[Security] bug fix in FormAuthenticationEntryPoint
This commit is contained in:
Johannes M. Schmitt
Fabien Potencier
parent
4d5853866a
commit
2b697423b4
@ -12,7 +12,7 @@
|
|||||||
namespace Symfony\Component\HttpKernel\Security\EntryPoint;
|
namespace Symfony\Component\HttpKernel\Security\EntryPoint;
|
||||||
|
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||||
|
|
||||||
|
|||||||
@ -9,8 +9,9 @@
|
|||||||
* file that was distributed with this source code.
|
* file that was distributed with this source code.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authentication\EntryPoint;
|
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||||
|
|
||||||
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
|
||||||
@ -25,8 +26,9 @@ interface AuthenticationEntryPointInterface
|
|||||||
/**
|
/**
|
||||||
* Starts the authentication scheme.
|
* Starts the authentication scheme.
|
||||||
*
|
*
|
||||||
|
* @param EventInterface $event The "core.security" event
|
||||||
* @param object $request The request that resulted in an AuthenticationException
|
* @param object $request The request that resulted in an AuthenticationException
|
||||||
* @param AuthenticationException $authException The exception that started the authentication process
|
* @param AuthenticationException $authException The exception that started the authentication process
|
||||||
*/
|
*/
|
||||||
function start(Request $request, AuthenticationException $authException = null);
|
function start(EventInterface $event, Request $request, AuthenticationException $authException = null);
|
||||||
}
|
}
|
||||||
@ -11,8 +11,9 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||||
|
|
||||||
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
|
||||||
@ -30,7 +31,7 @@ class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
|
|||||||
$this->realmName = $realmName;
|
$this->realmName = $realmName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function start(Request $request, AuthenticationException $authException = null)
|
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||||
{
|
{
|
||||||
$response = new Response();
|
$response = new Response();
|
||||||
$response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));
|
$response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));
|
||||||
|
|||||||
@ -11,8 +11,9 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||||
|
|
||||||
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\NonceExpiredException;
|
use Symfony\Component\Security\Core\Exception\NonceExpiredException;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
@ -38,7 +39,7 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac
|
|||||||
$this->logger = $logger;
|
$this->logger = $logger;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function start(Request $request, AuthenticationException $authException = null)
|
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||||
{
|
{
|
||||||
$expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000;
|
$expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000;
|
||||||
$signatureValue = md5($expiryTime.':'.$this->key);
|
$signatureValue = md5($expiryTime.':'.$this->key);
|
||||||
|
|||||||
@ -11,10 +11,11 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||||
|
|
||||||
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\Security\Core\SecurityContext;
|
use Symfony\Component\Security\Core\SecurityContext;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -42,7 +43,7 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
|
|||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
public function start(Request $request, AuthenticationException $authException = null)
|
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||||
{
|
{
|
||||||
if ($this->useForward) {
|
if ($this->useForward) {
|
||||||
return $event->getSubject()->handle(Request::create($this->loginPath), HttpKernelInterface::SUB_REQUEST);
|
return $event->getSubject()->handle(Request::create($this->loginPath), HttpKernelInterface::SUB_REQUEST);
|
||||||
|
|||||||
@ -11,8 +11,9 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Http\EntryPoint;
|
namespace Symfony\Component\Security\Http\EntryPoint;
|
||||||
|
|
||||||
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
|
||||||
@ -34,7 +35,7 @@ class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface
|
|||||||
$this->httpsPort = $httpsPort;
|
$this->httpsPort = $httpsPort;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function start(Request $request, AuthenticationException $authException = null)
|
public function start(EventInterface $event, Request $request, AuthenticationException $authException = null)
|
||||||
{
|
{
|
||||||
$scheme = $request->isSecure() ? 'http' : 'https';
|
$scheme = $request->isSecure() ? 'http' : 'https';
|
||||||
if ('http' === $scheme && 80 != $this->httpPort) {
|
if ('http' === $scheme && 80 != $this->httpPort) {
|
||||||
|
|||||||
@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Http\Firewall;
|
|||||||
|
|
||||||
use Symfony\Component\Security\Core\SecurityContext;
|
use Symfony\Component\Security\Core\SecurityContext;
|
||||||
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||||
use Symfony\Component\EventDispatcher\EventInterface;
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
namespace Symfony\Component\Security\Http\Firewall;
|
namespace Symfony\Component\Security\Http\Firewall;
|
||||||
|
|
||||||
use Symfony\Component\Security\Http\AccessMap;
|
use Symfony\Component\Security\Http\AccessMap;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||||
use Symfony\Component\EventDispatcher\EventInterface;
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
@ -37,7 +37,7 @@ class ChannelListener implements ListenerInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
||||||
* @param integer $priority The priority
|
* @param integer $priority The priority
|
||||||
@ -53,7 +53,7 @@ class ChannelListener implements ListenerInterface
|
|||||||
public function unregister(EventDispatcherInterface $dispatcher)
|
public function unregister(EventDispatcherInterface $dispatcher)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handles channel management.
