[Security] Move default authentication failure handling strategy to seperate class
[Security] Update configuration for changes regarding default failure handler [Security] Fixes + add AbstractFactory test for failure handler
This commit is contained in:
parent
c6aa392df7
commit
915704c071
@ -28,19 +28,23 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||||||
{
|
{
|
||||||
protected $options = array(
|
protected $options = array(
|
||||||
'check_path' => '/login_check',
|
'check_path' => '/login_check',
|
||||||
'login_path' => '/login',
|
|
||||||
'use_forward' => false,
|
'use_forward' => false,
|
||||||
'failure_path' => null,
|
|
||||||
'failure_forward' => false,
|
|
||||||
);
|
);
|
||||||
|
|
||||||
protected $defaultSuccessHandlerOptions = array(
|
protected $defaultSuccessHandlerOptions = array(
|
||||||
'always_use_default_target_path' => false,
|
'always_use_default_target_path' => false,
|
||||||
'default_target_path' => '/',
|
'default_target_path' => '/',
|
||||||
|
'login_path' => '/login',
|
||||||
'target_path_parameter' => '_target_path',
|
'target_path_parameter' => '_target_path',
|
||||||
'use_referer' => false,
|
'use_referer' => false,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
protected $defaultFailureHandlerOptions = array(
|
||||||
|
'failure_path' => null,
|
||||||
|
'failure_forward' => false,
|
||||||
|
'login_path' => '/login',
|
||||||
|
);
|
||||||
|
|
||||||
public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId)
|
public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId)
|
||||||
{
|
{
|
||||||
// authentication provider
|
// authentication provider
|
||||||
@ -74,7 +78,7 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||||||
->scalarNode('failure_handler')->end()
|
->scalarNode('failure_handler')->end()
|
||||||
;
|
;
|
||||||
|
|
||||||
foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions) as $name => $default) {
|
foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions, $this->defaultFailureHandlerOptions) as $name => $default) {
|
||||||
if (is_bool($default)) {
|
if (is_bool($default)) {
|
||||||
$builder->booleanNode($name)->defaultValue($default);
|
$builder->booleanNode($name)->defaultValue($default);
|
||||||
} else {
|
} else {
|
||||||
@ -153,12 +157,8 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||||||
$listener = new DefinitionDecorator($listenerId);
|
$listener = new DefinitionDecorator($listenerId);
|
||||||
$listener->replaceArgument(4, $id);
|
$listener->replaceArgument(4, $id);
|
||||||
$listener->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)));
|
$listener->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)));
|
||||||
$listener->replaceArgument(6, array_intersect_key($config, $this->options));
|
$listener->replaceArgument(6, new Reference($this->createAuthenticationFailureHandler($container, $id, $config)));
|
||||||
|
$listener->replaceArgument(7, array_intersect_key($config, $this->options));
|
||||||
// failure handler
|
|
||||||
if (isset($config['failure_handler'])) {
|
|
||||||
$listener->replaceArgument(7, new Reference($config['failure_handler']));
|
|
||||||
}
|
|
||||||
|
|
||||||
$listenerId .= '.'.$id;
|
$listenerId .= '.'.$id;
|
||||||
$container->setDefinition($listenerId, $listener);
|
$container->setDefinition($listenerId, $listener);
|
||||||
@ -181,4 +181,19 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||||||
|
|
||||||
return $id;
|
return $id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function createAuthenticationFailureHandler($container, $id, $config)
|
||||||
|
{
|
||||||
|
if (isset($config['failure_handler'])) {
|
||||||
|
|
||||||
|
return $config['failure_handler'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$id = 'security.authentication.failure_handler.'.$id;
|
||||||
|
|
||||||
|
$failureHandler = $container->setDefinition($id, new DefinitionDecorator('security.authentication.failure_handler'));
|
||||||
|
$failureHandler->replaceArgument(2, array_intersect_key($config, $this->defaultFailureHandlerOptions));
|
||||||
|
|
||||||
|
return $id;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -39,6 +39,7 @@
|
|||||||
<parameter key="security.authentication.provider.anonymous.class">Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider</parameter>
