diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Move default authentication failure handling strategy to seperate class

Browse Source 
[Security] Update configuration for changes regarding default failure handler
[Security] Fixes + add AbstractFactory test for failure handler
This commit is contained in:
Alexander 2012-06-20 08:50:59 +02:00
parent c6aa392df7
commit 915704c071
7 changed files with 166 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
View File

@ -28,19 +28,23 @@ abstract class AbstractFactory implements SecurityFactoryInterface
{ {
protected $options = array( protected $options = array(
'check_path' => '/login_check', 'check_path' => '/login_check',
'login_path' => '/login',
'use_forward' => false, 'use_forward' => false,
'failure_path' => null,
'failure_forward' => false,
); );
protected $defaultSuccessHandlerOptions = array( protected $defaultSuccessHandlerOptions = array(
'always_use_default_target_path' => false, 'always_use_default_target_path' => false,
'default_target_path' => '/', 'default_target_path' => '/',
'login_path' => '/login',
'target_path_parameter' => '_target_path', 'target_path_parameter' => '_target_path',
'use_referer' => false, 'use_referer' => false,
); );
protected $defaultFailureHandlerOptions = array(
'failure_path' => null,
'failure_forward' => false,
'login_path' => '/login',
);
public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId) public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId)
{ {
// authentication provider // authentication provider
@ -74,7 +78,7 @@ abstract class AbstractFactory implements SecurityFactoryInterface
->scalarNode('failure_handler')->end() ->scalarNode('failure_handler')->end()
; ;
foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions) as $name => $default) { foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions, $this->defaultFailureHandlerOptions) as $name => $default) {
if (is_bool($default)) { if (is_bool($default)) {
$builder->booleanNode($name)->defaultValue($default); $builder->booleanNode($name)->defaultValue($default);
} else { } else {
@ -153,12 +157,8 @@ abstract class AbstractFactory implements SecurityFactoryInterface
$listener = new DefinitionDecorator($listenerId); $listener = new DefinitionDecorator($listenerId);
$listener->replaceArgument(4, $id); $listener->replaceArgument(4, $id);
$listener->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config))); $listener->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)));
$listener->replaceArgument(6, array_intersect_key($config, $this->options)); $listener->replaceArgument(6, new Reference($this->createAuthenticationFailureHandler($container, $id, $config)));
$listener->replaceArgument(7, array_intersect_key($config, $this->options));
// failure handler
if (isset($config['failure_handler'])) {
$listener->replaceArgument(7, new Reference($config['failure_handler']));
}
$listenerId .= '.'.$id; $listenerId .= '.'.$id;
$container->setDefinition($listenerId, $listener); $container->setDefinition($listenerId, $listener);
@ -181,4 +181,19 @@ abstract class AbstractFactory implements SecurityFactoryInterface
return $id; return $id;
} }
protected function createAuthenticationFailureHandler($container, $id, $config)
{
if (isset($config['failure_handler'])) {
return $config['failure_handler'];
}
$id = 'security.authentication.failure_handler.'.$id;
$failureHandler = $container->setDefinition($id, new DefinitionDecorator('security.authentication.failure_handler'));
$failureHandler->replaceArgument(2, array_intersect_key($config, $this->defaultFailureHandlerOptions));
return $id;
}
} }

10
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
View File

@ -39,6 +39,7 @@
<parameter key="security.authentication.provider.anonymous.class">Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider</parameter> <parameter key="security.authentication.provider.anonymous.class">Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider</parameter>
<parameter key="security.authentication.success_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler</parameter> <parameter key="security.authentication.success_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler</parameter>
<parameter key="security.authentication.failure_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler</parameter>
</parameters> </parameters>
<services> <services>
@ -101,8 +102,8 @@
<argument type="service" id="security.http_utils" /> <argument type="service" id="security.http_utils" />
<argument /> <argument />
<argument type="service" id="security.authentication.success_handler" /> <argument type="service" id="security.authentication.success_handler" />
<argument type="service" id="security.authentication.failure_handler" />
<argument type="collection"></argument> <argument type="collection"></argument>
<argument type="service" id="security.authentication.failure_handler" on-invalid="null" />
<argument type="service" id="logger" on-invalid="null" /> <argument type="service" id="logger" on-invalid="null" />
<argument type="service" id="event_dispatcher" on-invalid="null" /> <argument type="service" id="event_dispatcher" on-invalid="null" />
</service> </service>
@ -112,6 +113,13 @@
<argument /> <argument />
</service> </service>
<service id="security.authentication.failure_handler" class="%security.authentication.failure_handler.class%" abstract="true" public="false">
<argument type="service" id="http_kernel" />
<argument type="service" id="security.http_utils" />
<argument />
<argument type="service" id="logger" on-invalid="null" />
</service>
<service id="security.authentication.listener.form" <service id="security.authentication.listener.form"
class="%security.authentication.listener.form.class%" class="%security.authentication.listener.form.class%"
parent="security.authentication.listener.abstract" parent="security.authentication.listener.abstract"

20
src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/AbstractFactoryTest.php
View File

