From 7859977324852dcb2b193106bb1066e6061fe010 Mon Sep 17 00:00:00 2001 From: Wouter de Jong Date: Thu, 6 Feb 2020 15:41:40 +0100 Subject: [PATCH] Removed all mentions of 'guard' in the new system This to remove confusion between the new system and Guard. When using the new system, guard should not be installed. Guard did however influence the idea behind the new system. Thus keeping the mentions of "guard" makes it confusing to use the new system. --- .../DependencyInjection/MainConfiguration.php | 2 +- .../Security/Factory/AnonymousFactory.php | 4 +- ....php => AuthenticatorFactoryInterface.php} | 8 +-- .../Security/Factory/FormLoginFactory.php | 4 +- .../Security/Factory/HttpBasicFactory.php | 4 +- .../DependencyInjection/SecurityExtension.php | 37 +++++----- ...p => LazyAuthenticatorManagerListener.php} | 12 ++-- .../Resources/config/authenticators.xml | 27 ++++--- .../SecurityBundle/Resources/config/guard.xml | 6 +- .../Resources/config/security.xml | 4 +- .../HttpBasicAuthenticatorTest.php | 18 ++--- .../Firewall/GuardAuthenticationListener.php | 27 +++---- ...henticatorHandler.php => GuardHandler.php} | 4 +- .../Provider/GuardAuthenticationProvider.php | 20 +++--- .../GuardAuthenticationListenerTest.php | 8 ++- .../Tests/GuardAuthenticatorHandlerTest.php | 16 ++--- .../GuardAuthenticationProviderTest.php | 12 ++-- ...rdToken.php => PreAuthenticationToken.php} | 8 ++- ...orHandler.php => AuthenticatorHandler.php} | 34 ++++----- ...onManager.php => AuthenticatorManager.php} | 36 +++++----- .../AuthenticatorManagerTrait.php | 46 ++++++++++++ .../GuardAuthenticationManagerTrait.php | 55 -------------- .../Authenticator/AbstractAuthenticator.php | 10 +-- .../AbstractLoginFormAuthenticator.php} | 4 +- .../Authenticator/AnonymousAuthenticator.php | 2 +- .../Authenticator/AuthenticatorInterface.php | 2 +- .../CustomAuthenticatedInterface.php | 11 ++- .../Authenticator/FormLoginAuthenticator.php | 8 +-- .../Authenticator/HttpBasicAuthenticator.php | 3 +- .../PasswordAuthenticatedInterface.php | 31 ++++++++ .../Token/PostAuthenticationToken.php | 71 +++++++++++++++++++ .../Token/PreAuthenticationToken.php} | 28 ++++---- .../TokenAuthenticatedInterface.php | 11 ++- .../Security/Http/Event/LoginFailureEvent.php | 2 +- .../Security/Http/Event/LoginSuccessEvent.php | 2 +- .../VerifyAuthenticatorCredentialsEvent.php | 2 +- .../EventListener/AuthenticatingListener.php | 6 +- .../PasswordMigratingListener.php | 8 +-- .../Http/EventListener/RememberMeListener.php | 2 +- ...r.php => AuthenticatorManagerListener.php} | 49 ++++++------- .../AuthenticatorManagerListenerTrait.php | 41 +++++++++++ .../Firewall/GuardManagerListenerTrait.php | 50 ------------- 42 files changed, 419 insertions(+), 316 deletions(-) rename src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/{GuardFactoryInterface.php => AuthenticatorFactoryInterface.php} (59%) rename src/Symfony/Bundle/SecurityBundle/EventListener/{LazyGuardManagerListener.php => LazyAuthenticatorManagerListener.php} (79%) rename src/Symfony/Component/Security/Guard/{GuardAuthenticatorHandler.php => GuardHandler.php} (76%) rename src/Symfony/Component/Security/Guard/Token/{PreAuthenticationGuardToken.php => PreAuthenticationToken.php} (71%) rename src/Symfony/Component/Security/Http/Authentication/{GuardAuthenticatorHandler.php => AuthenticatorHandler.php} (74%) rename src/Symfony/Component/Security/Http/Authentication/{GuardAuthenticationManager.php => AuthenticatorManager.php} (78%) create mode 100644 src/Symfony/Component/Security/Http/Authentication/AuthenticatorManagerTrait.php delete mode 100644 src/Symfony/Component/Security/Http/Authentication/GuardAuthenticationManagerTrait.php rename src/Symfony/Component/Security/Http/{Authentication => }/Authenticator/AbstractAuthenticator.php (68%) rename src/Symfony/Component/Security/Http/{Authentication/Authenticator/AbstractFormLoginAuthenticator.php => Authenticator/AbstractLoginFormAuthenticator.php} (92%) rename src/Symfony/Component/Security/Http/{Authentication => }/Authenticator/AnonymousAuthenticator.php (96%) rename src/Symfony/Component/Security/Http/{Authentication => }/Authenticator/AuthenticatorInterface.php (98%) rename src/Symfony/Component/Security/Http/{Authentication => }/Authenticator/CustomAuthenticatedInterface.php (73%) rename src/Symfony/Component/Security/Http/{Authentication => }/Authenticator/FormLoginAuthenticator.php (94%) rename src/Symfony/Component/Security/Http/{Authentication => }/Authenticator/HttpBasicAuthenticator.php (95%) create mode 100644 src/Symfony/Component/Security/Http/Authenticator/PasswordAuthenticatedInterface.php create mode 100644 src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php rename src/Symfony/Component/Security/{Core/Authentication/Token/PreAuthenticationGuardToken.php => Http/Authenticator/Token/PreAuthenticationToken.php} (52%) rename src/Symfony/Component/Security/Http/{Authentication => }/Authenticator/TokenAuthenticatedInterface.php (67%) rename src/Symfony/Component/Security/Http/Firewall/{GuardManagerListener.php => AuthenticatorManagerListener.php} (72%) create mode 100644 src/Symfony/Component/Security/Http/Firewall/AuthenticatorManagerListenerTrait.php delete mode 100644 src/Symfony/Component/Security/Http/Firewall/GuardManagerListenerTrait.php diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php index b0d7e5c342..dfac1554d4 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php @@ -73,7 +73,7 @@ class MainConfiguration implements ConfigurationInterface ->booleanNode('hide_user_not_found')->defaultTrue()->end() ->booleanNode('always_authenticate_before_granting')->defaultFalse()->end() ->booleanNode('erase_credentials')->defaultTrue()->end() - ->booleanNode('guard_authentication_manager')->defaultFalse()->end() + ->booleanNode('enable_authenticator_manager')->defaultFalse()->info('Enables the new Symfony Security system based on Authenticators, all used authenticators must support this before enabling this.')->end() ->arrayNode('access_decision_manager') ->addDefaultsIfNotSet() ->children() diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php index 2479cff3ac..b7e2347a57 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php @@ -19,7 +19,7 @@ use Symfony\Component\DependencyInjection\Parameter; /** * @author Wouter de Jong */ -class AnonymousFactory implements SecurityFactoryInterface, GuardFactoryInterface +class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface { public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint) { @@ -42,7 +42,7 @@ class AnonymousFactory implements SecurityFactoryInterface, GuardFactoryInterfac return [$providerId, $listenerId, $defaultEntryPoint]; } - public function createGuard(ContainerBuilder $container, string $id, array $config, ?string $userProviderId): string + public function createAuthenticator(ContainerBuilder $container, string $id, array $config, ?string $userProviderId): string { if (null === $config['secret']) { $config['secret'] = new Parameter('container.build_hash'); diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardFactoryInterface.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AuthenticatorFactoryInterface.php similarity index 59% rename from src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardFactoryInterface.php rename to src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AuthenticatorFactoryInterface.php index 34314e5a43..e85ba0b495 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardFactoryInterface.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AuthenticatorFactoryInterface.php @@ -18,12 +18,12 @@ use Symfony\Component\DependencyInjection\ContainerBuilder; * * @experimental in 5.1 */ -interface GuardFactoryInterface +interface AuthenticatorFactoryInterface { /** - * Creates the Guard service(s) for the provided configuration. + * Creates the authenticator service(s) for the provided configuration. * - * @return string|string[] The Guard service ID(s) to be used by the firewall + * @return string|string[] The authenticator service ID(s) to be used by the firewall */ - public function createGuard(ContainerBuilder $container, string $id, array $config, ?string $userProviderId); + public function createAuthenticator(ContainerBuilder $container, string $id, array $config, ?string $userProviderId); } diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php index cfed004d86..368cde156e 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php @@ -22,7 +22,7 @@ use Symfony\Component\DependencyInjection\Reference; * @author Fabien Potencier * @author Johannes M. Schmitt */ -class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface, EntryPointFactoryInterface +class FormLoginFactory extends AbstractFactory implements AuthenticatorFactoryInterface, EntryPointFactoryInterface { public function __construct() { @@ -97,7 +97,7 @@ class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface, return $entryPointId; } - public function createGuard(ContainerBuilder $container, string $id, array $config, ?string $userProviderId): string + public function createAuthenticator(ContainerBuilder $container, string $id, array $config, ?string $userProviderId): string { $authenticatorId = 'security.authenticator.form_login.'.