From 59f49b20cab8813b4e37f8fd514f4ec31bd6610c Mon Sep 17 00:00:00 2001 From: Wouter de Jong Date: Sat, 7 Mar 2020 14:04:35 +0100 Subject: [PATCH] Rename AuthenticatingListener --- .../config/security_authenticator.xml | 2 +- ...erifyAuthenticatorCredentialsListener.php} | 28 +++++++++++-------- 2 files changed, 18 insertions(+), 12 deletions(-) rename src/Symfony/Component/Security/Http/EventListener/{AuthenticatingListener.php => VerifyAuthenticatorCredentialsListener.php} (80%) diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml index a09c04ea5b..757aef78e7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml @@ -43,7 +43,7 @@ - + diff --git a/src/Symfony/Component/Security/Http/EventListener/AuthenticatingListener.php b/src/Symfony/Component/Security/Http/EventListener/VerifyAuthenticatorCredentialsListener.php similarity index 80% rename from src/Symfony/Component/Security/Http/EventListener/AuthenticatingListener.php rename to src/Symfony/Component/Security/Http/EventListener/VerifyAuthenticatorCredentialsListener.php index 6795100a9c..c8ab235f79 100644 --- a/src/Symfony/Component/Security/Http/EventListener/AuthenticatingListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/VerifyAuthenticatorCredentialsListener.php @@ -4,6 +4,7 @@ namespace Symfony\Component\Security\Http\EventListener; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\LogicException; use Symfony\Component\Security\Http\Authenticator\CustomAuthenticatedInterface; use Symfony\Component\Security\Http\Authenticator\PasswordAuthenticatedInterface; @@ -19,7 +20,7 @@ use Symfony\Component\Security\Http\Event\VerifyAuthenticatorCredentialsEvent; * @final * @experimental in 5.1 */ -class AuthenticatingListener implements EventSubscriberInterface +class VerifyAuthenticatorCredentialsListener implements EventSubscriberInterface { private $encoderFactory; @@ -28,22 +29,22 @@ class AuthenticatingListener implements EventSubscriberInterface $this->encoderFactory = $encoderFactory; } - public static function getSubscribedEvents(): array - { - return [VerifyAuthenticatorCredentialsEvent::class => ['onAuthenticating', 128]]; - } - public function onAuthenticating(VerifyAuthenticatorCredentialsEvent $event): void { $authenticator = $event->getAuthenticator(); if ($authenticator instanceof PasswordAuthenticatedInterface) { // Use the password encoder to validate the credentials $user = $event->getUser(); - $event->setCredentialsValid($this->encoderFactory->getEncoder($user)->isPasswordValid( - $user->getPassword(), - $authenticator->getPassword($event->getCredentials()), - $user->getSalt() - )); + $presentedPassword = $authenticator->getPassword($event->getCredentials()); + if ('' === $presentedPassword) { + throw new BadCredentialsException('The presented password cannot be empty.'); + } + + if (null === $user->getPassword()) { + return; + } + + $event->setCredentialsValid($this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())); return; } @@ -65,4 +66,9 @@ class AuthenticatingListener implements EventSubscriberInterface throw new LogicException(sprintf('Authenticator %s does not have valid credentials. Authenticators must implement one of the authenticated interfaces (%s, %s or %s).', \get_class($authenticator), PasswordAuthenticatedInterface::class, TokenAuthenticatedInterface::class, CustomAuthenticatedInterface::class)); } + + public static function getSubscribedEvents(): array + { + return [VerifyAuthenticatorCredentialsEvent::class => ['onAuthenticating', 128]]; + } }