Rename providerKey to firewallName for more consistent naming
This commit is contained in:
Wouter de Jong
parent
50224aa285
commit
b1e040f311
@ -42,13 +42,13 @@ class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactory
|
|||||||
return [$providerId, $listenerId, $defaultEntryPoint];
|
return [$providerId, $listenerId, $defaultEntryPoint];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId): string
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
|
||||||
{
|
{
|
||||||
if (null === $config['secret']) {
|
if (null === $config['secret']) {
|
||||||
$config['secret'] = new Parameter('container.build_hash');
|
$config['secret'] = new Parameter('container.build_hash');
|
||||||
}
|
}
|
||||||
|
|
||||||
$authenticatorId = 'security.authenticator.anonymous.'.$id;
|
$authenticatorId = 'security.authenticator.anonymous.'.$firewallName;
|
||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.anonymous'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.anonymous'))
|
||||||
->replaceArgument(0, $config['secret']);
|
->replaceArgument(0, $config['secret']);
|
||||||
|
|||||||
@ -25,5 +25,5 @@ interface AuthenticatorFactoryInterface
|
|||||||
*
|
*
|
||||||
* @return string|string[] The authenticator service ID(s) to be used by the firewall
|
* @return string|string[] The authenticator service ID(s) to be used by the firewall
|
||||||
*/
|
*/
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId);
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -49,7 +49,7 @@ class CustomAuthenticatorFactory implements AuthenticatorFactoryInterface, Secur
|
|||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId): array
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): array
|
||||||
{
|
{
|
||||||
return $config['services'];
|
return $config['services'];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -103,19 +103,19 @@ class FormLoginFactory extends AbstractFactory implements AuthenticatorFactoryIn
|
|||||||
return $entryPointId;
|
return $entryPointId;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId): string
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
|
||||||
{
|
{
|
||||||
if (isset($config['csrf_token_generator'])) {
|
if (isset($config['csrf_token_generator'])) {
|
||||||
throw new InvalidConfigurationException('The "csrf_token_generator" option of "form_login" is only available when "security.enable_authenticator_manager" is set to "false", use "enable_csrf" instead.');
|
throw new InvalidConfigurationException('The "csrf_token_generator" option of "form_login" is only available when "security.enable_authenticator_manager" is set to "false", use "enable_csrf" instead.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$authenticatorId = 'security.authenticator.form_login.'.$id;
|
$authenticatorId = 'security.authenticator.form_login.'.$firewallName;
|
||||||
$options = array_intersect_key($config, $this->options);
|
$options = array_intersect_key($config, $this->options);
|
||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.form_login'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.form_login'))
|
||||||
->replaceArgument(1, new Reference($userProviderId))
|
->replaceArgument(1, new Reference($userProviderId))
|
||||||
->replaceArgument(2, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)))
|
->replaceArgument(2, new Reference($this->createAuthenticationSuccessHandler($container, $firewallName, $config)))
|
||||||
->replaceArgument(3, new Reference($this->createAuthenticationFailureHandler($container, $id, $config)))
|
->replaceArgument(3, new Reference($this->createAuthenticationFailureHandler($container, $firewallName, $config)))
|
||||||
->replaceArgument(4, $options);
|
->replaceArgument(4, $options);
|
||||||
|
|
||||||
return $authenticatorId;
|
return $authenticatorId;
|
||||||
|
|||||||
@ -46,9 +46,9 @@ class HttpBasicFactory implements SecurityFactoryInterface, AuthenticatorFactory
|
|||||||
return [$provider, $listenerId, $entryPointId];
|
return [$provider, $listenerId, $entryPointId];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId): string
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
|
||||||
{
|
{
|
||||||
$authenticatorId = 'security.authenticator.http_basic.'.$id;
|
$authenticatorId = 'security.authenticator.http_basic.'.$firewallName;
|
||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.http_basic'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.http_basic'))
|
||||||
->replaceArgument(0, $config['realm'])
|
->replaceArgument(0, $config['realm'])
|
||||||
|
|||||||
@ -97,15 +97,15 @@ class JsonLoginFactory extends AbstractFactory implements AuthenticatorFactoryIn
|
|||||||
return $listenerId;
|
return $listenerId;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId)
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId)
|
||||||
{
|
{
|
||||||
$authenticatorId = 'security.authenticator.json_login.'.$id;
|