$id; $defaultOptions = array_merge($this->defaultSuccessHandlerOptions, $this->options); diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php index c632ebf587..dea437e94c 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php @@ -21,7 +21,7 @@ use Symfony\Component\DependencyInjection\Reference; * * @author Fabien Potencier */ -class HttpBasicFactory implements SecurityFactoryInterface, GuardFactoryInterface +class HttpBasicFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface { public function create(ContainerBuilder $container, string $id, array $config, string $userProvider, ?string $defaultEntryPoint) { @@ -46,7 +46,7 @@ class HttpBasicFactory implements SecurityFactoryInterface, GuardFactoryInterfac return [$provider, $listenerId, $entryPointId]; } - public function createGuard(ContainerBuilder $container, string $id, array $config, ?string $userProviderId): string + public function createAuthenticator(ContainerBuilder $container, string $id, array $config, ?string $userProviderId): string { $authenticatorId = 'security.authenticator.http_basic.'.$id; $container diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index d67682e883..fb402288be 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -11,8 +11,8 @@ namespace Symfony\Bundle\SecurityBundle\DependencyInjection; +use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\EntryPointFactoryInterface; -use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\GuardFactoryInterface; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface; @@ -54,7 +54,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface private $userProviderFactories = []; private $statelessFirewallKeys = []; - private $guardAuthenticationManagerEnabled = false; + private $authenticatorManagerEnabled = false; public function __construct() { @@ -139,7 +139,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface $container->setParameter('security.access.always_authenticate_before_granting', $config['always_authenticate_before_granting']); $container->setParameter('security.authentication.hide_user_not_found', $config['hide_user_not_found']); - if ($this->guardAuthenticationManagerEnabled = $config['guard_authentication_manager']) { + if ($this->authenticatorManagerEnabled = $config['enable_authenticator_manager']) { $loader->load('authenticators.xml'); } @@ -150,6 +150,11 @@ class SecurityExtension extends Extension implements PrependExtensionInterface $container->getDefinition('security.authentication.guard_handler') ->replaceArgument(2, $this->statelessFirewallKeys); + if ($this->authenticatorManagerEnabled) { + $container->getDefinition('security.authenticator_handler') + ->replaceArgument(2, $this->statelessFirewallKeys); + } + if ($config['encoders']) { $this->createEncoders($config['encoders'], $container); } @@ -267,8 +272,8 @@ class SecurityExtension extends Extension implements PrependExtensionInterface return new Reference($id); }, array_unique($authenticationProviders)); $authenticationManagerId = 'security.authentication.manager.provider'; - if ($this->guardAuthenticationManagerEnabled) { - $authenticationManagerId = 'security.authentication.manager.guard'; + if ($this->authenticatorManagerEnabled) { + $authenticationManagerId = 'security.authentication.manager.authenticator'; $container->setAlias('security.authentication.manager', new Alias($authenticationManagerId)); } $container @@ -418,7 +423,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface // Determine default entry point $configuredEntryPoint = isset($firewall['entry_point']) ? $firewall['entry_point'] : null; - if ($this->guardAuthenticationManagerEnabled) { + if ($this->authenticatorManagerEnabled) { // Remember me listener (must be before calling createAuthenticationListeners() to inject remember me services) $container ->setDefinition('security.listener.remember_me.'.$id, new ChildDefinition('security.listener.remember_me')) @@ -434,10 +439,10 @@ class SecurityExtension extends Extension implements PrependExtensionInterface $authenticationProviders = array_merge($authenticationProviders, $firewallAuthenticationProviders); - if ($this->guardAuthenticationManagerEnabled) { - // guard authentication manager listener + if ($this->authenticatorManagerEnabled) { + // authenticator manager listener $container - ->setDefinition('security.firewall.guard.'.$id.'.locator', new ChildDefinition('security.firewall.guard.locator')) + ->setDefinition('security.firewall.authenticator.'.$id.'.locator', new ChildDefinition('security.firewall.authenticator.locator')) ->setArguments([array_map(function ($id) { return new Reference($id); }, $firewallAuthenticationProviders)]) @@ -445,13 +450,13 @@ class SecurityExtension extends Extension implements PrependExtensionInterface ; $container - ->setDefinition('security.firewall.guard.'.$id, new ChildDefinition('security.firewall.guard')) - ->replaceArgument(2, new Reference('security.firewall.guard.'.$id.'.locator')) + ->setDefinition('security.firewall.authenticator.'.$id, new ChildDefinition('security.firewall.authenticator')) + ->replaceArgument(2, new Reference('security.firewall.authenticator.'.$id.'.locator')) ->replaceArgument(3, $id) ->addTag('kernel.event_listener', ['event' => KernelEvents::REQUEST]) ; - $listeners[] = new Reference('security.firewall.guard.'.$id); + $listeners[] = new Reference('security.firewall.authenticator.'.$id); } $config->replaceArgument(7, $configuredEntryPoint ?: $defaultEntryPoint); @@ -515,12 +520,12 @@ class SecurityExtension extends Extension implements PrependExtensionInterface if (isset($firewall[$key])) { $userProvider = $this->getUserProvider($container, $id, $firewall, $key, $defaultProvider, $providerIds, $contextListenerId); - if ($this->guardAuthenticationManagerEnabled) { - if (!$factory instanceof GuardFactoryInterface) { - throw new InvalidConfigurationException(sprintf('Cannot configure GuardAuthenticationManager as %s authentication does not support it, set security.guard_authentication_manager to `false`.', $key)); + if ($this->authenticatorManagerEnabled) { + if (!$factory instanceof AuthenticatorFactoryInterface) { + throw new InvalidConfigurationException(sprintf('Cannot configure AuthenticatorManager as "%s" authentication does not support it, set "security.enable_authenticator_manager" to `false`.', $key)); } - $authenticators = $factory->createGuard($container, $id, $firewall[$key], $userProvider); + $authenticators = $factory->createAuthenticator($container, $id, $firewall[$key], $userProvider); if (\is_array($authenticators)) { foreach ($authenticators as $i => $authenticator) { $authenticationProviders[$id.'_'.$key.$i] = $authenticator; diff --git a/src/Symfony/Bundle/SecurityBundle/EventListener/LazyGuardManagerListener.php b/src/Symfony/Bundle/SecurityBundle/EventListener/LazyAuthenticatorManagerListener.php similarity index 79% rename from src/Symfony/Bundle/SecurityBundle/EventListener/LazyGuardManagerListener.php rename to src/Symfony/Bundle/SecurityBundle/EventListener/LazyAuthenticatorManagerListener.php index 4cea805737..2a8a04e081 100644 --- a/src/Symfony/Bundle/SecurityBundle/EventListener/LazyGuardManagerListener.php +++ b/src/Symfony/Bundle/SecurityBundle/EventListener/LazyAuthenticatorManagerListener.php @@ -16,32 +16,32 @@ use Symfony\Component\DependencyInjection\ServiceLocator; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; -use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; -use Symfony\Component\Security\Http\Firewall\GuardManagerListener; +use Symfony\Component\Security\Http\Authentication\AuthenticatorHandler; +use Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener; /** * @author Wouter de Jong * * @experimental in 5.1 */ -class LazyGuardManagerListener extends GuardManagerListener +class LazyAuthenticatorManagerListener extends AuthenticatorManagerListener { private $guardLocator; public function __construct( AuthenticationManagerInterface $authenticationManager, - GuardAuthenticatorHandler $guardHandler, + AuthenticatorHandler $authenticatorHandler, ServiceLocator $guardLocator, string $providerKey, EventDispatcherInterface $eventDispatcher, ?LoggerInterface $logger = null ) { - parent::__construct($authenticationManager, $guardHandler, [], $providerKey, $eventDispatcher, $logger); + parent::__construct($authenticationManager, $authenticatorHandler, [], $providerKey, $eventDispatcher, $logger); $this->guardLocator = $guardLocator; } - protected function getSupportingGuardAuthenticators(Request $request): array + protected function getSupportingAuthenticators(Request $request): array { $guardAuthenticators = []; foreach ($this->guardLocator->getProvidedServices() as $key => $type) { diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/authenticators.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/authenticators.xml index a6b1a0a9f5..92d72ee238 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/authenticators.