merged branch asm89/issue-837 (PR #4935)
This PR was merged into the master branch. Commits -------73db84f[Security] Move translations file to 'security' domain324703a[Security] Switch to English messages as message keysaa74769[Security] Fix CS + unreachable code2d7a7ba[Security] Fix `AuthenticationException` serialization50d5724[Security] Introduced `UsernameNotFoundException#get/setUsername`39da27a[Security] Removed `get/setExtraInformation`, added `get/set(Token|User)`837ae15[Security] Add note about changed constructor to changelogd6c57cf[FrameworkBundle] Register security exception translationsd7129b9[Security] Fix exception constructors called in `UserChecker`0038fbb[Security] Add initial translations for AccountStatusException childs50e2cfc[Security] Add custom `getMessageKey` AccountStatusException childs1147977[Security] Fix InsufficientAuthenticationException constructor calls79430b8[Security] Fix AuthenticationServiceException constructor calls42cced4[Security] Fix AuthenticationException constructor calls963a1d7[Security] Add initial translations for the exceptionsed6eed4[Security] Add `getMessageKey` and `getMessageData` to auth exceptions694c47c[Security] Change signature of `AuthenticationException` to match `\Exception` Discussion ---------- [2.2][Security] AuthenticationException enhancements Bug fix: semi Feature addition: yes Backwards compatibility break: yes Symfony2 tests pass: [](http://travis-ci.org/asm89/symfony) Fixes the following tickets: #837 License of the code: MIT This PR adds the functionality discussed in #837 and changes the constructor of the `AuthenticationException` to match that of `\Exception`. This PR will allow developers to show a translated (save) authentication exception message to the user. :) *Todo:* - Add some functional test to check that the exceptions can indeed be translated? - Get feedback on the current English messages --------------------------------------------------------------------------- by asm89 at 2012-07-15T14:04:11Z ping @schmittjoh --------------------------------------------------------------------------- by schmittjoh at 2012-07-15T14:57:32Z Looks good to me. While you are at the exceptions, I think we can also get rid of the "extra information" thing and replace it by explicit getters/setters. Mostly that will mean adding set/getToken, set/getUser, set/getUsername. Bundles might add custom exceptions which have other data. This will make it a bit more useful and predictable. --------------------------------------------------------------------------- by asm89 at 2012-07-15T15:40:45Z @schmittjoh I removed the `get/setExtraInformation` and added the more explicit getters/setters as you suggested. --------------------------------------------------------------------------- by asm89 at 2012-07-15T19:33:15Z @fabpot Did you reschedule this for 2.2? Why? It was originally a 2.1 ticket. I think it is an important one because at the moment there is no reliable way to show users the cause of an `AuthenticationException` without the threat of exposing sensitive information. This issue has been around for a while, see the original issue this PR refers to, or for example [this TODO comment in FOSUB](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Controller/SecurityController.php#L37). The PR itself is ready to merge now. My only question that remains is about whether the actual translations should be functional tested? --------------------------------------------------------------------------- by fabpot at 2012-07-15T19:43:19Z We need to stop at some point. If not, we never release anything. beta3 was scheduled for today and I don't plan any other one before the first RC and I won't have time to review this PR next week. So, if you, @schmittjoh, @vicb, @stof, and a few other core devs "validate" this PR, I might consider merging it before 2.1. --------------------------------------------------------------------------- by asm89 at 2012-07-15T19:46:09Z @fabpot I totally agree with your point of view. I just have been trying to pickup some security issues that were still open. :) --------------------------------------------------------------------------- by stof at 2012-07-15T19:50:29Z This looks good to me --------------------------------------------------------------------------- by asm89 at 2012-08-12T09:06:24Z Since the beta period is over I assume the window was missed to get this security related PR in 2.1. If I have feedback from @fabpot I'll still try to make it mergeable asap