$authenticatorId = 'security.authenticator.json_login.'.$firewallName;
|
||||||
$options = array_intersect_key($config, $this->options);
|
$options = array_intersect_key($config, $this->options);
|
||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.json_login'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.json_login'))
|
||||||
->replaceArgument(1, new Reference($userProviderId))
|
->replaceArgument(1, new Reference($userProviderId))
|
||||||
->replaceArgument(2, isset($config['success_handler']) ? new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)) : null)
|
->replaceArgument(2, isset($config['success_handler']) ? new Reference($this->createAuthenticationSuccessHandler($container, $firewallName, $config)) : null)
|
||||||
->replaceArgument(3, isset($config['failure_handler']) ? new Reference($this->createAuthenticationFailureHandler($container, $id, $config)) : null)
|
->replaceArgument(3, isset($config['failure_handler']) ? new Reference($this->createAuthenticationFailureHandler($container, $firewallName, $config)) : null)
|
||||||
->replaceArgument(4, $options);
|
->replaceArgument(4, $options);
|
||||||
|
|
||||||
return $authenticatorId;
|
return $authenticatorId;
|
||||||
|
|||||||
@ -89,19 +89,19 @@ class RememberMeFactory implements SecurityFactoryInterface, AuthenticatorFactor
|
|||||||
return [$authProviderId, $listenerId, $defaultEntryPoint];
|
return [$authProviderId, $listenerId, $defaultEntryPoint];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId): string
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
|
||||||
{
|
{
|
||||||
$templateId = $this->generateRememberMeServicesTemplateId($config, $id);
|
$templateId = $this->generateRememberMeServicesTemplateId($config, $firewallName);
|
||||||
$rememberMeServicesId = $templateId.'.'.$id;
|
$rememberMeServicesId = $templateId.'.'.$firewallName;
|
||||||
|
|
||||||
// create remember me services (which manage the remember me cookies)
|
// create remember me services (which manage the remember me cookies)
|
||||||
$this->createRememberMeServices($container, $id, $templateId, [new Reference($userProviderId)], $config);
|
$this->createRememberMeServices($container, $firewallName, $templateId, [new Reference($userProviderId)], $config);
|
||||||
|
|
||||||
// create remember me listener (which executes the remember me services for other authenticators and logout)
|
// create remember me listener (which executes the remember me services for other authenticators and logout)
|
||||||
$this->createRememberMeListener($container, $id, $rememberMeServicesId);
|
$this->createRememberMeListener($container, $firewallName, $rememberMeServicesId);
|
||||||
|
|
||||||
// create remember me authenticator (which re-authenticates the user based on the remember me cookie)
|
// create remember me authenticator (which re-authenticates the user based on the remember me cookie)
|
||||||
$authenticatorId = 'security.authenticator.remember_me.'.$id;
|
$authenticatorId = 'security.authenticator.remember_me.'.$firewallName;
|
||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.remember_me'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.remember_me'))
|
||||||
->replaceArgument(0, new Reference($rememberMeServicesId))
|
->replaceArgument(0, new Reference($rememberMeServicesId))
|
||||||
|
|||||||
@ -43,9 +43,9 @@ class RemoteUserFactory implements SecurityFactoryInterface, AuthenticatorFactor
|
|||||||
return [$providerId, $listenerId, $defaultEntryPoint];
|
return [$providerId, $listenerId, $defaultEntryPoint];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId)
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId)
|
||||||
{
|
{
|
||||||
$authenticatorId = 'security.authenticator.remote_user.'.$id;
|
$authenticatorId = 'security.authenticator.remote_user.'.$firewallName;
|
||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.remote_user'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.remote_user'))
|
||||||
->replaceArgument(0, new Reference($userProviderId))
|
->replaceArgument(0, new Reference($userProviderId))
|
||||||
|
|||||||
@ -44,9 +44,9 @@ class X509Factory implements SecurityFactoryInterface, AuthenticatorFactoryInter
|
|||||||
return [$providerId, $listenerId, $defaultEntryPoint];
|
return [$providerId, $listenerId, $defaultEntryPoint];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId)
|
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId)
|
||||||
{
|
{
|
||||||
$authenticatorId = 'security.authenticator.x509.'.$id;
|
$authenticatorId = 'security.authenticator.x509.'.$firewallName;
|
||||||
$container
|
$container
|
||||||
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.x509'))
|
->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.x509'))
|
||||||
->replaceArgument(0, new Reference($userProviderId))
|
->replaceArgument(0, new Reference($userProviderId))
|
||||||
|
|||||||
@ -286,7 +286,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
