From cb9c92d06553f60a0b7b6b036c4b2a3c1813e738 Mon Sep 17 00:00:00 2001
From: Boris Vujicic <boris.vujicic@boutsourcing.com>
Date: Fri, 2 Mar 2018 09:14:52 +0100
Subject: [PATCH] [Security] added userChecker to SimpleAuthenticationProvider

---
 .../Security/Factory/SimpleFormFactory.php    |  1 +
 .../Provider/SimpleAuthenticationProvider.php | 16 +++-
 .../SimpleAuthenticationProviderTest.php      | 89 +++++++++++++++++++
 3 files changed, 102 insertions(+), 4 deletions(-)
 create mode 100644 src/Symfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
index 6241cf4f39..69b8b943ab 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
@@ -55,6 +55,7 @@ class SimpleFormFactory extends FormLoginFactory
             ->replaceArgument(0, new Reference($config['authenticator']))
             ->replaceArgument(1, new Reference($userProviderId))
             ->replaceArgument(2, $id)
+            ->replaceArgument(3, new Reference('security.user_checker.'.$id))
         ;
 
         return $provider;
diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
index ffbc72c055..a82fb7eea4 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Provider;
 
+use Symfony\Component\Security\Core\User\UserChecker;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
@@ -24,23 +26,29 @@ class SimpleAuthenticationProvider implements AuthenticationProviderInterface
     private $simpleAuthenticator;
     private $userProvider;
     private $providerKey;
+    private $userChecker;
 
-    public function __construct(SimpleAuthenticatorInterface $simpleAuthenticator, UserProviderInterface $userProvider, $providerKey)
+    public function __construct(SimpleAuthenticatorInterface $simpleAuthenticator, UserProviderInterface $userProvider, $providerKey, UserCheckerInterface $userChecker = null)
     {
         $this->simpleAuthenticator = $simpleAuthenticator;
         $this->userProvider = $userProvider;
         $this->providerKey = $providerKey;
+        $this->userChecker = $userChecker ?: new UserChecker();
     }
 
     public function authenticate(TokenInterface $token)
     {
         $authToken = $this->simpleAuthenticator->authenticateToken($token, $this->userProvider, $this->providerKey);
 
-        if ($authToken instanceof TokenInterface) {
-            return $authToken;
+        if (!$authToken instanceof TokenInterface) {
+            throw new AuthenticationException('Simple authenticator failed to return an authenticated token.');
         }
 
-        throw new AuthenticationException('Simple authenticator failed to return an authenticated token.');
+        $user = $authToken->getUser();
+        $this->userChecker->checkPreAuth($user);
+        $this->userChecker->checkPostAuth($user);
+
+        return $authToken;
     }
 
     public function supports(TokenInterface $token)
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php
new file mode 100644
index 0000000000..1e7069c1fa
--- /dev/null
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php
@@ -0,0 +1,89 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\Authentication\Provider;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Exception\DisabledException;
+use Symfony\Component\Security\Core\Authentication\Provider\SimpleAuthenticationProvider;
+use Symfony\Component\Security\Core\Exception\LockedException;
+
+class SimpleAuthenticationProviderTest extends TestCase
+{
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\DisabledException
+     */
+    public function testAuthenticateWhenPreChecksFails()
+    {
+        $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
+
+        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
+        $token->expects($this->any())
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        $userChecker->expects($this->once())
+            ->method('checkPreAuth')
+            ->will($this->throwException(new DisabledException()));
+
+        $authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        $authenticator->expects($this->once())
+            ->method('authenticateToken')
+            ->will($this->returnValue($token));
+
+        $provider = $this->getProvider($authenticator, null, $userChecker);
+
+        $provider->authenticate($token);
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\LockedException
+     */
+    public function testAuthenticateWhenPostChecksFails()
+    {
+        $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
+
+        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
+        $token->expects($this->any())
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        $userChecker->expects($this->once())
+            ->method('checkPostAuth')
+            ->will($this->throwException(new LockedException()));
+
+        $authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        $authenticator->expects($this->once())
+            ->method('authenticateToken')
+            ->will($this->returnValue($token));
+
+        $provider = $this->getProvider($authenticator, null, $userChecker);
+
+        $provider->authenticate($token);
+    }
+
+    protected function getProvider($simpleAuthenticator = null, $userProvider = null, $userChecker = null, $key = 'test')
+    {
+        if (null === $userChecker) {
+            $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        }
+        if (null === $simpleAuthenticator) {
+            $simpleAuthenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        }
+        if (null === $userProvider) {
+            $userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
+        }
+
+        return new SimpleAuthenticationProvider($simpleAuthenticator, $userProvider, $key, $userChecker);
+    }
+}