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/authenticators.xml @@ -4,17 +4,28 @@ xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd"> - + + + + + + + + + - - - + + @@ -48,7 +59,7 @@ realm name user provider @@ -57,7 +68,7 @@ @@ -66,7 +77,7 @@ secret diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml index 7b17aff868..4bfd1229a8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml @@ -8,7 +8,7 @@ @@ -17,8 +17,8 @@ - - + + - - + + %security.authentication.manager.erase_credentials% diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Authenticator/HttpBasicAuthenticatorTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Authenticator/HttpBasicAuthenticatorTest.php index c0265cd55a..b713840441 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Authenticator/HttpBasicAuthenticatorTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Authenticator/HttpBasicAuthenticatorTest.php @@ -5,12 +5,12 @@ namespace Symfony\Component\Security\Core\Tests\Authentication\Authenticator; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\Security\Http\Authentication\Authenticator\HttpBasicAuthenticator; use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; +use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator; class HttpBasicAuthenticatorTest extends TestCase { @@ -39,8 +39,8 @@ class HttpBasicAuthenticatorTest extends TestCase 'PHP_AUTH_PW' => 'ThePassword', ]); - $guard = new HttpBasicAuthenticator('test', $this->userProvider, $this->encoderFactory); - $credentials = $guard->getCredentials($request); + $authenticator = new HttpBasicAuthenticator('test', $this->userProvider, $this->encoderFactory); + $credentials = $authenticator->getCredentials($request); $this->assertEquals([ 'username' => 'TheUsername', 'password' => 'ThePassword', @@ -55,7 +55,7 @@ class HttpBasicAuthenticatorTest extends TestCase ->with('TheUsername') ->willReturn($mockedUser); - $user = $guard->getUser($credentials, $this->userProvider); + $user = $authenticator->getUser($credentials, $this->userProvider); $this->assertSame($mockedUser, $user); $this->encoder @@ -64,14 +64,14 @@ class HttpBasicAuthenticatorTest extends TestCase ->with('ThePassword', 'ThePassword', null) ->willReturn(true); - $checkCredentials = $guard->checkCredentials($credentials, $user); + $checkCredentials = $authenticator->checkCredentials($credentials, $user); $this->assertTrue($checkCredentials); } /** @dataProvider provideInvalidPasswords */ public function testInvalidPassword($presentedPassword, $exceptionMessage) { - $guard = new HttpBasicAuthenticator('test', $this->userProvider, $this->encoderFactory); + $authenticator = new HttpBasicAuthenticator('test', $this->userProvider, $this->encoderFactory); $this->encoder ->expects($this->any()) @@ -81,7 +81,7 @@ class HttpBasicAuthenticatorTest extends TestCase $this->expectException(BadCredentialsException::class); $this->expectExceptionMessage($exceptionMessage); - $guard->checkCredentials([ + $authenticator->checkCredentials([ 'username' => 'TheUsername', 'password' => $presentedPassword, ], $this->getMockBuilder(UserInterface::class)->getMock()); @@ -100,8 +100,8 @@ class HttpBasicAuthenticatorTest extends TestCase { $request = new Request([], [], [], [], [], $serverParameters); - $guard = new HttpBasicAuthenticator('test', $this->userProvider, $this->encoderFactory); - $this->assertFalse($guard->supports($request)); + $authenticator = new HttpBasicAuthenticator('test', $this->userProvider, $this->encoderFactory); + $this->assertFalse($authenticator->supports($request)); } public function provideMissingHttpBasicServerParameters() diff --git a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php index 50b42990c5..4ce55930f6 100644 --- a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php +++ b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php @@ -16,14 +16,12 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\RequestEvent; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; -use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Guard\AuthenticatorInterface; -use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; -use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken as GuardPreAuthenticationGuardToken; +use Symfony\Component\Security\Guard\GuardHandler; +use Symfony\Component\Security\Guard\Token\PreAuthenticationToken as GuardPreAuthenticationGuardToken; use Symfony\Component\Security\Http\Firewall\AbstractListener; -use Symfony\Component\Security\Http\Firewall\GuardManagerListenerTrait; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; /** @@ -36,12 +34,12 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; */ class GuardAuthenticationListener extends AbstractListener { - use GuardManagerListenerTrait; + use AuthenticatorManagerListenerTrait; private $guardHandler; private $authenticationManager; private $providerKey; - private $guardAuthenticators; + private $authenticators; private $logger; private $rememberMeServices; @@ -49,7 +47,7 @@ class GuardAuthenticationListener extends AbstractListener * @param string $providerKey The provider (i.e. firewall) key * @param iterable|AuthenticatorInterface[] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationProvider */ - public function __construct(GuardAuthenticatorHandler $guardHandler, AuthenticationManagerInterface $authenticationManager, string $providerKey, iterable $guardAuthenticators, LoggerInterface $logger = null) + public function __construct(GuardHandler $guardHandler, AuthenticationManagerInterface $authenticationManager, string $providerKey, iterable $guardAuthenticators, LoggerInterface $logger = null) { if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); @@ -58,7 +56,7 @@ class GuardAuthenticationListener extends AbstractListener $this->guardHandler = $guardHandler; $this->authenticationManager = $authenticationManager; $this->providerKey = $providerKey; - $this->guardAuthenticators = $guardAuthenticators; + $this->authenticators = $guardAuthenticators; $this->logger = $logger; } @@ -70,14 +68,14 @@ class GuardAuthenticationListener extends AbstractListener if (null !== $this->logger) { $context = ['firewall_key' => $this->providerKey]; - if ($this->guardAuthenticators instanceof \Countable || \is_array($this->guardAuthenticators)) { - $context['authenticators'] = \count($this->guardAuthenticators); + if ($this->authenticators instanceof \Countable || \is_array($this->authenticators)) { + $context['authenticators'] = \count($this->authenticators); } $this->logger->debug('Checking for guard authentication credentials.', $context); } - $guardAuthenticators = $this->getSupportingGuardAuthenticators($request); + $guardAuthenticators = $this->getSupportingAuthenticators($request); if (!$guardAuthenticators) { return false; } @@ -143,7 +141,7 @@ class GuardAuthenticationListener extends AbstractListener } // create a token with the unique key, so that the provider knows which authenticator to use - $token = $this->createPreAuthenticatedToken($credentials, $uniqueGuardKey, $this->providerKey); + $token = new GuardPreAuthenticationGuardToken($credentials, $uniqueGuardKey, $this->providerKey); if (null !== $this->logger) { $this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); @@ -220,9 +218,4 @@ class GuardAuthenticationListener extends AbstractListener $this->rememberMeServices->loginSuccess($request, $response, $token); } - - protected function createPreAuthenticatedToken($credentials, string $uniqueGuardKey, string $providerKey): PreAuthenticationGuardToken - { - return new GuardPreAuthenticationGuardToken($credentials, $uniqueGuardKey, $providerKey); - } } diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php b/src/Symfony/Component/Security/Guard/GuardHandler.php similarity index 76% rename from src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php rename to src/Symfony/Component/Security/Guard/GuardHandler.php index 2f16dfa140..73e5a6e882 100644 --- a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php +++ b/src/Symfony/Component/Security/Guard/GuardHandler.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Guard; -use Symfony\Component\Security\Http\Authentication\GuardAuthenticatorHandler as CoreAuthenticatorHandlerAlias; +use Symfony\Component\Security\Http\Authentication\AuthenticatorHandler; /** * A utility class that does much of the *work* during the guard authentication process. @@ -23,6 +23,6 @@ use Symfony\Component\Security\Http\Authentication\GuardAuthenticatorHandler as * * @final */ -class GuardAuthenticatorHandler extends CoreAuthenticatorHandlerAlias +class GuardHandler extends AuthenticatorHandler { } diff --git a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php index 9733584119..246d5173f1 100644 --- a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php @@ -19,7 +19,6 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\User\PasswordUpgraderInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; -use Symfony\Component\Security\Http\Authentication\GuardAuthenticationManagerTrait; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; @@ -29,7 +28,8 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Guard\AuthenticatorInterface; use Symfony\Component\Security\Guard\Token\GuardTokenInterface; -use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; +use Symfony\Component\Security\Guard\Token\PreAuthenticationToken; +use Symfony\Component\Security\Http\Authentication\AuthenticatorManagerTrait; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; /** @@ -40,12 +40,12 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; */ class GuardAuthenticationProvider implements AuthenticationProviderInterface { - use GuardAuthenticationManagerTrait; + use AuthenticatorManagerTrait; /** * @var AuthenticatorInterface[] */ - private $guardAuthenticators; + private $authenticators; private $userProvider; private $providerKey; private $userChecker; @@ -58,7 +58,7 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface */ public function __construct(iterable $guardAuthenticators, UserProviderInterface $userProvider, string $providerKey, UserCheckerInterface $userChecker, UserPasswordEncoderInterface $passwordEncoder = null) { - $this->guardAuthenticators = $guardAuthenticators; + $this->authenticators = $guardAuthenticators; $this->userProvider = $userProvider; $this->providerKey = $providerKey; $this->userChecker = $userChecker; @@ -78,7 +78,7 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface throw new \InvalidArgumentException('GuardAuthenticationProvider only supports GuardTokenInterface.'); } - if (!$token instanceof PreAuthenticationGuardToken) { + if (!