diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote branch 'schmittjoh/visibilityChanges'

Browse Source 
* schmittjoh/visibilityChanges:
  [Security] renamed Twig function has_role to is_granted
  [Security] some more visibility changes
  [Security] added some more tests
  [Security] fixed some left-overs
  [Security] various changes, see below
  [Security] Bugfix - Ensure that passwords is of string type. Function BasePasswordEncoder::comparePasswords haven't been working properly for numeric (plaintype) passwords.
This commit is contained in:
Fabien Potencier 2011-03-10 21:19:51 +01:00
commit 129d7c7c5f
110 changed files with 1193 additions and 1342 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Symfony/Bundle/DoctrineMongoDBBundle/Security/DocumentUserProvider.php
View File

@ -11,9 +11,9 @@
namespace Symfony\Bundle\DoctrineMongoDBBundle\Security;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Exception\UnsupportedAccountException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
class DocumentUserProvider implements UserProviderInterface
@ -59,13 +59,13 @@ class DocumentUserProvider implements UserProviderInterface
/**
* {@inheritDoc}
*/
public function loadUserByAccount(AccountInterface $account)
public function loadUser(UserInterface $user)
{
if (!$account instanceof $this->class) {
throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account)));
if (!$user instanceof $this->class) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
}
return $this->loadUserByUsername($account->getUsername());
return $this->loadUserByUsername($user->getUsername());
}
/**

4
src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
View File

@ -23,7 +23,7 @@ use Symfony\Component\HttpKernel\DataCollector\DataCollector;
*/
class SecurityDataCollector extends DataCollector
{
protected $context;
private $context;
public function __construct(SecurityContextInterface $context = null)
{
@ -53,7 +53,7 @@ class SecurityDataCollector extends DataCollector
$this->data = array(
'enabled' => true,
'authenticated' => $token->isAuthenticated(),
'user' => (string) $token,
'user' => $token->getUsername(),
'roles' => array_map(function ($role){ return $role->getRole();}, $token->getRoles()),
);
}

12
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Configuration.php
View File

@ -58,7 +58,7 @@ class Configuration
return $tb->buildTree();
}
protected function addAclSection($rootNode)
private function addAclSection($rootNode)
{
$rootNode
->arrayNode('acl')
@ -68,7 +68,7 @@ class Configuration
;
}
protected function addRoleHierarchySection($rootNode)
private function addRoleHierarchySection($rootNode)
{
$rootNode
->fixXmlConfig('role', 'role_hierarchy')
@ -87,7 +87,7 @@ class Configuration
;
}
protected function addAccessControlSection($rootNode)
private function addAccessControlSection($rootNode)
{
$rootNode
->fixXmlConfig('rule', 'access_control')
@ -122,7 +122,7 @@ class Configuration
;
}
protected function addFirewallsSection($rootNode, array $factories)
private function addFirewallsSection($rootNode, array $factories)
{
$firewallNodeBuilder =
$rootNode
@ -186,7 +186,7 @@ class Configuration
}
}
protected function addProvidersSection($rootNode)
private function addProvidersSection($rootNode)
{
$rootNode
->fixXmlConfig('provider')
@ -225,7 +225,7 @@ class Configuration
;
}
protected function addEncodersSection($rootNode)
private function addEncodersSection($rootNode)
{
$rootNode
->fixXmlConfig('encoder')

46
src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
View File

@ -34,11 +34,11 @@ use Symfony\Component\HttpFoundation\RequestMatcher;
*/
class SecurityExtension extends Extension
{
protected $requestMatchers = array();
protected $contextListeners = array();
protected $listenerPositions = array('pre_auth', 'form', 'http', 'remember_me');
protected $configuration;
protected $factories;
private $requestMatchers = array();
private $contextListeners = array();
private $listenerPositions = array('pre_auth', 'form', 'http', 'remember_me');
private $configuration;
private $factories;
public function __construct()
{
@ -107,7 +107,7 @@ class SecurityExtension extends Extension
));
}
protected function aclLoad($config, ContainerBuilder $container)
private function aclLoad($config, ContainerBuilder $container)
{
$loader = new XmlFileLoader($container, new FileLocator(array(__DIR__.'/../Resources/config', __DIR__.'/Resources/config')));
$loader->load('security_acl.xml');
@ -128,7 +128,7 @@ class SecurityExtension extends Extension
* @param ContainerBuilder $container A ContainerBuilder instance
*/
protected function createRoleHierarchy($config, ContainerBuilder $container)
private function createRoleHierarchy($config, ContainerBuilder $container)
{
if (!isset($config['role_hierarchy'])) {
$container->remove('security.access.role_hierarchy_voter');
@ -140,7 +140,7 @@ class SecurityExtension extends Extension
$container->remove('security.access.simple_role_voter');
}
protected function createAuthorization($config, ContainerBuilder $container)
private function createAuthorization($config, ContainerBuilder $container)
{
if (!$config['access_control']) {
return;
@ -165,7 +165,7 @@ class SecurityExtension extends Extension
}
}
protected function createFirewalls($config, ContainerBuilder $container)
private function createFirewalls($config, ContainerBuilder $container)
{
if (!isset($config['firewalls'])) {
return;
@ -213,7 +213,7 @@ class SecurityExtension extends Extension
;
}
protected function createFirewall(ContainerBuilder $container, $id, $firewall, &$authenticationProviders, $providerIds, array $factories)
private function createFirewall(ContainerBuilder $container, $id, $firewall, &$authenticationProviders, $providerIds, array $factories)
{
// Matcher
$i = 0;
@ -310,7 +310,7 @@ class SecurityExtension extends Extension
return array($matcher, $listeners, $exceptionListener);
}
protected function createContextListener($container, $contextKey)
private function createContextListener($container, $contextKey)
{
if (isset($this->contextListeners[$contextKey])) {
return $this->contextListeners[$contextKey];
@ -323,7 +323,7 @@ class SecurityExtension extends Extension
return $this->contextListeners[$contextKey] = $listenerId;
}
protected function createAuthenticationListeners($container, $id, $firewall, &$authenticationProviders, $defaultProvider, array $factories)
private function createAuthenticationListeners($container, $id, $firewall, &$authenticationProviders, $defaultProvider, array $factories)
{
$listeners = array();
$hasListeners = false;
@ -359,11 +359,11 @@ class SecurityExtension extends Extension
return array($listeners, $defaultEntryPoint);
}
protected function createEncoders($encoders, ContainerBuilder $container)
private function createEncoders($encoders, ContainerBuilder $container)
{
$encoderMap = array();
foreach ($encoders as $class => $encoder) {
$encoderMap[$class] = $this->createEncoder($class, $encoder, $container);
$encoderMap[$class] = $this->createEncoder($encoder, $container);
}
$container
@ -372,7 +372,7 @@ class SecurityExtension extends Extension
;
}
protected function createEncoder($accountClass, $config, ContainerBuilder $container)
private function createEncoder($config, ContainerBuilder $container)
{
// a custom encoder service
if (isset($config['id'])) {
@ -403,7 +403,7 @@ class SecurityExtension extends Extension
}
// Parses user providers and returns an array of their ids
protected function createUserProviders($config, ContainerBuilder $container)
private function createUserProviders($config, ContainerBuilder $container)
{
$providerIds = array();
foreach ($config['providers'] as $name => $provider) {
@ -415,7 +415,7 @@ class SecurityExtension extends Extension
}
// Parses a <provider> tag and returns the id for the related user provider service
protected function createUserDaoProvider($name, $provider, ContainerBuilder $container, $master = true)
private function createUserDaoProvider($name, $provider, ContainerBuilder $container, $master = true)
{
$name = $this->getUserProviderId(strtolower($name));
@ -459,7 +459,7 @@ class SecurityExtension extends Extension
$container
->setDefinition($userId, new DefinitionDecorator('security.user.provider.in_memory.user'))
->setArguments(array($username, $user['password'], $user['roles']))
->setArguments(array($username, (string)$user['password'], $user['roles']))
;
$definition->addMethodCall('createUser', array(new Reference($userId)));
@ -468,12 +468,12 @@ class SecurityExtension extends Extension
return $name;
}
protected function getUserProviderId($name)
private function getUserProviderId($name)
{
return 'security.user.provider.concrete.'.$name;
}
protected function createExceptionListener($container, $config, $id, $defaultEntryPoint)
private function createExceptionListener($container, $config, $id, $defaultEntryPoint)
{
$exceptionListenerId = 'security.exception_listener.'.$id;
$listener = $container->setDefinition($exceptionListenerId, new DefinitionDecorator('security.exception_listener'));
@ -489,7 +489,7 @@ class SecurityExtension extends Extension
return $exceptionListenerId;
}
protected function createSwitchUserListener($container, $id, $config, $defaultProvider)
private function createSwitchUserListener($container, $id, $config, $defaultProvider)
{
$userProvider = isset($config['provider']) ? $this->getUserProviderId($config['provider']) : $defaultProvider;
@ -503,7 +503,7 @@ class SecurityExtension extends Extension
return $switchUserListenerId;
}
protected function createRequestMatcher($container, $path = null, $host = null, $methods = null, $ip = null, array $attributes = array())
private function createRequestMatcher($container, $path = null, $host = null, $methods = null, $ip = null, array $attributes = array())
{
$serialized = serialize(array($path, $host, $methods, $ip, $attributes));
$id = 'security.request_matcher.'.md5($serialized).sha1($serialized);
@ -527,7 +527,7 @@ class SecurityExtension extends Extension
return $this->requestMatchers[$id] = new Reference($id);
}
protected function createListenerFactories(ContainerBuilder $container, $config)
private function createListenerFactories(ContainerBuilder $container, $config)
{
if (null !== $this->factories) {
return $this->factories;

4
src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
View File

@ -8,7 +8,7 @@
<parameter key="security.context.class">Symfony\Component\Security\Core\SecurityContext</parameter>
<parameter key="security.context.always_authenticate">false</parameter>
<parameter key="security.account_checker.class">Symfony\Component\Security\Core\User\AccountChecker</parameter>
<parameter key="security.user_checker.class">Symfony\Component\Security\Core\User\UserChecker</parameter>
<parameter key="security.encoder_factory.generic.class">Symfony\Component\Security\Core\Encoder\EncoderFactory</parameter>
<parameter key="security.encoder.digest.class">Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder</parameter>
@ -72,7 +72,7 @@
<service id="security.encoder_factory" alias="security.encoder_factory.generic"></service>
<service id="security.account_checker" class="%security.account_checker.class%" public="false" />
<service id="security.user_checker" class="%security.user_checker.class%" public="false" />
<!-- Authorization related services -->

6
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
View File

@ -137,14 +137,14 @@
<service id="security.authentication.provider.dao" class="%security.authentication.provider.dao.class%" abstract="true" public="false">
<argument /> <!-- User Provider -->
<argument type="service" id="security.account_checker" />
<argument type="service" id="security.user_checker" />
<argument /> <!-- Provider-shared Key -->
<argument type="service" id="security.encoder_factory" />
</service>
<service id="security.authentication.provider.pre_authenticated" class="%security.authentication.provider.pre_authenticated.class%" abstract="true" public="false">
<argument /> <!-- User Provider -->
<argument type="service" id="security.account_checker" />
<argument type="service" id="security.user_checker" />
</service>
<service id="security.exception_listener" class="%security.exception_listener.class%" public="false" abstract="true">
@ -159,7 +159,7 @@
<service id="security.authentication.switchuser_listener" class="%security.authentication.switchuser_listener.class%" public="false" abstract="true">
<argument type="service" id="security.context" />
<argument /> <!-- User Provider -->
<argument type="service" id="security.account_checker" />
<argument type="service" id="security.user_checker" />
<argument /> <!-- Provider Key -->
<argument type="service" id="security.access.decision_manager" />
<argument type="service" id="logger" on-invalid="null" />

2
src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml
View File

@ -23,7 +23,7 @@
</service>
<service id="security.authentication.provider.rememberme" class="%security.authentication.provider.rememberme.class%" abstract="true" public="false">
<argument type="service" id="security.account_checker" />
<argument type="service" id="security.user_checker" />
</service>
<service id="security.rememberme.token.provider.in_memory" class="%security.rembemerme.token.provider.in_memory.class%" public="false"></service>

4
src/Symfony/Bundle/SecurityBundle/Security/FirewallContext.php
View File

@ -12,8 +12,8 @@ use Symfony\Component\Security\Http\Firewall\ExceptionListener;
*/
class FirewallContext
{
protected $listeners;
protected $exceptionListener;
private $listeners;
private $exceptionListener;
public function __construct(array $listeners, ExceptionListener $exceptionListener = null)
{

8
src/Symfony/Bundle/SecurityBundle/Templating/Helper/SecurityHelper.php
View File

@ -18,11 +18,11 @@ use Symfony\Component\Security\Core\SecurityContextInterface;
/**
* SecurityHelper provides read-only access to the security context.
*
* @author Fabien Potencier <fabien@symfony.com>
* @author Fabien Potencier <fabien@symfony.com>
*/
class SecurityHelper extends Helper
{
protected $context;
private $context;
/**
* Constructor.
@ -34,7 +34,7 @@ class SecurityHelper extends Helper
$this->context = $context;
}
public function vote($role, $object = null, $field = null)
public function isGranted($role, $object = null, $field = null)
{
if (null === $this->context) {
return false;
@ -44,7 +44,7 @@ class SecurityHelper extends Helper
$object = new FieldVote($object, $field);
}
return $this->context->vote($role, $object);
return $this->context->isGranted($role, $object);
}
/**

8
src/Symfony/Bundle/SecurityBundle/Twig/Extension/SecurityExtension.php
View File

@ -21,14 +21,14 @@ use Symfony\Component\Security\Core\SecurityContextInterface;
*/
class SecurityExtension extends \Twig_Extension
{
protected $context;
private $context;
public function __construct(SecurityContextInterface $context = null)
{
$this->context = $context;
}
public function vote($role, $object = null, $field = null)
public function isGranted($role, $object = null, $field = null)
{
if (null === $this->context) {
return false;
@ -38,7 +38,7 @@ class SecurityExtension extends \Twig_Extension
$object = new FieldVote($object, $field);
}
return $this->context->vote($role, $object);
return $this->context->isGranted($role, $object);
}
/**
@ -47,7 +47,7 @@ class SecurityExtension extends \Twig_Extension
public function getFunctions()
{
return array(
'has_role' => new \Twig_Function_Method($this, 'vote'),
'is_granted' => new \Twig_Function_Method($this, 'isGranted'),
);
}

