Reverted changes to the Guard component
This commit is contained in:
parent
ba3754a80f
commit
f5e11e5f32
@ -20,7 +20,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
||||||
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
|
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
|
||||||
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken as GuardPreAuthenticationGuardToken;
|
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
||||||
use Symfony\Component\Security\Http\Firewall\AbstractListener;
|
use Symfony\Component\Security\Http\Firewall\AbstractListener;
|
||||||
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
|
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
|
||||||
|
|
||||||
@ -37,7 +37,7 @@ class GuardAuthenticationListener extends AbstractListener
|
|||||||
private $guardHandler;
|
private $guardHandler;
|
||||||
private $authenticationManager;
|
private $authenticationManager;
|
||||||
private $providerKey;
|
private $providerKey;
|
||||||
private $authenticators;
|
private $guardAuthenticators;
|
||||||
private $logger;
|
private $logger;
|
||||||
private $rememberMeServices;
|
private $rememberMeServices;
|
||||||
|
|
||||||
@ -54,7 +54,7 @@ class GuardAuthenticationListener extends AbstractListener
|
|||||||
$this->guardHandler = $guardHandler;
|
$this->guardHandler = $guardHandler;
|
||||||
$this->authenticationManager = $authenticationManager;
|
$this->authenticationManager = $authenticationManager;
|
||||||
$this->providerKey = $providerKey;
|
$this->providerKey = $providerKey;
|
||||||
$this->authenticators = $guardAuthenticators;
|
$this->guardAuthenticators = $guardAuthenticators;
|
||||||
$this->logger = $logger;
|
$this->logger = $logger;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -66,23 +66,24 @@ class GuardAuthenticationListener extends AbstractListener
|
|||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$context = ['firewall_key' => $this->providerKey];
|
$context = ['firewall_key' => $this->providerKey];
|
||||||
|
|
||||||
if ($this->authenticators instanceof \Countable || \is_array($this->authenticators)) {
|
if ($this->guardAuthenticators instanceof \Countable || \is_array($this->guardAuthenticators)) {
|
||||||
$context['authenticators'] = \count($this->authenticators);
|
$context['authenticators'] = \count($this->guardAuthenticators);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->logger->debug('Checking for guard authentication credentials.', $context);
|
$this->logger->debug('Checking for guard authentication credentials.', $context);
|
||||||
}
|
}
|
||||||
|
|
||||||
$guardAuthenticators = [];
|
$guardAuthenticators = [];
|
||||||
foreach ($this->authenticators as $key => $authenticator) {
|
|
||||||
|
foreach ($this->guardAuthenticators as $key => $guardAuthenticator) {
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug('Checking support on authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]);
|
$this->logger->debug('Checking support on guard authenticator.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($authenticator->supports($request)) {
|
if ($guardAuthenticator->supports($request)) {
|
||||||
$guardAuthenticators[$key] = $authenticator;
|
$guardAuthenticators[$key] = $guardAuthenticator;
|
||||||
} elseif (null !== $this->logger) {
|
} elseif (null !== $this->logger) {
|
||||||
$this->logger->debug('Authenticator does not support the request.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($authenticator)]);
|
$this->logger->debug('Guard authenticator does not support the request.', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -104,23 +105,9 @@ class GuardAuthenticationListener extends AbstractListener
|
|||||||
$guardAuthenticators = $request->attributes->get('_guard_authenticators');
|
$guardAuthenticators = $request->attributes->get('_guard_authenticators');
|
||||||
$request->attributes->remove('_guard_authenticators');
|
$request->attributes->remove('_guard_authenticators');
|
||||||
|
|
||||||
$this->executeGuardAuthenticators($guardAuthenticators, $event);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Should be called if this listener will support remember me.