@ -21,7 +21,7 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
list($container, list($container,
$authProviderId, $authProviderId,
$listenerId, $listenerId,
$entryPointId) = $this->callFactory('foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'foo', 'remember_me' => true), 'user_provider', 'entry_point'); $entryPointId) = $this->callFactory('foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'qux', 'failure_handler' => 'bar', 'remember_me' => true), 'user_provider', 'entry_point');
// auth provider // auth provider
$this->assertEquals('auth_provider', $authProviderId); $this->assertEquals('auth_provider', $authProviderId);
@ -32,10 +32,10 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
$definition = $container->getDefinition('abstract_listener.foo'); $definition = $container->getDefinition('abstract_listener.foo');
$this->assertEquals(array( $this->assertEquals(array(
'index_4' => 'foo', 'index_4' => 'foo',
'index_5' => new Reference('foo'), 'index_5' => new Reference('qux'),
'index_6' => array( 'index_6' => new Reference('bar'),
'index_7' => array(
'use_forward' => true, 'use_forward' => true,
'failure_path' => '/foo',
), ),
), $definition->getArguments()); ), $definition->getArguments());
@ -43,6 +43,18 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
$this->assertEquals('entry_point', $entryPointId, '->create() does not change the default entry point.'); $this->assertEquals('entry_point', $entryPointId, '->create() does not change the default entry point.');
} }
public function testDefaultFailureHandler()
{
list($container,
$authProviderId,
$listenerId,
$entryPointId) = $this->callFactory('foo', array('remember_me' => true), 'user_provider', 'entry_point');
$definition = $container->getDefinition('abstract_listener.foo');
$arguments = $definition->getArguments();
$this->assertEquals(new Reference('security.authentication.failure_handler.foo'), $arguments['index_6']);
}
public function testDefaultSuccessHandler() public function testDefaultSuccessHandler()
{ {
list($container, list($container,

100
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php Normal file
View File

@ -0,0 +1,100 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Http\Authentication;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpKernel\Log\LoggerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Http\HttpUtils;
/**
* Class with the default authentication failure handling logic.
*
* Can be optionally be extended from by the developer to alter the behaviour
* while keeping the default behaviour.
*
* @author Alexander <iam.asm89@gmail.com>
*/
class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
{
/**
* @var HttpKernel
*/
private $httpKernel;
/**
* @var HttpUtils
*/
protected $httpUtils;
/**
* @var LoggerInterface
*/
private $logger;
/**
* @var array
*/
protected $options;
/**
* Constructor.
*
* @param HttpKernelInterface $httpKernel Kernel
* @param HttpUtils $httpUtils HttpUtils
* @param array $options Options for processing a successful authentication attempt.
* @param LoggerInterface $logger Optional logger
*/
public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options, LoggerInterface $logger = null)
{
$this->httpKernel = $httpKernel;
$this->httpUtils = $httpUtils;
$this->logger = $logger;
$this->options = array_merge(array(
'failure_path' => null,
'failure_forward' => false,
'login_path' => '/login',
), $options);
}
/**
* {@inheritDoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if (null === $this->options['failure_path']) {
$this->options['failure_path'] = $this->options['login_path'];
}
if ($this->options['failure_forward']) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path']));
}
$subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
$subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path']));
}
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
}
}

11
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
View File

@ -25,6 +25,16 @@ use Symfony\Component\Security\Http\HttpUtils;
*/ */
class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface
{ {
/**
* @var HttpUtils
*/
protected $httpUtils;
/**
* @var array
*/
protected $options;
/** /**
* Constructor. * Constructor.
* *
@ -38,6 +48,7 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
$this->options = array_merge(array( $this->options = array_merge(array(
'always_use_default_target_path' => false, 'always_use_default_target_path' => false,
'default_target_path' => '/', 'default_target_path' => '/',
'login_path' => '/login',
'target_path_parameter' => '_target_path', 'target_path_parameter' => '_target_path',
'use_referer' => false, 'use_referer' => false,
), $options); ), $options);

34
src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
View File

@ -77,7 +77,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
* @param LoggerInterface $logger A LoggerInterface instance * @param LoggerInterface $logger A LoggerInterface instance
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
*/ */
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, array $options = array(), AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
{ {
if (empty($providerKey)) { if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.'); throw new \InvalidArgumentException('$providerKey must not be empty.');
@ -91,9 +91,6 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
$this->failureHandler = $failureHandler; $this->failureHandler = $failureHandler;
$this->options = array_merge(array( $this->options = array_merge(array(
'check_path' => '/login_check', 'check_path' => '/login_check',
'login_path' => '/login',
'failure_path' => null,
'failure_forward' => false,
), $options); ), $options);
$this->logger = $logger; $this->logger = $logger;
$this->dispatcher = $dispatcher; $this->dispatcher = $dispatcher;
@ -187,34 +184,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
$this->securityContext->setToken(null); $this->securityContext->setToken(null);
if (null !== $this->failureHandler) { return $this->failureHandler->onAuthenticationFailure($request, $failed);
if (null !== $response = $this->failureHandler->onAuthenticationFailure($request, $failed)) {
return $response;
}
}
if (null === $this->options['failure_path']) {
$this->options['failure_path'] = $this->options['login_path'];
}
if ($this->options['failure_forward']) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path']));
}
$subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
$subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed);
return $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
}
if (null !== $this->logger) {
$this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path']));
}
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed);
return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
} }
private function onSuccess(GetResponseEvent $event, Request $request, TokenInterface $token) private function onSuccess(GetResponseEvent $event, Request $request, TokenInterface $token)

6
src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
View File

@ -37,15 +37,15 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler = null, array $options = array(), AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null) public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
{ {
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, array_merge(array( parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
'username_parameter' => '_username', 'username_parameter' => '_username',
'password_parameter' => '_password', 'password_parameter' => '_password',
'csrf_parameter' => '_csrf_token', 'csrf_parameter' => '_csrf_token',
'intention' => 'authenticate', 'intention' => 'authenticate',
'post_only' => true, 'post_only' => true,
), $options), $failureHandler, $logger, $dispatcher); ), $options), $logger, $dispatcher);
$this->csrfProvider = $csrfProvider; $this->csrfProvider = $csrfProvider;
} }