367
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
View File

@ -38,12 +38,12 @@ class AclProvider implements AclProviderInterface
{
const MAX_BATCH_SIZE = 30;
protected $aclCache;
protected $cache;
protected $connection;
protected $loadedAces;
protected $loadedAcls;
protected $options;
protected $permissionGrantingStrategy;
private $permissionGrantingStrategy;
/**
* Constructor
@ -51,11 +51,11 @@ class AclProvider implements AclProviderInterface
* @param Connection $connection
* @param PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param array $options
* @param AclCacheInterface $aclCache
* @param AclCacheInterface $cache
*/
public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $aclCache = null)
public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $cache = null)
{
$this->aclCache = $aclCache;
$this->cache = $cache;
$this->connection = $connection;
$this->loadedAces = array();
$this->loadedAcls = array();
@ -122,8 +122,8 @@ class AclProvider implements AclProviderInterface
}
// check if we can locate the ACL in the cache
if (!$aclFound && null !== $this->aclCache) {
$acl = $this->aclCache->getFromCacheByIdentity($oid);
if (!$aclFound && null !== $this->cache) {
$acl = $this->cache->getFromCacheByIdentity($oid);
if (null !== $acl) {
if ($acl->isSidLoaded($sids)) {
@ -149,10 +149,10 @@ class AclProvider implements AclProviderInterface
$result->attach($oid, $acl);
$aclFound = true;
} else {
$this->aclCache->evictFromCacheByIdentity($oid);
$this->cache->evictFromCacheByIdentity($oid);
foreach ($this->findChildren($oid) as $childOid) {
$this->aclCache->evictFromCacheByIdentity($childOid);
$this->cache->evictFromCacheByIdentity($childOid);
}
}
}
@ -170,8 +170,8 @@ class AclProvider implements AclProviderInterface
foreach ($loadedBatch as $loadedOid) {
$loadedAcl = $loadedBatch->offsetGet($loadedOid);
if (null !== $this->aclCache) {
$this->aclCache->putInCache($loadedAcl);
if (null !== $this->cache) {
$this->cache->putInCache($loadedAcl);
}
if (isset($oidLookup[$loadedOid->getIdentifier().$loadedOid->getType()])) {
@ -200,13 +200,157 @@ class AclProvider implements AclProviderInterface
return $result;
}
/**
* Constructs the query used for looking up object identities and associated
* ACEs, and security identities.
*
* @param array $ancestorIds
* @return string
*/
protected function getLookupSql(array $ancestorIds)
{
// FIXME: add support for filtering by sids (right now we select all sids)
$sql = <<<SELECTCLAUSE
SELECT
o.id as acl_id,
o.object_identifier,
o.parent_object_identity_id,
o.entries_inheriting,
c.class_type,
e.id as ace_id,
e.object_identity_id,
e.field_name,
e.ace_order,
e.mask,
e.granting,
e.granting_strategy,
e.audit_success,
e.audit_failure,
s.username,
s.identifier as security_identifier
FROM
{$this->options['oid_table_name']} o
INNER JOIN {$this->options['class_table_name']} c ON c.id = o.class_id
LEFT JOIN {$this->options['entry_table_name']} e ON (
e.class_id = o.class_id AND (e.object_identity_id = o.id OR {$this->connection->getDatabasePlatform()->getIsNullExpression('e.object_identity_id')})
)
LEFT JOIN {$this->options['sid_table_name']} s ON (
s.id = e.security_identity_id
)
WHERE (o.id =
SELECTCLAUSE;
$sql .= implode(' OR o.id = ', $ancestorIds).')';
return $sql;
}
protected function getAncestorLookupSql(array $batch)
{
$sql = <<<SELECTCLAUSE
SELECT a.ancestor_id
FROM acl_object_identities o
INNER JOIN acl_classes c ON c.id = o.class_id
INNER JOIN acl_object_identity_ancestors a ON a.object_identity_id = o.id
WHERE (
SELECTCLAUSE;
$where = '(o.object_identifier = %s AND c.class_type = %s)';
for ($i=0,$c=count($batch); $i<$c; $i++) {
$sql .= sprintf(
$where,
$this->connection->quote($batch[$i]->getIdentifier()),
$this->connection->quote($batch[$i]->getType())
);
if ($i+1 < $c) {
$sql .= ' OR ';
}
}
$sql .= ')';
return $sql;
}
/**
* Constructs the SQL for retrieving child object identities for the given
* object identities.
*
* @param ObjectIdentityInterface $oid
* @param Boolean $directChildrenOnly
* @return string
*/
protected function getFindChildrenSql(ObjectIdentityInterface $oid, $directChildrenOnly)
{
if (false === $directChildrenOnly) {
$query = <<<FINDCHILDREN
SELECT o.object_identifier, c.class_type
FROM
{$this->options['oid_table_name']} as o
INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id
INNER JOIN {$this->options['oid_ancestors_table_name']} as a ON a.object_identity_id = o.id
WHERE
a.ancestor_id = %d AND a.object_identity_id != a.ancestor_id
FINDCHILDREN;
} else {
$query = <<<FINDCHILDREN
SELECT o.object_identifier, c.class_type
FROM {$this->options['oid_table_name']} as o
INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id
WHERE o.parent_object_identity_id = %d
FINDCHILDREN;
}
return sprintf($query, $this->retrieveObjectIdentityPrimaryKey($oid));
}
/**
* Constructs the SQL for retrieving the primary key of the given object
* identity.
*
* @param ObjectIdentityInterface $oid
* @return string
*/
protected function getSelectObjectIdentityIdSql(ObjectIdentityInterface $oid)
{
$query = <<<QUERY
SELECT o.id
FROM %s o
INNER JOIN %s c ON c.id = o.class_id
WHERE o.object_identifier = %s AND c.class_type = %s
LIMIT 1
QUERY;
return sprintf(
$query,
$this->options['oid_table_name'],
$this->options['class_table_name'],
$this->connection->quote($oid->getIdentifier()),
$this->connection->quote($oid->getType())
);
}
/**
* Returns the primary key of the passed object identity.
*
* @param ObjectIdentityInterface $oid
* @return integer
*/
protected final function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid)
{
return $this->connection->executeQuery($this->getSelectObjectIdentityIdSql($oid))->fetchColumn();
}
/**
* This method is called when an ACL instance is retrieved from the cache.
*
* @param AclInterface $acl
* @return void
*/
protected function updateAceIdentityMap(AclInterface $acl)
private function updateAceIdentityMap(AclInterface $acl)
{
foreach (array('classAces', 'classFieldAces', 'objectAces', 'objectFieldAces') as $property) {
$reflection = new \ReflectionProperty($acl, $property);
@ -226,6 +370,27 @@ class AclProvider implements AclProviderInterface
}
}
/**
* Retrieves all the ids which need to be queried from the database
* including the ids of parent ACLs.
*
* @param array $batch
* @return array
*/
private function getAncestorIds(array $batch)
{
$sql = $this->getAncestorLookupSql($batch);
$ancestorIds = array();
foreach ($this->connection->executeQuery($sql)->fetchAll() as $data) {
// FIXME: skip ancestors which are cached
$ancestorIds[] = $data['ancestor_id'];
}
return $ancestorIds;
}
/**
* Does either overwrite the passed ACE, or saves it in the global identity
* map to ensure every ACE only gets instantiated once.
@ -233,7 +398,7 @@ class AclProvider implements AclProviderInterface
* @param array $aces
* @return void
*/
protected function doUpdateAceIdentityMap(array &$aces)
private function doUpdateAceIdentityMap(array &$aces)
{
foreach ($aces as $index => $ace) {
if (isset($this->loadedAces[$ace->getId()])) {
@ -254,9 +419,14 @@ class AclProvider implements AclProviderInterface
*
* @return \SplObjectStorage mapping object identities to ACL instances
*/
protected function lookupObjectIdentities(array $batch, array $sids, array $oidLookup)
private function lookupObjectIdentities(array $batch, array $sids, array $oidLookup)
{
$sql = $this->getLookupSql($batch, $sids);
$ancestorIds = $this->getAncestorIds($batch);
if (!$ancestorIds) {
throw new AclNotFoundException('There is no ACL for the given object identity.');
}
$sql = $this->getLookupSql($ancestorIds);
$stmt = $this->connection->executeQuery($sql);
return $this->hydrateObjectIdentities($stmt, $oidLookup, $sids);
@ -277,7 +447,7 @@ class AclProvider implements AclProviderInterface
* @throws \RuntimeException
* @return \SplObjectStorage
*/
protected function hydrateObjectIdentities(Statement $stmt, array $oidLookup, array $sids) {
private function hydrateObjectIdentities(Statement $stmt, array $oidLookup, array $sids) {
$parentIdToFill = new \SplObjectStorage();
$acls = $aces = $emptyArray = array();
$oidCache = $oidLookup;
@ -464,169 +634,4 @@ class AclProvider implements AclProviderInterface
return $result;
}
/**
* Constructs the query used for looking up object identities and associated
* ACEs, and security identities.
*
* @param array $batch
* @param array $sids
* @throws AclNotFoundException
* @return string
*/
protected function getLookupSql(array $batch, array $sids)
{
// FIXME: add support for filtering by sids (right now we select all sids)
$ancestorIds = $this->getAncestorIds($batch);
if (0 === count($ancestorIds)) {
throw new AclNotFoundException('There is no ACL for the given object identity.');
}
$sql = <<<SELECTCLAUSE
SELECT
o.id as acl_id,
o.object_identifier,
o.parent_object_identity_id,
o.entries_inheriting,
c.class_type,
e.id as ace_id,
e.object_identity_id,
e.field_name,
e.ace_order,
e.mask,
e.granting,
e.granting_strategy,
e.audit_success,
e.audit_failure,
s.username,
s.identifier as security_identifier
FROM
{$this->options['oid_table_name']} o
INNER JOIN {$this->options['class_table_name']} c ON c.id = o.class_id
LEFT JOIN {$this->options['entry_table_name']} e ON (
e.class_id = o.class_id AND (e.object_identity_id = o.id OR {$this->connection->getDatabasePlatform()->getIsNullExpression('e.object_identity_id')})
)
LEFT JOIN {$this->options['sid_table_name']} s ON (
s.id = e.security_identity_id
)
WHERE (o.id =
SELECTCLAUSE;
$sql .= implode(' OR o.id = ', $ancestorIds).')';
return $sql;
}
/**
* Retrieves all the ids which need to be queried from the database
* including the ids of parent ACLs.
*
* @param array $batch
* @return array
*/
protected function getAncestorIds(array &$batch)
{
$sql = <<<SELECTCLAUSE
SELECT a.ancestor_id
FROM acl_object_identities o
INNER JOIN acl_classes c ON c.id = o.class_id
INNER JOIN acl_object_identity_ancestors a ON a.object_identity_id = o.id
WHERE (
SELECTCLAUSE;
$where = '(o.object_identifier = %s AND c.class_type = %s)';
for ($i=0,$c=count($batch); $i<$c; $i++) {
$sql .= sprintf(
$where,
$this->connection->quote($batch[$i]->getIdentifier()),
$this->connection->quote($batch[$i]->getType())
);
if ($i+1 < $c) {
$sql .= ' OR ';
}
}
$sql .= ')';
$ancestorIds = array();
foreach ($this->connection->executeQuery($sql)->fetchAll() as $data) {
// FIXME: skip ancestors which are cached
$ancestorIds[] = $data['ancestor_id'];
}
return $ancestorIds;
}
/**
* Constructs the SQL for retrieving child object identities for the given
* object identities.
*
* @param ObjectIdentityInterface $oid
* @param Boolean $directChildrenOnly
* @return string
*/
protected function getFindChildrenSql(ObjectIdentityInterface $oid, $directChildrenOnly)
{
if (false === $directChildrenOnly) {
$query = <<<FINDCHILDREN
SELECT o.object_identifier, c.class_type
FROM
{$this->options['oid_table_name']} as o
INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id
INNER JOIN {$this->options['oid_ancestors_table_name']} as a ON a.object_identity_id = o.id
WHERE
a.ancestor_id = %d AND a.object_identity_id != a.ancestor_id
FINDCHILDREN;
} else {
$query = <<<FINDCHILDREN
SELECT o.object_identifier, c.class_type
FROM {$this->options['oid_table_name']} as o
INNER JOIN {$this->options['class_table_name']} as c ON c.id = o.class_id
WHERE o.parent_object_identity_id = %d
FINDCHILDREN;
}
return sprintf($query, $this->retrieveObjectIdentityPrimaryKey($oid));
}
/**
* Constructs the SQL for retrieving the primary key of the given object
* identity.
*
* @param ObjectIdentityInterface $oid
* @return string
*/
protected function getSelectObjectIdentityIdSql(ObjectIdentityInterface $oid)
{
$query = <<<QUERY
SELECT o.id
FROM %s o
INNER JOIN %s c ON c.id = o.class_id
WHERE o.object_identifier = %s AND c.class_type = %s
LIMIT 1
QUERY;
return sprintf(
$query,
$this->options['oid_table_name'],
$this->options['class_table_name'],
$this->connection->quote($oid->getIdentifier()),
$this->connection->quote($oid->getType())
);
}
/**
* Returns the primary key of the passed object identity.
*
* @param ObjectIdentityInterface $oid
* @return integer
*/
protected function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid)
{
return $this->connection->executeQuery($this->getSelectObjectIdentityIdSql($oid))->fetchColumn();
}
}

196
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
View File

@ -34,14 +34,14 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
*/
class MutableAclProvider extends AclProvider implements MutableAclProviderInterface, PropertyChangedListener
{
protected $propertyChanges;
private $propertyChanges;
/**
* {@inheritDoc}
*/
public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $aclCache = null)
public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $cache = null)
{
parent::__construct($connection, $permissionGrantingStrategy, $options, $aclCache);
parent::__construct($connection, $permissionGrantingStrategy, $options, $cache);
$this->propertyChanges = new \SplObjectStorage();
}
@ -104,8 +104,8 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
}
// evict the ACL from any caches
if (null !== $this->aclCache) {
$this->aclCache->evictFromCacheByIdentity($oid);
if (null !== $this->cache) {
$this->cache->evictFromCacheByIdentity($oid);
}
}
@ -312,110 +312,25 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
$this->propertyChanges->offsetSet($acl, array());
if (null !== $this->aclCache) {
if (null !== $this->cache) {
if (count($sharedPropertyChanges) > 0) {
// FIXME: Currently, there is no easy way to clear the cache for ACLs
// of a certain type. The problem here is that we need to make
// sure to clear the cache of all child ACLs as well, and these
// child ACLs might be of a different class type.
$this->aclCache->clearCache();
$this->cache->clearCache();
} else {
// if there are no shared property changes, it's sufficient to just delete
// the cache for this ACL
$this->aclCache->evictFromCacheByIdentity($acl->getObjectIdentity());
$this->cache->evictFromCacheByIdentity($acl->getObjectIdentity());
foreach ($this->findChildren($acl->getObjectIdentity()) as $childOid) {
$this->aclCache->evictFromCacheByIdentity($childOid);
$this->cache->evictFromCacheByIdentity($childOid);
}
}
}
}
/**
* Creates the ACL for the passed object identity
*
* @param ObjectIdentityInterface $oid
* @return void
*/
protected function createObjectIdentity(ObjectIdentityInterface $oid)
{
$classId = $this->createOrRetrieveClassId($oid->getType());
$this->connection->executeQuery($this->getInsertObjectIdentitySql($oid->getIdentifier(), $classId, true));
}
/**
* Returns the primary key for the passed class type.
*
* If the type does not yet exist in the database, it will be created.
*
* @param string $classType
* @return integer
*/
protected function createOrRetrieveClassId($classType)
{
if (false !== $id = $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn()) {
return $id;
}
$this->connection->executeQuery($this->getInsertClassSql($classType));
return $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn();
}
/**
* Returns the primary key for the passed security identity.
*
* If the security identity does not yet exist in the database, it will be
* created.
*
* @param SecurityIdentityInterface $sid
* @return integer
*/
protected function createOrRetrieveSecurityIdentityId(SecurityIdentityInterface $sid)
{
if (false !== $id = $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn()) {
return $id;
}
$this->connection->executeQuery($this->getInsertSecurityIdentitySql($sid));
return $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn();
}
/**
* Deletes all ACEs for the given object identity primary key.
*
* @param integer $oidPK
* @return void
*/
protected function deleteAccessControlEntries($oidPK)
{
$this->connection->executeQuery($this->getDeleteAccessControlEntriesSql($oidPK));
}
/**
* Deletes the object identity from the database.
*
* @param integer $pk
* @return void
*/
protected function deleteObjectIdentity($pk)
{
$this->connection->executeQuery($this->getDeleteObjectIdentitySql($pk));
}
/**
* Deletes all entries from the relations table from the database.
*
* @param integer $pk
* @return void
*/
protected function deleteObjectIdentityRelations($pk)
{
$this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk));
}
/**
* Constructs the SQL for deleting access control entries.
*
@ -720,13 +635,98 @@ QUERY;
);
}
/**
* Creates the ACL for the passed object identity
*
* @param ObjectIdentityInterface $oid
* @return void
*/
private function createObjectIdentity(ObjectIdentityInterface $oid)
{
$classId = $this->createOrRetrieveClassId($oid->getType());
$this->connection->executeQuery($this->getInsertObjectIdentitySql($oid->getIdentifier(), $classId, true));
}
/**
* Returns the primary key for the passed class type.
*
* If the type does not yet exist in the database, it will be created.
*
* @param string $classType
* @return integer
*/
private function createOrRetrieveClassId($classType)
{
if (false !== $id = $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn()) {
return $id;
}
$this->connection->executeQuery($this->getInsertClassSql($classType));
return $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn();
}
/**
* Returns the primary key for the passed security identity.
*
* If the security identity does not yet exist in the database, it will be
* created.
*
* @param SecurityIdentityInterface $sid
* @return integer
*/
private function createOrRetrieveSecurityIdentityId(SecurityIdentityInterface $sid)
{
if (false !== $id = $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn()) {
return $id;
}
$this->connection->executeQuery($this->getInsertSecurityIdentitySql($sid));
return $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn();
}
/**
* Deletes all ACEs for the given object identity primary key.
*
* @param integer $oidPK
* @return void
*/
private function deleteAccessControlEntries($oidPK)
{
$this->connection->executeQuery($this->getDeleteAccessControlEntriesSql($oidPK));
}
/**
* Deletes the object identity from the database.
*
* @param integer $pk
* @return void
*/
private function deleteObjectIdentity($pk)
{
$this->connection->executeQuery($this->getDeleteObjectIdentitySql($pk));
}
/**
* Deletes all entries from the relations table from the database.
*
* @param integer $pk
* @return void
*/
private function deleteObjectIdentityRelations($pk)
{
$this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk));
}
/**
* This regenerates the ancestor table which is used for fast read access.
*
* @param AclInterface $acl
* @return void
*/
protected function regenerateAncestorRelations(AclInterface $acl)
private function regenerateAncestorRelations(AclInterface $acl)
{
$pk = $acl->getId();
$this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk));
@ -747,7 +747,7 @@ QUERY;
* @param array $changes
* @return void
*/
protected function updateFieldAceProperty($name, array $changes)
private function updateFieldAceProperty($name, array $changes)
{
$sids = new \SplObjectStorage();
$classIds = new \SplObjectStorage();
@ -804,7 +804,7 @@ QUERY;
* @param array $changes
* @return void
*/
protected function updateAceProperty($name, array $changes)
private function updateAceProperty($name, array $changes)
{
list($old, $new) = $changes;
@ -858,7 +858,7 @@ QUERY;
* @param \SplObjectStorage $aces
* @return void
*/
protected function updateAces(\SplObjectStorage $aces)
private function updateAces(\SplObjectStorage $aces)
{
foreach ($aces as $ace) {
$propertyChanges = $aces->offsetGet($ace);

