diff --git a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php index 5ac7935f31..022538731d 100644 --- a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php +++ b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php @@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Guard\AuthenticatorInterface; use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; -use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken as GuardPreAuthenticationGuardToken; +use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; use Symfony\Component\Security\Http\Firewall\AbstractListener; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; @@ -37,7 +37,7 @@ class GuardAuthenticationListener extends AbstractListener private $guardHandler; private $authenticationManager; private $providerKey; - private $authenticators; + private $guardAuthenticators; private $logger; private $rememberMeServices; @@ -54,7 +54,7 @@ class GuardAuthenticationListener extends AbstractListener $this->guardHandler = $guardHandler; $this->authenticationManager = $authenticationManager; $this->providerKey = $providerKey; - $this->authenticators = $guardAuthenticators; + $this->guardAuthenticators = $guardAuthenticators; $this->logger = $logger; } @@ -66,23 +66,24 @@ class GuardAuthenticationListener extends AbstractListener if (null !== $this->logger) { $context = ['firewall_key' => $this->providerKey]; - if ($this->authenticators instanceof \Countable || \is_array($this->authenticators)) { - $context['authenticators'] = \count($this->authenticators); + if ($this->guardAuthenticators instanceof \Countable || \is_array($this->guardAuthenticators)) { + $context['authenticators'] = \count($this->guardAuthenticators); } $this->logger->debug('Checking for guard authentication credentials.', $context); } $guardAuthenticators = []; - foreach ($this->authenticators as $key => $authenticator) { + + foreach ($this->guardAuthenticators as $key => $guardAuthenticator) { if (null !== $this->logger) { - $this->logger->debug('Checking support on authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]); + $this->logger->debug('Checking support on guard authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); } - if ($authenticator->supports($request)) { - $guardAuthenticators[$key] = $authenticator; + if ($guardAuthenticator->supports($request)) { + $guardAuthenticators[$key] = $guardAuthenticator; } elseif (null !== $this->logger) { - $this->logger->debug('Authenticator does not support the request.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]); + $this->logger->debug('Guard authenticator does not support the request.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); } } @@ -104,23 +105,9 @@ class GuardAuthenticationListener extends AbstractListener $guardAuthenticators = $request->attributes->get('_guard_authenticators'); $request->attributes->remove('_guard_authenticators'); - $this->executeGuardAuthenticators($guardAuthenticators, $event); - } - - /** - * Should be called if this listener will support remember me. - */ - public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices) - { - $this->rememberMeServices = $rememberMeServices; - } - - /** - * @param AuthenticatorInterface[] $guardAuthenticators - */ - protected function executeGuardAuthenticators(array $guardAuthenticators, RequestEvent $event): void - { foreach ($guardAuthenticators as $key => $guardAuthenticator) { + // get a key that's unique to *this* guard authenticator + // this MUST be the same as GuardAuthenticationProvider $uniqueGuardKey = $this->providerKey.'_'.$key; $this->executeGuardAuthenticator($uniqueGuardKey, $guardAuthenticator, $event); @@ -151,7 +138,7 @@ class GuardAuthenticationListener extends AbstractListener } // create a token with the unique key, so that the provider knows which authenticator to use - $token = new GuardPreAuthenticationGuardToken($credentials, $uniqueGuardKey, $this->providerKey); + $token = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey); if (null !== $this->logger) { $this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]); @@ -200,12 +187,20 @@ class GuardAuthenticationListener extends AbstractListener $this->triggerRememberMe($guardAuthenticator, $request, $token, $response); } - protected function triggerRememberMe($guardAuthenticator, Request $request, TokenInterface $token, Response $response = null) + /** + * Should be called if this listener will support remember me. + */ + public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices) { - if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof CoreAuthenticatorInterface) { - throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.'); - } + $this->rememberMeServices = $rememberMeServices; + } + /** + * Checks to see if remember me is supported in the authenticator and + * on the firewall. If it is, the RememberMeServicesInterface is notified. + */ + private function triggerRememberMe(AuthenticatorInterface $guardAuthenticator, Request $request, TokenInterface $token, Response $response = null) + { if (null === $this->rememberMeServices) { if (null !== $this->logger) { $this->logger->debug('Remember me skipped: it is not configured for the firewall.', ['authenticator' => \get_class($guardAuthenticator)]); diff --git a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php index 0f8287ccc2..7e9258a9c5 100644 --- a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php @@ -26,7 +26,6 @@ use Symfony\Component\Security\Guard\AuthenticatorInterface; use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; use Symfony\Component\Security\Guard\Token\GuardTokenInterface; use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; -use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; /** * Responsible for accepting the PreAuthenticationGuardToken and calling @@ -39,12 +38,11 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface /** * @var AuthenticatorInterface[] */ - private $authenticators; + private $guardAuthenticators; private $userProvider; private $providerKey; private $userChecker; private $passwordEncoder; - private $rememberMeServices; /** * @param