bug #26370 [Security] added userChecker to SimpleAuthenticationProvider (i3or1s)

This PR was submitted for the 2.8 branch but it was squashed and merged into the 2.7 branch instead (closes #26370). Discussion ---------- [Security] added userChecker to SimpleAuthenticationProvider [Security] added userChecker to SimpleAuthenticationProvider [SecurityBundle] [DependencyInjection] updated SimpleFormFactory | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #26314 | License | MIT | Doc PR | no Introduces user checker to the simple authentication provider. Commits ------- cb9c92d [Security] added userChecker to SimpleAuthenticationProvider
2018-03-19 21:02:10 +01:00 · 2018-03-19 21:02:10 +01:00 · 775328240f
parent bd49884804 cb9c92d065
commit 775328240f
3 changed files with 102 additions and 4 deletions
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
@ -55,6 +55,7 @@ class SimpleFormFactory extends FormLoginFactory
            ->replaceArgument(0, new Reference($config['authenticator']))
            ->replaceArgument(1, new Reference($userProviderId))
            ->replaceArgument(2, $id)
+            ->replaceArgument(3, new Reference('security.user_checker.'.$id))
        ;

        return $provider;
--- a/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
@ -11,6 +11,8 @@

 namespace Symfony\Component\Security\Core\Authentication\Provider;

+use Symfony\Component\Security\Core\User\UserChecker;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
@ -24,23 +26,29 @@ class SimpleAuthenticationProvider implements AuthenticationProviderInterface
    private $simpleAuthenticator;
    private $userProvider;
    private $providerKey;
+    private $userChecker;

-    public function __construct(SimpleAuthenticatorInterface $simpleAuthenticator, UserProviderInterface $userProvider, $providerKey)
+    public function __construct(SimpleAuthenticatorInterface $simpleAuthenticator, UserProviderInterface $userProvider, $providerKey, UserCheckerInterface $userChecker = null)
    {
        $this->simpleAuthenticator = $simpleAuthenticator;
        $this->userProvider = $userProvider;
        $this->providerKey = $providerKey;
+        $this->userChecker = $userChecker ?: new UserChecker();
    }

    public function authenticate(TokenInterface $token)
    {
        $authToken = $this->simpleAuthenticator->authenticateToken($token, $this->userProvider, $this->providerKey);

-        if ($authToken instanceof TokenInterface) {
-            return $authToken;
+        if (!$authToken instanceof TokenInterface) {
+            throw new AuthenticationException('Simple authenticator failed to return an authenticated token.');
        }

-        throw new AuthenticationException('Simple authenticator failed to return an authenticated token.');
+        $user = $authToken->getUser();
+        $this->userChecker->checkPreAuth($user);
+        $this->userChecker->checkPostAuth($user);
+
+        return $authToken;
    }

    public function supports(TokenInterface $token)
--- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php
@ -0,0 +1,89 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\Authentication\Provider;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Exception\DisabledException;
+use Symfony\Component\Security\Core\Authentication\Provider\SimpleAuthenticationProvider;
+use Symfony\Component\Security\Core\Exception\LockedException;
+
+class SimpleAuthenticationProviderTest extends TestCase
+{
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\DisabledException
+     */
+    public function testAuthenticateWhenPreChecksFails()
+    {
+        $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
+
+        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
+        $token->expects($this->any())
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        $userChecker->expects($this->once())
+            ->method('checkPreAuth')
+            ->will($this->throwException(new DisabledException()));
+
+        $authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        $authenticator->expects($this->once())
+            ->method('authenticateToken')
+            ->will($this->returnValue($token));
+
+        $provider = $this->getProvider($authenticator, null, $userChecker);
+
+        $provider->authenticate($token);
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\LockedException
+     */
+    public function testAuthenticateWhenPostChecksFails()
+    {
+        $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
+
+        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
+        $token->expects($this->any())
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        $userChecker->expects($this->once())
+            ->method('checkPostAuth')
+            ->will($this->throwException(new LockedException()));
+
+        $authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        $authenticator->expects($this->once())
+            ->method('authenticateToken')
+            ->will($this->returnValue($token));
+
+        $provider = $this->getProvider($authenticator, null, $userChecker);
+
+        $provider->authenticate($token);
+    }
+
+    protected function getProvider($simpleAuthenticator = null, $userProvider = null, $userChecker = null, $key = 'test')
+    {
+        if (null === $userChecker) {
+            $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        }
+        if (null === $simpleAuthenticator) {
+            $simpleAuthenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        }
+        if (null === $userProvider) {
+            $userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
+        }
+
+        return new SimpleAuthenticationProvider($simpleAuthenticator, $userProvider, $key, $userChecker);
+    }
+}