2
src/Symfony/Component/Security/Acl/Dbal/Schema.php
View File

@ -18,7 +18,7 @@ use Doctrine\DBAL\Schema\Schema as BaseSchema;
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
class Schema extends BaseSchema
final class Schema extends BaseSchema
{
protected $options;

98
src/Symfony/Component/Security/Acl/Domain/Acl.php
View File

@ -35,17 +35,17 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
*/
class Acl implements AuditableAclInterface
{
protected $parentAcl;
protected $permissionGrantingStrategy;
protected $objectIdentity;
protected $classAces;
protected $classFieldAces;
protected $objectAces;
protected $objectFieldAces;
protected $id;
protected $loadedSids;
protected $entriesInheriting;
protected $listeners;
private $parentAcl;
private $permissionGrantingStrategy;
private $objectIdentity;
private $classAces;
private $classFieldAces;
private $objectAces;
private $objectFieldAces;
private $id;
private $loadedSids;
private $entriesInheriting;
private $listeners;
/**
* Constructor
@ -406,7 +406,7 @@ class Acl implements AuditableAclInterface
* @throws \OutOfBoundsException
* @return void
*/
protected function deleteAce($property, $index)
private function deleteAce($property, $index)
{
$aces =& $this->$property;
if (!isset($aces[$index])) {
@ -432,7 +432,7 @@ class Acl implements AuditableAclInterface
* @throws \OutOfBoundsException
* @return void
*/
protected function deleteFieldAce($property, $index, $field)
private function deleteFieldAce($property, $index, $field)
{
$aces =& $this->$property;
if (!isset($aces[$field][$index])) {
@ -462,7 +462,7 @@ class Acl implements AuditableAclInterface
* @throws \InvalidArgumentException
* @return void
*/
protected function insertAce($property, $index, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null)
private function insertAce($property, $index, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null)
{
if ($index < 0 || $index > count($this->$property)) {
throw new \OutOfBoundsException(sprintf('The index must be in the interval [0, %d].', count($this->$property)));
@ -512,7 +512,7 @@ class Acl implements AuditableAclInterface
* @throws \OutOfBoundsException
* @return void
*/
protected function insertFieldAce($property, $index, $field, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null)
private function insertFieldAce($property, $index, $field, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null)
{
if (0 === strlen($field)) {
throw new \InvalidArgumentException('$field cannot be empty.');
@ -556,37 +556,6 @@ class Acl implements AuditableAclInterface
$this->onPropertyChanged($property, $oldValue, $this->$property);
}
/**
* Called when a property of the ACL changes
*
* @param string $name
* @param mixed $oldValue
* @param mixed $newValue
* @return void
*/
protected function onPropertyChanged($name, $oldValue, $newValue)
{
foreach ($this->listeners as $listener) {
$listener->propertyChanged($this, $name, $oldValue, $newValue);
}
}
/**
* Called when a property of an ACE associated with this ACL changes
*
* @param EntryInterface $entry
* @param string $name
* @param mixed $oldValue
* @param mixed $newValue
* @return void
*/
protected function onEntryPropertyChanged(EntryInterface $entry, $name, $oldValue, $newValue)
{
foreach ($this->listeners as $listener) {
$listener->propertyChanged($entry, $name, $oldValue, $newValue);
}
}
/**
* Updates an ACE
*
@ -597,7 +566,7 @@ class Acl implements AuditableAclInterface
* @throws \OutOfBoundsException
* @return void
*/
protected function updateAce($property, $index, $mask, $strategy = null)
private function updateAce($property, $index, $mask, $strategy = null)
{
$aces =& $this->$property;
if (!isset($aces[$index])) {
@ -625,7 +594,7 @@ class Acl implements AuditableAclInterface
* @throws \OutOfBoundsException
* @return void
*/
protected function updateAuditing(array &$aces, $index, $auditSuccess, $auditFailure)
private function updateAuditing(array &$aces, $index, $auditSuccess, $auditFailure)
{
if (!isset($aces[$index])) {
throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index));
@ -654,7 +623,7 @@ class Acl implements AuditableAclInterface
* @throws \OutOfBoundsException
* @return void
*/
protected function updateFieldAce($property, $index, $field, $mask, $strategy = null)
private function updateFieldAce($property, $index, $field, $mask, $strategy = null)
{
if (0 === strlen($field)) {
throw new \InvalidArgumentException('$field cannot be empty.');
@ -675,4 +644,35 @@ class Acl implements AuditableAclInterface
$ace->setStrategy($strategy);
}
}
/**
* Called when a property of the ACL changes
*
* @param string $name
* @param mixed $oldValue
* @param mixed $newValue
* @return void
*/
private function onPropertyChanged($name, $oldValue, $newValue)
{
foreach ($this->listeners as $listener) {
$listener->propertyChanged($this, $name, $oldValue, $newValue);
}
}
/**
* Called when a property of an ACE associated with this ACL changes
*
* @param EntryInterface $entry
* @param string $name
* @param mixed $oldValue
* @param mixed $newValue
* @return void
*/
private function onEntryPropertyChanged(EntryInterface $entry, $name, $oldValue, $newValue)
{
foreach ($this->listeners as $listener) {
$listener->propertyChanged($entry, $name, $oldValue, $newValue);
}
}
}

6
src/Symfony/Component/Security/Acl/Domain/AclCollectionCache.php
View File

@ -22,9 +22,9 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterf
*/
class AclCollectionCache
{
protected $aclProvider;
protected $objectIdentityRetrievalStrategy;
protected $securityIdentityRetrievalStrategy;
private $aclProvider;
private $objectIdentityRetrievalStrategy;
private $securityIdentityRetrievalStrategy;
/**
* Constructor

12
src/Symfony/Component/Security/Acl/Domain/DoctrineAclCache.php
View File

@ -26,9 +26,9 @@ class DoctrineAclCache implements AclCacheInterface
{
const PREFIX = 'sf2_acl_';
protected $cache;
protected $prefix;
protected $permissionGrantingStrategy;
private $cache;
private $prefix;
private $permissionGrantingStrategy;
/**
* Constructor
@ -145,7 +145,7 @@ class DoctrineAclCache implements AclCacheInterface
* @param string $serialized
* @return AclInterface
*/
protected function unserializeAcl($serialized)
private function unserializeAcl($serialized)
{
$acl = unserialize($serialized);
@ -203,7 +203,7 @@ class DoctrineAclCache implements AclCacheInterface
* @param ObjectIdentityInterface $oid
* @return string
*/
protected function getDataKeyByIdentity(ObjectIdentityInterface $oid)
private function getDataKeyByIdentity(ObjectIdentityInterface $oid)
{
return $this->prefix.md5($oid->getType()).sha1($oid->getType())
.'_'.md5($oid->getIdentifier()).sha1($oid->getIdentifier());
@ -215,7 +215,7 @@ class DoctrineAclCache implements AclCacheInterface
* @param string $aclId
* @return string
*/
protected function getAliasKeyForIdentity($aclId)
private function getAliasKeyForIdentity($aclId)
{
return $this->prefix.$aclId;
}

28
src/Symfony/Component/Security/Acl/Domain/Entry.php
View File

@ -23,14 +23,14 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
*/
class Entry implements AuditableEntryInterface
{
protected $acl;
protected $mask;
protected $id;
protected $securityIdentity;
protected $strategy;
protected $auditFailure;
protected $auditSuccess;
protected $granting;
private $acl;
private $mask;
private $id;
private $securityIdentity;
private $strategy;
private $auditFailure;
private $auditSuccess;
private $granting;
/**
* Constructor
@ -122,10 +122,10 @@ class Entry implements AuditableEntryInterface
/**
* Turns on/off auditing on permissions denials.
*
*
* Do never call this method directly. Use the respective methods on the
* AclInterface instead.
*
*
* @param Boolean $boolean
* @return void
*/
@ -136,10 +136,10 @@ class Entry implements AuditableEntryInterface
/**
* Turns on/off auditing on permission grants.
*
*
* Do never call this method directly. Use the respective methods on the
* AclInterface instead.
*
*
* @param Boolean $boolean
* @return void
*/
@ -153,7 +153,7 @@ class Entry implements AuditableEntryInterface
*
* Do never call this method directly. Use the respective methods on the
* AclInterface instead.
*
*
* @param integer $mask
* @return void
*/
@ -167,7 +167,7 @@ class Entry implements AuditableEntryInterface
*
* Do never call this method directly. Use the respective methods on the
* AclInterface instead.
*
*
* @param string $strategy
* @return void
*/

21
src/Symfony/Component/Security/Acl/Domain/FieldEntry.php
View File

@ -22,7 +22,7 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
*/
class FieldEntry extends Entry implements FieldAwareEntryInterface
{
protected $field;
private $field;
/**
* Constructor
@ -60,13 +60,7 @@ class FieldEntry extends Entry implements FieldAwareEntryInterface
{
return serialize(array(
$this->field,
$this->mask,
$this->id,
$this->securityIdentity,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
$this->granting,
parent::serialize(),
));
}
@ -75,14 +69,7 @@ class FieldEntry extends Entry implements FieldAwareEntryInterface
*/
public function unserialize($serialized)
{
list($this->field,
$this->mask,
$this->id,
$this->securityIdentity,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
$this->granting
) = unserialize($serialized);
list($this->field, $parentStr) = unserialize($serialized);
parent::unserialize($parentStr);
}
}

4
src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
View File

@ -22,8 +22,8 @@ use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
*/
class ObjectIdentity implements ObjectIdentityInterface
{
protected $identifier;
protected $type;
private $identifier;
private $type;
/**
* Constructor

18
src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php
View File

@ -30,8 +30,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
const ALL = 'all';
const ANY = 'any';
protected static $noAceException;
protected $auditLogger;
private static $noAceException;
private $auditLogger;
public function __construct()
{
@ -51,16 +51,6 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
$this->auditLogger = $auditLogger;
}
/**
* Returns the audit logger
*
* @return AuditLoggerInterface
*/
public function getAuditLogger()
{
return $this->auditLogger;
}
/**
* {@inheritDoc}
*/
@ -153,7 +143,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
* @param Boolean $administrativeMode true turns off audit logging
* @return Boolean true, or false; either granting, or denying access respectively.
*/
protected function hasSufficientPermissions(AclInterface $acl, array $aces, array $masks, array $sids, $administrativeMode)
private function hasSufficientPermissions(AclInterface $acl, array $aces, array $masks, array $sids, $administrativeMode)
{
$firstRejectedAce = null;
@ -211,7 +201,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
* @param EntryInterface $ace
* @return Boolean
*/
protected function isAceApplicable($requiredMask, EntryInterface $ace)
private function isAceApplicable($requiredMask, EntryInterface $ace)
{
$strategy = $ace->getStrategy();
if (self::ALL === $strategy) {

2
src/Symfony/Component/Security/Acl/Domain/RoleSecurityIdentity.php
View File

@ -21,7 +21,7 @@ use Symfony\Component\Security\Core\Role\Role;
*/
class RoleSecurityIdentity implements SecurityIdentityInterface
{
protected $role;
private $role;
/**
* Constructor

6
src/Symfony/Component/Security/Acl/Domain/SecurityIdentityRetrievalStrategy.php
View File

@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Acl\Domain;
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
@ -27,8 +27,8 @@ use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
*/
class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStrategyInterface
{
protected $roleHierarchy;
protected $authenticationTrustResolver;
private $roleHierarchy;
private $authenticationTrustResolver;
/**
* Constructor

14
src/Symfony/Component/Security/Acl/Domain/UserSecurityIdentity.php
View File

@ -12,7 +12,7 @@
namespace Symfony\Component\Security\Acl\Domain;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
@ -22,8 +22,8 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
*/
class UserSecurityIdentity implements SecurityIdentityInterface
{
protected $username;
protected $class;
private $username;
private $class;
/**
* Constructor
@ -45,12 +45,12 @@ class UserSecurityIdentity implements SecurityIdentityInterface
}
/**
* Creates a user security identity from an AccountInterface
* Creates a user security identity from an UserInterface
*
* @param AccountInterface $user
* @param UserInterface $user
* @return UserSecurityIdentity
*/
public static function fromAccount(AccountInterface $user)
public static function fromAccount(UserInterface $user)
{
return new self($user->getUsername(), get_class($user));
}
@ -65,7 +65,7 @@ class UserSecurityIdentity implements SecurityIdentityInterface
{
$user = $token->getUser();
if ($user instanceof AccountInterface) {
if ($user instanceof UserInterface) {
return self::fromAccount($user);
}

2
src/Symfony/Component/Security/Acl/Exception/NotAllAclsFoundException.php
View File

@ -22,7 +22,7 @@ namespace Symfony\Component\Security\Acl\Exception;
*/
class NotAllAclsFoundException extends AclNotFoundException
{
protected $partialResult;
private $partialResult;
/**
* Sets the partial result

2
src/Symfony/Component/Security/Acl/Permission/BasicPermissionMap.php
View File

@ -28,7 +28,7 @@ class BasicPermissionMap implements PermissionMapInterface
const PERMISSION_MASTER = 'MASTER';
const PERMISSION_OWNER = 'OWNER';
protected $map = array(
private $map = array(
self::PERMISSION_VIEW => array(
MaskBuilder::MASK_VIEW,
MaskBuilder::MASK_EDIT,

2
src/Symfony/Component/Security/Acl/Permission/MaskBuilder.php
View File

@ -67,7 +67,7 @@ class MaskBuilder
const OFF = '.';
const ON = '*';
protected $mask;
private $mask;
/**
* Constructor

12
src/Symfony/Component/Security/Acl/Voter/AclVoter.php
View File

@ -32,12 +32,12 @@ use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
*/
class AclVoter implements VoterInterface
{
protected $aclProvider;
protected $permissionMap;
protected $objectIdentityRetrievalStrategy;
protected $securityIdentityRetrievalStrategy;
protected $allowIfObjectIdentityUnavailable;
protected $logger;
private $aclProvider;
private $permissionMap;
private $objectIdentityRetrievalStrategy;
private $securityIdentityRetrievalStrategy;
private $allowIfObjectIdentityUnavailable;
private $logger;
public function __construct(AclProviderInterface $aclProvider, ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy, SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy, PermissionMapInterface $permissionMap, LoggerInterface $logger = null, $allowIfObjectIdentityUnavailable = true)
{