|||||||
// add authentication providers to authentication manager
|
// add authentication providers to authentication manager
|
||||||
$authenticationProviders = array_map(function ($id) {
|
$authenticationProviders = array_map(function ($id) {
|
||||||
return new Reference($id);
|
return new Reference($id);
|
||||||
}, array_unique($authenticationProviders));
|
}, array_values(array_unique($authenticationProviders)));
|
||||||
|
|
||||||
$container
|
$container
|
||||||
->getDefinition('security.authentication.manager')
|
->getDefinition('security.authentication.manager')
|
||||||
@ -439,9 +439,9 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
|||||||
$firewallAuthenticationProviders = [];
|
$firewallAuthenticationProviders = [];
|
||||||
list($authListeners, $defaultEntryPoint) = $this->createAuthenticationListeners($container, $id, $firewall, $firewallAuthenticationProviders, $defaultProvider, $providerIds, $configuredEntryPoint, $contextListenerId);
|
list($authListeners, $defaultEntryPoint) = $this->createAuthenticationListeners($container, $id, $firewall, $firewallAuthenticationProviders, $defaultProvider, $providerIds, $configuredEntryPoint, $contextListenerId);
|
||||||
|
|
||||||
$authenticationProviders = array_merge($authenticationProviders, $firewallAuthenticationProviders);
|
if (!$this->authenticatorManagerEnabled) {
|
||||||
|
$authenticationProviders = array_merge($authenticationProviders, $firewallAuthenticationProviders);
|
||||||
if ($this->authenticatorManagerEnabled) {
|
} else {
|
||||||
// authenticator manager
|
// authenticator manager
|
||||||
$authenticators = array_map(function ($id) {
|
$authenticators = array_map(function ($id) {
|
||||||
return new Reference($id);
|
return new Reference($id);
|
||||||
@ -535,10 +535,10 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
|||||||
$authenticators = $factory->createAuthenticator($container, $id, $firewall[$key], $userProvider);
|
$authenticators = $factory->createAuthenticator($container, $id, $firewall[$key], $userProvider);
|
||||||
if (\is_array($authenticators)) {
|
if (\is_array($authenticators)) {
|
||||||
foreach ($authenticators as $i => $authenticator) {
|
foreach ($authenticators as $i => $authenticator) {
|
||||||
$authenticationProviders[$id.'_'.$key.$i] = $authenticator;
|
$authenticationProviders[] = $authenticator;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$authenticationProviders[$id.'_'.$key] = $authenticators;
|
$authenticationProviders[] = $authenticators;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($factory instanceof EntryPointFactoryInterface) {
|
if ($factory instanceof EntryPointFactoryInterface) {
|
||||||
@ -548,7 +548,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
|||||||
list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint);
|
list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint);
|
||||||
|
|
||||||
$listeners[] = new Reference($listenerId);
|
$listeners[] = new Reference($listenerId);
|
||||||
$authenticationProviders[$id.'_'.$key] = $provider;
|
$authenticationProviders[] = $provider;
|
||||||
}
|
}
|
||||||
$hasListeners = true;
|
$hasListeners = true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -47,17 +47,17 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
private $eventDispatcher;
|
private $eventDispatcher;
|
||||||
private $eraseCredentials;
|
private $eraseCredentials;
|
||||||
private $logger;
|
private $logger;
|
||||||
private $providerKey;
|
private $firewallName;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param AuthenticatorInterface[] $authenticators The authenticators, with their unique providerKey as key
|
* @param AuthenticatorInterface[] $authenticators
|
||||||
*/
|
*/
|
||||||
public function __construct(iterable $authenticators, TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher, string $providerKey, ?LoggerInterface $logger = null, bool $eraseCredentials = true)
|
public function __construct(iterable $authenticators, TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher, string $firewallName, ?LoggerInterface $logger = null, bool $eraseCredentials = true)
|
||||||
{
|
{
|
||||||
$this->authenticators = $authenticators;
|
$this->authenticators = $authenticators;
|
||||||
$this->tokenStorage = $tokenStorage;
|
$this->tokenStorage = $tokenStorage;
|
||||||
$this->eventDispatcher = $eventDispatcher;
|
$this->eventDispatcher = $eventDispatcher;
|
||||||
$this->providerKey = $providerKey;
|
$this->firewallName = $firewallName;
|
||||||
$this->logger = $logger;
|
$this->logger = $logger;
|
||||||
$this->eraseCredentials = $eraseCredentials;
|
$this->eraseCredentials = $eraseCredentials;
|
||||||
}
|
}
|
||||||
@ -68,7 +68,7 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
public function authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request, array $badges = []): ?Response
|