|
<parameter key="security.authentication.provider.anonymous.class">Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider</parameter>
|
||||||
|
|
||||||
<parameter key="security.authentication.success_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler</parameter>
|
<parameter key="security.authentication.success_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler</parameter>
|
||||||
|
<parameter key="security.authentication.failure_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler</parameter>
|
||||||
</parameters>
|
</parameters>
|
||||||
|
|
||||||
<services>
|
<services>
|
||||||
@ -101,8 +102,8 @@
|
|||||||
<argument type="service" id="security.http_utils" />
|
<argument type="service" id="security.http_utils" />
|
||||||
<argument />
|
<argument />
|
||||||
<argument type="service" id="security.authentication.success_handler" />
|
<argument type="service" id="security.authentication.success_handler" />
|
||||||
|
<argument type="service" id="security.authentication.failure_handler" />
|
||||||
<argument type="collection"></argument>
|
<argument type="collection"></argument>
|
||||||
<argument type="service" id="security.authentication.failure_handler" on-invalid="null" />
|
|
||||||
<argument type="service" id="logger" on-invalid="null" />
|
<argument type="service" id="logger" on-invalid="null" />
|
||||||
<argument type="service" id="event_dispatcher" on-invalid="null" />
|
<argument type="service" id="event_dispatcher" on-invalid="null" />
|
||||||
</service>
|
</service>
|
||||||
@ -112,6 +113,13 @@
|
|||||||
<argument />
|
<argument />
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
|
<service id="security.authentication.failure_handler" class="%security.authentication.failure_handler.class%" abstract="true" public="false">
|
||||||
|
<argument type="service" id="http_kernel" />
|
||||||
|
<argument type="service" id="security.http_utils" />
|
||||||
|
<argument />
|
||||||
|
<argument type="service" id="logger" on-invalid="null" />
|
||||||
|
</service>
|
||||||
|
|
||||||
<service id="security.authentication.listener.form"
|
<service id="security.authentication.listener.form"
|
||||||
class="%security.authentication.listener.form.class%"
|
class="%security.authentication.listener.form.class%"
|
||||||
parent="security.authentication.listener.abstract"
|
parent="security.authentication.listener.abstract"
|
||||||
|
@ -21,7 +21,7 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
|
|||||||
list($container,
|
list($container,
|
||||||
$authProviderId,
|
$authProviderId,
|
||||||
$listenerId,
|
$listenerId,
|
||||||
$entryPointId) = $this->callFactory('foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'foo', 'remember_me' => true), 'user_provider', 'entry_point');
|
$entryPointId) = $this->callFactory('foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'qux', 'failure_handler' => 'bar', 'remember_me' => true), 'user_provider', 'entry_point');
|
||||||
|
|
||||||
// auth provider
|
// auth provider
|
||||||
$this->assertEquals('auth_provider', $authProviderId);
|
$this->assertEquals('auth_provider', $authProviderId);
|
||||||
@ -32,10 +32,10 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
|
|||||||
$definition = $container->getDefinition('abstract_listener.foo');
|
$definition = $container->getDefinition('abstract_listener.foo');
|
||||||
$this->assertEquals(array(
|
$this->assertEquals(array(
|
||||||
'index_4' => 'foo',
|
'index_4' => 'foo',
|
||||||
'index_5' => new Reference('foo'),
|
'index_5' => new Reference('qux'),
|
||||||
'index_6' => array(
|
'index_6' => new Reference('bar'),
|
||||||
|
'index_7' => array(
|
||||||
'use_forward' => true,
|
'use_forward' => true,
|
||||||
'failure_path' => '/foo',
|
|
||||||
),
|
),
|
||||||
), $definition->getArguments());
|
), $definition->getArguments());
|
||||||
|
|
||||||
@ -43,6 +43,18 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertEquals('entry_point', $entryPointId, '->create() does not change the default entry point.');
|
$this->assertEquals('entry_point', $entryPointId, '->create() does not change the default entry point.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testDefaultFailureHandler()
|
||||||