|
|
||||||
*/
|
|
||||||
public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices)
|
|
||||||
{
|
|
||||||
$this->rememberMeServices = $rememberMeServices;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param AuthenticatorInterface[] $guardAuthenticators
|
|
||||||
*/
|
|
||||||
protected function executeGuardAuthenticators(array $guardAuthenticators, RequestEvent $event): void
|
|
||||||
{
|
|
||||||
foreach ($guardAuthenticators as $key => $guardAuthenticator) {
|
foreach ($guardAuthenticators as $key => $guardAuthenticator) {
|
||||||
|
// get a key that's unique to *this* guard authenticator
|
||||||
|
// this MUST be the same as GuardAuthenticationProvider
|
||||||
$uniqueGuardKey = $this->providerKey.'_'.$key;
|
$uniqueGuardKey = $this->providerKey.'_'.$key;
|
||||||
|
|
||||||
$this->executeGuardAuthenticator($uniqueGuardKey, $guardAuthenticator, $event);
|
$this->executeGuardAuthenticator($uniqueGuardKey, $guardAuthenticator, $event);
|
||||||
@ -151,7 +138,7 @@ class GuardAuthenticationListener extends AbstractListener
|
|||||||
}
|
}
|
||||||
|
|
||||||
// create a token with the unique key, so that the provider knows which authenticator to use
|
// create a token with the unique key, so that the provider knows which authenticator to use
|
||||||
$token = new GuardPreAuthenticationGuardToken($credentials, $uniqueGuardKey, $this->providerKey);
|
$token = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey);
|
||||||
|
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]);
|
$this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]);
|
||||||
@ -200,12 +187,20 @@ class GuardAuthenticationListener extends AbstractListener
|
|||||||
$this->triggerRememberMe($guardAuthenticator, $request, $token, $response);
|
$this->triggerRememberMe($guardAuthenticator, $request, $token, $response);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function triggerRememberMe($guardAuthenticator, Request $request, TokenInterface $token, Response $response = null)
|
/**
|
||||||
|
* Should be called if this listener will support remember me.
|
||||||
|
*/
|
||||||
|
public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices)
|
||||||
{
|
{
|
||||||
if (!$guardAuthenticator instanceof AuthenticatorInterface && !$guardAuthenticator instanceof CoreAuthenticatorInterface) {
|
$this->rememberMeServices = $rememberMeServices;
|
||||||
throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks to see if remember me is supported in the authenticator and
|
||||||
|
* on the firewall. If it is, the RememberMeServicesInterface is notified.
|
||||||
|
*/
|
||||||
|
private function triggerRememberMe(AuthenticatorInterface $guardAuthenticator, Request $request, TokenInterface $token, Response $response = null)
|
||||||
|
{
|
||||||
if (null === $this->rememberMeServices) {
|
if (null === $this->rememberMeServices) {
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug('Remember me skipped: it is not configured for the firewall.', ['authenticator' => \get_class($guardAuthenticator)]);
|
$this->logger->debug('Remember me skipped: it is not configured for the firewall.', ['authenticator' => \get_class($guardAuthenticator)]);
|
||||||
|
@ -26,7 +26,6 @@ use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
|||||||
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
|
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
|
||||||
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
||||||
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
|
||||||
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Responsible for accepting the PreAuthenticationGuardToken and calling
|
* Responsible for accepting the PreAuthenticationGuardToken and calling
|
||||||
@ -39,12 +38,11 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
|
|||||||
/**
|
/**
|
||||||
* @var AuthenticatorInterface[]
|
* @var AuthenticatorInterface[]
|
||||||
*/
|
*/
|
||||||
private $authenticators;
|
private $guardAuthenticators;
|
||||||
private $userProvider;
|
private $userProvider;
|
||||||
private $providerKey;
|
private $providerKey;
|
||||||
private $userChecker;
|
private $userChecker;
|
||||||
private $passwordEncoder;
|
private $passwordEncoder;
|
||||||
private $rememberMeServices;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param iterable|AuthenticatorInterface[] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationListener
|
* @param iterable|AuthenticatorInterface[] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationListener
|
||||||
@ -52,7 +50,7 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
|
|||||||
*/
|
*/
|
||||||
public function __construct(iterable $guardAuthenticators, UserProviderInterface $userProvider, string $providerKey, UserCheckerInterface $userChecker, UserPasswordEncoderInterface $passwordEncoder = null)
|
public function __construct(iterable $guardAuthenticators, UserProviderInterface $userProvider, string $providerKey, UserCheckerInterface $userChecker, UserPasswordEncoderInterface $passwordEncoder = null)
|
||||||
{
|
{
|
||||||
$this->authenticators = $guardAuthenticators;
|
$this->guardAuthenticators = $guardAuthenticators;
|
||||||
$this->userProvider = $userProvider;
|
$this->userProvider = $userProvider;
|
||||||
$this->providerKey = $providerKey;
|
$this->providerKey = $providerKey;
|
||||||
$this->userChecker = $userChecker;
|
$this->userChecker = $userChecker;
|
||||||
@ -98,27 +96,14 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
|
|||||||
throw new AuthenticationException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators of provider "%s".', $token->getGuardProviderKey(), $this->providerKey));
|
throw new AuthenticationException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators of provider "%s".', $token->getGuardProviderKey(), $this->providerKey));
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->authenticateViaGuard($guardAuthenticator, $token, $this->providerKey);
|
return $this->authenticateViaGuard($guardAuthenticator, $token);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function supports(TokenInterface $token)
|
private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token): GuardTokenInterface
|
||||||
{
|
|
||||||
if ($token instanceof PreAuthenticationGuardToken) {
|
|
||||||
return null !== $this->findOriginatingAuthenticator($token);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $token instanceof GuardTokenInterface;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices)
|
|
||||||
{
|
|
||||||
$this->rememberMeServices = $rememberMeServices;
|
|
||||||
}
|
|
||||||
|
|
||||||
private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token, string $providerKey): TokenInterface
|
|
||||||
{
|
{
|
||||||
// get the user from the GuardAuthenticator
|
// get the user from the GuardAuthenticator
|
||||||
$user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider);
|
$user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider);
|
||||||
|
|
||||||
if (null === $user) {
|
if (null === $user) {
|
||||||
throw new UsernameNotFoundException(sprintf('Null returned from "%s::getUser()".', get_debug_type($guardAuthenticator)));
|
throw new UsernameNotFoundException(sprintf('Null returned from "%s::getUser()".', get_debug_type($guardAuthenticator)));
|
||||||
}
|
}
|
||||||
@ -135,14 +120,13 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
|
|||||||
|
|
||||||
throw new BadCredentialsException(sprintf('Authentication failed because "%s::checkCredentials()" did not return true.', get_debug_type($guardAuthenticator)));
|
throw new BadCredentialsException(sprintf('Authentication failed because "%s::checkCredentials()" did not return true.', get_debug_type($guardAuthenticator)));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->userProvider instanceof PasswordUpgraderInterface && $guardAuthenticator instanceof PasswordAuthenticatedInterface && null !== $this->passwordEncoder && (null !== $password = $guardAuthenticator->getPassword($token->getCredentials())) && method_exists($this->passwordEncoder, 'needsRehash') && $this->passwordEncoder->needsRehash($user)) {
|
if ($this->userProvider instanceof PasswordUpgraderInterface && $guardAuthenticator instanceof PasswordAuthenticatedInterface && null !== $this->passwordEncoder && (null !== $password = $guardAuthenticator->getPassword($token->getCredentials())) && method_exists($this->passwordEncoder, 'needsRehash') && $this->passwordEncoder->needsRehash($user)) {
|
||||||
$this->userProvider->upgradePassword($user, $this->passwordEncoder->encodePassword($user, $password));
|
$this->userProvider->upgradePassword($user, $this->passwordEncoder->encodePassword($user, $password));
|
||||||