public function authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request, array $badges = []): ?Response
|
||||||
{
|
{
|
||||||
// create an authenticated token for the User
|
// create an authenticated token for the User
|
||||||
$token = $authenticator->createAuthenticatedToken($passport = new SelfValidatingPassport($user, $badges), $this->providerKey);
|
$token = $authenticator->createAuthenticatedToken($passport = new SelfValidatingPassport($user, $badges), $this->firewallName);
|
||||||
|
|
||||||
// authenticate this in the system
|
// authenticate this in the system
|
||||||
return $this->handleAuthenticationSuccess($token, $passport, $request, $authenticator);
|
return $this->handleAuthenticationSuccess($token, $passport, $request, $authenticator);
|
||||||
@ -77,27 +77,27 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
public function supports(Request $request): ?bool
|
public function supports(Request $request): ?bool
|
||||||
{
|
{
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$context = ['firewall_key' => $this->providerKey];
|
$context = ['firewall_key' => $this->firewallName];
|
||||||
|
|
||||||
if ($this->authenticators instanceof \Countable || \is_array($this->authenticators)) {
|
if ($this->authenticators instanceof \Countable || \is_array($this->authenticators)) {
|
||||||
$context['authenticators'] = \count($this->authenticators);
|
$context['authenticators'] = \count($this->authenticators);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->logger->debug('Checking for guard authentication credentials.', $context);
|
$this->logger->debug('Checking for authenticator support.', $context);
|
||||||
}
|
}
|
||||||
|
|
||||||
$authenticators = [];
|
$authenticators = [];
|
||||||
$lazy = true;
|
$lazy = true;
|
||||||
foreach ($this->authenticators as $key => $authenticator) {
|
foreach ($this->authenticators as $authenticator) {
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug('Checking support on authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]);
|
$this->logger->debug('Checking support on authenticator.', ['firewall_key' => $this->firewallName, 'authenticator' => \get_class($authenticator)]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (false !== $supports = $authenticator->supports($request)) {
|
if (false !== $supports = $authenticator->supports($request)) {
|
||||||
$authenticators[$key] = $authenticator;
|
$authenticators[] = $authenticator;
|
||||||
$lazy = $lazy && null === $supports;
|
$lazy = $lazy && null === $supports;
|
||||||
} elseif (null !== $this->logger) {
|
} elseif (null !== $this->logger) {
|
||||||
$this->logger->debug('Authenticator does not support the request.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]);
|
$this->logger->debug('Authenticator does not support the request.', ['firewall_key' => $this->firewallName, 'authenticator' => \get_class($authenticator)]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,15 +105,15 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$request->attributes->set('_guard_authenticators', $authenticators);
|
$request->attributes->set('_security_authenticators', $authenticators);
|
||||||
|
|
||||||
return $lazy ? null : true;
|
return $lazy ? null : true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authenticateRequest(Request $request): ?Response
|
public function authenticateRequest(Request $request): ?Response
|
||||||
{
|
{
|
||||||
$authenticators = $request->attributes->get('_guard_authenticators');
|
$authenticators = $request->attributes->get('_security_authenticators');
|
||||||
$request->attributes->remove('_guard_authenticators');
|
$request->attributes->remove('_security_authenticators');
|
||||||
if (!$authenticators) {
|
if (!$authenticators) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -126,8 +126,8 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
*/
|
*/
|
||||||
private function executeAuthenticators(array $authenticators, Request $request): ?Response
|
private function executeAuthenticators(array $authenticators, Request $request): ?Response
|
||||||
{
|
{
|
||||||
foreach ($authenticators as $key => $authenticator) {
|
foreach ($authenticators as $authenticator) {
|
||||||
// recheck if the authenticator still supports the listener. support() is called
|
// recheck if the authenticator still supports the listener. supports() is called
|
||||||
// eagerly (before token storage is initialized), whereas authenticate() is called
|
// eagerly (before token storage is initialized), whereas authenticate() is called
|
||||||
// lazily (after initialization). This is important for e.g. the AnonymousAuthenticator
|
// lazily (after initialization). This is important for e.g. the AnonymousAuthenticator
|
||||||
// as its support is relying on the (initialized) token in the TokenStorage.
|
// as its support is relying on the (initialized) token in the TokenStorage.
