[Security][Guard] check if session exist before using it
This commit is contained in:
parent
4cfbcf5cc7
commit
a3f75100bf
@ -11,6 +11,7 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Guard\Authenticator;
|
namespace Symfony\Component\Security\Guard\Authenticator;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||||
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
|
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
|
||||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
@ -52,7 +53,10 @@ abstract class AbstractFormLoginAuthenticator extends AbstractGuardAuthenticator
|
|||||||
*/
|
*/
|
||||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
||||||
{
|
{
|
||||||
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
|
if ($request->getSession() instanceof SessionInterface) {
|
||||||
|
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
|
||||||
|
}
|
||||||
|
|
||||||
$url = $this->getLoginUrl();
|
$url = $this->getLoginUrl();
|
||||||
|
|
||||||
return new RedirectResponse($url);
|
return new RedirectResponse($url);
|
||||||
@ -69,9 +73,13 @@ abstract class AbstractFormLoginAuthenticator extends AbstractGuardAuthenticator
|
|||||||
*/
|
*/
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
|
||||||
{
|
{
|
||||||
|
$targetPath = null;
|
||||||
|
|
||||||
// if the user hit a secure page and start() was called, this was
|
// if the user hit a secure page and start() was called, this was
|
||||||
// the URL they were on, and probably where you want to redirect to
|
// the URL they were on, and probably where you want to redirect to
|
||||||
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
|
if ($request->getSession() instanceof SessionInterface) {
|
||||||
|
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
|
||||||
|
}
|
||||||
|
|
||||||
if (!$targetPath) {
|
if (!$targetPath) {
|
||||||
$targetPath = $this->getDefaultSuccessRedirectUrl();
|
$targetPath = $this->getDefaultSuccessRedirectUrl();
|
||||||
|
@ -0,0 +1,212 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Component\Security\Guard\Tests\Authenticator;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
||||||
|
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Jean Pasdeloup <jpasdeloup@sedona.fr>
|
||||||
|
*/
|
||||||
|
class FormLoginAuthenticatorTest extends \PHPUnit_Framework_TestCase
|
||||||
|
{
|
||||||
|
private $requestWithoutSession;
|
||||||
|
private $requestWithSession;
|
||||||
|
private $authenticator;
|
||||||
|
|
||||||
|
const LOGIN_URL = 'http://login';
|
||||||
|
const DEFAULT_SUCCESS_URL = 'http://defaultsuccess';
|
||||||
|
const CUSTOM_SUCCESS_URL = 'http://customsuccess';
|
||||||
|
|
||||||
|
public function testAuthenticationFailureWithoutSession()
|
||||||
|
{
|
||||||
|
$failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithoutSession, new AuthenticationException());
|
||||||
|
|
||||||
|
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||||
|
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testAuthenticationFailureWithSession()
|
||||||
|
{
|
||||||
|
$this->requestWithSession->getSession()
|
||||||
|
->expects($this->once())
|
||||||
|
->method('set');
|
||||||
|
|
||||||
|
$failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithSession, new AuthenticationException());
|
||||||
|
|
||||||
|
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||||
|
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testAuthenticationSuccessWithoutSession()
|
||||||
|
{
|
||||||
|
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithoutSession, $token, 'providerkey');
|
||||||
|
|
||||||
|
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
|
||||||
|
$this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testAuthenticationSuccessWithSessionButEmpty()
|
||||||
|
{
|
||||||
|
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->requestWithSession->getSession()
|
||||||
|
->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->will($this->returnValue(null));
|
||||||
|
|
||||||
|
$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');
|
||||||
|
|
||||||
|
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
|
||||||
|
$this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testAuthenticationSuccessWithSessionAndTarget()
|
||||||
|
{
|
||||||
|
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->requestWithSession->getSession()
|
||||||
|
->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->will($this->returnValue(self::CUSTOM_SUCCESS_URL));
|
||||||
|
|
||||||
|
$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');
|
||||||
|
|
||||||
|
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
|
||||||
|
$this->assertEquals(self::CUSTOM_SUCCESS_URL, $redirectResponse->getTargetUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testRememberMe()
|
||||||
|
{
|
||||||
|
$doSupport = $this->authenticator->supportsRememberMe();
|
||||||
|
|
||||||
|
$this->assertTrue($doSupport);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testStartWithoutSession()
|
||||||
|
{
|
||||||
|
$failureResponse = $this->authenticator->start($this->requestWithoutSession, new AuthenticationException());
|
||||||
|
|
||||||
|
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||||
|
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testStartWithSession()
|
||||||
|
{
|
||||||
|
$failureResponse = $this->authenticator->start($this->requestWithSession, new AuthenticationException());
|
||||||
|
|
||||||
|
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
|
||||||
|
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function setUp()
|
||||||
|
{
|
||||||
|
$this->requestWithoutSession = new Request(array(), array(), array(), array(), array(), array());
|
||||||
|
$this->requestWithSession = new Request(array(), array(), array(), array(), array(), array());
|
||||||
|
|
||||||
|
$session = $this->getMockBuilder('Symfony\\Component\\HttpFoundation\\Session\\SessionInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->requestWithSession->setSession($session);
|
||||||
|
|
||||||
|
$this->authenticator = new TestFormLoginAuthenticator();
|
||||||
|
$this->authenticator
|
||||||
|
->setLoginUrl(self::LOGIN_URL)
|
||||||
|
->setDefaultSuccessRedirectUrl(self::DEFAULT_SUCCESS_URL)
|
||||||
|
;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function tearDown()
|
||||||
|
{
|
||||||
|
$this->request = null;
|
||||||
|
$this->requestWithSession = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class TestFormLoginAuthenticator extends AbstractFormLoginAuthenticator
|
||||||
|
{
|
||||||
|
private $loginUrl;
|
||||||
|
private $defaultSuccessRedirectUrl;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param mixed $defaultSuccessRedirectUrl
|
||||||
|
*
|
||||||
|
* @return TestFormLoginAuthenticator
|
||||||
|
*/
|
||||||
|
public function setDefaultSuccessRedirectUrl($defaultSuccessRedirectUrl)
|
||||||
|
{
|
||||||
|
$this->defaultSuccessRedirectUrl = $defaultSuccessRedirectUrl;
|
||||||
|
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param mixed $loginUrl
|
||||||
|
*
|
||||||
|
* @return TestFormLoginAuthenticator
|
||||||
|
*/
|
||||||
|
public function setLoginUrl($loginUrl)
|
||||||
|
{
|
||||||
|
$this->loginUrl = $loginUrl;
|
||||||
|
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
protected function getLoginUrl()
|
||||||
|
{
|
||||||
|
return $this->loginUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
protected function getDefaultSuccessRedirectUrl()
|
||||||
|
{
|
||||||
|
return $this->defaultSuccessRedirectUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
public function getCredentials(Request $request)
|
||||||
|
{
|
||||||
|
return 'credentials';
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
public function getUser($credentials, UserProviderInterface $userProvider)
|
||||||
|
{
|
||||||
|
return $userProvider->loadUserByUsername($credentials);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc}
|
||||||
|
*/
|
||||||
|
public function checkCredentials($credentials, UserInterface $user)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
Reference in New Issue
Block a user