though. --------------------------------------------------------------------------- by fabpot at 2012-08-13T10:10:32Z @asm89 This would indeed be considered for merging in 2.2. --------------------------------------------------------------------------- by Antek88 at 2012-10-03T10:30:46Z +1 --------------------------------------------------------------------------- by stof at 2012-10-04T21:27:15Z @asm89 could you rebase this PR ? It conflicts with master --------------------------------------------------------------------------- by fabpot at 2012-10-05T17:16:44Z What's the status of this PR? @asm89 Have you taken all the feedback into account? --------------------------------------------------------------------------- by stof at 2012-10-13T17:48:48Z @asm89 ping --------------------------------------------------------------------------- by fabpot at 2012-10-29T09:48:40Z @asm89 If you don't have time, I can finish the work on this PR, but can you just tell me what's left? --------------------------------------------------------------------------- by asm89 at 2012-10-29T10:02:22Z I can pick this up, but I have two outstanding questions: - One about adding `::create()`? https://github.com/symfony/symfony/pull/4935#discussion_r1358297 - And what is the final verdict on the messages? https://github.com/symfony/symfony/pull/4935#discussion_r1165701 The initial idea was that the exception itself have an exception message which is plain english and informative for the developer. If you want to display the 'safe' user messages you have the optional dependency on the translator. There is a comparison made with the Validator component, but in my opinion that's a different case because the violations always contain the message directed at the user and have no plain english message for the developer. Apart from that the Validator component contains it's own code for replacing `{{ }}` variables in messages (duplication? not as flexible as the translator). Concluding I'd opt for: optional dependency on translator component if you want to show 'safe' user messages + message keys. @schmittjoh Any things to add? --------------------------------------------------------------------------- by schmittjoh at 2012-10-29T10:14:09Z Message keys sound good to me. I wouldn't add the ``create`` method for now. On Mon, Oct 29, 2012 at 11:02 AM, Alexander <notifications@github.com>wrote: > I can pick this up, but I have two outstanding questions: > > - One about adding ::create()? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1358297> > - And what is the final verdict on the messages? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1165701>The initial idea was that the exception itself have an exception message > which is plain english and informative for the developer. If you want to > display the 'safe' user messages you have the optional dependency on the > translator. There is a comparison made with the Validator component, but in > my opinion that's a different case because the violations always contain > the message directed at the user and have no plain english message for the > developer. Apart from that the Validator component contains it's own code > for replacing {{ }} variables in messages (duplication? not as > flexible as the translator). Concluding I'd opt for: optional dependency on > translator component if you want to show 'safe' user messages + message > keys. > > @schmittjoh <https://github.com/schmittjoh> Any things to add? > > — > Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-9861016>. > > --------------------------------------------------------------------------- by fabpot at 2012-10-29T10:27:37Z As I said in the discussion about the translations, I'm -1 for the message keys to be consistent with how we manage translations everywhere else in the framework. --------------------------------------------------------------------------- by stof at 2012-10-29T10:30:50Z @fabpot When we changed the English translation for the validation errors in 2.1, we had to tag the commit as a BC rbeak as it was changing the source for all other translations. And if you look at the state of the files now, you will see that we are *not* using the English as source anymore in some places as some validation errors have a pluralized translation but the source has not been changed. So I think using a key is more future-proof. --------------------------------------------------------------------------- by asm89 at 2012-10-30T19:44:49Z Any final decision on this? On one hand I have @stof and @schmittjoh +1 on message keys, on