iterable|AuthenticatorInterface[] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationListener @@ -52,7 +50,7 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface */ public function __construct(iterable $guardAuthenticators, UserProviderInterface $userProvider, string $providerKey, UserCheckerInterface $userChecker, UserPasswordEncoderInterface $passwordEncoder = null) { - $this->authenticators = $guardAuthenticators; + $this->guardAuthenticators = $guardAuthenticators; $this->userProvider = $userProvider; $this->providerKey = $providerKey; $this->userChecker = $userChecker; @@ -98,27 +96,14 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface throw new AuthenticationException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators of provider "%s".', $token->getGuardProviderKey(), $this->providerKey)); } - return $this->authenticateViaGuard($guardAuthenticator, $token, $this->providerKey); + return $this->authenticateViaGuard($guardAuthenticator, $token); } - public function supports(TokenInterface $token) - { - if ($token instanceof PreAuthenticationGuardToken) { - return null !== $this->findOriginatingAuthenticator($token); - } - - return $token instanceof GuardTokenInterface; - } - - public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices) - { - $this->rememberMeServices = $rememberMeServices; - } - - private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token, string $providerKey): TokenInterface + private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token): GuardTokenInterface { // get the user from the GuardAuthenticator $user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider); + if (null === $user) { throw new UsernameNotFoundException(sprintf('Null returned from "%s::getUser()".', get_debug_type($guardAuthenticator))); } @@ -135,14 +120,13 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface throw new BadCredentialsException(sprintf('Authentication failed because "%s::checkCredentials()" did not return true.', get_debug_type($guardAuthenticator))); } - if ($this->userProvider instanceof PasswordUpgraderInterface && $guardAuthenticator instanceof PasswordAuthenticatedInterface && null !== $this->passwordEncoder && (null !== $password = $guardAuthenticator->getPassword($token->getCredentials())) && method_exists($this->passwordEncoder, 'needsRehash') && $this->passwordEncoder->needsRehash($user)) { $this->userProvider->upgradePassword($user, $this->passwordEncoder->encodePassword($user, $password)); } $this->userChecker->checkPostAuth($user); // turn the UserInterface into a TokenInterface - $authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $providerKey); + $authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $this->providerKey); if (!$authenticatedToken instanceof TokenInterface) { throw new \UnexpectedValueException(sprintf('The "%s::createAuthenticatedToken()" method must return a TokenInterface. You returned "%s".', get_debug_type($guardAuthenticator), get_debug_type($authenticatedToken))); } @@ -152,18 +136,29 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface private function findOriginatingAuthenticator(PreAuthenticationGuardToken $token): ?AuthenticatorInterface { - // find the *one* Authenticator that this token originated from - foreach ($this->authenticators as $key => $authenticator) { - // get a key that's unique to *this* authenticator - // this MUST be the same as AuthenticatorManagerListener - $uniqueAuthenticatorKey = $this->providerKey.'_'.$key; + // find the *one* GuardAuthenticator that this token originated from + foreach ($this->guardAuthenticators as $key => $guardAuthenticator) { + // get a key that's unique to *this* guard authenticator + // this MUST be the same as GuardAuthenticationListener + $uniqueGuardKey = $this->providerKey.'_'.$key; - if ($uniqueAuthenticatorKey === $token->getGuardProviderKey()) { - return $authenticator; + if ($uniqueGuardKey === $token->getGuardProviderKey()) { + return $guardAuthenticator; } } - // no matching authenticator found + // no matching authenticator found - but there will be multiple GuardAuthenticationProvider + // instances that will be checked if you have multiple firewalls. + return null; } + + public function supports(TokenInterface $token) + { + if ($token instanceof PreAuthenticationGuardToken) { + return null !== $this->findOriginatingAuthenticator($token); + } + + return $token instanceof GuardTokenInterface; + } } diff --git a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php index 8c32d4b24f..c5e1c92b89 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php @@ -266,9 +266,7 @@ class GuardAuthenticationListenerTest extends TestCase ->disableOriginalConstructor() ->getMock(); - $this->guardAuthenticatorHandler = $this->getMockBuilder( - 'Symfony\Component\Security\Guard\GuardAuthenticatorHandler' - ) + $this->guardAuthenticatorHandler = $this->getMockBuilder('Symfony\Component\Security\Guard\GuardAuthenticatorHandler') ->disableOriginalConstructor() ->getMock(); diff --git a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php index 477bf56622..b742046af0 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php @@ -170,9 +170,7 @@ class GuardAuthenticationProviderTest extends TestCase { $this->userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock(); $this->userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock(); - $this->preAuthenticationToken = $this->getMockBuilder( - 'Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken' - ) + $this->preAuthenticationToken = $this->getMockBuilder('Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken') ->disableOriginalConstructor() ->getMock(); } diff --git a/src/Symfony/Component/Security/Guard/composer.json b/src/Symfony/Component/Security/Guard/composer.json index f129233640..1b2337f829 100644 --- a/src/Symfony/Component/Security/Guard/composer.json +++ b/src/Symfony/Component/Security/Guard/composer.json @@ -17,7 +17,7 @@ ], "require": { "php": "^7.2.5", - "symfony/security-core": "^5.1", + "symfony/security-core": "^5.0", "symfony/security-http": "^4.4.1|^5.0.1", "symfony/polyfill-php80": "^1.15" },