberMeServicesInterface * @return void */ function loginSuccess(Request $request, Response $response, TokenInterface $token); -}
\ No newline at end of file +} diff --git a/Http/Events.php b/Http/SecurityEvents.php index c0aa65d..a6c4e42 100644 --- a/Http/Events.php +++ b/Http/SecurityEvents.php @@ -11,9 +11,9 @@ namespace Symfony\Component\Security\Http; -final class Events +final class SecurityEvents { - const onSecurityInteractiveLogin = 'onSecurityInteractiveLogin'; + const INTERACTIVE_LOGIN = 'security.interactive_login'; - const onSecuritySwitchUser = 'onSecuritySwitchUser'; -}
\ No newline at end of file + const SWITCH_USER = 'security.switch_user'; +} diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php index dea34be..7e0c20a 100644 --- a/Http/Session/SessionAuthenticationStrategy.php +++ b/Http/Session/SessionAuthenticationStrategy.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + namespace Symfony\Component\Security\Http\Session; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -39,14 +48,16 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte case self::MIGRATE: $request->getSession()->migrate(); + return; case self::INVALIDATE: $request->getSession()->invalidate(); + return; default: throw new \RuntimeException(sprintf('Invalid session authentication strategy "%s"', $this->strategy)); } } -}
\ No newline at end of file +} diff --git a/Http/Session/SessionAuthenticationStrategyInterface.php b/Http/Session/SessionAuthenticationStrategyInterface.php index b248fd7..54924ac 100644 --- a/Http/Session/SessionAuthenticationStrategyInterface.php +++ b/Http/Session/SessionAuthenticationStrategyInterface.php @@ -1,5 +1,14 @@ <?php +/* + * This file is part of the Symfony framework. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + namespace Symfony\Component\Security\Http\Session; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -27,4 +36,4 @@ interface SessionAuthenticationStrategyInterface * @return void */ function onAuthentication(Request $request, TokenInterface $token); -}
\ No newline at end of file +} |