the other @fabpot -1. I guess it's your call @fabpot. Edit: also @vicb seemed to be +1 on message keys earlier on. --------------------------------------------------------------------------- by drak at 2012-11-01T20:19:00Z I am also -1, I agree with @fabpot --------------------------------------------------------------------------- by asm89 at 2012-11-12T09:38:51Z @fabpot Can you please give a definite answer on this? I personally think @stof and @vicb have good points to do message keys, but with all these different people +1 and -1'ing the PR I'm lost on what it should actually do. --------------------------------------------------------------------------- by asm89 at 2012-11-14T09:59:06Z ping @fabpot --------------------------------------------------------------------------- by asm89 at 2012-11-26T10:01:27Z ping @fabpot We talked about this in Berlin. Any final thoughts on the PR? :) One idea was to do message keys + opt depend on the translator component if you want to use them, or use your own implementation. --------------------------------------------------------------------------- by fabpot at 2012-11-26T14:01:37Z The conclusion is: keep using plain English. On Mon, Nov 26, 2012 at 11:01 AM, Alexander <notifications@github.com>wrote: > ping @fabpot <https://github.com/fabpot> We talked about this in Berlin. > Any final thoughts on the PR? :) One idea was to do message keys + opt > depend on the translator component if you want to use them, or use your own > implementation. > > — > Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-10709997>. > > --------------------------------------------------------------------------- by Inori at 2012-11-26T15:00:22Z is this final? if not, then +1 for message keys --------------------------------------------------------------------------- by vicb at 2012-11-27T22:33:47Z @fabpot I can't understand why we keep discussing this for months as this implementation use *both* keys and plain Englis, ie using keys is optional ( if it was not it would not be an issue according to #6129) --------------------------------------------------------------------------- by asm89 at 2013-01-02T21:43:46Z @fabpot @vicb I'll rebase this PR, fix the comments and refactor the message keys to use plain English + {{ }} syntax for the placeholders. --------------------------------------------------------------------------- by asm89 at 2013-01-07T15:00:58Z @fabpot If I fix this tonight, will it make the beta? --------------------------------------------------------------------------- by fabpot at 2013-01-07T15:53:00Z yes, definitely. --------------------------------------------------------------------------- by asm89 at 2013-01-07T20:13:38Z @fabpot I switched the implementation to English messages instead of message keys and fixed the final comments + rebased. Anything you want me to do after this? Still happy with `getMessageKey()`?
This commit is contained in:
Fabien Potencier
commit
3e99f4e976
@ -527,6 +527,11 @@ class FrameworkExtension extends Extension
|
||||
|
||||
$dirs[] = dirname($r->getFilename()).'/Resources/translations';
|
||||
}
|
||||
if (class_exists('Symfony\Component\Security\Core\Exception\AuthenticationException')) {
|
||||
$r = new \ReflectionClass('Symfony\Component\Security\Core\Exception\AuthenticationException');
|
||||
|
||||
$dirs[] = dirname($r->getFilename()).'/../../Resources/translations';
|
||||
}
|
||||
$overridePath = $container->getParameter('kernel.root_dir').'/Resources/%s/translations';
|
||||
foreach ($container->getParameter('kernel.bundles') as $bundle => $class) {
|
||||
$reflection = new \ReflectionClass($class);
|
||||
|
||||
@ -205,6 +205,11 @@ abstract class FrameworkExtensionTest extends TestCase
|
||||
$files,
|
||||
'->registerTranslatorConfiguration() finds Form translation resources'
|
||||
);
|
||||
$this->assertContains(
|
||||
'Symfony/Component/Security/Resources/translations/security.en.xlf',
|
||||
$files,
|
||||
'->registerTranslatorConfiguration() finds Security translation resources'
|
||||
);
|
||||
|
||||
$calls = $container->getDefinition('translator.default')->getMethodCalls();
|
||||
$this->assertEquals('fr', $calls[0][1][0]);
|
||||
|
||||
@ -29,7 +29,8 @@
|
||||
"doctrine/common": ">=2.2,<2.4-dev"
|
||||
},
|
||||
"require-dev": {
|
||||
"symfony/finder": "2.2.*"
|
||||
"symfony/finder": "2.2.*",
|
||||
"symfony/security": "2.2.*"
|
||||
},
|
||||
"suggest": {
|
||||
"symfony/console": "2.2.*",
|
||||
|
||||
@ -34,3 +34,8 @@ CHANGELOG
|
||||
`AbstractAuthenticationListener` has changed.
