summaryrefslogtreecommitdiffstats
path: root/Guard/Provider/GuardAuthenticationProvider.php
Commit message (Collapse)AuthorAgeFilesLines
* Remove unused importsKonstantin.Myakshin2016-01-211-1/+0
|
* checkCredentials() force it to be an affirmative yes!Ryan Weaver2015-10-311-1/+4
|
* Adding a new exception and throwing it when the User changesRyan Weaver2015-09-201-2/+3
| | | | | | | | | | | This is quite technical. As you can see in the provider, the method is called sometimes when the User changes, and so the token becomes de-authenticated (e.g. someone else changes the password between requests). In practice, the user should be unauthenticated. Using the anonymous token did this, but throwing an AccountStatusException seems like a better idea. It needs to be an AccountStatusException because the ExceptionListener from the Firewall looks for exceptions of this class and logs the user out when they are found (because this is their purpose).
* Tweaks thanks to WouterRyan Weaver2015-09-201-5/+2
|
* Allowing for other authenticators to be checkedRyan Weaver2015-09-201-4/+2
| | | | | If you have 2 firewalls, 2 GuardAuthenticationProviders are still created, so we need to be able to run through both of them.
* meaningless author and license changesRyan Weaver2015-09-201-1/+10
|
* Splitting the getting of the user and checking credentials into two stepsRyan Weaver2015-09-201-3/+14
| | | | | | | This looks like a subjective change (one more method, but the method implementations are simpler), but it wasn't. The problem was that the UserChecker checkPreAuth should happen *after* we get the user, but *before* the credentials are checked, and that wasn't possible before this change. Now it is.
* Adding periods at the end of exceptions, and changing one class name to ↵Ryan Weaver2015-09-201-4/+4
| | | | LogicException thanks to @iltar
* Thanks fabbot!Ryan Weaver2015-09-201-9/+9
|
* Adding an edge case - this should not happen anywaysRyan Weaver2015-09-201-0/+7
|
* Properly handles "post auth" tokens that have become not authenticatedRyan Weaver2015-09-201-0/+13
| | | | | | | | | | | | | Here is the flow: A) You login using guard and are given a PostAuthGuardToken B) Your user changes between requests - AbstractToken::setUser() and hasUserChanged() - which results in the Token becoming "not authenticated" C) Something calls out to the security system, which then passes the no-longer-authed token back into the AuthenticationProviderManager D) Because the PostauthGuardToken implements GuardTokenInterface, the provider responds to it. But, seeing that this is a no-longer-authed PostAuthGuardToken, it returns an AnonymousToken, which triggers logout
* Renaming the tokens to be clear they are "post" and "pre" auth - also adding ↵Ryan Weaver2015-09-201-6/+9
| | | | | | | | | | | | | an interface The reason is that the GuardAuthenticationProvider *must* respond to *all* tokens created by the system - both "pre auth" and "post auth" tokens. The reason is that if a "post auth" token becomes not authenticated (e.g. because the user changes between requests), then it may be passed to the provider system. If no providers respond (which was the case before this commit), then AuthenticationProviderManager throws an exception. The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens, which should cause a log out.
* Initial commit (but after some polished work) of the new Guard ↵Ryan Weaver2015-09-201-0/+106
authentication system
generated by cgit v1.1 at 2025-05-11 16:42:19 +0000