|
* Handles channel management.
|
||||||
*
|
*
|
||||||
@ -72,7 +72,7 @@ class ChannelListener implements ListenerInterface
|
|||||||
|
|
||||||
$event->setProcessed();
|
$event->setProcessed();
|
||||||
|
|
||||||
return $this->authenticationEntryPoint->start($request);
|
return $this->authenticationEntryPoint->start($event, $request);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('http' === $channel && $request->isSecure()) {
|
if ('http' === $channel && $request->isSecure()) {
|
||||||
@ -82,7 +82,7 @@ class ChannelListener implements ListenerInterface
|
|||||||
|
|
||||||
$event->setProcessed();
|
$event->setProcessed();
|
||||||
|
|
||||||
return $this->authenticationEntryPoint->start($request);
|
return $this->authenticationEntryPoint->start($event, $request);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -101,7 +101,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
|||||||
try {
|
try {
|
||||||
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
|
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
|
||||||
} catch (BadCredentialsException $e) {
|
} catch (BadCredentialsException $e) {
|
||||||
$this->fail($request, $e);
|
$this->fail($event, $request, $e);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -115,7 +115,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
|||||||
|
|
||||||
$serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
|
$serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
|
||||||
} catch (UsernameNotFoundException $notFound) {
|
} catch (UsernameNotFoundException $notFound) {
|
||||||
$this->fail($request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
|
$this->fail($event, $request, new BadCredentialsException(sprintf('Username %s not found.', $digestAuth->getUsername())));
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -125,13 +125,13 @@ class DigestAuthenticationListener implements ListenerInterface
|
|||||||
$this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse()));
|
$this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse()));
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->fail($request, new BadCredentialsException('Incorrect response'));
|
$this->fail($event, $request, new BadCredentialsException('Incorrect response'));
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($digestAuth->isNonceExpired()) {
|
if ($digestAuth->isNonceExpired()) {
|
||||||
$this->fail($request, new NonceExpiredException('Nonce has expired/timed out.'));
|
$this->fail($event, $request, new NonceExpiredException('Nonce has expired/timed out.'));
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -143,7 +143,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
|||||||
$this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
|
$this->securityContext->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function fail(Request $request, AuthenticationException $failed)
|
protected function fail(EventInterface $event, Request $request, AuthenticationException $failed)
|
||||||
{
|
{
|
||||||
$this->securityContext->setToken(null);
|
$this->securityContext->setToken(null);
|
||||||
|
|
||||||
@ -151,7 +151,7 @@ class DigestAuthenticationListener implements ListenerInterface
|
|||||||
$this->logger->debug($failed);
|
$this->logger->debug($failed);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->authenticationEntryPoint->start($request, $failed);
|
$this->authenticationEntryPoint->start($event, $request, $failed);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -16,7 +16,7 @@ use Symfony\Bundle\SecurityBundle\Security\AccessDeniedHandler;
|
|||||||
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
|
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
|
||||||
use Symfony\Component\Security\Core\SecurityContext;
|
use Symfony\Component\Security\Core\SecurityContext;
|
||||||
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
|
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\EntryPoint\AuthenticationEntryPointInterface;
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||||
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||||
use Symfony\Component\EventDispatcher\EventInterface;
|
use Symfony\Component\EventDispatcher\EventInterface;
|
||||||
@ -87,7 +87,7 @@ class ExceptionListener implements ListenerInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$response = $this->startAuthentication($request, $exception);
|
$response = $this->startAuthentication($event, $request, $exception);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$event->set('exception', $e);
|
$event->set('exception', $e);
|
||||||
|
|
||||||
@ -101,7 +101,7 @@ class ExceptionListener implements ListenerInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$response = $this->startAuthentication($request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
|
$response = $this->startAuthentication($event, $request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$event->set('exception', $e);
|
$event->set('exception', $e);
|
||||||
|
|
||||||
@ -151,7 +151,7 @@ class ExceptionListener implements ListenerInterface
|
|||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function startAuthentication(Request $request, AuthenticationException $reason)
|
protected function startAuthentication(EventInterface $event, Request $request, AuthenticationException $reason)
|
||||||
{
|
{
|
||||||
$this->context->setToken(null);
|
$this->context->setToken(null);
|
||||||
|
|
||||||
@ -165,6 +165,6 @@ class ExceptionListener implements ListenerInterface
|
|||||||
|
|
||||||
$request->getSession()->set('_security.target_path', $request->getUri());
|
$request->getSession()->set('_security.target_path', $request->getUri());
|
||||||
|
|
||||||
return $this->authenticationEntryPoint->start($request, $reason);
|
return $this->authenticationEntryPoint->start($event, $request, $reason);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user