|
||||
* [BC BREAK] moved the default logout success handling to a separate class. The
|
||||
order of arguments in the constructor of `LogoutListener` has changed.
|
||||
* [BC BREAK] The constructor of `AuthenticationException` and all child
|
||||
classes now matches the constructor of `\Exception`. The extra information
|
||||
getters and setters are removed. There are now dedicated getters/setters for
|
||||
token (`AuthenticationException'), user (`AccountStatusException`) and
|
||||
username (`UsernameNotFoundException`).
|
||||
|
||||
@ -77,7 +77,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
|
||||
break;
|
||||
}
|
||||
} catch (AccountStatusException $e) {
|
||||
$e->setExtraInformation($token);
|
||||
$e->setToken($token);
|
||||
|
||||
throw $e;
|
||||
} catch (AuthenticationException $e) {
|
||||
@ -105,7 +105,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
|
||||
$this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_FAILURE, new AuthenticationFailureEvent($token, $lastException));
|
||||
}
|
||||
|
||||
$lastException->setExtraInformation($token);
|
||||
$lastException->setToken($token);
|
||||
|
||||
throw $lastException;
|
||||
}
|
||||
|
||||
@ -88,9 +88,12 @@ class DaoAuthenticationProvider extends UserAuthenticationProvider
|
||||
|
||||
return $user;
|
||||
} catch (UsernameNotFoundException $notFound) {
|
||||
$notFound->setUsername($username);
|
||||
throw $notFound;
|
||||
} catch (\Exception $repositoryProblem) {
|
||||
throw new AuthenticationServiceException($repositoryProblem->getMessage(), $token, 0, $repositoryProblem);
|
||||
$ex = new AuthenticationServiceException($repositoryProblem->getMessage(), 0, $repositoryProblem);
|
||||
$ex->setToken($token);
|
||||
throw $ex;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -71,6 +71,7 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
|
||||
if ($this->hideUserNotFoundExceptions) {
|
||||
throw new BadCredentialsException('Bad credentials', 0, $notFound);
|
||||
}
|
||||
$notFound->setUsername($username);
|
||||
|
||||
throw $notFound;
|
||||
}
|
||||
|
||||
@ -15,7 +15,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* AccountExpiredException is thrown when the user account has expired.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class AccountExpiredException extends AccountStatusException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Account has expired.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,12 +11,57 @@
|
||||
|
||||
namespace Symfony\Component\Security\Core\Exception;
|
||||
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
|
||||
/**
|
||||
* AccountStatusException is the base class for authentication exceptions
|
||||
* caused by the user account status.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
abstract class AccountStatusException extends AuthenticationException
|
||||
{
|
||||
private $user;
|
||||
|
||||
/**
|
||||
* Get the user.
|
||||
*
|
||||
* @return UserInterface
|
||||
*/
|
||||
public function getUser()
|
||||
{
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the user.
|
||||
*
|
||||
* @param UserInterface $user
|
||||
*/
|
||||
public function setUser(UserInterface $user)
|
||||
{
|
||||
$this->user = $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function serialize()
|
||||
{
|
||||
return serialize(array(
|
||||
$this->user,
|
||||
parent::serialize(),
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function unserialize($str)
|
||||
{
|
||||
list($this->user, $parentData) = unserialize($str);
|
||||
|
||||
parent::unserialize($parentData);
|
||||
}
|
||||
}
|
||||
|
||||
@ -16,7 +16,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* because no Token is available.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class AuthenticationCredentialsNotFoundException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Authentication credentials could not be found.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,36 +11,42 @@
|
||||
|
||||
namespace Symfony\Component\Security\Core\Exception;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
|
||||
/**
|
||||
* AuthenticationException is the base class for all authentication exceptions.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class AuthenticationException extends \RuntimeException implements \Serializable
|
||||
{
|
||||
private $extraInformation;
|
||||
private $token;
|
||||
|
||||
public function __construct($message, $extraInformation = null, $code = 0, \Exception $previous = null)
|
||||
/**
|
||||
* Get the token.