4
src/Symfony/Component/Security/Acl/Voter/FieldVote.php
View File

@ -19,8 +19,8 @@ namespace Symfony\Component\Security\Acl\Voter;
*/
class FieldVote
{
protected $domainObject;
protected $field;
private $domainObject;
private $field;
public function __construct($domainObject, $field)
{

49
src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
View File

@ -25,8 +25,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
class AuthenticationProviderManager implements AuthenticationManagerInterface
{
protected $providers;
protected $eraseCredentials;
private $providers;
private $eraseCredentials;
/**
* Constructor.
@ -34,9 +34,13 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
* @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances
* @param Boolean $eraseCredentials Whether to erase credentials after authentication or not
*/
public function __construct(array $providers = array(), $eraseCredentials = true)
public function __construct(array $providers, $eraseCredentials = true)
{
$this->setProviders($providers);
if (!$providers) {
throw new \InvalidArgumentException('You must at least add one authentication provider.');
}
$this->providers = $providers;
$this->eraseCredentials = (Boolean) $eraseCredentials;
}
@ -45,10 +49,6 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
*/
public function authenticate(TokenInterface $token)
{
if (!count($this->providers)) {
throw new \LogicException('You must add at least one provider.');
}
$lastException = null;
$result = null;
@ -84,37 +84,4 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
throw $lastException;
}
/**
* Returns the list of current providers.
*
* @return AuthenticationProviderInterface[] An array of AuthenticationProviderInterface instances
*/
public function all()
{
return $this->providers;
}
/**
* Sets the providers instances.
*
* @param AuthenticationProviderInterface[] $providers An array of AuthenticationProviderInterface instances
*/
public function setProviders(array $providers)
{
$this->providers = array();
foreach ($providers as $provider) {
$this->add($provider);
}
}
/**
* Adds a provider.
*
* @param AuthenticationProviderInterface $provider A AuthenticationProviderInterface instance
*/
public function add(AuthenticationProviderInterface $provider)
{
$this->providers[] = $provider;
}
}

4
src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php
View File

@ -20,8 +20,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface
{
protected $anonymousClass;
protected $rememberMeClass;
private $anonymousClass;
private $rememberMeClass;
/**
* Constructor

2
src/Symfony/Component/Security/Core/Authentication/Provider/AnonymousAuthenticationProvider.php
View File

@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
*/
class AnonymousAuthenticationProvider implements AuthenticationProviderInterface
{
protected $key;
private $key;
/**
* Constructor.

32
src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
View File

@ -14,8 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\AccountCheckerInterface;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@ -29,19 +29,19 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
*/
class DaoAuthenticationProvider extends UserAuthenticationProvider
{
protected $encoderFactory;
protected $userProvider;
private $encoderFactory;
private $userProvider;
/**
* Constructor.
*
* @param UserProviderInterface $userProvider A UserProviderInterface instance
* @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance
* @param UserCheckerInterface $userChecker An UserCheckerInterface instance
* @param EncoderFactoryInterface $encoderFactory A EncoderFactoryInterface instance
*/
public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true)
public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, EncoderFactoryInterface $encoderFactory, $hideUserNotFoundExceptions = true)
{
parent::__construct($accountChecker, $providerKey, $hideUserNotFoundExceptions);
parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions);
$this->encoderFactory = $encoderFactory;
$this->userProvider = $userProvider;
@ -50,19 +50,19 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider
/**
* {@inheritdoc}
*/
protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token)
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$user = $token->getUser();
if ($user instanceof AccountInterface) {
if ($account->getPassword() !== $user->getPassword()) {
$currentUser = $token->getUser();
if ($currentUser instanceof UserInterface) {
if ($currentUser->getPassword() !== $user->getPassword()) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!$presentedPassword = (string) $token->getCredentials()) {
if (!$presentedPassword = $token->getCredentials()) {
throw new BadCredentialsException('Bad credentials');
}
if (!$this->encoderFactory->getEncoder($account)->isPasswordValid($account->getPassword(), $presentedPassword, $account->getSalt())) {
if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('Bad credentials');
}
}
@ -74,15 +74,15 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider
protected function retrieveUser($username, UsernamePasswordToken $token)
{
$user = $token->getUser();
if ($user instanceof AccountInterface) {
if ($user instanceof UserInterface) {
return $user;
}
try {
$user = $this->userProvider->loadUserByUsername($username);
if (!$user instanceof AccountInterface) {
throw new AuthenticationServiceException('The user provider must return an AccountInterface object.');
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('The user provider must return an UserInterface object.');
}
return $user;

18
src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
View File

@ -11,9 +11,9 @@
namespace Symfony\Component\Security\Core\Authentication\Provider;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\AccountCheckerInterface;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@ -30,20 +30,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderInterface
{
protected $userProvider;
protected $accountChecker;
protected $providerKey;
private $userProvider;
private $userChecker;
private $providerKey;
/**
* Constructor.
*
* @param UserProviderInterface $userProvider A UserProviderInterface instance
* @param AccountCheckerInterface $accountChecker An AccountCheckerInterface instance
* @param UserCheckerInterface $userChecker An UserCheckerInterface instance
*/
public function __construct(UserProviderInterface $userProvider, AccountCheckerInterface $accountChecker, $providerKey)
public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey)
{
$this->userProvider = $userProvider;
$this->accountChecker = $accountChecker;
$this->userChecker = $userChecker;
$this->providerKey = $providerKey;
}
@ -66,7 +66,7 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn
*/
$user = $this->userProvider->loadUserByUsername($user);
$this->accountChecker->checkPostAuth($user);
$this->userChecker->checkPostAuth($user);
$authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
$authenticatedToken->setAttributes($token->getAttributes());

23
src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
View File

@ -1,21 +1,21 @@
<?php
namespace Symfony\Component\Security\Core\Authentication\Provider;
use Symfony\Component\Security\Core\User\AccountCheckerInterface;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
class RememberMeAuthenticationProvider implements AuthenticationProviderInterface
{
protected $accountChecker;
protected $key;
protected $providerKey;
private $userChecker;
private $key;
private $providerKey;
public function __construct(AccountCheckerInterface $accountChecker, $key, $providerKey)
public function __construct(UserCheckerInterface $userChecker, $key, $providerKey)
{
$this->accountChecker = $accountChecker;
$this->userChecker = $userChecker;
$this->key = $key;
$this->providerKey = $providerKey;
}
@ -31,11 +31,12 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac
}
$user = $token->getUser();
$this->accountChecker->checkPreAuth($user);
$this->accountChecker->checkPostAuth($user);
$token->setAuthenticated(true);
$this->userChecker->checkPostAuth($user);
return $token;
$authenticatedToken = new RememberMeToken($user, $this->providerKey, $this->key);
$authenticatedToken->setAttributes($token->getAttributes());
return $authenticatedToken;
}
public function supports(TokenInterface $token)

33
src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
View File

@ -11,8 +11,8 @@
namespace Symfony\Component\Security\Core\Authentication\Provider;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\AccountCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@ -27,23 +27,23 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
abstract class UserAuthenticationProvider implements AuthenticationProviderInterface
{
protected $hideUserNotFoundExceptions;
protected $accountChecker;
protected $providerKey;
private $hideUserNotFoundExceptions;
private $userChecker;
private $providerKey;
/**
* Constructor.
*
* @param AccountCheckerInterface $accountChecker An AccountCheckerInterface interface
* @param UserCheckerInterface $userChecker An UserCheckerInterface interface
* @param Boolean $hideUserNotFoundExceptions Whether to hide user not found exception or not
*/
public function __construct(AccountCheckerInterface $accountChecker, $providerKey, $hideUserNotFoundExceptions = true)
public function __construct(UserCheckerInterface $userChecker, $providerKey, $hideUserNotFoundExceptions = true)
{
if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
}
$this->accountChecker = $accountChecker;
$this->userChecker = $userChecker;
$this->providerKey = $providerKey;
$this->hideUserNotFoundExceptions = $hideUserNotFoundExceptions;
}
@ -57,18 +57,21 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
return null;
}
$username = null === $token->getUser() ? 'NONE_PROVIDED' : (string) $token;
$username = $token->getUsername();
if (empty($username)) {
$username = 'NONE_PROVIDED';
}
try {
$user = $this->retrieveUser($username, $token);
if (!$user instanceof AccountInterface) {
throw new AuthenticationServiceException('retrieveUser() must return an AccountInterface.');
if (!$user instanceof UserInterface) {
throw new AuthenticationServiceException('retrieveUser() must return an UserInterface.');
}
$this->accountChecker->checkPreAuth($user);
$this->userChecker->checkPreAuth($user);
$this->checkAuthentication($user, $token);
$this->accountChecker->checkPostAuth($user);
$this->userChecker->checkPostAuth($user);
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
$authenticatedToken->setAttributes($token->getAttributes());
@ -107,10 +110,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
* Does additional checks on the user and token (like validating the
* credentials).
*
* @param AccountInterface $account The retrieved AccountInterface instance
* @param UserInterface $user The retrieved UserInterface instance
* @param UsernamePasswordToken $token The UsernamePasswordToken token to be authenticated
*
* @throws AuthenticationException if the credentials could not be validated
*/
abstract protected function checkAuthentication(AccountInterface $account, UsernamePasswordToken $token);
abstract protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token);
}

2
src/Symfony/Component/Security/Core/Authentication/RememberMe/InMemoryTokenProvider.php
View File

@ -11,7 +11,7 @@ use Symfony\Component\Security\Core\Exception\TokenNotFoundException;
*/
class InMemoryTokenProvider implements TokenProviderInterface
{
protected $tokens = array();
private $tokens = array();
public function loadTokenBySeries($series)
{

166
src/Symfony/Component/Security/Core/Authentication/Token/Token.php → src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
View File

@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Core\Authentication\Token;
use Symfony\Component\Security\Core\Role\RoleInterface;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* Base class for Token instances.
@ -21,15 +21,12 @@ use Symfony\Component\Security\Core\User\AccountInterface;
* @author Fabien Potencier <fabien@symfony.com>
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
abstract class Token implements TokenInterface
abstract class AbstractToken implements TokenInterface
{
protected $roles;
protected $authenticated;
protected $user;
protected $credentials;
protected $immutable;
protected $providerKey;
protected $attributes;
private $user;
private $roles;
private $authenticated;
private $attributes;
/**
* Constructor.
@ -38,24 +35,19 @@ abstract class Token implements TokenInterface
*/
public function __construct(array $roles = array())
{
$this->setRoles($roles);
$this->authenticated = false;
$this->immutable = false;
$this->attributes = array();
}
/**
* Adds a Role to the token.
*
* @param RoleInterface $role A RoleInterface instance
*/
public function addRole(RoleInterface $role)
{
if ($this->immutable) {
throw new \LogicException('This token is considered immutable.');
$this->roles = array();
foreach ($roles as $role) {
if (is_string($role)) {
$role = new Role($role);
} else if (!$role instanceof RoleInterface) {
throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or RoleInterface instances, but got %s.', gettype($role)));
}
$this->roles[] = $role;
}
$this->roles[] = $role;
}
/**
@ -66,34 +58,50 @@ abstract class Token implements TokenInterface
return $this->roles;
}
/**
* {@inheritDoc}
*/
public function setRoles(array $roles)
{
$this->roles = array();
foreach ($roles as $role) {
if (is_string($role)) {
$role = new Role($role);
}
$this->addRole($role);
}
}
/**
* {@inheritdoc}
*/
public function __toString()
public function getUsername()
{
if ($this->user instanceof AccountInterface) {
if ($this->user instanceof UserInterface) {
return $this->user->getUsername();
}
return (string) $this->user;
}
public function getUser()
{
return $this->user;
}
public function setUser($user)
{
if (!($user instanceof UserInterface || (is_object($user) && method_exists($user, '__toString')) || is_string($user))) {
throw new \InvalidArgumentException('$user must be an instanceof of UserInterface, an object implementing a __toString method, or a primitive string.');
}
if (null === $this->user) {
$changed = false;
} else if ($this->user instanceof UserInterface) {
if (!$user instanceof UserInterface) {
$changed = true;
} else {
$changed = !$this->user->equals($user);
}
} else if ($user instanceof UserInterface) {
$changed = true;
} else {
$changed = (string) $this->user !== (string) $user;
}
if ($changed) {
$this->setAuthenticated(false);
}
$this->user = $user;
}
/**
* {@inheritdoc}
*/
@ -107,95 +115,25 @@ abstract class Token implements TokenInterface
*/
public function setAuthenticated($authenticated)
{
if ($this->immutable) {
throw new \LogicException('This token is considered immutable.');
}
$this->authenticated = (Boolean) $authenticated;
}
/**
* {@inheritdoc}
*/
public function getCredentials()
{
return $this->credentials;
}
/**
* {@inheritdoc}
*/
public function getUser()
{
return $this->user;
}
/**
* {@inheritDoc}
*/
public function setUser($user)
{
if ($this->immutable) {
throw new \LogicException('This token is considered immutable.');
}
if (!is_string($user) && !is_object($user)) {
throw new \InvalidArgumentException('$user must be an object, or a primitive string.');
} else if (is_object($user) && !$user instanceof AccountInterface && !method_exists($user, '__toString')) {
throw new \InvalidArgumentException('If $user is an object, it must implement __toString().');
}
$this->user = $user;
}
/**
* {@inheritdoc}
*/
public function eraseCredentials()
{
if ($this->immutable) {
throw new \LogicException('This token is considered immutable.');
}
if ($this->getCredentials() instanceof AccountInterface) {
$this->getCredentials()->eraseCredentials();
}
if ($this->getUser() instanceof AccountInterface) {
if ($this->getUser() instanceof UserInterface) {
$this->getUser()->eraseCredentials();
}
}
/**
* {@inheritdoc}
*/
public function isImmutable()
{
return $this->immutable;
}
/**
* {@inheritdoc}
*/
public function setImmutable()
{
$this->immutable = true;
}
/**
* {@inheritdoc}
*/
public function getProviderKey()
{
return $this->providerKey;
}
/**
* {@inheritdoc}
*/
public function serialize()
{
return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes));
return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes));
}
/**
@ -203,7 +141,7 @@ abstract class Token implements TokenInterface
*/
public function unserialize($serialized)
{
list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes) = unserialize($serialized);
list($this->user, $this->authenticated, $this->roles, $this->attributes) = unserialize($serialized);
}
/**

29
src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
View File

@ -16,10 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token;
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class AnonymousToken extends Token
use Symfony\Component\Security\Core\User\UserInterface;
class AnonymousToken extends AbstractToken
{
protected $user;
protected $key;
private $key;
/**
* Constructor.
@ -33,9 +34,8 @@ class AnonymousToken extends Token
parent::__construct($roles);
$this->key = $key;
$this->user = $user;
parent::setAuthenticated(true);
$this->setUser($user);
$this->setAuthenticated(true);
}
/**
@ -55,4 +55,21 @@ class AnonymousToken extends Token
{
return $this->key;
}
/**
* {@inheritDoc}
*/
public function serialize()
{
return serialize(array($this->key, parent::serialize()));
}
/**
* {@inheritDoc}
*/
public function unserialize($str)
{
list($this->key, $parentStr) = unserialize($str);
parent::unserialize($parentStr);
}
}