$token instanceof PreAuthenticationToken) { /* * The listener *only* passes PreAuthenticationGuardToken instances. * This means that an authenticated token (e.g. PostAuthenticationGuardToken) @@ -101,7 +101,7 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface $guardAuthenticator = $this->findOriginatingAuthenticator($token); if (null === $guardAuthenticator) { - throw new AuthenticationException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators of provider "%s".', $token->getGuardProviderKey(), $this->providerKey)); + throw new AuthenticationException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators of provider "%s".', $token->getAuthenticatorKey(), $this->providerKey)); } return $this->authenticateViaGuard($guardAuthenticator, $token, $this->providerKey); @@ -109,7 +109,7 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface public function supports(TokenInterface $token) { - if ($token instanceof PreAuthenticationGuardToken) { + if ($token instanceof PreAuthenticationToken) { return null !== $this->findOriginatingAuthenticator($token); } @@ -121,12 +121,12 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface $this->rememberMeServices = $rememberMeServices; } - protected function getGuardKey(string $key): string + protected function getAuthenticatorKey(string $key): string { return $this->providerKey.'_'.$key; } - private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, \Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken $token, string $providerKey): TokenInterface + private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, \Symfony\Component\Security\Http\Authenticator\Token\PreAuthenticationToken $token, string $providerKey): TokenInterface { // get the user from the GuardAuthenticator $user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider); diff --git a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php index c5e1c92b89..6504aa1997 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php @@ -18,7 +18,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Guard\AuthenticatorInterface; use Symfony\Component\Security\Guard\Firewall\GuardAuthenticationListener; -use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; +use Symfony\Component\Security\Guard\Token\PreAuthenticationToken; /** * @author Ryan Weaver @@ -53,7 +53,7 @@ class GuardAuthenticationListenerTest extends TestCase // a clone of the token that should be created internally $uniqueGuardKey = 'my_firewall_0'; - $nonAuthedToken = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey); + $nonAuthedToken = new PreAuthenticationToken($credentials, $uniqueGuardKey); $this->authenticationManager ->expects($this->once()) @@ -266,7 +266,9 @@ class GuardAuthenticationListenerTest extends TestCase ->disableOriginalConstructor() ->getMock(); - $this->guardAuthenticatorHandler = $this->getMockBuilder('Symfony\Component\Security\Guard\GuardAuthenticatorHandler') + $this->guardAuthenticatorHandler = $this->getMockBuilder( + 'Symfony\Component\Security\Guard\GuardHandler' + ) ->disableOriginalConstructor() ->getMock(); diff --git a/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php b/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php index e078a6be12..d6dfacca10 100644 --- a/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php @@ -18,7 +18,7 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInt use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Guard\AuthenticatorInterface; -use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; +use Symfony\Component\Security\Guard\GuardHandler; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; @@ -47,7 +47,7 @@ class GuardAuthenticatorHandlerTest extends TestCase ->with($this->equalTo($loginEvent), $this->equalTo(SecurityEvents::INTERACTIVE_LOGIN)) ; - $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher); + $handler = new GuardHandler($this->tokenStorage, $this->dispatcher); $handler->authenticateWithToken($this->token, $this->request); } @@ -60,7 +60,7 @@ class GuardAuthenticatorHandlerTest extends TestCase ->with($this->request, $this->token, $providerKey) ->willReturn($response); - $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher); + $handler = new GuardHandler($this->tokenStorage, $this->dispatcher); $actualResponse = $handler->handleAuthenticationSuccess($this->token, $this->request, $this->guardAuthenticator, $providerKey); $this->assertSame($response, $actualResponse); } @@ -79,7 +79,7 @@ class GuardAuthenticatorHandlerTest extends TestCase ->with($this->request, $authException) ->willReturn($response); - $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher); + $handler = new GuardHandler($this->tokenStorage, $this->dispatcher); $actualResponse = $handler->handleAuthenticationFailure($authException, $this->request, $this->guardAuthenticator, 'firewall_provider_key'); $this->assertSame($response, $actualResponse); } @@ -100,7 +100,7 @@ class GuardAuthenticatorHandlerTest extends TestCase ->with($this->request, $authException) ->willReturn($response); - $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher); + $handler = new GuardHandler($this->tokenStorage, $this->dispatcher); $actualResponse = $handler->handleAuthenticationFailure($authException, $this->request, $this->guardAuthenticator, $actualProviderKey); $this->assertSame($response, $actualResponse); } @@ -124,7 +124,7 @@ class GuardAuthenticatorHandlerTest extends TestCase ->method('setToken') ->with($this->token); - $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher); + $handler = new GuardHandler($this->tokenStorage, $this->dispatcher); $handler->authenticateWithToken($this->token, $this->request); } @@ -136,7 +136,7 @@ class GuardAuthenticatorHandlerTest extends TestCase ->method('onAuthentication') ->with($this->request, $this->token); - $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher); + $handler = new GuardHandler($this->tokenStorage, $this->dispatcher); $handler->setSessionAuthenticationStrategy($this->sessionStrategy); $handler->authenticateWithToken($this->token, $this->request); } @@ -148,7 +148,7 @@ class GuardAuthenticatorHandlerTest extends TestCase $this->sessionStrategy->expects($this->never()) ->method('onAuthentication'); - $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher, ['some_provider_key']); + $handler = new GuardHandler($this->tokenStorage, $this->dispatcher, ['some_provider_key']); $handler->setSessionAuthenticationStrategy($this->sessionStrategy); $handler->authenticateWithToken($this->token, $this->request, 'some_provider_key'); } diff --git a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php index b742046af0..c1bb302f9c 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php @@ -18,7 +18,7 @@ use Symfony\Component\Security\Guard\AuthenticatorInterface; use Symfony\Component\Security\Guard\Provider\GuardAuthenticationProvider; use Symfony\Component\Security\Guard\Token\GuardTokenInterface; use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken; -use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; +use Symfony\Component\Security\Guard\Token\PreAuthenticationToken; /** * @author Ryan Weaver @@ -143,11 +143,11 @@ class GuardAuthenticationProviderTest extends TestCase $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $provider = new GuardAuthenticationProvider($authenticators, $this->userProvider, 'first_firewall', $this->userChecker); - $token = new PreAuthenticationGuardToken($mockedUser, 'first_firewall_1'); + $token = new PreAuthenticationToken($mockedUser, 'first_firewall_1'); $supports = $provider->supports($token); $this->assertTrue($supports); - $token = new PreAuthenticationGuardToken($mockedUser, 'second_firewall_0'); + $token = new PreAuthenticationToken($mockedUser, 'second_firewall_0'); $supports = $provider->supports($token); $this->assertFalse($supports); } @@ -162,7 +162,7 @@ class GuardAuthenticationProviderTest extends TestCase $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $provider = new GuardAuthenticationProvider($authenticators, $this->userProvider, 'first_firewall', $this->userChecker); - $token = new PreAuthenticationGuardToken($mockedUser, 'second_firewall_0'); + $token = new PreAuthenticationToken($mockedUser, 'second_firewall_0'); $provider->authenticate($token); } @@ -170,7 +170,9 @@ class GuardAuthenticationProviderTest extends TestCase { $this->userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock(); $this->userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock(); - $this->preAuthenticationToken = $this->getMockBuilder('Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken') + $this->preAuthenticationToken = $this->getMockBuilder( + 'Symfony\Component\Security\Guard\Token\PreAuthenticationToken' + ) ->disableOriginalConstructor() ->getMock(); } diff --git a/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php b/src/Symfony/Component/Security/Guard/Token/PreAuthenticationToken.php similarity index 71% rename from src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php rename to src/Symfony/Component/Security/Guard/Token/PreAuthenticationToken.php index 69013599f3..1ae9be445e 100644 --- a/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php +++ b/src/Symfony/Component/Security/Guard/Token/PreAuthenticationToken.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Guard\Token; -use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken as CorePreAuthenticationGuardToken; - /** * The token used by the guard auth system before authentication. * @@ -22,6 +20,10 @@ use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardT * * @author Ryan Weaver */ -class PreAuthenticationGuardToken extends CorePreAuthenticationGuardToken implements GuardTokenInterface +class PreAuthenticationToken extends \Symfony\Component\Security\Http\Authenticator\Token\CorePreAuthenticationGuardToken implements GuardTokenInterface { + public function getGuardKey() + { + return $this->getAuthenticatorKey(); + } } diff --git a/src/Symfony/Component/Security/Http/Authentication/GuardAuthenticatorHandler.