|
||||
*
|
||||
* @return TokenInterface
|
||||
*/
|
||||
public function getToken()
|
||||
{
|
||||
parent::__construct($message, $code, $previous);
|
||||
|
||||
$this->extraInformation = $extraInformation;
|
||||
return $this->token;
|
||||
}
|
||||
|
||||
public function getExtraInformation()
|
||||
/**
|
||||
* Set the token.
|
||||
*
|
||||
* @param TokenInterface $token
|
||||
*/
|
||||
public function setToken(TokenInterface $token)
|
||||
{
|
||||
return $this->extraInformation;
|
||||
}
|
||||
|
||||
public function setExtraInformation($extraInformation)
|
||||
{
|
||||
$this->extraInformation = $extraInformation;
|
||||
$this->token = $token;
|
||||
}
|
||||
|
||||
public function serialize()
|
||||
{
|
||||
return serialize(array(
|
||||
$this->extraInformation,
|
||||
$this->token,
|
||||
$this->code,
|
||||
$this->message,
|
||||
$this->file,
|
||||
@ -51,11 +57,31 @@ class AuthenticationException extends \RuntimeException implements \Serializable
|
||||
public function unserialize($str)
|
||||
{
|
||||
list(
|
||||
$this->extraInformation,
|
||||
$this->token,
|
||||
$this->code,
|
||||
$this->message,
|
||||
$this->file,
|
||||
$this->line
|
||||
) = unserialize($str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Message key to be used by the translation component.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'An authentication exception occurred.';
|
||||
}
|
||||
|
||||
/**
|
||||
* Message data to be used by the translation component.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getMessageData()
|
||||
{
|
||||
return array();
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* AuthenticationServiceException is thrown when an authentication request could not be processed due to a system problem.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class AuthenticationServiceException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Authentication request could not be processed due to a system problem.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,11 +15,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* BadCredentialsException is thrown when the user credentials are invalid.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class BadCredentialsException extends AuthenticationException
|
||||
{
|
||||
public function __construct($message, $code = 0, \Exception $previous = null)
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
parent::__construct($message, null, $code, $previous);
|
||||
return 'Invalid credentials.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -16,7 +16,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* detects that a presented cookie has already been used by someone else.
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class CookieTheftException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Cookie has already been used by someone else.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* CredentialsExpiredException is thrown when the user account credentials have expired.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class CredentialsExpiredException extends AccountStatusException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Credentials have expired.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* DisabledException is thrown when the user account is disabled.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class DisabledException extends AccountStatusException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Account is disabled.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,7 +17,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* This is the case when a user is anonymous and the resource to be displayed has an access role.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class InsufficientAuthenticationException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Not privileged to request the resource.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* This exception is thrown when the csrf token is invalid.
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class InvalidCsrfTokenException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Invalid CSRF token.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* LockedException is thrown if the user account is locked.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class LockedException extends AccountStatusException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Account is locked.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,7 +18,15 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
* the digest nonce has expired.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class NonceExpiredException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Digest nonce has expired.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -16,7 +16,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* supports an authentication Token.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class ProviderNotFoundException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'No authentication provider found to support the authentication token.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -21,7 +21,15 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* request.
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class SessionUnavailableException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'No session available, it either timed out or cookies are not enabled.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
<?php
|
||||
namespace Symfony\Component\Security\Core\Exception;
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
@ -10,11 +9,21 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Security\Core\Exception;
|
||||
|
||||
/**
|
||||
* TokenNotFoundException is thrown if a Token cannot be found.
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class TokenNotFoundException extends AuthenticationException
|
||||
{
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'No token could be found.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,58 @@ namespace Symfony\Component\Security\Core\Exception;
|
||||
* UsernameNotFoundException is thrown if a User cannot be found by its username.