41
src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
View File

@ -16,21 +16,39 @@ namespace Symfony\Component\Security\Core\Authentication\Token;
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class PreAuthenticatedToken extends Token
class PreAuthenticatedToken extends AbstractToken
{
private $credentials;
private $providerKey;
/**
* Constructor.
*/
public function __construct($user, $credentials, $providerKey, array $roles = null)
public function __construct($user, $credentials, $providerKey, array $roles = array())
{
parent::__construct(null === $roles ? array() : $roles);
if (null !== $roles) {
$this->setAuthenticated(true);
parent::__construct($roles);
if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
}
$this->user = $user;
$this->setUser($user);
$this->credentials = $credentials;
$this->providerKey = $providerKey;
if ($roles) {
$this->setAuthenticated(true);
}
}
public function getProviderKey()
{
return $this->providerKey;
}
public function getCredentials()
{
return $this->credentials;
}
/**
@ -42,4 +60,15 @@ class PreAuthenticatedToken extends Token
$this->credentials = null;
}
public function serialize()
{
return serialize(array($this->credentials, $this->providerKey, parent::serialize()));
}
public function unserialize($str)
{
list($this->credentials, $this->providerKey, $parentStr) = unserialize($str);
parent::unserialize($parentStr);
}
}

57
src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
View File

@ -12,44 +12,57 @@
namespace Symfony\Component\Security\Core\Authentication\Token;
use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentTokenInterface;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* Base class for "Remember Me" tokens
* Authentication Token for "Remember-Me".
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
class RememberMeToken extends Token
class RememberMeToken extends AbstractToken
{
protected $key;
/**
* The persistent token which resulted in this authentication token.
*
* @var PersistentTokenInterface
*/
protected $persistentToken;
private $key;
private $providerKey;
private $persistentToken;
/**
* Constructor.
*
* @param string $username
* @param UserInterface $user
* @param string $providerKey
* @param string $key
*/
public function __construct(AccountInterface $user, $providerKey, $key) {
public function __construct(UserInterface $user, $providerKey, $key, PersistentTokenInterface $persistentToken = null) {
parent::__construct($user->getRoles());
if (empty($key)) {
throw new \InvalidArgumentException('$key must not be empty.');
}
if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
}
$this->setUser($user);
$this->providerKey = $providerKey;
$this->key = $key;
$this->setAuthenticated(true);
$this->persistentToken = $persistentToken;
$this->setUser($user);
parent::setAuthenticated(true);
}
public function setAuthenticated($authenticated)
{
if ($authenticated) {
throw new \RuntimeException('You cannot set this token to authenticated after creation.');
}
parent::setAuthenticated(false);
}
public function getProviderKey()
{
return $this->providerKey;
}
public function getKey()
@ -62,18 +75,21 @@ class RememberMeToken extends Token
return $this->persistentToken;
}
public function setPersistentToken(PersistentTokenInterface $persistentToken)
public function getCredentials()
{
$this->persistentToken = $persistentToken;
return '';
}
/**
* {@inheritdoc}
*/
public function serialize()
{
return serialize(array($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key));
return serialize(array(
$this->key,
$this->providerKey,
parent::serialize(),
));
}
/**
@ -81,6 +97,7 @@ class RememberMeToken extends Token
*/
public function unserialize($serialized)
{
list($this->user, $this->credentials, $this->authenticated, $this->roles, $this->immutable, $this->providerKey, $this->attributes, $this->key) = unserialize($serialized);
list($this->key, $this->providerKey, $parentStr) = unserialize($serialized);
parent::unserialize($parentStr);
}
}

46
src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php
View File

@ -11,22 +11,16 @@
namespace Symfony\Component\Security\Core\Authentication\Token;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* TokenInterface is the interface for the user authentication information.
*
* @author Fabien Potencier <fabien@symfony.com>
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
interface TokenInterface extends \Serializable
{
/**
* Returns a string representation of the token.
*
* @return string A string representation
*/
function __toString();
/**
* Returns the user roles.
*
@ -34,14 +28,6 @@ interface TokenInterface extends \Serializable
*/
function getRoles();
/**
* Sets the user's roles
*
* @param array $roles
* @return void
*/
function setRoles(array $roles);
/**
* Returns the user credentials.
*
@ -58,13 +44,19 @@ interface TokenInterface extends \Serializable
function getUser();
/**
* Sets the user.
* Sets a user.
*
* @param mixed $user can either be an object which implements __toString(), or
* only a primitive string
* @param mixed $user
*/
function setUser($user);
/**
* Returns the username.
*
* @return string
*/
function getUsername();
/**
* Checks if the user is authenticated or not.
*
@ -79,22 +71,6 @@ interface TokenInterface extends \Serializable
*/
function setAuthenticated($isAuthenticated);
/**
* Whether this token is considered immutable
*
* @return Boolean
*/
function isImmutable();
/**
* Marks this token as immutable. This change cannot be reversed.
*
* You'll need to create a new token if you want a mutable token again.
*
* @return void
*/
function setImmutable();
/**
* Removes sensitive information from the token.
*/

32
src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
View File

@ -16,8 +16,11 @@ namespace Symfony\Component\Security\Core\Authentication\Token;
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class UsernamePasswordToken extends Token
class UsernamePasswordToken extends AbstractToken
{
private $credentials;
private $providerKey;
/**
* Constructor.
*
@ -28,11 +31,15 @@ class UsernamePasswordToken extends Token
{
parent::__construct($roles);
if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
}
$this->setUser($user);
$this->credentials = $credentials;
$this->providerKey = $providerKey;
parent::setAuthenticated((Boolean) count($roles));
parent::setAuthenticated(count($roles) > 0);
}
/**
@ -47,6 +54,16 @@ class UsernamePasswordToken extends Token
parent::setAuthenticated(false);
}
public function getCredentials()
{
return $this->credentials;
}
public function getProviderKey()
{
return $this->providerKey;
}
/**
* {@inheritdoc}
*/
@ -56,4 +73,15 @@ class UsernamePasswordToken extends Token
$this->credentials = null;
}
public function serialize()
{
return serialize(array($this->credentials, $this->providerKey, parent::serialize()));
}
public function unserialize($str)
{
list($this->credentials, $this->providerKey, $parentStr) = unserialize($str);
parent::unserialize($parentStr);
}
}

57
src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
View File

@ -22,10 +22,10 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
class AccessDecisionManager implements AccessDecisionManagerInterface
{
protected $voters;
protected $strategy;
protected $allowIfAllAbstainDecisions;
protected $allowIfEqualGrantedDeniedDecisions;
private $voters;
private $strategy;
private $allowIfAllAbstainDecisions;
private $allowIfEqualGrantedDeniedDecisions;
/**
* Constructor.
@ -34,8 +34,12 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
* @param string $strategy The vote strategy
* @param Boolean $allowIfAllAbstainDecisions Whether to grant access if all voters abstained or not
*/
public function __construct(array $voters = array(), $strategy = 'affirmative', $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true)
public function __construct(array $voters, $strategy = 'affirmative', $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true)
{
if (!$voters) {
throw new \InvalidArgumentException('You must at least add one voter.');
}
$this->voters = $voters;
$this->strategy = 'decide'.ucfirst($strategy);
$this->allowIfAllAbstainDecisions = (Boolean) $allowIfAllAbstainDecisions;
@ -50,43 +54,6 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
return $this->{$this->strategy}($token, $attributes, $object);
}
/**
* Returns all voters.
*
* @return VoterInterface[] $voters An array of VoterInterface instances
*/
public function getVoters()
{
return $this->voters;
}
/**
* Sets voters.
*
* @param VoterInterface[] $voters An array of VoterInterface instances
*/
public function setVoters(array $voters)
{
if (!count($voters)) {
throw new \LogicException('You must have at least one voter.');
}
$this->voters = array();
foreach ($voters as $voter) {
$this->addVoter($voter);
}
}
/**
* Adds a voter.
*
* @param VoterInterface $voter A VoterInterface instance
*/
public function addVoter(VoterInterface $voter)
{
$this->voters[] = $voter;
}
/**
* {@inheritdoc}
*/
@ -121,7 +88,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
* If all voters abstained from voting, the decision will be based on the
* allowIfAllAbstainDecisions property value (defaults to false).
*/
protected function decideAffirmative(TokenInterface $token, array $attributes, $object = null)
private function decideAffirmative(TokenInterface $token, array $attributes, $object = null)
{
$deny = 0;
foreach ($this->voters as $voter) {
@ -161,7 +128,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
* If all voters abstained from voting, the decision will be based on the
* allowIfAllAbstainDecisions property value (defaults to false).
*/
protected function decideConsensus(TokenInterface $token, array $attributes, $object = null)
private function decideConsensus(TokenInterface $token, array $attributes, $object = null)
{
$grant = 0;
$deny = 0;
@ -208,7 +175,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
* If all voters abstained from voting, the decision will be based on the
* allowIfAllAbstainDecisions property value (defaults to false).
*/
protected function decideUnanimous(TokenInterface $token, array $attributes, $object = null)
private function decideUnanimous(TokenInterface $token, array $attributes, $object = null)
{
$grant = 0;
foreach ($attributes as $attribute) {

2
src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
View File

@ -29,7 +29,7 @@ class AuthenticatedVoter implements VoterInterface
const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED';
const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
protected $authenticationTrustResolver;
private $authenticationTrustResolver;
/**
* Constructor.

2
src/Symfony/Component/Security/Core/Authorization/Voter/RoleHierarchyVoter.php
View File

@ -22,7 +22,7 @@ use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
*/
class RoleHierarchyVoter extends RoleVoter
{
protected $roleHierarchy;
private $roleHierarchy;
public function __construct(RoleHierarchyInterface $roleHierarchy, $prefix = 'ROLE_')
{

2
src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php
View File

@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
class RoleVoter implements VoterInterface
{
protected $prefix;
private $prefix;
/**
* Constructor.

12
src/Symfony/Component/Security/Core/Encoder/EncoderFactory.php
View File

@ -11,7 +11,7 @@
namespace Symfony\Component\Security\Core\Encoder;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* A generic encoder factory implementation
@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\User\AccountInterface;
*/
class EncoderFactory implements EncoderFactoryInterface
{
protected $encoders;
private $encoders;
public function __construct(array $encoders)
{
@ -30,10 +30,10 @@ class EncoderFactory implements EncoderFactoryInterface
/**
* {@inheritDoc}
*/
public function getEncoder(AccountInterface $account)
public function getEncoder(UserInterface $user)
{
foreach ($this->encoders as $class => $encoder) {
if (!$account instanceof $class) {
if (!$user instanceof $class) {
continue;
}
@ -44,7 +44,7 @@ class EncoderFactory implements EncoderFactoryInterface
return $this->encoders[$class];
}
throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".', get_class($account)));
throw new \RuntimeException(sprintf('No encoder has been configured for account "%s".', get_class($user)));
}
/**
@ -53,7 +53,7 @@ class EncoderFactory implements EncoderFactoryInterface
* @param array $config
* @return PasswordEncoderInterface
*/
protected function createEncoder(array $config)
private function createEncoder(array $config)
{
if (!isset($config['class'])) {
throw new \InvalidArgumentException(sprintf('"class" must be set in %s.', json_encode($config)));

6
src/Symfony/Component/Security/Core/Encoder/EncoderFactoryInterface.php
View File

@ -11,7 +11,7 @@
namespace Symfony\Component\Security\Core\Encoder;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* EncoderFactoryInterface to support different encoders for different accounts.
@ -23,8 +23,8 @@ interface EncoderFactoryInterface
/**
* Returns the password encoder to use for the given account
*
* @param AccountInterface $account
* @param UserInterface $user
* @return PasswordEncoderInterface never null
*/
function getEncoder(AccountInterface $account);
function getEncoder(UserInterface $user);
}

4
src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
View File

@ -18,8 +18,8 @@ namespace Symfony\Component\Security\Core\Encoder;
*/
class MessageDigestPasswordEncoder extends BasePasswordEncoder
{
protected $algorithm;
protected $encodeHashAsBase64;
private $algorithm;
private $encodeHashAsBase64;
/**
* Constructor.

2
src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php
View File

@ -18,7 +18,7 @@ namespace Symfony\Component\Security\Core\Encoder;
*/
class PlaintextPasswordEncoder extends BasePasswordEncoder
{
protected $ignorePasswordCase;
private $ignorePasswordCase;
public function __construct($ignorePasswordCase = false)
{

2
src/Symfony/Component/Security/Core/Exception/AuthenticationException.php
View File

@ -18,7 +18,7 @@ namespace Symfony\Component\Security\Core\Exception;
*/
class AuthenticationException extends \RuntimeException implements \Serializable
{
protected $extraInformation;
private $extraInformation;
public function __construct($message, $extraInformation = null, $code = 0, \Exception $previous = null)
{

4
src/Symfony/Component/Security/Core/Exception/UnsupportedAccountException.php → src/Symfony/Component/Security/Core/Exception/UnsupportedUserException.php
View File

@ -13,10 +13,10 @@ namespace Symfony\Component\Security\Core\Exception;
/**
* This exception is thrown when an account is reloaded from a provider which
* doesn't support the passed implementation of AccountInterface.
* doesn't support the passed implementation of UserInterface.
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
class UnsupportedAccountException extends AuthenticationServiceException
class UnsupportedUserException extends AuthenticationServiceException
{
}

2
src/Symfony/Component/Security/Core/Role/Role.php
View File

@ -19,7 +19,7 @@ namespace Symfony\Component\Security\Core\Role;
*/
class Role implements RoleInterface
{
protected $role;
private $role;
/**
* Constructor.

6
src/Symfony/Component/Security/Core/Role/RoleHierarchy.php
View File

@ -18,8 +18,8 @@ namespace Symfony\Component\Security\Core\Role;
*/
class RoleHierarchy implements RoleHierarchyInterface
{
protected $hierarchy;
protected $map;
private $hierarchy;
private $map;
/**
* Constructor.
@ -56,7 +56,7 @@ class RoleHierarchy implements RoleHierarchyInterface
return $reachableRoles;
}
protected function buildRoleMap()
private function buildRoleMap()
{
$this->map = array();
foreach ($this->hierarchy as $main => $roles) {

2
src/Symfony/Component/Security/Core/Role/SwitchUserRole.php
View File

@ -21,7 +21,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
class SwitchUserRole extends Role
{
protected $source;
private $source;
/**
* Constructor.

12
src/Symfony/Component/Security/Core/SecurityContext.php
View File

@ -11,7 +11,7 @@
namespace Symfony\Component\Security\Core;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
@ -28,10 +28,10 @@ use Symfony\Component\Security\Acl\Voter\FieldVote;
*/
class SecurityContext implements SecurityContextInterface
{
protected $token;
protected $accessDecisionManager;
protected $authenticationManager;
protected $alwaysAuthenticate;
private $token;
private $accessDecisionManager;
private $authenticationManager;
private $alwaysAuthenticate;
/**
* Constructor.
@ -45,7 +45,7 @@ class SecurityContext implements SecurityContextInterface
$this->alwaysAuthenticate = $alwaysAuthenticate;
}
public final function vote($attributes, $object = null)
public final function isGranted($attributes, $object = null)
{
if (null === $this->token) {
throw new AuthenticationCredentialsNotFoundException('The security context contains no authentication token.');

4
src/Symfony/Component/Security/Core/SecurityContextInterface.php
View File

@ -16,6 +16,6 @@ interface SecurityContextInterface
const LAST_USERNAME = '_security.last_username';
function getToken();
function setToken(TokenInterface $account);
function vote($attributes, $object = null);
function setToken(TokenInterface $token);
function isGranted($attributes, $object = null);
}

4
src/Symfony/Component/Security/Core/User/AdvancedAccountInterface.php → src/Symfony/Component/Security/Core/User/AdvancedUserInterface.php
View File

@ -12,11 +12,11 @@
namespace Symfony\Component\Security\Core\User;
/**
* AdvancedAccountInterface adds status flags to a regular account.
* AdvancedUserInterface adds status flags to a regular account.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
interface AdvancedAccountInterface extends AccountInterface
interface AdvancedUserInterface extends UserInterface
{
/**
* Checks whether the user's account has expired.