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorHandler.php similarity index 74% rename from src/Symfony/Component/Security/Http/Authentication/GuardAuthenticatorHandler.php rename to src/Symfony/Component/Security/Http/Authentication/AuthenticatorHandler.php index d930df1896..7a579a9b2c 100644 --- a/src/Symfony/Component/Security/Http/Authentication/GuardAuthenticatorHandler.php +++ b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorHandler.php @@ -13,7 +13,7 @@ namespace Symfony\Component\Security\Http\Authentication; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -25,7 +25,7 @@ use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterfa use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; /** - * A utility class that does much of the *work* during the guard authentication process. + * A utility class that does much of the *work* during the authentication process. * * By having the logic here instead of the listener, more of the process * can be called directly (e.g. for manual authentication) or overridden. @@ -34,7 +34,7 @@ use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; * * @internal */ -class GuardAuthenticatorHandler +class AuthenticatorHandler { private $tokenStorage; private $dispatcher; @@ -66,24 +66,24 @@ class GuardAuthenticatorHandler } /** - * Returns the "on success" response for the given GuardAuthenticator. + * Returns the "on success" response for the given Authenticator. * - * @param AuthenticatorInterface|GuardAuthenticatorInterface $guardAuthenticator + * @param AuthenticatorInterface|GuardAuthenticatorInterface $authenticator */ - public function handleAuthenticationSuccess(TokenInterface $token, Request $request, $guardAuthenticator, string $providerKey): ?Response + public function handleAuthenticationSuccess(TokenInterface $token, Request $request, $authenticator, string $providerKey): ?Response { - if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof GuardAuthenticatorInterface) { - throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); + if (!$authenticator instanceof AuthenticatorInterface && !$authenticator instanceof GuardAuthenticatorInterface) { + throw new \UnexpectedValueException('Invalid authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); } - $response = $guardAuthenticator->onAuthenticationSuccess($request, $token, $providerKey); + $response = $authenticator->onAuthenticationSuccess($request, $token, $providerKey); // check that it's a Response or null if ($response instanceof Response || null === $response) { return $response; } - throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationSuccess()" method must return null or a Response object. You returned "%s".', \get_class($guardAuthenticator), get_debug_type($response))); + throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationSuccess()" method must return null or a Response object. You returned "%s".', \get_class($authenticator), \is_object($response) ? \get_class($response) : \gettype($response))); } /** @@ -95,7 +95,7 @@ class GuardAuthenticatorHandler public function authenticateUserAndHandleSuccess(UserInterface $user, Request $request, $authenticator, string $providerKey): ?Response { if (!$authenticator instanceof AuthenticatorInterface && !$authenticator instanceof GuardAuthenticatorInterface) { - throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); + throw new \UnexpectedValueException('Invalid authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); } // create an authenticated token for the User @@ -111,21 +111,21 @@ class GuardAuthenticatorHandler * Handles an authentication failure and returns the Response for the * GuardAuthenticator. * - * @param AuthenticatorInterface|GuardAuthenticatorInterface $guardAuthenticator + * @param AuthenticatorInterface|GuardAuthenticatorInterface $authenticator */ - public function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, $guardAuthenticator, string $providerKey): ?Response + public function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, $authenticator, string $providerKey): ?Response { - if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof GuardAuthenticatorInterface) { - throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); + if (!$authenticator instanceof AuthenticatorInterface && !$authenticator instanceof GuardAuthenticatorInterface) { + throw new \UnexpectedValueException('Invalid authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); } - $response = $guardAuthenticator->onAuthenticationFailure($request, $authenticationException); + $response = $authenticator->onAuthenticationFailure($request, $authenticationException); if ($response instanceof Response || null === $response) { // returning null is ok, it means they want the request to continue return $response; } - throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationFailure()" method must return null or a Response object. You returned "%s".', \get_class($guardAuthenticator), get_debug_type($response))); + throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationFailure()" method must return null or a Response object. You returned "%s".', \get_class($authenticator), get_debug_type($response))); } /** diff --git a/src/Symfony/Component/Security/Http/Authentication/GuardAuthenticationManager.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php similarity index 78% rename from src/Symfony/Component/Security/Http/Authentication/GuardAuthenticationManager.php rename to src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php index 29bb5476ed..39208002b0 100644 --- a/src/Symfony/Component/Security/Http/Authentication/GuardAuthenticationManager.php +++ b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php @@ -15,8 +15,8 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterfac use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface; -use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\Token\PreAuthenticationToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\AuthenticationEvents; use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent; @@ -33,20 +33,20 @@ use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; * * @experimental in 5.1 */ -class GuardAuthenticationManager implements AuthenticationManagerInterface +class AuthenticatorManager implements AuthenticationManagerInterface { - use GuardAuthenticationManagerTrait; + use AuthenticatorManagerTrait; - private $guardAuthenticators; + private $authenticators; private $eventDispatcher; private $eraseCredentials; /** - * @param iterable|AuthenticatorInterface[] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationListener + * @param AuthenticatorInterface[] $authenticators The authenticators, with keys that match what's passed to AuthenticatorManagerListener */ - public function __construct(iterable $guardAuthenticators, EventDispatcherInterface $eventDispatcher, bool $eraseCredentials = true) + public function __construct(iterable $authenticators, EventDispatcherInterface $eventDispatcher, bool $eraseCredentials = true) { - $this->guardAuthenticators = $guardAuthenticators; + $this->authenticators = $authenticators; $this->eventDispatcher = $eventDispatcher; $this->eraseCredentials = $eraseCredentials; } @@ -58,10 +58,10 @@ class GuardAuthenticationManager implements AuthenticationManagerInterface public function authenticate(TokenInterface $token) { - if (!$token instanceof PreAuthenticationGuardToken) { + if (!$token instanceof PreAuthenticationToken) { /* - * The listener *only* passes PreAuthenticationGuardToken instances. - * This means that an authenticated token (e.g. PostAuthenticationGuardToken) + * The listener *only* passes PreAuthenticationToken instances. + * This means that an authenticated token (e.g. PostAuthenticationToken) * is being passed here, which happens if that token becomes * "not authenticated" (e.g. happens if the user changes between * requests). In this case, the user should be logged out. @@ -77,13 +77,13 @@ class GuardAuthenticationManager implements AuthenticationManagerInterface throw new AuthenticationExpiredException(); } - $guard = $this->findOriginatingAuthenticator($token); - if (null === $guard) { - $this->handleFailure(new ProviderNotFoundException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators.', $token->getGuardProviderKey())), $token); + $authenticator = $this->findOriginatingAuthenticator($token); + if (null === $authenticator) { + $this->handleFailure(new ProviderNotFoundException(sprintf('Token with provider key "%s" did not originate from any of the authenticators.', $token->getAuthenticatorKey())), $token); } try { - $result = $this->authenticateViaGuard($guard, $token, $token->getProviderKey()); + $result = $this->authenticateViaAuthenticator($authenticator, $token, $token->getProviderKey()); } catch (AuthenticationException $exception) { $this->handleFailure($exception, $token); } @@ -101,14 +101,14 @@ class GuardAuthenticationManager implements AuthenticationManagerInterface return $result; } - protected function getGuardKey(string $key): string + protected function getAuthenticatorKey(string $key): string { - // Guard authenticators in the GuardAuthenticationManager are already indexed + // Authenticators in the AuthenticatorManager are already indexed // by an unique key return $key; } - private function authenticateViaGuard(AuthenticatorInterface $authenticator, PreAuthenticationGuardToken $token, string $providerKey): TokenInterface + private function authenticateViaAuthenticator(AuthenticatorInterface $authenticator, PreAuthenticationToken $token, string $providerKey): TokenInterface { // get the user from the Authenticator $user = $authenticator->getUser($token->getCredentials()); diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManagerTrait.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManagerTrait.php new file mode 100644 index 0000000000..b1df45daab --- /dev/null +++ b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManagerTrait.php @@ -0,0 +1,46 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Authentication; + +use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface as CoreAuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\Token\PreAuthenticationToken; + +/** + * @author Ryan Weaver + * + * @internal + */ +trait AuthenticatorManagerTrait +{ + /** + * @return CoreAuthenticatorInterface|GuardAuthenticatorInterface|null + */ + private function findOriginatingAuthenticator(PreAuthenticationToken $token) + { + // find the *one* Authenticator that this token originated from + foreach ($this->authenticators as $key => $authenticator) { + // get a key that's unique to *this* authenticator + // this MUST be the same as AuthenticatorManagerListener + $uniqueAuthenticatorKey = $this->getAuthenticatorKey($key); + + if ($uniqueAuthenticatorKey === $token->getAuthenticatorKey()) { + return $authenticator; + } + } + + // no matching authenticator found + return null; + } + + abstract protected function getAuthenticatorKey(string $key): string; +} diff --git a/src/Symfony/Component/Security/Http/Authentication/GuardAuthenticationManagerTrait.php b/src/Symfony/Component/Security/Http/Authentication/GuardAuthenticationManagerTrait.php deleted file mode 100644 index 3808d79be1..0000000000 --- a/src/Symfony/Component/Security/Http/Authentication/GuardAuthenticationManagerTrait.php +++ /dev/null @@ -1,55 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Http\Authentication; - -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface as CoreAuthenticatorInterface; -use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Exception\BadCredentialsException; -use Symfony\Component\Security\Core\Exception\LogicException; -use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; -use Symfony\Component\Security\Core\User\PasswordUpgraderInterface; -use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Guard\AuthenticatorInterface; -use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; - -/** - * @author Ryan Weaver - * - * @internal - */ -trait GuardAuthenticationManagerTrait -{ - /** - * @return CoreAuthenticatorInterface|\Symfony\Component\Security\Guard\AuthenticatorInterface|null - */ - private function findOriginatingAuthenticator(PreAuthenticationGuardToken $token) - { - // find the *one* GuardAuthenticator that this token originated from - foreach ($this->guardAuthenticators as $key => $guardAuthenticator) { - // get a key that's unique to *this* guard authenticator - // this MUST be the same as GuardAuthenticationListener - $uniqueGuardKey = $this->getGuardKey($key); - - if ($uniqueGuardKey === $token->getGuardProviderKey()) { - return $guardAuthenticator; - } - } - - // no matching authenticator found - but there will be multiple GuardAuthenticationProvider - // instances that will be checked if you have multiple firewalls. - - return null; - } - - abstract protected function getGuardKey(string $key): string; -} diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AbstractAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/AbstractAuthenticator.php similarity index 68% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/AbstractAuthenticator.php rename to src/Symfony/Component/Security/Http/Authenticator/AbstractAuthenticator.php index ce22dce368..0301a97110 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AbstractAuthenticator.php +++ b/src/Symfony/Component/Security/Http/Authenticator/AbstractAuthenticator.php @@ -9,11 +9,11 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Http\Authentication\Authenticator; +namespace Symfony\Component\Security\Http\Authenticator; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken; +use Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken; /** * An optional base class that creates the necessary tokens for you. @@ -25,13 +25,13 @@ use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken; abstract class AbstractAuthenticator implements AuthenticatorInterface { /** - * Shortcut to create a PostAuthenticationGuardToken for you, if you don't really + * Shortcut to create a PostAuthenticationToken for you, if you don't really * care about which authenticated token you're using. * - * @return PostAuthenticationGuardToken + * @return PostAuthenticationToken */ public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface { - return new PostAuthenticationGuardToken($user, $providerKey, $user->getRoles()); + return new PostAuthenticationToken($user, $providerKey, $user->getRoles()); } } diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AbstractFormLoginAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/AbstractLoginFormAuthenticator.php similarity index 92% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/AbstractFormLoginAuthenticator.php rename to src/Symfony/Component/Security/Http/Authenticator/AbstractLoginFormAuthenticator.php index 5cc2f95414..07c71b1c3b 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AbstractFormLoginAuthenticator.php +++ b/src/Symfony/Component/Security/Http/Authenticator/AbstractLoginFormAuthenticator.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Http\Authentication\Authenticator; +namespace Symfony\Component\Security\Http\Authenticator; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; @@ -25,7 +25,7 @@ use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface * * @experimental in 5.1 */ -abstract class AbstractFormLoginAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface +abstract class AbstractLoginFormAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface { /** * Return the URL to the login page. diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AnonymousAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/AnonymousAuthenticator.php similarity index 96% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/AnonymousAuthenticator.php rename to src/Symfony/Component/Security/Http/Authenticator/AnonymousAuthenticator.php index c6b9427fce..202da3b026 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AnonymousAuthenticator.php +++ b/src/Symfony/Component/Security/Http/Authenticator/AnonymousAuthenticator.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Http\Authentication\Authenticator; +namespace Symfony\Component\Security\Http\Authenticator; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AuthenticatorInterface.php b/src/Symfony/Component/Security/Http/Authenticator/AuthenticatorInterface.php similarity index 98% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/AuthenticatorInterface.php rename to src/Symfony/Component/Security/Http/Authenticator/AuthenticatorInterface.php index e2ca2e2e0c..5530eb32dd 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/AuthenticatorInterface.php +++ b/src/Symfony/Component/Security/Http/Authenticator/AuthenticatorInterface.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Http\Authentication\Authenticator; +namespace Symfony\Component\Security\Http\Authenticator; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/CustomAuthenticatedInterface.php b/src/Symfony/Component/Security/Http/Authenticator/CustomAuthenticatedInterface.php similarity index 73% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/CustomAuthenticatedInterface.php rename to src/Symfony/Component/Security/Http/Authenticator/CustomAuthenticatedInterface.php index 69ec6da097..79b995e55f 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/CustomAuthenticatedInterface.php +++ b/src/Symfony/Component/Security/Http/Authenticator/CustomAuthenticatedInterface.php @@ -1,6 +1,15 @@ + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Authenticator; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/FormLoginAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php similarity index 94% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/FormLoginAuthenticator.php rename to src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php index acdb5e257a..75bac9bd90 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/FormLoginAuthenticator.php +++ b/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php @@ -9,22 +9,18 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Http\Authentication\Authenticator; +namespace Symfony\Component\Security\Http\Authenticator; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; -use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; -use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; -use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Http\ParameterBagUtils; use Symfony\Component\Security\Http\Util\TargetPathTrait; @@ -36,7 +32,7 @@ use Symfony\Component\Security\Http\Util\TargetPathTrait; * @final * @experimental in 5.1 */ -class FormLoginAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface +class FormLoginAuthenticator extends AbstractLoginFormAuthenticator implements PasswordAuthenticatedInterface { use TargetPathTrait; diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/HttpBasicAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/HttpBasicAuthenticator.php similarity index 95% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/HttpBasicAuthenticator.php rename to src/Symfony/Component/Security/Http/Authenticator/HttpBasicAuthenticator.php index c3ff43f01c..51ad3339b7 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/HttpBasicAuthenticator.php +++ b/src/Symfony/Component/Security/Http/Authenticator/HttpBasicAuthenticator.php @@ -9,7 +9,7 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Http\Authentication\Authenticator; +namespace Symfony\Component\Security\Http\Authenticator; use