|
{
|
||||||
|
list($container,
|
||||||
|
$authProviderId,
|
||||||
|
$listenerId,
|
||||||
|
$entryPointId) = $this->callFactory('foo', array('remember_me' => true), 'user_provider', 'entry_point');
|
||||||
|
|
||||||
|
$definition = $container->getDefinition('abstract_listener.foo');
|
||||||
|
$arguments = $definition->getArguments();
|
||||||
|
$this->assertEquals(new Reference('security.authentication.failure_handler.foo'), $arguments['index_6']);
|
||||||
|
}
|
||||||
|
|
||||||
public function testDefaultSuccessHandler()
|
public function testDefaultSuccessHandler()
|
||||||
{
|
{
|
||||||
list($container,
|
list($container,
|
||||||
|
@ -0,0 +1,100 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Component\Security\Http\Authentication;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||||
|
use Symfony\Component\HttpKernel\Log\LoggerInterface;
|
||||||
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
|
use Symfony\Component\Security\Core\SecurityContextInterface;
|
||||||
|
use Symfony\Component\Security\Http\HttpUtils;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class with the default authentication failure handling logic.
|
||||||
|
*
|
||||||
|
* Can be optionally be extended from by the developer to alter the behaviour
|
||||||
|
* while keeping the default behaviour.
|
||||||
|
*
|
||||||
|
* @author Alexander <iam.asm89@gmail.com>
|
||||||
|
*/
|
||||||
|
class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @var HttpKernel
|
||||||
|
*/
|
||||||
|
private $httpKernel;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var HttpUtils
|
||||||
|
*/
|
||||||
|
protected $httpUtils;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var LoggerInterface
|
||||||
|
*/
|
||||||
|
private $logger;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var array
|
||||||
|
*/
|
||||||
|
protected $options;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructor.
|
||||||
|
*
|
||||||
|
* @param HttpKernelInterface $httpKernel Kernel
|
||||||
|
* @param HttpUtils $httpUtils HttpUtils
|
||||||
|
* @param array $options Options for processing a successful authentication attempt.
|
||||||
|
* @param LoggerInterface $logger Optional logger
|
||||||
|
*/
|
||||||
|
public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options, LoggerInterface $logger = null)
|
||||||
|
{
|
||||||
|
$this->httpKernel = $httpKernel;
|
||||||
|
$this->httpUtils = $httpUtils;
|
||||||
|
$this->logger = $logger;
|
||||||
|
|
||||||
|
$this->options = array_merge(array(
|
||||||
|
'failure_path' => null,
|
||||||
|
'failure_forward' => false,
|
||||||
|
'login_path' => '/login',
|
||||||
|
), $options);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
||||||
|
{
|
||||||
|
if (null === $this->options['failure_path']) {
|
||||||
|
$this->options['failure_path'] = $this->options['login_path'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($this->options['failure_forward']) {
|
||||||
|
if (null !== $this->logger) {
|
||||||
|
$this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path']));
|
||||||
|
}
|
||||||
|
|
||||||
|
$subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
|
||||||
|
$subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
|
||||||
|
|
||||||
|
return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (null !== $this->logger) {
|
||||||
|
$this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path']));
|
||||||
|
}
|
||||||
|
|
||||||
|
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
|
||||||
|
|
||||||
|
return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
|
||||||
|
}
|
||||||
|
}
|
@ -25,6 +25,16 @@ use Symfony\Component\Security\Http\HttpUtils;
|
|||||||
*/
|
*/
|
||||||
class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface
|
class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* @var HttpUtils
|
||||||
|
*/
|
||||||
|
protected $httpUtils;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var array
|
||||||
|
*/
|
||||||
|
protected $options;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*
|
*
|
||||||
@ -38,6 +48,7 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
|
|||||||
$this->options = array_merge(array(
|
$this->options = array_merge(array(
|
||||||