12
src/Symfony/Component/Security/Core/User/ChainUserProvider.php
View File

@ -2,7 +2,7 @@
namespace Symfony\Component\Security\Core\User;
use Symfony\Component\Security\Core\Exception\UnsupportedAccountException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
/**
@ -15,7 +15,7 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
*/
class ChainUserProvider implements UserProviderInterface
{
protected $providers;
private $providers;
public function __construct(array $providers)
{
@ -41,17 +41,17 @@ class ChainUserProvider implements UserProviderInterface
/**
* {@inheritDoc}
*/
public function loadUserByAccount(AccountInterface $account)
public function loadUser(UserInterface $user)
{
foreach ($this->providers as $provider) {
try {
return $provider->loadUserByAccount($account);
} catch (UnsupportedAccountException $unsupported) {
return $provider->loadUser($user);
} catch (UnsupportedUserException $unsupported) {
// try next one
}
}
throw new UnsupportedAccountException(sprintf('The account "%s" is not supported.', get_class($account)));
throw new UnsupportedUserException(sprintf('The account "%s" is not supported.', get_class($user)));
}
/**

16
src/Symfony/Component/Security/Core/User/EntityUserProvider.php
View File

@ -12,7 +12,7 @@
namespace Symfony\Component\Security\Core\User;
use Doctrine\ORM\EntityManager;
use Symfony\Component\Security\Core\Exception\UnsupportedAccountException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
/**
@ -25,9 +25,9 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
*/
class EntityUserProvider implements UserProviderInterface
{
protected $class;
protected $repository;
protected $property;
private $class;
private $repository;
private $property;
public function __construct(EntityManager $em, $class, $property = null)
{
@ -66,13 +66,13 @@ class EntityUserProvider implements UserProviderInterface
/**
* {@inheritDoc}
*/
public function loadUserByAccount(AccountInterface $account)
public function loadUser(UserInterface $user)
{
if (!$account instanceof $this->class) {
throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account)));
if (!$user instanceof $this->class) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
}
return $this->loadUserByUsername($account->getUsername());
return $this->loadUserByUsername($user->getUsername());
}
/**

16
src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
View File

@ -12,7 +12,7 @@
namespace Symfony\Component\Security\Core\User;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedAccountException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
/**
* InMemoryUserProvider is a simple non persistent user provider.
@ -24,7 +24,7 @@ use Symfony\Component\Security\Core\Exception\UnsupportedAccountException;
*/
class InMemoryUserProvider implements UserProviderInterface
{
protected $users;
private $users;
/**
* Constructor.
@ -50,9 +50,9 @@ class InMemoryUserProvider implements UserProviderInterface
/**
* Adds a new User to the provider.
*
* @param AccountInterface $user A AccountInterface instance
* @param UserInterface $user A UserInterface instance
*/
public function createUser(AccountInterface $user)
public function createUser(UserInterface $user)
{
if (isset($this->users[strtolower($user->getUsername())])) {
throw new \LogicException('Another user with the same username already exist.');
@ -79,13 +79,13 @@ class InMemoryUserProvider implements UserProviderInterface
/**
* {@inheritDoc}
*/
public function loadUserByAccount(AccountInterface $account)
public function loadUser(UserInterface $user)
{
if (!$account instanceof User) {
throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account)));
if (!$user instanceof User) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
}
return $this->loadUserByUsername((string) $account);
return $this->loadUserByUsername($user->getUsername());
}
/**

46
src/Symfony/Component/Security/Core/User/User.php
View File

@ -18,16 +18,16 @@ namespace Symfony\Component\Security\Core\User;
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class User implements AdvancedAccountInterface
final class User implements AdvancedUserInterface
{
protected $username;
protected $password;
protected $accountNonExpired;
protected $credentialsNonExpired;
protected $accountNonLocked;
protected $roles;
private $username;
private $password;
private $userNonExpired;
private $credentialsNonExpired;
private $userNonLocked;
private $roles;
public function __construct($username, $password, array $roles = array(), $enabled = true, $accountNonExpired = true, $credentialsNonExpired = true, $accountNonLocked = true)
public function __construct($username, $password, array $roles = array(), $enabled = true, $userNonExpired = true, $credentialsNonExpired = true, $userNonLocked = true)
{
if (empty($username)) {
throw new \InvalidArgumentException('The username cannot be empty.');
@ -36,20 +36,12 @@ class User implements AdvancedAccountInterface
$this->username = $username;
$this->password = $password;
$this->enabled = $enabled;
$this->accountNonExpired = $accountNonExpired;
$this->accountNonExpired = $userNonExpired;
$this->credentialsNonExpired = $credentialsNonExpired;
$this->accountNonLocked = $accountNonLocked;
$this->accountNonLocked = $userNonLocked;
$this->roles = $roles;
}
/**
* {@inheritdoc}
*/
public function __toString()
{
return $this->username;
}
/**
* {@inheritdoc}
*/
@ -124,37 +116,37 @@ class User implements AdvancedAccountInterface
/**
* {@inheritDoc}
*/
public function equals(AccountInterface $account)
public function equals(UserInterface $user)
{
if (!$account instanceof User) {
if (!$user instanceof User) {
return false;
}
if ($this->password !== $account->getPassword()) {
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->getSalt() !== $account->getSalt()) {
if ($this->getSalt() !== $user->getSalt()) {
return false;
}
if ($this->username !== $account->getUsername()) {
if ($this->username !== $user->getUsername()) {
return false;
}
if ($this->accountNonExpired !== $account->isAccountNonExpired()) {
if ($this->accountNonExpired !== $user->isAccountNonExpired()) {
return false;
}
if ($this->accountNonLocked !== $account->isAccountNonLocked()) {
if ($this->accountNonLocked !== $user->isAccountNonLocked()) {
return false;
}
if ($this->credentialsNonExpired !== $account->isCredentialsNonExpired()) {
if ($this->credentialsNonExpired !== $user->isCredentialsNonExpired()) {
return false;
}
if ($this->enabled !== $account->isEnabled()) {
if ($this->enabled !== $user->isEnabled()) {
return false;
}

28
src/Symfony/Component/Security/Core/User/AccountChecker.php → src/Symfony/Component/Security/Core/User/UserChecker.php
View File

@ -17,45 +17,45 @@ use Symfony\Component\Security\Core\Exception\DisabledException;
use Symfony\Component\Security\Core\Exception\AccountExpiredException;
/**
* AccountChecker checks the user account flags.
* UserChecker checks the user account flags.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class AccountChecker implements AccountCheckerInterface
class UserChecker implements UserCheckerInterface
{
/**
* {@inheritdoc}
*/
public function checkPreAuth(AccountInterface $account)
public function checkPreAuth(UserInterface $user)
{
if (!$account instanceof AdvancedAccountInterface) {
if (!$user instanceof AdvancedUserInterface) {
return;
}
if (!$account->isCredentialsNonExpired()) {
throw new CredentialsExpiredException('User credentials have expired.', $account);
if (!$user->isCredentialsNonExpired()) {
throw new CredentialsExpiredException('User credentials have expired.', $user);
}
}
/**
* {@inheritdoc}
*/
public function checkPostAuth(AccountInterface $account)
public function checkPostAuth(UserInterface $user)
{
if (!$account instanceof AdvancedAccountInterface) {
if (!$user instanceof AdvancedUserInterface) {
return;
}
if (!$account->isAccountNonLocked()) {
throw new LockedException('User account is locked.', $account);
if (!$user->isAccountNonLocked()) {
throw new LockedException('User account is locked.', $user);
}
if (!$account->isEnabled()) {
throw new DisabledException('User account is disabled.', $account);
if (!$user->isEnabled()) {
throw new DisabledException('User account is disabled.', $user);
}
if (!$account->isAccountNonExpired()) {
throw new AccountExpiredException('User account has expired.', $account);
if (!$user->isAccountNonExpired()) {
throw new AccountExpiredException('User account has expired.', $user);
}
}
}

12
src/Symfony/Component/Security/Core/User/AccountCheckerInterface.php → src/Symfony/Component/Security/Core/User/UserCheckerInterface.php
View File

@ -12,25 +12,25 @@
namespace Symfony\Component\Security\Core\User;
/**
* AccountCheckerInterface checks user account when authentication occurs.
* UserCheckerInterface checks user account when authentication occurs.
*
* This should not be used to make authentication decisions.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
interface AccountCheckerInterface
interface UserCheckerInterface
{
/**
* Checks the user account before authentication.
*
* @param AccountInterface $account An AccountInterface instance
* @param UserInterface $user An UserInterface instance
*/
function checkPreAuth(AccountInterface $account);
function checkPreAuth(UserInterface $user);
/**
* Checks the user account after authentication.
*
* @param AccountInterface $account An AccountInterface instance
* @param UserInterface $user An UserInterface instance
*/
function checkPostAuth(AccountInterface $account);
function checkPostAuth(UserInterface $user);
}

8
src/Symfony/Component/Security/Core/User/AccountInterface.php → src/Symfony/Component/Security/Core/User/UserInterface.php
View File

@ -12,11 +12,11 @@
namespace Symfony\Component\Security\Core\User;
/**
* AccountInterface is the interface that user classes must implement.
* UserInterface is the interface that user classes must implement.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
interface AccountInterface
interface UserInterface
{
/**
* Returns the roles granted to the user.
@ -60,8 +60,8 @@ interface AccountInterface
* However, you do not need to compare every attribute, but only those that
* are relevant for assessing whether re-authentication is required.
*
* @param AccountInterface $account
* @param UserInterface $user
* @return Boolean
*/
function equals(AccountInterface $account);
function equals(UserInterface $user);
}

10
src/Symfony/Component/Security/Core/User/UserProviderInterface.php
View File

@ -28,7 +28,7 @@ interface UserProviderInterface
* @throws UsernameNotFoundException if the user is not found
* @param string $username The username
*
* @return AccountInterface
* @return UserInterface
*/
function loadUserByUsername($username);
@ -39,12 +39,12 @@ interface UserProviderInterface
* from the database, or if it simply merges the passed User into the
* identity map of an entity manager.
*
* @throws UnsupportedAccountException if the account is not supported
* @param AccountInterface $account
* @throws UnsupportedUserException if the account is not supported
* @param UserInterface $user
*
* @return AccountInterface
* @return UserInterface
*/
function loadUserByAccount(AccountInterface $account);
function loadUser(UserInterface $user);
/**
* Whether this provider supports the given user class

2
src/Symfony/Component/Security/Http/AccessMap.php
View File

@ -22,7 +22,7 @@ use Symfony\Component\HttpFoundation\Request;
*/
class AccessMap
{
protected $map = array();
private $map = array();
/**
* Constructor.

2
src/Symfony/Component/Security/Http/EntryPoint/BasicAuthenticationEntryPoint.php
View File

@ -24,7 +24,7 @@ use Symfony\Component\HttpFoundation\Request;
*/
class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
protected $realmName;
private $realmName;
public function __construct($realmName)
{

18
src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php
View File

@ -26,10 +26,10 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface;
*/
class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
protected $key;
protected $realmName;
protected $nonceValiditySeconds;
protected $logger;
private $key;
private $realmName;
private $nonceValiditySeconds;
private $logger;
public function __construct($realmName, $key, $nonceValiditySeconds = 300, LoggerInterface $logger = null)
{
@ -62,14 +62,4 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac
return $response;
}
public function getKey()
{
return $this->key;
}
public function getRealmName()
{
return $this->realmName;
}
}

4
src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
View File

@ -26,8 +26,8 @@ use Symfony\Component\HttpKernel\HttpKernelInterface;
*/
class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
protected $loginPath;
protected $useForward;
private $loginPath;
private $useForward;
/**
* Constructor

4
src/Symfony/Component/Security/Http/EntryPoint/RetryAuthenticationEntryPoint.php
View File

@ -27,8 +27,8 @@ use Symfony\Component\HttpFoundation\Request;
*/
class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
protected $httpPort;
protected $httpsPort;
private $httpPort;
private $httpsPort;
public function __construct($httpPort = 80, $httpsPort = 443)
{

6
src/Symfony/Component/Security/Http/Firewall.php
View File

@ -31,9 +31,9 @@ use Symfony\Component\HttpFoundation\Request;
*/
class Firewall
{
protected $map;
protected $dispatcher;
protected $currentListeners;
private $map;
private $dispatcher;
private $currentListeners;
/**
* Constructor.

48
src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
View File

@ -35,8 +35,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
* Subclasses likely have to implement the following:
* - an TokenInterface to hold authentication related data
* - an AuthenticationProvider to perform the actual authentication of the
* token, retrieve the AccountInterface implementation from a database, and
* perform the specific account checks using the AccountChecker
* token, retrieve the UserInterface implementation from a database, and
* perform the specific account checks using the UserChecker
*
* By default, this listener only is active for a specific path, e.g.
* /login_check. If you want to change this behavior, you can overwrite the
@ -47,16 +47,16 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
abstract class AbstractAuthenticationListener implements ListenerInterface
{
protected $securityContext;
protected $authenticationManager;
protected $sessionStrategy;
protected $providerKey;
protected $eventDispatcher;
protected $options;
protected $successHandler;
protected $failureHandler;
protected $logger;
protected $rememberMeServices;
protected $authenticationManager;
protected $providerKey;
private $securityContext;
private $sessionStrategy;
private $eventDispatcher;
private $successHandler;
private $failureHandler;
private $rememberMeServices;
/**
* Constructor.
@ -173,7 +173,18 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
return $this->options['check_path'] === $request->getPathInfo();
}
protected function onFailure($event, Request $request, AuthenticationException $failed)
/**
* Performs authentication.
*
* @param Request $request A Request instance
*
* @return TokenInterface The authenticated token, or null if full authentication is not possible
*
* @throws AuthenticationException if the authentication fails
*/
abstract protected function attemptAuthentication(Request $request);
private function onFailure($event, Request $request, AuthenticationException $failed)
{
if (null !== $this->logger) {
$this->logger->debug(sprintf('Authentication request failed: %s', $failed->getMessage()));
@ -209,7 +220,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
return new RedirectResponse(0 !== strpos($this->options['failure_path'], 'http') ? $request->getUriForPath($this->options['failure_path']) : $this->options['failure_path'], 302);
}
protected function onSuccess(EventInterface $event, Request $request, TokenInterface $token)
private function onSuccess(EventInterface $event, Request $request, TokenInterface $token)
{
if (null !== $this->logger) {
$this->logger->debug('User has been authenticated successfully');
@ -246,7 +257,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
*
* @return string
*/
protected function determineTargetUrl(Request $request)
private function determineTargetUrl(Request $request)
{
if ($this->options['always_use_default_target_path']) {
return $this->options['default_target_path'];
@ -269,15 +280,4 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
return $this->options['default_target_path'];
}
/**
* Performs authentication.
*
* @param Request $request A Request instance
*
* @return TokenInterface The authenticated token, or null if full authentication is not possible
*
* @throws AuthenticationException if the authentication fails
*/
abstract protected function attemptAuthentication(Request $request);
}

14
src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
View File

@ -30,11 +30,11 @@ use Symfony\Component\HttpFoundation\Request;
*/
abstract class AbstractPreAuthenticatedListener implements ListenerInterface
{
protected $securityContext;
protected $authenticationManager;
protected $providerKey;
protected $logger;
protected $eventDispatcher;
private $securityContext;
private $authenticationManager;
private $providerKey;
private $eventDispatcher;
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, LoggerInterface $logger = null)
{
@ -80,11 +80,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
list($user, $credentials) = $this->getPreAuthenticatedData($request);
if (null !== $token = $this->securityContext->getToken()) {
if ($token->isImmutable()) {
return;
}
if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && (string) $token === $user) {
if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && $token->getUsername() === $user) {
return;
}
}

12
src/Symfony/Component/Security/Http/Firewall/AccessListener.php
View File

@ -28,11 +28,11 @@ use Symfony\Component\Security\Core\Exception\AccessDeniedException;
*/
class AccessListener implements ListenerInterface
{
protected $context;
protected $accessDecisionManager;
protected $map;
protected $authManager;
protected $logger;
private $context;
private $accessDecisionManager;
private $map;
private $authManager;
private $logger;
public function __construct(SecurityContext $context, AccessDecisionManagerInterface $accessDecisionManager, AccessMap $map, AuthenticationManagerInterface $authManager, LoggerInterface $logger = null)
{
@ -53,7 +53,7 @@ class AccessListener implements ListenerInterface
{
$dispatcher->connect('core.security', array($this, 'handle'), 0);
}
/**
* {@inheritDoc}
*/