Psr\Log\LoggerInterface; use Symfony\Component\HttpFoundation\Request; @@ -20,7 +20,6 @@ use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; /** diff --git a/src/Symfony/Component/Security/Http/Authenticator/PasswordAuthenticatedInterface.php b/src/Symfony/Component/Security/Http/Authenticator/PasswordAuthenticatedInterface.php new file mode 100644 index 0000000000..7386fc3373 --- /dev/null +++ b/src/Symfony/Component/Security/Http/Authenticator/PasswordAuthenticatedInterface.php @@ -0,0 +1,31 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Authenticator; + +/** + * This interface should be implemented when the authenticator + * uses a password to authenticate. + * + * The EncoderFactory will be used to automatically validate + * the password. + * + * @author Wouter de Jong + */ +interface PasswordAuthenticatedInterface +{ + /** + * Returns the clear-text password contained in credentials if any. + * + * @param mixed $credentials The user credentials + */ + public function getPassword($credentials): ?string; +} diff --git a/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php b/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php new file mode 100644 index 0000000000..3525fa4765 --- /dev/null +++ b/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php @@ -0,0 +1,71 @@ +setUser($user); + $this->providerKey = $providerKey; + + // this token is meant to be used after authentication success, so it is always authenticated + // you could set it as non authenticated later if you need to + $this->setAuthenticated(true); + } + + /** + * This is meant to be only an authenticated token, where credentials + * have already been used and are thus cleared. + * + * {@inheritdoc} + */ + public function getCredentials() + { + return []; + } + + /** + * Returns the provider (firewall) key. + * + * @return string + */ + public function getProviderKey() + { + return $this->providerKey; + } + + /** + * {@inheritdoc} + */ + public function __serialize(): array + { + return [$this->providerKey, parent::__serialize()]; + } + + /** + * {@inheritdoc} + */ + public function __unserialize(array $data): void + { + [$this->providerKey, $parentData] = $data; + parent::__unserialize($parentData); + } +} diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticationGuardToken.php b/src/Symfony/Component/Security/Http/Authenticator/Token/PreAuthenticationToken.php similarity index 52% rename from src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticationGuardToken.php rename to src/Symfony/Component/Security/Http/Authenticator/Token/PreAuthenticationToken.php index b19b82e066..27daf7f8ba 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticationGuardToken.php +++ b/src/Symfony/Component/Security/Http/Authenticator/Token/PreAuthenticationToken.php @@ -9,32 +9,34 @@ * file that was distributed with this source code. */ -namespace Symfony\Component\Security\Core\Authentication\Token; +namespace Symfony\Component\Security\Http\Authenticator\Token; + +use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; /** - * The token used by the guard auth system before authentication. + * The token used by the authenticator system before authentication. * - * The GuardAuthenticationListener creates this, which is then consumed - * immediately by the GuardAuthenticationProvider. If authentication is + * The AuthenticatorManagerListener creates this, which is then consumed + * immediately by the AuthenticatorManager. If authentication is * successful, a different authenticated token is returned * * @author Ryan Weaver */ -class PreAuthenticationGuardToken extends AbstractToken +class PreAuthenticationToken extends AbstractToken { private $credentials; - private $guardProviderKey; + private $authenticatorProviderKey; private $providerKey; /** * @param mixed $credentials - * @param string $guardProviderKey Unique key that bind this token to a specific AuthenticatorInterface - * @param string|null $providerKey The general provider key (when using with HTTP, this is the firewall name) + * @param string $authenticatorProviderKey Unique key that bind this token to a specific AuthenticatorInterface + * @param string|null $providerKey The general provider key (when using with HTTP, this is the firewall name) */ - public function __construct($credentials, string $guardProviderKey, ?string $providerKey = null) + public function __construct($credentials, string $authenticatorProviderKey, ?string $providerKey = null) { $this->credentials = $credentials; - $this->guardProviderKey = $guardProviderKey; + $this->authenticatorProviderKey = $authenticatorProviderKey; $this->providerKey = $providerKey; parent::__construct([]); @@ -48,9 +50,9 @@ class PreAuthenticationGuardToken extends AbstractToken return $this->providerKey; } - public function getGuardProviderKey() + public function getAuthenticatorKey() { - return $this->guardProviderKey; + return $this->authenticatorProviderKey; } /** @@ -66,6 +68,6 @@ class PreAuthenticationGuardToken extends AbstractToken public function setAuthenticated(bool $authenticated) { - throw new \LogicException('The PreAuthenticationGuardToken is *never* authenticated.'); + throw new \LogicException('The PreAuthenticationToken is *never* authenticated.'); } } diff --git a/src/Symfony/Component/Security/Http/Authentication/Authenticator/TokenAuthenticatedInterface.php b/src/Symfony/Component/Security/Http/Authenticator/TokenAuthenticatedInterface.php similarity index 67% rename from src/Symfony/Component/Security/Http/Authentication/Authenticator/TokenAuthenticatedInterface.php rename to src/Symfony/Component/Security/Http/Authenticator/TokenAuthenticatedInterface.php index 4630c57ae9..88d0d7f965 100644 --- a/src/Symfony/Component/Security/Http/Authentication/Authenticator/TokenAuthenticatedInterface.php +++ b/src/Symfony/Component/Security/Http/Authenticator/TokenAuthenticatedInterface.php @@ -1,6 +1,15 @@ + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Authenticator; /** * This interface should be implemented when the authenticator diff --git a/src/Symfony/Component/Security/Http/Event/LoginFailureEvent.php b/src/Symfony/Component/Security/Http/Event/LoginFailureEvent.php index 6a5cf03e01..bc4e551e91 100644 --- a/src/Symfony/Component/Security/Http/Event/LoginFailureEvent.php +++ b/src/Symfony/Component/Security/Http/Event/LoginFailureEvent.php @@ -5,7 +5,7 @@ namespace Symfony\Component\Security\Http\Event; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Contracts\EventDispatcher\Event; /** diff --git a/src/Symfony/Component/Security/Http/Event/LoginSuccessEvent.php b/src/Symfony/Component/Security/Http/Event/LoginSuccessEvent.php index de93b3a78c..22e11a8c87 100644 --- a/src/Symfony/Component/Security/Http/Event/LoginSuccessEvent.php +++ b/src/Symfony/Component/Security/Http/Event/LoginSuccessEvent.php @@ -5,7 +5,7 @@ namespace Symfony\Component\Security\Http\Event; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Contracts\EventDispatcher\Event; /** diff --git a/src/Symfony/Component/Security/Http/Event/VerifyAuthenticatorCredentialsEvent.php b/src/Symfony/Component/Security/Http/Event/VerifyAuthenticatorCredentialsEvent.php index 173f448048..87bcb56a8b 100644 --- a/src/Symfony/Component/Security/Http/Event/VerifyAuthenticatorCredentialsEvent.php +++ b/src/Symfony/Component/Security/Http/Event/VerifyAuthenticatorCredentialsEvent.php @@ -4,7 +4,7 @@ namespace Symfony\Component\Security\Http\Event; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Contracts\EventDispatcher\Event; /** diff --git a/src/Symfony/Component/Security/Http/EventListener/AuthenticatingListener.php b/src/Symfony/Component/Security/Http/EventListener/AuthenticatingListener.php index 738142bc05..086eb92431 100644 --- a/src/Symfony/Component/Security/Http/EventListener/AuthenticatingListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/AuthenticatingListener.php @@ -5,9 +5,9 @@ namespace Symfony\Component\Security\Http\EventListener; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\Exception\LogicException; -use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; -use Symfony\Component\Security\Http\Authentication\Authenticator\CustomAuthenticatedInterface; -use Symfony\Component\Security\Http\Authentication\Authenticator\TokenAuthenticatedInterface; +use Symfony\Component\Security\Http\Authenticator\CustomAuthenticatedInterface; +use Symfony\Component\Security\Http\Authenticator\PasswordAuthenticatedInterface; +use Symfony\Component\Security\Http\Authenticator\TokenAuthenticatedInterface; use Symfony\Component\Security\Http\Event\VerifyAuthenticatorCredentialsEvent; /** diff --git a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php index f981c983fe..b57605e551 100644 --- a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php @@ -6,7 +6,7 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; use Symfony\Component\Security\Core\User\PasswordUpgraderInterface; use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; +use Symfony\Component\Security\Http\Authenticator\PasswordAuthenticatedInterface; use Symfony\Component\Security\Http\Event\VerifyAuthenticatorCredentialsEvent; /** @@ -32,7 +32,7 @@ class PasswordMigratingListener implements EventSubscriberInterface } $authenticator = $event->getAuthenticator(); - if (!$authenticator instanceof PasswordAuthenticatedInterface) { + if (!$authenticator instanceof PasswordAuthenticatedInterface || !$authenticator instanceof PasswordUpgraderInterface) { return; } @@ -51,10 +51,6 @@ class PasswordMigratingListener implements EventSubscriberInterface return; } - if (!