|
||||||
@ -135,6 +135,7 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug('Skipping the "{authenticator}" authenticator as it did not support the request.', ['authenticator' => \get_class($authenticator)]);
|
$this->logger->debug('Skipping the "{authenticator}" authenticator as it did not support the request.', ['authenticator' => \get_class($authenticator)]);
|
||||||
}
|
}
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -165,7 +166,7 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
$passport->checkIfCompletelyResolved();
|
$passport->checkIfCompletelyResolved();
|
||||||
|
|
||||||
// create the authenticated token
|
// create the authenticated token
|
||||||
$authenticatedToken = $authenticator->createAuthenticatedToken($passport, $this->providerKey);
|
$authenticatedToken = $authenticator->createAuthenticatedToken($passport, $this->firewallName);
|
||||||
if (true === $this->eraseCredentials) {
|
if (true === $this->eraseCredentials) {
|
||||||
$authenticatedToken->eraseCredentials();
|
$authenticatedToken->eraseCredentials();
|
||||||
}
|
}
|
||||||
@ -204,7 +205,7 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
{
|
{
|
||||||
$this->tokenStorage->setToken($authenticatedToken);
|
$this->tokenStorage->setToken($authenticatedToken);
|
||||||
|
|
||||||
$response = $authenticator->onAuthenticationSuccess($request, $authenticatedToken, $this->providerKey);
|
$response = $authenticator->onAuthenticationSuccess($request, $authenticatedToken, $this->firewallName);
|
||||||
if ($authenticator instanceof InteractiveAuthenticatorInterface && $authenticator->isInteractive()) {
|
if ($authenticator instanceof InteractiveAuthenticatorInterface && $authenticator->isInteractive()) {
|
||||||
$loginEvent = new InteractiveLoginEvent($request, $authenticatedToken);
|
$loginEvent = new InteractiveLoginEvent($request, $authenticatedToken);
|
||||||
$this->eventDispatcher->dispatch($loginEvent, SecurityEvents::INTERACTIVE_LOGIN);
|
$this->eventDispatcher->dispatch($loginEvent, SecurityEvents::INTERACTIVE_LOGIN);
|
||||||
@ -233,7 +234,7 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
|
|||||||
$this->logger->debug('The "{authenticator}" authenticator set the failure response.', ['authenticator' => \get_class($authenticator)]);
|
$this->logger->debug('The "{authenticator}" authenticator set the failure response.', ['authenticator' => \get_class($authenticator)]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->eventDispatcher->dispatch($loginFailureEvent = new LoginFailureEvent($authenticationException, $authenticator, $request, $response, $this->providerKey));
|
$this->eventDispatcher->dispatch($loginFailureEvent = new LoginFailureEvent($authenticationException, $authenticator, $request, $response, $this->firewallName));
|
||||||
|
|
||||||
// returning null is ok, it means they want the request to continue
|
// returning null is ok, it means they want the request to continue
|
||||||
return $loginFailureEvent->getResponse();
|
return $loginFailureEvent->getResponse();
|
||||||
|
|||||||
@ -32,12 +32,12 @@ abstract class AbstractAuthenticator implements AuthenticatorInterface
|
|||||||
*
|
*
|
||||||
* @return PostAuthenticationToken
|
* @return PostAuthenticationToken
|
||||||
*/
|
*/
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, string $providerKey): TokenInterface
|
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
|
||||||
{
|
{
|
||||||
if (!$passport instanceof UserPassportInterface) {
|
if (!$passport instanceof UserPassportInterface) {
|
||||||
throw new LogicException(sprintf('Passport does not contain a user, overwrite "createAuthenticatedToken()" in "%s" to create a custom authenticated token.', \get_class($this)));
|
throw new LogicException(sprintf('Passport does not contain a user, overwrite "createAuthenticatedToken()" in "%s" to create a custom authenticated token.', \get_class($this)));
|
||||||
}
|
}
|
||||||
|
|
||||||
return new PostAuthenticationToken($passport->getUser(), $providerKey, $passport->getUser()->getRoles());
|
return new PostAuthenticationToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,12 +92,12 @@ abstract class AbstractPreAuthenticatedAuthenticator implements InteractiveAuthe
|
|||||||
return new SelfValidatingPassport($user, [new PreAuthenticatedUserBadge()]);
|
return new SelfValidatingPassport($user, [new PreAuthenticatedUserBadge()]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, string $providerKey): TokenInterface
|
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
|
||||||
{
|
{
|
||||||
return new PreAuthenticatedToken($passport->getUser(), null, $providerKey, $passport->getUser()->getRoles());
|
return new PreAuthenticatedToken($passport->getUser(), null, $firewallName, $passport->getUser()->getRoles());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
|
||||||
{
|
{
|
||||||
return null; // let the original request continue
|
return null; // let the original request continue
|
||||||
}
|
}
|
||||||
|
|||||||
@ -50,12 +50,12 @@ class AnonymousAuthenticator implements AuthenticatorInterface
|
|||||||
return new AnonymousPassport();
|
return new AnonymousPassport();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, string $providerKey): TokenInterface
|
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
|
||||||
{
|
{
|
||||||
return new AnonymousToken($this->secret, 'anon.', []);
|
return new AnonymousToken($this->secret, 'anon.', []);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
|
||||||
{
|
{
|
||||||
return null; // let the original request continue
|
return null; // let the original request continue
|
||||||
}
|
}
|
||||||
|
|||||||
@ -63,7 +63,7 @@ interface AuthenticatorInterface
|
|||||||
*
|
*
|
||||||
* @param PassportInterface $passport The passport returned from authenticate()
|
* @param PassportInterface $passport The passport returned from authenticate()
|
||||||
*/
|
*/
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, string $providerKey): TokenInterface;
|
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Called when authentication executed and was successful!
