symfony/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php

<?php

/*
 * This file is part of the Symfony package.
 *
 * (c) Fabien Potencier <fabien@symfony.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Symfony\Component\Security\Guard\Token;

use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
use Symfony\Component\Security\Core\Role\RoleInterface;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * Used as an "authenticated" token, though it could be set to not-authenticated later.
 *
 * If you're using Guard authentication, you *must* use a class that implements
 * GuardTokenInterface as your authenticated token (like this class).
 *
 * @author Ryan Weaver <ryan@knpuniversity.com>n@gmail.com>
 */
class PostAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface
{
    private $providerKey;

    /**
     * @param UserInterface            $user        The user!
     * @param string                   $providerKey The provider (firewall) key
     * @param RoleInterface[]|string[] $roles       An array of roles
     *
     * @throws \InvalidArgumentException
     */
    public function __construct(UserInterface $user, $providerKey, array $roles)
    {
        parent::__construct($roles);

        if (empty($providerKey)) {
            throw new \InvalidArgumentException('$providerKey (i.e. firewall key) must not be empty.');
        }

        $this->setUser($user);
        $this->providerKey = $providerKey;

        // this token is meant to be used after authentication success, so it is always authenticated
        // you could set it as non authenticated later if you need to
        parent::setAuthenticated(true);
    }

    /**
     * This is meant to be only an authenticated token, where credentials
     * have already been used and are thus cleared.
     *
     * {@inheritdoc}
     */
    public function getCredentials()
    {
        return array();
    }

    /**
     * Returns the provider (firewall) key.
     *
     * @return string
     */
    public function getProviderKey()
    {
        return $this->providerKey;
    }

    /**
     * {@inheritdoc}
     */
    public function serialize()
    {
        return serialize(array($this->providerKey, parent::serialize()));
    }

    /**
     * {@inheritdoc}
     */
    public function unserialize($serialized)
    {
        list($this->providerKey, $parentStr) = unserialize($serialized);
        parent::unserialize($parentStr);
    }
}
Initial commit (but after some polished work) of the new Guard authentication system 2015-05-17 19:39:26 +01:00			`<?php`

meaningless author and license changes 2015-09-21 00:37:42 +01:00			`/*`
			`* This file is part of the Symfony package.`
			`*`
			`* (c) Fabien Potencier <fabien@symfony.com>`
			`*`
			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
			`*/`

Initial commit (but after some polished work) of the new Guard authentication system 2015-05-17 19:39:26 +01:00			`namespace Symfony\Component\Security\Guard\Token;`

			`use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;`
			`use Symfony\Component\Security\Core\Role\RoleInterface;`
			`use Symfony\Component\Security\Core\User\UserInterface;`

			`/**`
Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface The reason is that the GuardAuthenticationProvider must respond to all tokens created by the system - both "pre auth" and "post auth" tokens. The reason is that if a "post auth" token becomes not authenticated (e.g. because the user changes between requests), then it may be passed to the provider system. If no providers respond (which was the case before this commit), then AuthenticationProviderManager throws an exception. The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens, which should cause a log out. 2015-05-17 22:27:01 +01:00			`* Used as an "authenticated" token, though it could be set to not-authenticated later.`
Initial commit (but after some polished work) of the new Guard authentication system 2015-05-17 19:39:26 +01:00			`*`
Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface The reason is that the GuardAuthenticationProvider must respond to all tokens created by the system - both "pre auth" and "post auth" tokens. The reason is that if a "post auth" token becomes not authenticated (e.g. because the user changes between requests), then it may be passed to the provider system. If no providers respond (which was the case before this commit), then AuthenticationProviderManager throws an exception. The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens, which should cause a log out. 2015-05-17 22:27:01 +01:00			`* If you're using Guard authentication, you must use a class that implements`
			`* GuardTokenInterface as your authenticated token (like this class).`
Initial commit (but after some polished work) of the new Guard authentication system 2015-05-17 19:39:26 +01:00			`*`
meaningless author and license changes 2015-09-21 00:37:42 +01:00			`* @author Ryan Weaver <ryan@knpuniversity.com>n@gmail.com>`
Initial commit (but after some polished work) of the new Guard authentication system 2015-05-17 19:39:26 +01:00			`*/`
Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface The reason is that the GuardAuthenticationProvider must respond to all tokens created by the system - both "pre auth" and "post auth" tokens. The reason is that if a "post auth" token becomes not authenticated (e.g. because the user changes between requests), then it may be passed to the provider system. If no providers respond (which was the case before this commit), then AuthenticationProviderManager throws an exception. The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens, which should cause a log out. 2015-05-17 22:27:01 +01:00			`class PostAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface`
Initial commit (but after some polished work) of the new Guard authentication system 2015-05-17 19:39:26 +01:00			`{`
			`private $providerKey;`

			`/**`
			`* @param UserInterface $user The user!`
			`* @param string $providerKey The provider (firewall) key`
			`* @param RoleInterface[]\|string[] $roles An array of roles`
			`*`
			`* @throws \InvalidArgumentException`
			`*/`
			`public function __construct(UserInterface $user, $providerKey, array $roles)`
			`{`
			`parent::__construct($roles);`

			`if (empty($providerKey)) {`
			`throw new \InvalidArgumentException('$providerKey (i.e. firewall key) must not be empty.');`
			`}`

			`$this->setUser($user);`
			`$this->providerKey = $providerKey;`

			`// this token is meant to be used after authentication success, so it is always authenticated`
			`// you could set it as non authenticated later if you need to`
			`parent::setAuthenticated(true);`
			`}`

			`/**`
			`* This is meant to be only an authenticated token, where credentials`
			`* have already been used and are thus cleared.`
			`*`
			`* {@inheritdoc}`
			`*/`
			`public function getCredentials()`
			`{`
			`return array();`
			`}`

			`/**`
			`* Returns the provider (firewall) key.`
			`*`
			`* @return string`
			`*/`
			`public function getProviderKey()`
			`{`
			`return $this->providerKey;`
			`}`

			`/**`
			`* {@inheritdoc}`
			`*/`
			`public function serialize()`
			`{`
			`return serialize(array($this->providerKey, parent::serialize()));`
			`}`

			`/**`
			`* {@inheritdoc}`
			`*/`
			`public function unserialize($serialized)`
			`{`
			`list($this->providerKey, $parentStr) = unserialize($serialized);`
			`parent::unserialize($parentStr);`
			`}`
			`}`