6
src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php
View File

@ -25,9 +25,9 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
*/
class AnonymousAuthenticationListener implements ListenerInterface
{
protected $context;
protected $key;
protected $logger;
private $context;
private $key;
private $logger;
public function __construct(SecurityContextInterface $context, $key, LoggerInterface $logger = null)
{

18
src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
View File

@ -27,12 +27,12 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
*/
class BasicAuthenticationListener implements ListenerInterface
{
protected $securityContext;
protected $authenticationManager;
protected $providerKey;
protected $authenticationEntryPoint;
protected $logger;
protected $ignoreFailure;
private $securityContext;
private $authenticationManager;
private $providerKey;
private $authenticationEntryPoint;
private $logger;
private $ignoreFailure;
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null)
{
@ -80,11 +80,7 @@ class BasicAuthenticationListener implements ListenerInterface
}
if (null !== $token = $this->securityContext->getToken()) {
if ($token->isImmutable()) {
return;
}
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) {
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $username) {
return;
}
}

6
src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
View File

@ -25,9 +25,9 @@ use Symfony\Component\EventDispatcher\EventInterface;
*/
class ChannelListener implements ListenerInterface
{
protected $map;
protected $authenticationEntryPoint;
protected $logger;
private $map;
private $authenticationEntryPoint;
private $logger;
public function __construct(AccessMap $map, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null)
{

33
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
View File

@ -19,9 +19,9 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface;
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedAccountException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* ContextListener manages the SecurityContext persistence through a session.
@ -31,10 +31,10 @@ use Symfony\Component\Security\Core\User\AccountInterface;
*/
class ContextListener implements ListenerInterface
{
protected $context;
protected $contextKey;
protected $logger;
protected $userProviders;
private $context;
private $contextKey;
private $logger;
private $userProviders;
public function __construct(SecurityContext $context, array $userProviders, $contextKey, LoggerInterface $logger = null)
{
@ -89,7 +89,7 @@ class ContextListener implements ListenerInterface
$token = unserialize($token);
if (null !== $token && false === $token->isImmutable()) {
if (null !== $token) {
$token = $this->refreshUser($token);
}
@ -132,10 +132,10 @@ class ContextListener implements ListenerInterface
*
* @return TokenInterface|null
*/
protected function refreshUser(TokenInterface $token)
private function refreshUser(TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof AccountInterface) {
if (!$user instanceof UserInterface) {
return $token;
}
@ -145,25 +145,18 @@ class ContextListener implements ListenerInterface
foreach ($this->userProviders as $provider) {
try {
$cUser = $provider->loadUserByAccount($user);
$token->setRoles($cUser->getRoles());
$token->setUser($cUser);
if (false === $cUser->equals($user)) {
$token->setAuthenticated(false);
}
$token->setUser($provider->loadUser($user));
if (null !== $this->logger) {
$this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user));
$this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $user->getUsername()));
}
return $token;
} catch (UnsupportedAccountException $unsupported) {
} catch (UnsupportedUserException $unsupported) {
// let's try the next user provider
} catch (UsernameNotFoundException $notFound) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Username "%s" could not be found.', $user));
$this->logger->debug(sprintf('Username "%s" could not be found.', $user->getUsername()));
}
return null;

24
src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php
View File

@ -32,11 +32,11 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
*/
class DigestAuthenticationListener implements ListenerInterface
{
protected $securityContext;
protected $provider;
protected $providerKey;
protected $authenticationEntryPoint;
protected $logger;
private $securityContext;
private $provider;
private $providerKey;
private $authenticationEntryPoint;
private $logger;
public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, $providerKey, DigestAuthenticationEntryPoint $authenticationEntryPoint, LoggerInterface $logger = null)
{
@ -85,11 +85,7 @@ class DigestAuthenticationListener implements ListenerInterface
$digestAuth = new DigestData($header);
if (null !== $token = $this->securityContext->getToken()) {
if ($token->isImmutable()) {
return;
}
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $digestAuth->getUsername()) {
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $digestAuth->getUsername()) {
return;
}
}
@ -143,7 +139,7 @@ class DigestAuthenticationListener implements ListenerInterface
$this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
}
protected function fail(EventInterface $event, Request $request, AuthenticationException $authException)
private function fail(EventInterface $event, Request $request, AuthenticationException $authException)
{
$this->securityContext->setToken(null);
@ -157,9 +153,9 @@ class DigestAuthenticationListener implements ListenerInterface
class DigestData
{
protected $elements;
protected $header;
protected $nonceExpiryTime;
private $elements;
private $header;
private $nonceExpiryTime;
public function __construct($header)
{

16
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
View File

@ -34,12 +34,12 @@ use Symfony\Component\HttpKernel\HttpKernelInterface;
*/
class ExceptionListener implements ListenerInterface
{
protected $context;
protected $accessDeniedHandler;
protected $authenticationEntryPoint;
protected $authenticationTrustResolver;
protected $errorPage;
protected $logger;
private $context;
private $accessDeniedHandler;
private $authenticationEntryPoint;
private $authenticationTrustResolver;
private $errorPage;
private $logger;
public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null)
{
@ -148,7 +148,7 @@ class ExceptionListener implements ListenerInterface
return $response;
}
protected function startAuthentication(EventInterface $event, Request $request, AuthenticationException $authException)
private function startAuthentication(EventInterface $event, Request $request, AuthenticationException $authException)
{
$this->context->setToken(null);
@ -160,7 +160,7 @@ class ExceptionListener implements ListenerInterface
$this->logger->debug('Calling Authentication entry point');
}
// session isn't required when using http basic authentification mecanism for example
// session isn't required when using http basic authentification mechanism for example
if ($request->hasSession()) {
$request->getSession()->set('_security.target_path', $request->getUri());
}

10
src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
View File

@ -27,11 +27,11 @@ use Symfony\Component\HttpFoundation\RedirectResponse;
*/
class LogoutListener implements ListenerInterface
{
protected $securityContext;
protected $logoutPath;
protected $targetUrl;
protected $handlers;
protected $successHandler;
private $securityContext;
private $logoutPath;
private $targetUrl;
private $handlers;
private $successHandler;
/**
* Constructor

12
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
View File

@ -31,12 +31,12 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
*/
class RememberMeListener implements ListenerInterface
{
protected $securityContext;
protected $rememberMeServices;
protected $authenticationManager;
protected $logger;
protected $lastState;
protected $eventDispatcher;
private $securityContext;
private $rememberMeServices;
private $authenticationManager;
private $logger;
private $lastState;
private $eventDispatcher;
/**
* Constructor

35
src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
View File

@ -14,7 +14,7 @@ namespace Symfony\Component\Security\Http\Firewall;
use Symfony\Component\EventDispatcher\Event;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\AccountCheckerInterface;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\HttpKernel\Log\LoggerInterface;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@ -36,20 +36,20 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
*/
class SwitchUserListener implements ListenerInterface
{
protected $securityContext;
protected $provider;
protected $accountChecker;
protected $providerKey;
protected $accessDecisionManager;
protected $usernameParameter;
protected $role;
protected $logger;
protected $eventDispatcher;
private $securityContext;
private $provider;
private $userChecker;
private $providerKey;
private $accessDecisionManager;
private $usernameParameter;
private $role;
private $logger;
private $eventDispatcher;
/**
* Constructor.
*/
public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, AccountCheckerInterface $accountChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH')
public function __construct(SecurityContextInterface $securityContext, UserProviderInterface $provider, UserCheckerInterface $userChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH')
{
if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
@ -57,7 +57,7 @@ class SwitchUserListener implements ListenerInterface
$this->securityContext = $securityContext;
$this->provider = $provider;
$this->accountChecker = $accountChecker;
$this->userChecker = $userChecker;
$this->providerKey = $providerKey;
$this->accessDecisionManager = $accessDecisionManager;
$this->usernameParameter = $usernameParameter;
@ -125,11 +125,11 @@ class SwitchUserListener implements ListenerInterface
*
* @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise
*/
protected function attemptSwitchUser(Request $request)
private function attemptSwitchUser(Request $request)
{
$token = $this->securityContext->getToken();
if (false !== $this->getOriginalToken($token)) {
throw new \LogicException(sprintf('You are already switched to "%s" user.', (string) $token));
throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername()));
}
$this->accessDecisionManager->decide($token, array($this->role));
@ -141,13 +141,12 @@ class SwitchUserListener implements ListenerInterface
}
$user = $this->provider->loadUserByUsername($username);
$this->accountChecker->checkPostAuth($user);
$this->userChecker->checkPostAuth($user);
$roles = $user->getRoles();
$roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->securityContext->getToken());
$token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles);
$token->setImmutable(true);
if (null !== $this->eventDispatcher) {
$this->eventDispatcher->notify(new Event($this, 'security.switch_user', array('request' => $request, 'target_user' => $token->getUser())));
@ -163,7 +162,7 @@ class SwitchUserListener implements ListenerInterface
*
* @return TokenInterface The original TokenInterface instance
*/
protected function attemptExitUser(Request $request)
private function attemptExitUser(Request $request)
{
if (false === $original = $this->getOriginalToken($this->securityContext->getToken())) {
throw new AuthenticationCredentialsNotFoundException(sprintf('Could not find original Token object.'));
@ -183,7 +182,7 @@ class SwitchUserListener implements ListenerInterface
*
* @return TokenInterface|false The original TokenInterface instance, false if the current TokenInterface is not switched
*/
protected function getOriginalToken(TokenInterface $token)
private function getOriginalToken(TokenInterface $token)
{
foreach ($token->getRoles() as $role) {
if ($role instanceof SwitchUserRole) {

2
src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
View File

@ -30,7 +30,7 @@ use Symfony\Component\Security\Core\SecurityContextInterface;
*/
class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationListener
{
protected $csrfProvider;
private $csrfProvider;
/**
* {@inheritdoc}

2
src/Symfony/Component/Security/Http/FirewallMap.php
View File

@ -23,7 +23,7 @@ use Symfony\Component\Security\Http\Firewall\ExceptionListener;
*/
class FirewallMap implements FirewallMapInterface
{
protected $map = array();
private $map = array();
public function add(RequestMatcherInterface $requestMatcher = null, array $listeners = array(), ExceptionListener $exceptionListener = null)
{

2
src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php
View File

@ -22,7 +22,7 @@ use Symfony\Component\HttpFoundation\Request;
*/
class CookieClearingLogoutHandler implements LogoutHandlerInterface
{
protected $cookies;
private $cookies;
/**
* Constructor

36
src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
View File

@ -30,7 +30,7 @@ use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
*/
class PersistentTokenBasedRememberMeServices extends RememberMeServices
{
protected $tokenProvider;
private $tokenProvider;
/**
* Sets the token provider
@ -43,6 +43,21 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
$this->tokenProvider = $tokenProvider;
}
/**
* {@inheritDoc}
*/
public function logout(Request $request, Response $response, TokenInterface $token)
{
parent::logout($request, $response, $token);
if (null !== ($cookie = $request->cookies->get($this->options['name']))
&& count($parts = $this->decodeCookie($cookie)) === 2
) {
list($series, $tokenValue) = $parts;
$this->tokenProvider->deleteTokenBySeries($series);
}
}
/**
* {@inheritDoc}
*/
@ -66,10 +81,8 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
}
$user = $this->getUserProvider($persistentToken->getClass())->loadUserByUsername($persistentToken->getUsername());
$authenticationToken = new RememberMeToken($user, $this->providerKey, $this->key);
$authenticationToken->setPersistentToken($persistentToken);
return $authenticationToken;
return new RememberMeToken($user, $this->providerKey, $this->key, $persistentToken);
}
/**
@ -114,21 +127,6 @@ class PersistentTokenBasedRememberMeServices extends RememberMeServices
);
}
/**
* {@inheritDoc}
*/
public function logout(Request $request, Response $response, TokenInterface $token)
{
parent::logout($request, $response, $token);
if (null !== ($cookie = $request->cookies->get($this->options['name']))
&& count($parts = $this->decodeCookie($cookie)) === 2
) {
list($series, $tokenValue) = $parts;
$this->tokenProvider->deleteTokenBySeries($series);
}
}
/**
* Generates the value for the cookie
*

14
src/Symfony/Component/Security/Http/RememberMe/RememberMeServices.php
View File

@ -2,7 +2,7 @@
namespace Symfony\Component\Security\Http\RememberMe;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@ -30,11 +30,11 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout
{
const COOKIE_DELIMITER = ':';
protected $userProviders;
protected $options;
protected $logger;
protected $key;
protected $providerKey;
protected $key;
private $userProviders;
/**
* Constructor
@ -80,7 +80,7 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout
* @param Request $request
* @return TokenInterface
*/
public function autoLogin(Request $request)
public final function autoLogin(Request $request)
{
if (null === $cookie = $request->cookies->get($this->options['name'])) {
return;
@ -139,12 +139,12 @@ abstract class RememberMeServices implements RememberMeServicesInterface, Logout
* @param TokenInterface $token The token that resulted in a successful authentication
* @return void
*/
public function loginSuccess(Request $request, Response $response, TokenInterface $token)
public final function loginSuccess(Request $request, Response $response, TokenInterface $token)
{
if (!$token instanceof RememberMeToken) {
if (!$token->getUser() instanceof AccountInterface) {
if (!$token->getUser() instanceof UserInterface) {
if (null !== $this->logger) {
$this->logger->debug('Remember-me ignores token since it does not contain an AccountInterface implementation.');
$this->logger->debug('Remember-me ignores token since it does not contain an UserInterface implementation.');
}
return;

8
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
View File

@ -8,7 +8,7 @@ use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\AccountInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/*
* This file is part of the Symfony package.
@ -50,8 +50,8 @@ class TokenBasedRememberMeServices extends RememberMeServices
throw $ex;
}
if (!$user instanceof AccountInterface) {
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of AccountInterface, but returned "%s".', get_class($user)));
if (!$user instanceof UserInterface) {
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
if (true !== $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
@ -76,7 +76,7 @@ class TokenBasedRememberMeServices extends RememberMeServices
*
* @return Boolean true if the two hashes are the same, false otherwise
*/
protected function compareHashes($hash1, $hash2)
private function compareHashes($hash1, $hash2)
{
if (strlen($hash1) !== $c = strlen($hash2)) {
return false;

2
src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php
View File

@ -21,7 +21,7 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte
const MIGRATE = 'migrate';
const INVALIDATE = 'invalidate';
protected $strategy;
private $strategy;
public function __construct($strategy)
{

14
tests/Symfony/Tests/Component/Security/Acl/Domain/PermissionGrantingStrategyTest.php
View File

@ -21,20 +21,6 @@ use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
{
/**
* @covers:Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy::getAuditLogger
* @covers:Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy::setAuditLogger
*/
public function testGetSetAuditLogger()
{
$strategy = new PermissionGrantingStrategy();
$logger = $this->getMock('Symfony\Component\Security\Acl\Model\AuditLoggerInterface');
$this->assertNull($strategy->getAuditLogger());
$strategy->setAuditLogger($logger);
$this->assertSame($logger, $strategy->getAuditLogger());
}
public function testIsGrantedObjectAcesHavePriority()
{
$strategy = new PermissionGrantingStrategy();

2
tests/Symfony/Tests/Component/Security/Acl/Domain/SecurityIdentityRetrievalStrategyTest.php
View File

@ -109,7 +109,7 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase
protected function getAccount($username, $class)
{
$account = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface', array(), array(), $class);
$account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface', array(), array(), $class);
$account
->expects($this->any())
->method('getUsername')

2
tests/Symfony/Tests/Component/Security/Acl/Domain/UserSecurityIdentityTest.php
View File

@ -34,7 +34,7 @@ class UserSecurityIdentityTest extends \PHPUnit_Framework_TestCase
public function getCompareData()
{
$account = $this->getMockBuilder('Symfony\Component\Security\Core\User\AccountInterface')
$account = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')
->setMockClassName('USI_AccountImpl')
->getMock();
$account

15
tests/Symfony/Tests/Component/Security/Core/Authentication/AuthenticationProviderManagerTest.php
View File