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class UsernameNotFoundException extends AuthenticationException
|
||||
{
|
||||
private $username;
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function getMessageKey()
|
||||
{
|
||||
return 'Username could not be found.';
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the username.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getUsername()
|
||||
{
|
||||
return $this->username;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the username.
|
||||
*
|
||||
* @param string $username
|
||||
*/
|
||||
public function setUsername($username)
|
||||
{
|
||||
$this->username = $username;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function serialize()
|
||||
{
|
||||
return serialize(array(
|
||||
$this->username,
|
||||
parent::serialize(),
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function unserialize($str)
|
||||
{
|
||||
list($this->username, $parentData) = unserialize($str);
|
||||
|
||||
parent::unserialize($parentData);
|
||||
}
|
||||
}
|
||||
|
||||
@ -44,7 +44,9 @@ class ChainUserProvider implements UserProviderInterface
|
||||
}
|
||||
}
|
||||
|
||||
throw new UsernameNotFoundException(sprintf('There is no user with name "%s".', $username));
|
||||
$ex = new UsernameNotFoundException(sprintf('There is no user with name "%s".', $username));
|
||||
$ex->setUsername($username);
|
||||
throw $ex;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -66,7 +68,9 @@ class ChainUserProvider implements UserProviderInterface
|
||||
}
|
||||
|
||||
if ($supportedUserFound) {
|
||||
throw new UsernameNotFoundException(sprintf('There is no user with name "%s".', $user->getUsername()));
|
||||
$ex = new UsernameNotFoundException(sprintf('There is no user with name "%s".', $user->getUsername()));
|
||||
$ex->setUsername($user->getUsername());
|
||||
throw $ex;
|
||||
} else {
|
||||
throw new UnsupportedUserException(sprintf('The account "%s" is not supported.', get_class($user)));
|
||||
}
|
||||
|
||||
@ -68,7 +68,10 @@ class InMemoryUserProvider implements UserProviderInterface
|
||||
public function loadUserByUsername($username)
|
||||
{
|
||||
if (!isset($this->users[strtolower($username)])) {
|
||||
throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
|
||||
$ex = new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
|
||||
$ex->setUsername($username);
|
||||
|
||||
throw $ex;
|
||||
}
|
||||
|
||||
$user = $this->users[strtolower($username)];
|
||||
|
||||
@ -33,7 +33,9 @@ class UserChecker implements UserCheckerInterface
|
||||
}
|
||||
|
||||
if (!$user->isCredentialsNonExpired()) {
|
||||
throw new CredentialsExpiredException('User credentials have expired.', $user);
|
||||
$ex = new CredentialsExpiredException('User credentials have expired.');
|
||||
$ex->setUser($user);
|
||||
throw $ex;
|
||||
}
|
||||
}
|
||||
|
||||
@ -47,15 +49,21 @@ class UserChecker implements UserCheckerInterface
|
||||
}
|
||||
|
||||
if (!$user->isAccountNonLocked()) {
|
||||
throw new LockedException('User account is locked.', $user);
|
||||
$ex = new LockedException('User account is locked.');
|
||||
$ex->setUser($user);
|
||||
throw $ex;
|
||||
}
|
||||
|
||||
if (!$user->isEnabled()) {
|
||||
throw new DisabledException('User account is disabled.', $user);
|
||||
$ex = new DisabledException('User account is disabled.');
|
||||
$ex->setUser($user);
|
||||
throw $ex;
|
||||
}
|
||||
|
||||
if (!$user->isAccountNonExpired()) {
|
||||
throw new AccountExpiredException('User account has expired.', $user);
|
||||
$ex = new AccountExpiredException('User account has expired.');
|
||||
$ex->setUser($user);
|
||||
throw $ex;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -106,7 +106,9 @@ class ExceptionListener
|
||||
}
|
||||
|
||||
try {
|
||||
$response = $this->startAuthentication($request, new InsufficientAuthenticationException('Full authentication is required to access this resource.', $token, 0, $exception));
|
||||
$insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
|
||||
$insufficientAuthenticationException->setToken($token);
|
||||
$response = $this->startAuthentication($request, $insufficientAuthenticationException);
|
||||
} catch (\Exception $e) {
|
||||
$event->setException($e);
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
|
||||
$user = $this->getUserProvider($class)->loadUserByUsername($username);
|
||||
} catch (\Exception $ex) {
|
||||