|
* Called when authentication executed and was successful!
|
||||||
@ -74,7 +74,7 @@ interface AuthenticatorInterface
|
|||||||
* If you return null, the current request will continue, and the user
|
* If you return null, the current request will continue, and the user
|
||||||
* will be authenticated. This makes sense, for example, with an API.
|
* will be authenticated. This makes sense, for example, with an API.
|
||||||
*/
|
*/
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response;
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Called when authentication executed, but failed (e.g. wrong username password).
|
* Called when authentication executed, but failed (e.g. wrong username password).
|
||||||
|
|||||||
@ -100,12 +100,12 @@ class FormLoginAuthenticator extends AbstractLoginFormAuthenticator
|
|||||||
/**
|
/**
|
||||||
* @param Passport $passport
|
* @param Passport $passport
|
||||||
*/
|
*/
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, $providerKey): TokenInterface
|
public function createAuthenticatedToken(PassportInterface $passport, $firewallName): TokenInterface
|
||||||
{
|
{
|
||||||
return new UsernamePasswordToken($passport->getUser(), null, $providerKey, $passport->getUser()->getRoles());
|
return new UsernamePasswordToken($passport->getUser(), null, $firewallName, $passport->getUser()->getRoles());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
|
||||||
{
|
{
|
||||||
return $this->successHandler->onAuthenticationSuccess($request, $token);
|
return $this->successHandler->onAuthenticationSuccess($request, $token);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -82,12 +82,12 @@ class HttpBasicAuthenticator implements AuthenticatorInterface, AuthenticationEn
|
|||||||
/**
|
/**
|
||||||
* @param Passport $passport
|
* @param Passport $passport
|
||||||
*/
|
*/
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, $providerKey): TokenInterface
|
public function createAuthenticatedToken(PassportInterface $passport, $firewallName): TokenInterface
|
||||||
{
|
{
|
||||||
return new UsernamePasswordToken($passport->getUser(), null, $providerKey, $passport->getUser()->getRoles());
|
return new UsernamePasswordToken($passport->getUser(), null, $firewallName, $passport->getUser()->getRoles());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $firewallName): ?Response
|
||||||
{
|
{
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -93,12 +93,12 @@ class JsonLoginAuthenticator implements InteractiveAuthenticatorInterface
|
|||||||
return $passport;
|
return $passport;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, string $providerKey): TokenInterface
|
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
|
||||||
{
|
{
|
||||||
return new UsernamePasswordToken($passport->getUser(), null, $providerKey, $passport->getUser()->getRoles());
|
return new UsernamePasswordToken($passport->getUser(), null, $firewallName, $passport->getUser()->getRoles());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
|
||||||
{
|
{
|
||||||
if (null === $this->successHandler) {
|
if (null === $this->successHandler) {
|
||||||
return null; // let the original request continue
|
return null; // let the original request continue
|
||||||
|
|||||||
@ -76,12 +76,12 @@ class RememberMeAuthenticator implements InteractiveAuthenticatorInterface
|
|||||||
return new SelfValidatingPassport($token->getUser());
|
return new SelfValidatingPassport($token->getUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function createAuthenticatedToken(PassportInterface $passport, string $providerKey): TokenInterface
|
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
|
||||||
{
|
{
|
||||||
return new RememberMeToken($passport->getUser(), $providerKey, $this->secret);
|
return new RememberMeToken($passport->getUser(), $firewallName, $this->secret);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
|
||||||
{
|
{
|
||||||
return null; // let the original request continue
|
return null; // let the original request continue
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,24 +7,23 @@ use Symfony\Component\Security\Core\User\UserInterface;
|
|||||||
|
|
||||||
class PostAuthenticationToken extends AbstractToken
|
class PostAuthenticationToken extends AbstractToken
|
||||||
{
|
{
|
||||||
private $providerKey;
|
private $firewallName;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $providerKey The provider (firewall) key
|
* @param string[] $roles An array of roles
|
||||||
* @param string[] $roles An array of roles
|
|
||||||
*
|
*
|
||||||
* @throws \InvalidArgumentException
|
* @throws \InvalidArgumentException
|
||||||
*/
|
*/
|
||||||
public function __construct(UserInterface $user, string $providerKey, array $roles)
|
public function __construct(UserInterface $user, string $firewallName, array $roles)
|
||||||
{
|
{
|
||||||
parent::__construct($roles);
|
parent::__construct($roles);
|
||||||
|
|
||||||
if (empty($providerKey)) {
|
if (empty($firewallName)) {
|
||||||
throw new \InvalidArgumentException('$providerKey (i.e. firewall key) must not be empty.');
|
throw new \InvalidArgumentException('$firewallName must not be empty.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->setUser($user);
|
$this->setUser($user);
|
||||||
$this->providerKey = $providerKey;
|
$this->firewallName = $firewallName;
|
||||||
|
|
||||||
// this token is meant to be used after authentication success, so it is always authenticated
|
// this token is meant to be used after authentication success, so it is always authenticated
|
||||||
// you could set it as non authenticated later if you need to
|
// you could set it as non authenticated later if you need to
|
||||||
@ -42,14 +41,9 @@ class PostAuthenticationToken extends AbstractToken
|
|||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
public function getFirewallName(): string
|
||||||
* Returns the provider (firewall) key.
