[Security] bug fix in FormAuthenticationEntryPoint
This commit is contained in:
Johannes M. Schmitt
Fabien Potencier
parent
4d5853866a
commit
2b697423b4
@ -12,7 +12,7 @@
|
||||
namespace Symfony\Component\HttpKernel\Security\EntryPoint;
|
||||
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||
|
||||
|
||||
@ -9,8 +9,9 @@
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Security\Core\Authentication\EntryPoint;
|
||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
@ -25,8 +26,9 @@ interface AuthenticationEntryPointInterface
|
||||
/**
|
||||
* Starts the authentication scheme.
|
||||
*
|
||||
* @param EventInterface $event The "core.security" event
|
||||
* @param object $request The request that resulted in an AuthenticationException
|
||||
* @param AuthenticationException $authException The exception that started the authentication process
|
||||
*/
|
||||
function start(Request $request, AuthenticationException $authException = null);
|
||||
function start(EventInterface $event, Request $request, AuthenticationException $authException = null);
|
||||
}
|
||||
@ -11,8 +11,9 @@
|
||||
|
||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
@ -30,7 +31,7 @@ class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
|
||||
$this->realmName = $realmName;
|
||||
}
|
||||
|
||||
public function start(Request $request, AuthenticationException $authException = null)
|
||||
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||
{
|
||||
$response = new Response();
|
||||
$response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));
|
||||
|
||||
@ -11,8 +11,9 @@
|
||||
|
||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Core\Exception\NonceExpiredException;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
@ -38,7 +39,7 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac
|
||||
$this->logger = $logger;
|
||||
}
|
||||
|
||||
public function start(Request $request, AuthenticationException $authException = null)
|
||||
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||
{
|
||||
$expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000;
|
||||
$signatureValue = md5($expiryTime.':'.$this->key);
|
||||
|
||||
@ -11,10 +11,11 @@
|
||||
|
||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Core\SecurityContext;
|
||||
|
||||
/**
|
||||
@ -42,7 +43,7 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function start(Request $request, AuthenticationException $authException = null)
|
||||
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||
{
|
||||
if ($this->useForward) {
|
||||
return $event->getSubject()->handle(Request::create($this->loginPath), HttpKernelInterface::SUB_REQUEST);
|
||||
|
||||
@ -11,8 +11,9 @@
|
||||
|
||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
@ -34,7 +35,7 @@ class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface
|
||||
$this->httpsPort = $httpsPort;
|
||||
}
|
||||
|
||||
public function start(Request $request, AuthenticationException $authException = null)
|
||||
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||
{
|
||||
$scheme = $request->isSecure() ? 'http' : 'https';
|
||||
if ('http' === $scheme && 80 != $this->httpPort) {
|
||||
|
||||
@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Http\Firewall;
|
||||
|
||||
use Symfony\Component\Security\Core\SecurityContext;
|
||||
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
namespace Symfony\Component\Security\Http\Firewall;
|
||||
|
||||
use Symfony\Component\Security\Http\AccessMap;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
@ -37,7 +37,7 @@ class ChannelListener implements ListenerInterface
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*
|
||||
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
||||
* @param integer $priority The priority
|
||||
@ -53,7 +53,7 @@ class ChannelListener implements ListenerInterface
|
||||
public function unregister(EventDispatcherInterface $dispatcher)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Handles channel management.
|
||||
*
|
||||
@ -72,7 +72,7 @@ class ChannelListener implements ListenerInterface
|
||||
|
||||
$event->setProcessed();
|
||||
|
||||
return $this->authenticationEntryPoint->start($request);
|
||||
return $this->authenticationEntryPoint->start($event, $request);
|
||||
}
|
||||
|
||||
if ('http' === $channel && $request->isSecure()) {
|
||||
@ -82,7 +82,7 @@ class ChannelListener implements ListenerInterface
|
||||
|
||||
$event->setProcessed();
|
||||
|
||||
return $this->authenticationEntryPoint->start($request);
|
||||
return $this->authenticationEntryPoint->start($event, $request);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -101,7 +101,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
||||
try {
|
||||
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
|
||||
} catch (BadCredentialsException $e) {
|
||||
$this->fail($request, $e);
|
||||
$this->fail($event, $request, $e);
|
||||
|
||||
return;
|
||||
}
|
||||
@ -115,7 +115,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
||||
|
||||
$serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
|
||||
} catch (UsernameNotFoundException $notFound) {
|
||||
$this->fail($request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
|
||||
$this->fail($event, $request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
|
||||
|
||||
return;
|
||||
}
|
||||
@ -125,13 +125,13 @@ class DigestAuthenticationListener implements ListenerInterface
|
||||
$this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse()));
|
||||
}
|
||||
|
||||
$this->fail($request, new BadCredentialsException('Incorrect response'));
|
||||
$this->fail($event, $request, new BadCredentialsException('Incorrect response'));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($digestAuth->isNonceExpired()) {
|
||||
$this->fail($request, new NonceExpiredException('Nonce has expired/timed out.'));
|
||||
$this->fail($event, $request, new NonceExpiredException('Nonce has expired/timed out.'));
|
||||
|
||||
return;
|
||||
}
|
||||
@ -143,7 +143,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
||||
$this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
|
||||
}
|
||||
|
||||
protected function fail(Request $request, AuthenticationException $failed)
|
||||
protected function fail(EventInterface $event, Request $request, AuthenticationException $failed)
|
||||
{
|
||||
$this->securityContext->setToken(null);
|
||||
|
||||
@ -151,7 +151,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
||||
$this->logger->debug($failed);
|
||||
}
|
||||
|
||||
$this->authenticationEntryPoint->start($request, $failed);
|
||||
$this->authenticationEntryPoint->start($event, $request, $failed);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@ use Symfony\Bundle\SecurityBundle\Security\AccessDeniedHandler;
|
||||
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
|
||||
use Symfony\Component\Security\Core\SecurityContext;
|
||||
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
|
||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Component\EventDispatcher\EventInterface;
|
||||
@ -87,7 +87,7 @@ class ExceptionListener implements ListenerInterface
|
||||
}
|
||||
|
||||
try {
|
||||
$response = $this->startAuthentication($request, $exception);
|
||||
$response = $this->startAuthentication($event, $request, $exception);
|
||||
} catch (\Exception $e) {
|
||||
$event->set('exception', $e);
|
||||
|
||||
@ -101,7 +101,7 @@ class ExceptionListener implements ListenerInterface
|
||||
}
|
||||
|
||||
try {
|
||||
$response = $this->startAuthentication($request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
|
||||
$response = $this->startAuthentication($event, $request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
|
||||
} catch (\Exception $e) {
|
||||
$event->set('exception', $e);
|
||||
|
||||
@ -151,7 +151,7 @@ class ExceptionListener implements ListenerInterface
|
||||
return $response;
|
||||
}
|
||||
|
||||
protected function startAuthentication(Request $request, AuthenticationException $reason)
|
||||
protected function startAuthentication(EventInterface $event, Request $request, AuthenticationException $reason)
|
||||
{
|
||||
$this->context->setToken(null);
|
||||
|
||||
@ -165,6 +165,6 @@ class ExceptionListener implements ListenerInterface
|
||||
|
||||
$request->getSession()->set('_security.target_path', $request->getUri());
|
||||
|
||||
return $this->authenticationEntryPoint->start($request, $reason);
|
||||
return $this->authenticationEntryPoint->start($event, $request, $reason);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user