@ -19,23 +19,12 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
class AuthenticationProviderManagerTest extends \PHPUnit_Framework_TestCase
{
public function testProviderAccessors()
{
$manager = new AuthenticationProviderManager();
$manager->add($provider = $this->getMock('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface'));
$this->assertSame(array($provider), $manager->all());
$manager->setProviders($providers = array($this->getMock('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')));
$this->assertSame($providers, $manager->all());
}
/**
* @expectedException LogicException
* @expectedException InvalidArgumentException
*/
public function testAuthenticateWithoutProviders()
{
$manager = new AuthenticationProviderManager();
$manager->authenticate($this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'));
new AuthenticationProviderManager(array());
}
public function testAuthenticateWhenNoProviderSupportsToken()

32
tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/DaoAuthenticationProviderTest.php
View File

@ -22,7 +22,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
/**
* @expectedException Symfony\Component\Security\Core\Exception\AuthenticationServiceException
*/
public function testRetrieveUserWhenProviderDoesNotReturnAnAccountInterface()
public function testRetrieveUserWhenProviderDoesNotReturnAnUserInterface()
{
$provider = $this->getProvider('fabien');
$method = new \ReflectionMethod($provider, 'retrieveUser');
@ -42,7 +42,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\UsernameNotFoundException', null, array(), '', false)))
;
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$method = new \ReflectionMethod($provider, 'retrieveUser');
$method->setAccessible(true);
@ -60,7 +60,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->will($this->throwException($this->getMock('RuntimeException', null, array(), '', false)))
;
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$method = new \ReflectionMethod($provider, 'retrieveUser');
$method->setAccessible(true);
@ -74,14 +74,14 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->method('loadUserByUsername')
;
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$token = $this->getSupportedToken();
$token->expects($this->once())
->method('getUser')
->will($this->returnValue($user))
;
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$reflection = new \ReflectionMethod($provider, 'retrieveUser');
$reflection->setAccessible(true);
$result = $reflection->invoke($provider, null, $token);
@ -91,7 +91,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
public function testRetrieveUser()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
$userProvider->expects($this->once())
@ -99,7 +99,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->will($this->returnValue($user))
;
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
$method = new \ReflectionMethod($provider, 'retrieveUser');
$method->setAccessible(true);
@ -121,7 +121,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->will($this->returnValue(''))
;
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\AccountInterface'), $token);
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token);
}
/**
@ -145,7 +145,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->will($this->returnValue('foo'))
;
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\AccountInterface'), $token);
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token);
}
/**
@ -153,7 +153,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
*/
public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChanged()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->once())
->method('getPassword')
->will($this->returnValue('foo'))
@ -164,7 +164,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->method('getUser')
->will($this->returnValue($user));
$dbUser = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$dbUser->expects($this->once())
->method('getPassword')
->will($this->returnValue('newFoo'))
@ -178,7 +178,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithoutOriginalCredentials()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->once())
->method('getPassword')
->will($this->returnValue('foo'))
@ -189,7 +189,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->method('getUser')
->will($this->returnValue($user));
$dbUser = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$dbUser->expects($this->once())
->method('getPassword')
->will($this->returnValue('foo'))
@ -219,12 +219,12 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
->will($this->returnValue('foo'))
;
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\AccountInterface'), $token);
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token);
}
protected function getSupportedToken()
{
$mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getUser'), array(), '', false);
$mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false);
$mock
->expects($this->any())
->method('getProviderKey')
@ -245,7 +245,7 @@ class DaoAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
}
if (false === $userChecker) {
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
}
if (null === $passwordEncoder) {

15
tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php
View File

@ -52,7 +52,12 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test
public function testAuthenticate()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user
->expects($this->once())
->method('getRoles')
->will($this->returnValue(array()))
;
$provider = $this->getProvider($user);
$token = $provider->authenticate($this->getSupportedToken('fabien', 'pass'));
@ -67,11 +72,11 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test
/**
* @expectedException Symfony\Component\Security\Core\Exception\LockedException
*/
public function testAuthenticateWhenAccountCheckerThrowsException()
public function testAuthenticateWhenUserCheckerThrowsException()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
$userChecker->expects($this->once())
->method('checkPostAuth')
->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\LockedException', null, array(), '', false)))
@ -120,7 +125,7 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test
}
if (false === $userChecker) {
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
}
return new PreAuthenticatedAuthenticationProvider($userProvider, $userChecker, 'key');

36
tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProviderTest.php
View File

@ -35,28 +35,12 @@ class RememberMeAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
$provider->authenticate($token);
}
/**
* @expectedException Symfony\Component\Security\Core\Exception\CredentialsExpiredException
*/
public function testAuthenticateWhenPreChecksFails()
{
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker->expects($this->once())
->method('checkPreAuth')
->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\CredentialsExpiredException', null, array(), '', false)))
;
$provider = $this->getProvider($userChecker);
$provider->authenticate($this->getSupportedToken());
}
/**
* @expectedException Symfony\Component\Security\Core\Exception\AccountExpiredException
*/
public function testAuthenticateWhenPostChecksFails()
{
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
$userChecker->expects($this->once())
->method('checkPostAuth')
->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\AccountExpiredException', null, array(), '', false)))
@ -69,8 +53,8 @@ class RememberMeAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
public function testAuthenticate()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user->expects($this->once())
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->exactly(2))
->method('getRoles')
->will($this->returnValue(array('ROLE_FOO')))
;
@ -78,24 +62,18 @@ class RememberMeAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
$provider = $this->getProvider();
$token = $this->getSupportedToken($user);
$token
->expects($this->once())
->method('getCredentials')
->will($this->returnValue('foo'))
;
$authToken = $provider->authenticate($token);
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken', $authToken);
$this->assertSame($user, $authToken->getUser());
$this->assertEquals(array(new Role('ROLE_FOO')), $authToken->getRoles());
$this->assertEquals('foo', $authToken->getCredentials());
$this->assertEquals('', $authToken->getCredentials());
}
protected function getSupportedToken($user = null, $key = 'test')
{
if (null === $user) {
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user
->expects($this->any())
->method('getRoles')
@ -103,7 +81,7 @@ class RememberMeAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
;
}
$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken', array('getCredentials', 'getProviderKey'), array($user, 'foo', $key));
$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken', array('getProviderKey'), array($user, 'foo', $key));
$token
->expects($this->once())
->method('getProviderKey')
@ -116,7 +94,7 @@ class RememberMeAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
protected function getProvider($userChecker = null, $key = 'test')
{
if (null === $userChecker) {
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
}
return new RememberMeAuthenticationProvider($userChecker, $key, 'foo');

16
tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php
View File

@ -62,7 +62,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
/**
* @expectedException Symfony\Component\Security\Core\Exception\AuthenticationServiceException
*/
public function testAuthenticateWhenProviderDoesNotReturnAnAccountInterface()
public function testAuthenticateWhenProviderDoesNotReturnAnUserInterface()
{
$provider = $this->getProvider(false, true);
$provider->expects($this->once())
@ -78,7 +78,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
*/
public function testAuthenticateWhenPreChecksFails()
{
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
$userChecker->expects($this->once())
->method('checkPreAuth')
->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\CredentialsExpiredException', null, array(), '', false)))
@ -87,7 +87,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
$provider = $this->getProvider($userChecker);
$provider->expects($this->once())
->method('retrieveUser')
->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\User\AccountInterface')))
->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\User\UserInterface')))
;
$provider->authenticate($this->getSupportedToken());
@ -98,7 +98,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
*/
public function testAuthenticateWhenPostChecksFails()
{
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
$userChecker->expects($this->once())
->method('checkPostAuth')
->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\AccountExpiredException', null, array(), '', false)))
@ -107,7 +107,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
$provider = $this->getProvider($userChecker);
$provider->expects($this->once())
->method('retrieveUser')
->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\User\AccountInterface')))
->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\User\UserInterface')))
;
$provider->authenticate($this->getSupportedToken());
@ -121,7 +121,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
$provider = $this->getProvider();
$provider->expects($this->once())
->method('retrieveUser')
->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\User\AccountInterface')))
->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\User\UserInterface')))
;
$provider->expects($this->once())
->method('checkAuthentication')
@ -133,7 +133,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
public function testAuthenticate()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->once())
->method('getRoles')
->will($this->returnValue(array('ROLE_FOO')))
@ -177,7 +177,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
protected function getProvider($userChecker = false, $hide = true)
{
if (false === $userChecker) {
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\AccountCheckerInterface');
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
}
return $this->getMockForAbstractClass('Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider', array($userChecker, 'key', $hide));

202
tests/Symfony/Tests/Component/Security/Core/Authentication/Token/TokenTest.php → tests/Symfony/Tests/Component/Security/Core/Authentication/Token/AbstractTokenTest.php
View File

@ -11,17 +11,8 @@
namespace Symfony\Tests\Component\Security\Core\Authentication\Token;
use Symfony\Component\Security\Core\Authentication\Token\Token as BaseToken;
use Symfony\Component\Security\Core\Role\Role;
class Token extends BaseToken
{
public function setCredentials($credentials)
{
$this->credentials = $credentials;
}
}
class TestUser
{
protected $name;
@ -37,33 +28,28 @@ class TestUser
}
}
class TokenTest extends \PHPUnit_Framework_TestCase
class AbstractTokenTest extends \PHPUnit_Framework_TestCase
{
public function testMagicToString()
public function testGetUsername()
{
$token = new Token(array('ROLE_FOO'));
$token = $this->getToken(array('ROLE_FOO'));
$token->setUser('fabien');
$this->assertEquals('fabien', (string) $token);
$this->assertEquals('fabien', $token->getUsername());
$token->setUser(new TestUser('fabien'));
$this->assertEquals('fabien', (string) $token);
$this->assertEquals('fabien', $token->getUsername());
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->once())->method('getUsername')->will($this->returnValue('fabien'));
$token->setUser($user);
$this->assertEquals('fabien', (string) $token);
$this->assertEquals('fabien', $token->getUsername());
}
public function testEraseCredentials()
{
$token = new Token(array('ROLE_FOO'));
$token = $this->getToken(array('ROLE_FOO'));
$credentials = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$credentials->expects($this->once())->method('eraseCredentials');
$token->setCredentials($credentials);
$user = $this->getMock('Symfony\Component\Security\Core\User\AccountInterface');
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->once())->method('eraseCredentials');
$token->setUser($user);
@ -76,10 +62,13 @@ class TokenTest extends \PHPUnit_Framework_TestCase
*/
public function testSerialize()
{
$token = new Token(array('ROLE_FOO'));
$token = $this->getToken(array('ROLE_FOO'));
$token->setAttributes(array('foo' => 'bar'));
$this->assertEquals($token, unserialize(serialize($token)));
$uToken = unserialize(serialize($token));
$this->assertEquals($token->getRoles(), $uToken->getRoles());
$this->assertEquals($token->getAttributes(), $uToken->getAttributes());
}
/**
@ -87,27 +76,13 @@ class TokenTest extends \PHPUnit_Framework_TestCase
*/
public function testConstructor()
{
$token = new Token(array('ROLE_FOO'));
$token = $this->getToken(array('ROLE_FOO'));
$this->assertEquals(array(new Role('ROLE_FOO')), $token->getRoles());
$token = new Token(array(new Role('ROLE_FOO')));
$token = $this->getToken(array(new Role('ROLE_FOO')));
$this->assertEquals(array(new Role('ROLE_FOO')), $token->getRoles());
$token = new Token(array(new Role('ROLE_FOO'), 'ROLE_BAR'));
$this->assertEquals(array(new Role('ROLE_FOO'), new Role('ROLE_BAR')), $token->getRoles());
}
/**
* @covers Symfony\Component\Security\Core\Authentication\Token\Token::addRole
* @covers Symfony\Component\Security\Core\Authentication\Token\Token::getRoles
*/
public function testAddRole()
{
$token = new Token();
$token->addRole(new Role('ROLE_FOO'));
$this->assertEquals(array(new Role('ROLE_FOO')), $token->getRoles());
$token->addRole(new Role('ROLE_BAR'));
$token = $this->getToken(array(new Role('ROLE_FOO'), 'ROLE_BAR'));
$this->assertEquals(array(new Role('ROLE_FOO'), new Role('ROLE_BAR')), $token->getRoles());
}
@ -117,7 +92,7 @@ class TokenTest extends \PHPUnit_Framework_TestCase
*/
public function testAuthenticatedFlag()
{
$token = new Token();
$token = $this->getToken();
$this->assertFalse($token->isAuthenticated());
$token->setAuthenticated(true);
@ -127,42 +102,6 @@ class TokenTest extends \PHPUnit_Framework_TestCase
$this->assertFalse($token->isAuthenticated());
}
/**
* @covers Symfony\Component\Security\Core\Authentication\Token\Token::isImmutable
* @covers Symfony\Component\Security\Core\Authentication\Token\Token::setImmutable
*/
public function testImmutableFlag()
{
$token = new Token();
$this->assertFalse($token->isImmutable());
$token->setImmutable();
$this->assertTrue($token->isImmutable());
}
/**
* @expectedException \LogicException
* @dataProvider getImmutabilityTests
*/
public function testImmutabilityIsEnforced($setter, $value)
{
$token = new Token();
$token->setImmutable(true);
$token->$setter($value);
}
public function getImmutabilityTests()
{
return array(
array('setUser', 'foo'),
array('eraseCredentials', null),
array('setAuthenticated', true),
array('setAuthenticated', false),
array('addRole', new Role('foo')),
array('setRoles', array('foo', 'asdf')),
);
}
/**
* @covers Symfony\Component\Security\Core\Authentication\Token\Token::getAttributes
* @covers Symfony\Component\Security\Core\Authentication\Token\Token::setAttributes
@ -173,7 +112,7 @@ class TokenTest extends \PHPUnit_Framework_TestCase
public function testAttributes()
{
$attributes = array('foo' => 'bar');
$token = new Token();
$token = $this->getToken();
$token->setAttributes($attributes);
$this->assertEquals($attributes, $token->getAttributes(), '->getAttributes() returns the token attributes');
@ -191,4 +130,107 @@ class TokenTest extends \PHPUnit_Framework_TestCase
$this->assertEquals('This token has no "foobar" attribute.', $e->getMessage(), '->getAttribute() throws an \InvalidArgumentException exception when the attribute does not exist');
}
}
/**
* @dataProvider getUsers
*/
public function testSetUser($user)
{
$token = $this->getToken();
$token->setUser($user);
$this->assertSame($user, $token->getUser());
}
public function getUsers()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user
->expects($this->any())
->method('equals')
->will($this->returnValue(true))
;
return array(
array($user),
array(new TestUser('foo')),
array('foo'),
);
}
/**
* @dataProvider getUserChanges
*/
public function testSetUserSetsAuthenticatedToFalseWhenUserChanges($firstUser, $secondUser)
{
$token = $this->getToken();
$token->setAuthenticated(true);
$this->assertTrue($token->isAuthenticated());
$token->setUser($firstUser);
$this->assertTrue($token->isAuthenticated());
$token->setUser($secondUser);
$this->assertFalse($token->isAuthenticated());
}
public function getUserChanges()
{
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
$user
->expects($this->any())
->method('equals')
->will($this->returnValue(false))
;
return array(
array(
'foo', 'bar',
),
array(
'foo', new TestUser('bar'),
),
array(
'foo', $user,
),
array(
$user, $user,
),
array(
$user, 'foo'
),
array(
$user, new TestUser('foo'),
),
array(
new TestUser('foo'), new TestUser('bar'),
),
array(
new TestUser('foo'), 'bar',
),
array(
new TestUser('foo'), $user,
),
);
}
/**
* @dataProvider getUsers
*/
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
{
$token = $this->getToken();
$token->setAuthenticated(true);
$this->assertTrue($token->isAuthenticated());
$token->setUser($user);
$this->assertTrue($token->isAuthenticated());
$token->setUser($user);
$this->assertTrue($token->isAuthenticated());
}
protected function getToken(array $roles = array())
{
return $this->getMockForAbstractClass('Symfony\Component\Security\Core\Authentication\Token\AbstractToken', array($roles));
}
}

Some files were not shown because too many files have changed in this diff Show More