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getProviderKey()
|
|
||||||
{
|
{
|
||||||
return $this->providerKey;
|
return $this->firewallName;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -57,7 +51,7 @@ class PostAuthenticationToken extends AbstractToken
|
|||||||
*/
|
*/
|
||||||
public function __serialize(): array
|
public function __serialize(): array
|
||||||
{
|
{
|
||||||
return [$this->providerKey, parent::__serialize()];
|
return [$this->firewallName, parent::__serialize()];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -65,7 +59,7 @@ class PostAuthenticationToken extends AbstractToken
|
|||||||
*/
|
*/
|
||||||
public function __unserialize(array $data): void
|
public function __unserialize(array $data): void
|
||||||
{
|
{
|
||||||
[$this->providerKey, $parentData] = $data;
|
[$this->firewallName, $parentData] = $data;
|
||||||
parent::__unserialize($parentData);
|
parent::__unserialize($parentData);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,15 +22,15 @@ class LoginFailureEvent extends Event
|
|||||||
private $authenticator;
|
private $authenticator;
|
||||||
private $request;
|
private $request;
|
||||||
private $response;
|
private $response;
|
||||||
private $providerKey;
|
private $firewallName;
|
||||||
|
|
||||||
public function __construct(AuthenticationException $exception, AuthenticatorInterface $authenticator, Request $request, ?Response $response, string $providerKey)
|
public function __construct(AuthenticationException $exception, AuthenticatorInterface $authenticator, Request $request, ?Response $response, string $firewallName)
|
||||||
{
|
{
|
||||||
$this->exception = $exception;
|
$this->exception = $exception;
|
||||||
$this->authenticator = $authenticator;
|
$this->authenticator = $authenticator;
|
||||||
$this->request = $request;
|
$this->request = $request;
|
||||||
$this->response = $response;
|
$this->response = $response;
|
||||||
$this->providerKey = $providerKey;
|
$this->firewallName = $firewallName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getException(): AuthenticationException
|
public function getException(): AuthenticationException
|
||||||
@ -43,9 +43,9 @@ class LoginFailureEvent extends Event
|
|||||||
return $this->authenticator;
|
return $this->authenticator;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getProviderKey(): string
|
public function getFirewallName(): string
|
||||||
{
|
{
|
||||||
return $this->providerKey;
|
return $this->firewallName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getRequest(): Request
|
public function getRequest(): Request
|
||||||
|
|||||||
@ -31,14 +31,14 @@ class LoginSuccessEvent extends Event
|
|||||||
private $response;
|
private $response;
|
||||||
private $providerKey;
|
private $providerKey;
|
||||||
|
|
||||||
public function __construct(AuthenticatorInterface $authenticator, PassportInterface $passport, TokenInterface $authenticatedToken, Request $request, ?Response $response, string $providerKey)
|
public function __construct(AuthenticatorInterface $authenticator, PassportInterface $passport, TokenInterface $authenticatedToken, Request $request, ?Response $response, string $firewallName)
|
||||||
{
|
{
|
||||||
$this->authenticator = $authenticator;
|
$this->authenticator = $authenticator;
|
||||||
$this->passport = $passport;
|
$this->passport = $passport;
|
||||||
$this->authenticatedToken = $authenticatedToken;
|
$this->authenticatedToken = $authenticatedToken;
|
||||||
$this->request = $request;
|
$this->request = $request;
|
||||||
$this->response = $response;
|
$this->response = $response;
|
||||||
$this->providerKey = $providerKey;
|
$this->providerKey = $firewallName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getAuthenticator(): AuthenticatorInterface
|
public function getAuthenticator(): AuthenticatorInterface
|
||||||
@ -70,7 +70,7 @@ class LoginSuccessEvent extends Event
|
|||||||
return $this->request;
|
return $this->request;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getProviderKey(): string
|
public function getFirewallName(): string
|
||||||
{
|
{
|
||||||
return $this->providerKey;
|
return $this->providerKey;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -73,7 +73,7 @@ class AuthenticatorManagerTest extends TestCase
|
|||||||
// means support changed between calling supports() and authenticateRequest()
|