$authenticator instanceof PasswordUpgraderInterface) { - return; - } - $authenticator->upgradePassword($user, $passwordEncoder->encodePassword($user, $password)); } diff --git a/src/Symfony/Component/Security/Http/EventListener/RememberMeListener.php b/src/Symfony/Component/Security/Http/EventListener/RememberMeListener.php index 9e612d7778..882258b1a6 100644 --- a/src/Symfony/Component/Security/Http/EventListener/RememberMeListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/RememberMeListener.php @@ -4,7 +4,7 @@ namespace Symfony\Component\Security\Http\EventListener; use Psr\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Component\Security\Http\Event\LoginFailureEvent; use Symfony\Component\Security\Http\Event\LoginSuccessEvent; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; diff --git a/src/Symfony/Component/Security/Http/Firewall/GuardManagerListener.php b/src/Symfony/Component/Security/Http/Firewall/AuthenticatorManagerListener.php similarity index 72% rename from src/Symfony/Component/Security/Http/Firewall/GuardManagerListener.php rename to src/Symfony/Component/Security/Http/Firewall/AuthenticatorManagerListener.php index 71a448384d..6c7cf10ff9 100644 --- a/src/Symfony/Component/Security/Http/Firewall/GuardManagerListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AuthenticatorManagerListener.php @@ -13,15 +13,13 @@ namespace Symfony\Component\Security\Http\Firewall; use Psr\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; -use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\RequestEvent; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface; -use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken; -use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; +use Symfony\Component\Security\Http\Authentication\AuthenticatorHandler; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\Token\PreAuthenticationToken; use Symfony\Component\Security\Http\Event\LoginFailureEvent; use Symfony\Component\Security\Http\Event\LoginSuccessEvent; @@ -32,25 +30,25 @@ use Symfony\Component\Security\Http\Event\LoginSuccessEvent; * * @experimental in 5.1 */ -class GuardManagerListener +class AuthenticatorManagerListener { - use GuardManagerListenerTrait; + use AuthenticatorManagerListenerTrait; private $authenticationManager; - private $guardHandler; - private $guardAuthenticators; + private $authenticatorHandler; + private $authenticators; protected $providerKey; private $eventDispatcher; protected $logger; /** - * @param AuthenticatorInterface[] $guardAuthenticators + * @param AuthenticatorInterface[] $authenticators */ - public function __construct(AuthenticationManagerInterface $authenticationManager, GuardAuthenticatorHandler $guardHandler, iterable $guardAuthenticators, string $providerKey, EventDispatcherInterface $eventDispatcher, ?LoggerInterface $logger = null) + public function __construct(AuthenticationManagerInterface $authenticationManager, AuthenticatorHandler $authenticatorHandler, iterable $authenticators, string $providerKey, EventDispatcherInterface $eventDispatcher, ?LoggerInterface $logger = null) { $this->authenticationManager = $authenticationManager; - $this->guardHandler = $guardHandler; - $this->guardAuthenticators = $guardAuthenticators; + $this->authenticatorHandler = $authenticatorHandler; + $this->authenticators = $authenticators; $this->providerKey = $providerKey; $this->logger = $logger; $this->eventDispatcher = $eventDispatcher; @@ -59,12 +57,12 @@ class GuardManagerListener public function __invoke(RequestEvent $requestEvent) { $request = $requestEvent->getRequest(); - $guardAuthenticators = $this->getSupportingGuardAuthenticators($request); - if (!$guardAuthenticators) { + $authenticators = $this->getSupportingAuthenticators($request); + if (!$authenticators) { return; } - $this->executeAuthenticators($guardAuthenticators, $requestEvent); + $this->executeAuthenticators($authenticators, $requestEvent); } /** @@ -72,12 +70,12 @@ class GuardManagerListener */ protected function executeAuthenticators(array $authenticators, RequestEvent $event): void { - foreach ($authenticators as $key => $guardAuthenticator) { - $this->executeAuthenticator($key, $guardAuthenticator, $event); + foreach ($authenticators as $key => $authenticator) { + $this->executeAuthenticator($key, $authenticator, $event); if ($event->hasResponse()) { if (null !== $this->logger) { - $this->logger->debug('The "{authenticator}" authenticator set the response. Any later authenticator will not be called', ['authenticator' => \get_class($guardAuthenticator)]); + $this->logger->debug('The "{authenticator}" authenticator set the response. Any later authenticator will not be called', ['authenticator' => \get_class($authenticator)]); } break; @@ -101,7 +99,7 @@ class GuardManagerListener } // create a token with the unique key, so that the provider knows which authenticator to use - $token = $this->createPreAuthenticatedToken($credentials, $uniqueAuthenticatorKey, $this->providerKey); + $token = new PreAuthenticationToken($credentials, $uniqueAuthenticatorKey, $uniqueAuthenticatorKey); if (null !== $this->logger) { $this->logger->debug('Passing token information to the AuthenticatorManager', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]); @@ -115,7 +113,7 @@ class GuardManagerListener } // sets the token on the token storage, etc - $this->guardHandler->authenticateWithToken($token, $request, $this->providerKey); + $this->authenticatorHandler->authenticateWithToken($token, $request, $this->providerKey); } catch (AuthenticationException $e) { // oh no! Authentication failed! @@ -123,7 +121,7 @@ class GuardManagerListener $this->logger->info('Authenticator failed.', ['exception' => $e, 'authenticator' => \get_class($authenticator)]); } - $response = $this->guardHandler->handleAuthenticationFailure($e, $request, $authenticator, $this->providerKey); + $response = $this->authenticatorHandler->handleAuthenticationFailure($e, $request, $authenticator, $this->providerKey); if ($response instanceof Response) { $event->setResponse($response); @@ -135,7 +133,7 @@ class GuardManagerListener } // success! - $response = $this->guardHandler->handleAuthenticationSuccess($token, $request, $authenticator, $this->providerKey); + $response = $this->authenticatorHandler->handleAuthenticationSuccess($token, $request, $authenticator, $this->providerKey); if ($response instanceof Response) { if (null !== $this->logger) { $this->logger->debug('Authenticator set success response.', ['response' => $response, 'authenticator' => \get_class($authenticator)]); @@ -150,9 +148,4 @@ class GuardManagerListener $this->eventDispatcher->dispatch(new LoginSuccessEvent($authenticator, $token, $request, $response, $this->providerKey)); } - - protected function createPreAuthenticatedToken($credentials, string $uniqueAuthenticatorKey, string $providerKey): PreAuthenticationGuardToken - { - return new PreAuthenticationGuardToken($credentials, $uniqueAuthenticatorKey, $providerKey); - } } diff --git a/src/Symfony/Component/Security/Http/Firewall/AuthenticatorManagerListenerTrait.php b/src/Symfony/Component/Security/Http/Firewall/AuthenticatorManagerListenerTrait.php new file mode 100644 index 0000000000..046c5ef493 --- /dev/null +++ b/src/Symfony/Component/Security/Http/Firewall/AuthenticatorManagerListenerTrait.php @@ -0,0 +1,41 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Firewall; + +use Symfony\Component\HttpFoundation\Request; + +/** + * @author Ryan Weaver + * @author Amaury Leroux de Lens + * + * @internal + */ +trait AuthenticatorManagerListenerTrait +{ + protected function getSupportingAuthenticators(Request $request): array + { + $authenticators = []; + foreach ($this->authenticators as $key => $authenticator) { + if (null !== $this->logger) { + $this->logger->debug('Checking support on authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]); + } + + if ($authenticator->supports($request)) { + $authenticators[$key] = $authenticator; + } elseif (null !== $this->logger) { + $this->logger->debug('Authenticator does not support the request.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]); + } + } + + return $authenticators; + } +} diff --git a/src/Symfony/Component/Security/Http/Firewall/GuardManagerListenerTrait.php b/src/Symfony/Component/Security/Http/Firewall/GuardManagerListenerTrait.php deleted file mode 100644 index a1cf6880ad..0000000000 --- a/src/Symfony/Component/Security/Http/Firewall/GuardManagerListenerTrait.php +++ /dev/null @@ -1,50 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Http\Firewall; - -use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\HttpKernel\Event\RequestEvent; -use Symfony\Component\Security\Http\Authentication\Authenticator\AuthenticatorInterface as CoreAuthenticatorInterface; -use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticationGuardToken; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Guard\AuthenticatorInterface; - -/** - * @author Ryan Weaver - * @author Amaury Leroux de Lens - * - * @internal - */ -trait GuardManagerListenerTrait -{ - protected function getSupportingGuardAuthenticators(Request $request): array - { - $guardAuthenticators = []; - foreach ($this->guardAuthenticators as $key => $guardAuthenticator) { - if (null !== $this->logger) { - $this->logger->debug('Checking support on guard authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); - } - - if ($guardAuthenticator->supports($request)) { - $guardAuthenticators[$key] = $guardAuthenticator; - } elseif (null !== $this->logger) { - $this->logger->debug('Guard authenticator does not support the request.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); - } - } - - return $guardAuthenticators; - } - - abstract protected function createPreAuthenticatedToken($credentials, string $uniqueGuardKey, string $providerKey): PreAuthenticationGuardToken; -}