[Security][Guard] check if session exist before using it
This commit is contained in:
Jean Pasdeloup
Fabien Potencier
parent
4cfbcf5cc7
commit
a3f75100bf
@ -11,6 +11,7 @@
|
||||
|
||||
namespace Symfony\Component\Security\Guard\Authenticator;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
|
||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
@ -52,7 +53,10 @@ abstract class AbstractFormLoginAuthenticator extends AbstractGuardAuthenticator
|
||||
*/
|
||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
||||
{
|
||||
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
|
||||
if ($request->getSession() instanceof SessionInterface) {
|
||||
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
|
||||
}
|
||||
|
||||
$url = $this->getLoginUrl();
|
||||
|
||||
return new RedirectResponse($url);
|
||||
@ -69,9 +73,13 @@ abstract class AbstractFormLoginAuthenticator extends AbstractGuardAuthenticator
|
||||
*/
|
||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
|
||||
{
|
||||
$targetPath = null;
|
||||
|
||||
// if the user hit a secure page and start() was called, this was
|
||||
// the URL they were on, and probably where you want to redirect to
|
||||
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
|
||||
if ($request->getSession() instanceof SessionInterface) {
|
||||
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
|
||||
}
|
||||
|
||||
if (!$targetPath) {
|
||||
$targetPath = $this->getDefaultSuccessRedirectUrl();
|
||||
|
||||
@ -0,0 +1,212 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Security\Guard\Tests\Authenticator;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
||||
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
|
||||
|
||||
/**
|
||||
* @author Jean Pasdeloup <jpasdeloup@sedona.fr>
|
||||
*/
|
||||
class FormLoginAuthenticatorTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
private $requestWithoutSession;
|
||||
private $requestWithSession;
|
||||
private $authenticator;
|
||||
|
||||
const LOGIN_URL = 'http://login';
|
||||
const DEFAULT_SUCCESS_URL = 'http://defaultsuccess';
|
||||
const CUSTOM_SUCCESS_URL = 'http://customsuccess';
|
||||
|
||||
public function testAuthenticationFailureWithoutSession()
|
||||
{
|
||||
$failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithoutSession, new AuthenticationException());
|
||||
|
||||
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||
}
|
||||
|
||||
public function testAuthenticationFailureWithSession()
|
||||
{
|
||||
$this->requestWithSession->getSession()
|
||||
->expects($this->once())
|
||||
->method('set');
|
||||
|
||||
$failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithSession, new AuthenticationException());
|
||||
|
||||
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||
}
|
||||
|
||||
public function testAuthenticationSuccessWithoutSession()
|
||||
{
|
||||
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
|
||||
$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithoutSession, $token, 'providerkey');
|
||||
|
||||
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
|
||||
$this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
|
||||
}
|
||||
|
||||
public function testAuthenticationSuccessWithSessionButEmpty()
|
||||
{
|
||||
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->requestWithSession->getSession()
|
||||
->expects($this->once())
|
||||
->method('get')
|
||||
->will($this->returnValue(null));
|
||||
|
||||
$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');
|
||||
|
||||
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
|
||||
$this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
|
||||
}
|
||||
|
||||
public function testAuthenticationSuccessWithSessionAndTarget()
|
||||
{
|
||||
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->requestWithSession->getSession()
|
||||
->expects($this->once())
|
||||
->method('get')
|
||||
->will($this->returnValue(self::CUSTOM_SUCCESS_URL));
|
||||
|
||||
$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');
|
||||
|
||||
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
|
||||
$this->assertEquals(self::CUSTOM_SUCCESS_URL, $redirectResponse->getTargetUrl());
|
||||
}
|
||||
|
||||
public function testRememberMe()
|
||||
{
|
||||
$doSupport = $this->authenticator->supportsRememberMe();
|
||||
|
||||
$this->assertTrue($doSupport);
|
||||
}
|
||||
|
||||
public function testStartWithoutSession()
|
||||
{
|
||||
$failureResponse = $this->authenticator->start($this->requestWithoutSession, new AuthenticationException());
|
||||
|
||||
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||
}
|
||||
|
||||
public function testStartWithSession()
|
||||
{
|
||||
$failureResponse = $this->authenticator->start($this->requestWithSession, new AuthenticationException());
|
||||
|
||||
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||
}
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
$this->requestWithoutSession = new Request(array(), array(), array(), array(), array(), array());
|
||||
$this->requestWithSession = new Request(array(), array(), array(), array(), array(), array());
|
||||
|
||||
$session = $this->getMockBuilder('Symfony\\Component\\HttpFoundation\\Session\\SessionInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->requestWithSession->setSession($session);
|
||||
|
||||
$this->authenticator = new TestFormLoginAuthenticator();
|
||||
$this->authenticator
|
||||
->setLoginUrl(self::LOGIN_URL)
|
||||
->setDefaultSuccessRedirectUrl(self::DEFAULT_SUCCESS_URL)
|
||||
;
|
||||
}
|
||||
|
||||
protected function tearDown()
|
||||
{
|
||||
$this->request = null;
|
||||
$this->requestWithSession = null;
|
||||
}
|
||||
}
|
||||
|
||||
class TestFormLoginAuthenticator extends AbstractFormLoginAuthenticator
|
||||
{
|
||||
private $loginUrl;
|
||||
private $defaultSuccessRedirectUrl;
|
||||
|
||||
/**
|
||||
* @param mixed $defaultSuccessRedirectUrl
|
||||
*
|
||||
* @return TestFormLoginAuthenticator
|
||||
*/
|
||||
public function setDefaultSuccessRedirectUrl($defaultSuccessRedirectUrl)
|
||||
{
|
||||
$this->defaultSuccessRedirectUrl = $defaultSuccessRedirectUrl;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $loginUrl
|
||||
*
|
||||
* @return TestFormLoginAuthenticator
|
||||
*/
|
||||
public function setLoginUrl($loginUrl)
|
||||
{
|
||||
$this->loginUrl = $loginUrl;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected function getLoginUrl()
|
||||
{
|
||||
return $this->loginUrl;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected function getDefaultSuccessRedirectUrl()
|
||||
{
|
||||
return $this->defaultSuccessRedirectUrl;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getCredentials(Request $request)
|
||||
{
|
||||
return 'credentials';
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getUser($credentials, UserProviderInterface $userProvider)
|
||||
{
|
||||
return $userProvider->loadUserByUsername($credentials);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function checkCredentials($credentials, UserInterface $user)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user