symfony-security - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	fixed obsolete getMock() usage	Fabien Potencier	2016-12-19	1	-10/+10
\|
*	checkCredentials() force it to be an affirmative yes!	Ryan Weaver	2015-10-31	1	-1/+36
\|
*	fabbot	Ryan Weaver	2015-09-20	1	-1/+0
\|
*	Adding a new exception and throwing it when the User changes	Ryan Weaver	2015-09-20	1	-2/+3
\| \| \| \| \| \| \| \| \| \| \|	This is quite technical. As you can see in the provider, the method is called sometimes when the User changes, and so the token becomes de-authenticated (e.g. someone else changes the password between requests). In practice, the user should be unauthenticated. Using the anonymous token did this, but throwing an AccountStatusException seems like a better idea. It needs to be an AccountStatusException because the ExceptionListener from the Firewall looks for exceptions of this class and logs the user out when they are found (because this is their purpose).
*	Splitting the getting of the user and checking credentials into two steps	Ryan Weaver	2015-09-20	1	-4/+8
\| \| \| \| \| \| \|	This looks like a subjective change (one more method, but the method implementations are simpler), but it wasn't. The problem was that the UserChecker checkPreAuth should happen after we get the user, but before the credentials are checked, and that wasn't possible before this change. Now it is.
*	Properly handles "post auth" tokens that have become not authenticated	Ryan Weaver	2015-09-20	1	-0/+18
\| \| \| \| \| \| \| \| \| \| \| \| \|	Here is the flow: A) You login using guard and are given a PostAuthGuardToken B) Your user changes between requests - AbstractToken::setUser() and hasUserChanged() - which results in the Token becoming "not authenticated" C) Something calls out to the security system, which then passes the no-longer-authed token back into the AuthenticationProviderManager D) Because the PostauthGuardToken implements GuardTokenInterface, the provider responds to it. But, seeing that this is a no-longer-authed PostAuthGuardToken, it returns an AnonymousToken, which triggers logout
*	Renaming the tokens to be clear they are "post" and "pre" auth - also adding ↵	Ryan Weaver	2015-09-20	1	-6/+6
\| \| \| \| \| \| \| \| \| \| \| \| \|	an interface The reason is that the GuardAuthenticationProvider must respond to all tokens created by the system - both "pre auth" and "post auth" tokens. The reason is that if a "post auth" token becomes not authenticated (e.g. because the user changes between requests), then it may be passed to the provider system. If no providers respond (which was the case before this commit), then AuthenticationProviderManager throws an exception. The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens, which should cause a log out.
*	Initial commit (but after some polished work) of the new Guard ↵	Ryan Weaver	2015-09-20	1	-0/+93
	authentication system