// means support changed between calling supports() and authenticateRequest()
|
||||||
// (which is the case with lazy firewalls and e.g. the AnonymousAuthenticator)
|
// (which is the case with lazy firewalls and e.g. the AnonymousAuthenticator)
|
||||||
$authenticator = $this->createAuthenticator(false);
|
$authenticator = $this->createAuthenticator(false);
|
||||||
$this->request->attributes->set('_guard_authenticators', [$authenticator]);
|
$this->request->attributes->set('_security_authenticators', [$authenticator]);
|
||||||
|
|
||||||
$authenticator->expects($this->never())->method('authenticate');
|
$authenticator->expects($this->never())->method('authenticate');
|
||||||
|
|
||||||
@ -87,7 +87,7 @@ class AuthenticatorManagerTest extends TestCase
|
|||||||
public function testAuthenticateRequest($matchingAuthenticatorIndex)
|
public function testAuthenticateRequest($matchingAuthenticatorIndex)
|
||||||
{
|
{
|
||||||
$authenticators = [$this->createAuthenticator(0 === $matchingAuthenticatorIndex), $this->createAuthenticator(1 === $matchingAuthenticatorIndex)];
|
$authenticators = [$this->createAuthenticator(0 === $matchingAuthenticatorIndex), $this->createAuthenticator(1 === $matchingAuthenticatorIndex)];
|
||||||
$this->request->attributes->set('_guard_authenticators', $authenticators);
|
$this->request->attributes->set('_security_authenticators', $authenticators);
|
||||||
$matchingAuthenticator = $authenticators[$matchingAuthenticatorIndex];
|
$matchingAuthenticator = $authenticators[$matchingAuthenticatorIndex];
|
||||||
|
|
||||||
$authenticators[($matchingAuthenticatorIndex + 1) % 2]->expects($this->never())->method('authenticate');
|
$authenticators[($matchingAuthenticatorIndex + 1) % 2]->expects($this->never())->method('authenticate');
|
||||||
@ -118,7 +118,7 @@ class AuthenticatorManagerTest extends TestCase
|
|||||||
public function testNoCredentialsValidated()
|
public function testNoCredentialsValidated()
|
||||||
{
|
{
|
||||||
$authenticator = $this->createAuthenticator();
|
$authenticator = $this->createAuthenticator();
|
||||||
$this->request->attributes->set('_guard_authenticators', [$authenticator]);
|
$this->request->attributes->set('_security_authenticators', [$authenticator]);
|
||||||
|
|
||||||
$authenticator->expects($this->any())->method('authenticate')->willReturn(new Passport($this->user, new PasswordCredentials('pass')));
|
$authenticator->expects($this->any())->method('authenticate')->willReturn(new Passport($this->user, new PasswordCredentials('pass')));
|
||||||
|
|
||||||
@ -136,7 +136,7 @@ class AuthenticatorManagerTest extends TestCase
|
|||||||
public function testEraseCredentials($eraseCredentials)
|
public function testEraseCredentials($eraseCredentials)
|
||||||
{
|
{
|
||||||
$authenticator = $this->createAuthenticator();
|
$authenticator = $this->createAuthenticator();
|
||||||
$this->request->attributes->set('_guard_authenticators', [$authenticator]);
|
$this->request->attributes->set('_security_authenticators', [$authenticator]);
|
||||||
|
|
||||||
$authenticator->expects($this->any())->method('authenticate')->willReturn(new SelfValidatingPassport($this->user));
|
$authenticator->expects($this->any())->method('authenticate')->willReturn(new SelfValidatingPassport($this->user));
|
||||||
|
|
||||||
@ -170,7 +170,7 @@ class AuthenticatorManagerTest extends TestCase
|
|||||||
{
|
{
|
||||||
$authenticator = $this->createMock(InteractiveAuthenticatorInterface::class);
|
$authenticator = $this->createMock(InteractiveAuthenticatorInterface::class);
|
||||||
$authenticator->expects($this->any())->method('isInteractive')->willReturn(true);
|
$authenticator->expects($this->any())->method('isInteractive')->willReturn(true);
|
||||||
$this->request->attributes->set('_guard_authenticators', [$authenticator]);
|
$this->request->attributes->set('_security_authenticators', [$authenticator]);
|
||||||
|
|
||||||
$authenticator->expects($this->any())->method('authenticate')->willReturn(new SelfValidatingPassport($this->user));
|
$authenticator->expects($this->any())->method('authenticate')->willReturn(new SelfValidatingPassport($this->user));
|
||||||
$authenticator->expects($this->any())->method('createAuthenticatedToken')->willReturn($this->token);
|
$authenticator->expects($this->any())->method('createAuthenticatedToken')->willReturn($this->token);
|
||||||
|
|||||||
Reference in New Issue
Block a user