}
|
}
|
||||||
$this->userChecker->checkPostAuth($user);
|
$this->userChecker->checkPostAuth($user);
|
||||||
|
|
||||||
// turn the UserInterface into a TokenInterface
|
// turn the UserInterface into a TokenInterface
|
||||||
$authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $providerKey);
|
$authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $this->providerKey);
|
||||||
if (!$authenticatedToken instanceof TokenInterface) {
|
if (!$authenticatedToken instanceof TokenInterface) {
|
||||||
throw new \UnexpectedValueException(sprintf('The "%s::createAuthenticatedToken()" method must return a TokenInterface. You returned "%s".', get_debug_type($guardAuthenticator), get_debug_type($authenticatedToken)));
|
throw new \UnexpectedValueException(sprintf('The "%s::createAuthenticatedToken()" method must return a TokenInterface. You returned "%s".', get_debug_type($guardAuthenticator), get_debug_type($authenticatedToken)));
|
||||||
}
|
}
|
||||||
@ -152,18 +136,29 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
|
|||||||
|
|
||||||
private function findOriginatingAuthenticator(PreAuthenticationGuardToken $token): ?AuthenticatorInterface
|
private function findOriginatingAuthenticator(PreAuthenticationGuardToken $token): ?AuthenticatorInterface
|
||||||
{
|
{
|
||||||
// find the *one* Authenticator that this token originated from
|
// find the *one* GuardAuthenticator that this token originated from
|
||||||
foreach ($this->authenticators as $key => $authenticator) {
|
foreach ($this->guardAuthenticators as $key => $guardAuthenticator) {
|
||||||
// get a key that's unique to *this* authenticator
|
// get a key that's unique to *this* guard authenticator
|
||||||
// this MUST be the same as AuthenticatorManagerListener
|
// this MUST be the same as GuardAuthenticationListener
|
||||||
$uniqueAuthenticatorKey = $this->providerKey.'_'.$key;
|
$uniqueGuardKey = $this->providerKey.'_'.$key;
|
||||||
|
|
||||||
if ($uniqueAuthenticatorKey === $token->getGuardProviderKey()) {
|
if ($uniqueGuardKey === $token->getGuardProviderKey()) {
|
||||||
return $authenticator;
|
return $guardAuthenticator;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// no matching authenticator found
|
// no matching authenticator found - but there will be multiple GuardAuthenticationProvider
|
||||||
|
// instances that will be checked if you have multiple firewalls.
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function supports(TokenInterface $token)
|
||||||
|
{
|
||||||
|
if ($token instanceof PreAuthenticationGuardToken) {
|
||||||
|
return null !== $this->findOriginatingAuthenticator($token);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $token instanceof GuardTokenInterface;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -266,9 +266,7 @@ class GuardAuthenticationListenerTest extends TestCase
|
|||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
|
|
||||||
$this->guardAuthenticatorHandler = $this->getMockBuilder(
|
$this->guardAuthenticatorHandler = $this->getMockBuilder('Symfony\Component\Security\Guard\GuardAuthenticatorHandler')
|
||||||
'Symfony\Component\Security\Guard\GuardAuthenticatorHandler'
|
|
||||||
)
|
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
|
|
||||||
|
@ -170,9 +170,7 @@ class GuardAuthenticationProviderTest extends TestCase
|
|||||||
{
|
{
|
||||||
$this->userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
|
$this->userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
|
||||||
$this->userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
|
$this->userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
|
||||||
$this->preAuthenticationToken = $this->getMockBuilder(
|
$this->preAuthenticationToken = $this->getMockBuilder('Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken')
|
||||||
'Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken'
|
|
||||||
)
|
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
],
|
],
|
||||||
"require": {
|
"require": {
|
||||||
"php": "^7.2.5",
|
"php": "^7.2.5",
|
||||||
"symfony/security-core": "^5.1",
|
"symfony/security-core": "^5.0",
|
||||||
"symfony/security-http": "^4.4.1|^5.0.1",
|
"symfony/security-http": "^4.4.1|^5.0.1",
|
||||||
"symfony/polyfill-php80": "^1.15"
|
"symfony/polyfill-php80": "^1.15"
|
||||||
},
|
},
|
||||||
|
Reference in New Issue
Block a user