'always_use_default_target_path' => false,
|
'always_use_default_target_path' => false,
|
||||||
'default_target_path' => '/',
|
'default_target_path' => '/',
|
||||||
|
'login_path' => '/login',
|
||||||
'target_path_parameter' => '_target_path',
|
'target_path_parameter' => '_target_path',
|
||||||
'use_referer' => false,
|
'use_referer' => false,
|
||||||
), $options);
|
), $options);
|
||||||
|
@ -77,7 +77,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||||||
* @param LoggerInterface $logger A LoggerInterface instance
|
* @param LoggerInterface $logger A LoggerInterface instance
|
||||||
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
||||||
*/
|
*/
|
||||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, array $options = array(), AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
||||||
{
|
{
|
||||||
if (empty($providerKey)) {
|
if (empty($providerKey)) {
|
||||||
throw new \InvalidArgumentException('$providerKey must not be empty.');
|
throw new \InvalidArgumentException('$providerKey must not be empty.');
|
||||||
@ -91,9 +91,6 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||||||
$this->failureHandler = $failureHandler;
|
$this->failureHandler = $failureHandler;
|
||||||
$this->options = array_merge(array(
|
$this->options = array_merge(array(
|
||||||
'check_path' => '/login_check',
|
'check_path' => '/login_check',
|
||||||
'login_path' => '/login',
|
|
||||||
'failure_path' => null,
|
|
||||||
'failure_forward' => false,
|
|
||||||
), $options);
|
), $options);
|
||||||
$this->logger = $logger;
|
$this->logger = $logger;
|
||||||
$this->dispatcher = $dispatcher;
|
$this->dispatcher = $dispatcher;
|
||||||
@ -187,34 +184,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||||||
|
|
||||||
$this->securityContext->setToken(null);
|
$this->securityContext->setToken(null);
|
||||||
|
|
||||||
if (null !== $this->failureHandler) {
|
return $this->failureHandler->onAuthenticationFailure($request, $failed);
|
||||||
if (null !== $response = $this->failureHandler->onAuthenticationFailure($request, $failed)) {
|
|
||||||
return $response;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (null === $this->options['failure_path']) {
|
|
||||||
$this->options['failure_path'] = $this->options['login_path'];
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($this->options['failure_forward']) {
|
|
||||||
if (null !== $this->logger) {
|
|
||||||
$this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path']));
|
|
||||||
}
|
|
||||||
|
|
||||||
$subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
|
|
||||||
$subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed);
|
|
||||||
|
|
||||||
return $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (null !== $this->logger) {
|
|
||||||
$this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path']));
|
|
||||||
}
|
|
||||||
|
|
||||||
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $failed);
|
|
||||||
|
|
||||||
return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function onSuccess(GetResponseEvent $event, Request $request, TokenInterface $token)
|
private function onSuccess(GetResponseEvent $event, Request $request, TokenInterface $token)
|
||||||
|
@ -37,15 +37,15 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
|||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler = null, array $options = array(), AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
|
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
|
||||||
{
|
{
|
||||||
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, array_merge(array(
|
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
|
||||||
'username_parameter' => '_username',
|
'username_parameter' => '_username',
|
||||||
'password_parameter' => '_password',
|
'password_parameter' => '_password',
|
||||||
'csrf_parameter' => '_csrf_token',
|
'csrf_parameter' => '_csrf_token',
|
||||||
'intention' => 'authenticate',
|
'intention' => 'authenticate',
|
||||||
'post_only' => true,
|
'post_only' => true,
|
||||||
), $options), $failureHandler, $logger, $dispatcher);
|
), $options), $logger, $dispatcher);
|
||||||
|
|
||||||
$this->csrfProvider = $csrfProvider;
|
$this->csrfProvider = $csrfProvider;
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user