if (!$ex instanceof AuthenticationException) {
|
||||
$ex = new AuthenticationException($ex->getMessage(), null, $ex->getCode(), $ex);
|
||||
$ex = new AuthenticationException($ex->getMessage(), $ex->getCode(), $ex);
|
||||
}
|
||||
|
||||
throw $ex;
|
||||
|
||||
@ -0,0 +1,71 @@
|
||||
<?xml version="1.0"?>
|
||||
<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
|
||||
<file source-language="en" datatype="plaintext" original="file.ext">
|
||||
<body>
|
||||
<trans-unit id="1">
|
||||
<source>An authentication exception occurred.</source>
|
||||
<target>An authentication exception occurred.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="2">
|
||||
<source>Authentication credentials could not be found.</source>
|
||||
<target>Authentication credentials could not be found.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="3">
|
||||
<source>Authentication request could not be processed due to a system problem.</source>
|
||||
<target>Authentication request could not be processed due to a system problem.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="4">
|
||||
<source>Invalid credentials.</source>
|
||||
<target>Invalid credentials.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="5">
|
||||
<source>Cookie has already been used by someone else.</source>
|
||||
<target>Cookie has already been used by someone else.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="6">
|
||||
<source>Not privileged to request the resource.</source>
|
||||
<target>Not privileged to request the resource.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="7">
|
||||
<source>Invalid CSRF token.</source>
|
||||
<target>Invalid CSRF token.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="8">
|
||||
<source>Digest nonce has expired.</source>
|
||||
<target>Digest nonce has expired.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="9">
|
||||
<source>No authentication provider found to support the authentication token.</source>
|
||||
<target>No authentication provider found to support the authentication token.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="10">
|
||||
<source>No session available, it either timed out or cookies are not enabled.</source>
|
||||
<target>No session available, it either timed out or cookies are not enabled.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="11">
|
||||
<source>No token could be found.</source>
|
||||
<target>No token could be found.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="12">
|
||||
<source>Username could not be found.</source>
|
||||
<target>Username could not be found.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="13">
|
||||
<source>Account has expired.</source>
|
||||
<target>Account has expired.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="14">
|
||||
<source>Credentials have expired.</source>
|
||||
<target>Credentials have expired.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="15">
|
||||
<source>Account is disabled.</source>
|
||||
<target>Account is disabled.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="16">
|
||||
<source>Account is locked.</source>
|
||||
<target>Account is locked.</target>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
@ -37,7 +37,7 @@ class AuthenticationProviderManagerTest extends \PHPUnit_Framework_TestCase
|
||||
$manager->authenticate($token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'));
|
||||
$this->fail();
|
||||
} catch (ProviderNotFoundException $e) {
|
||||
$this->assertSame($token, $e->getExtraInformation());
|
||||
$this->assertSame($token, $e->getToken());
|
||||
}
|
||||
}
|
||||
|
||||
@ -51,7 +51,7 @@ class AuthenticationProviderManagerTest extends \PHPUnit_Framework_TestCase
|
||||
$manager->authenticate($token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'));
|
||||
$this->fail();
|
||||
} catch (AccountStatusException $e) {
|
||||
$this->assertSame($token, $e->getExtraInformation());
|
||||
$this->assertSame($token, $e->getToken());
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,7 +65,7 @@ class AuthenticationProviderManagerTest extends \PHPUnit_Framework_TestCase
|
||||
$manager->authenticate($token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'));
|
||||
$this->fail();
|
||||
} catch (AuthenticationException $e) {
|
||||
$this->assertSame($token, $e->getExtraInformation());
|
||||
$this->assertSame($token, $e->getToken());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user