bug #26370 [Security] added userChecker to SimpleAuthenticationProvid…

…er (i3or1s) This PR was submitted for the 2.8 branch but it was squashed and merged into the 2.7 branch instead (closes #26370). Discussion ---------- [Security] added userChecker to SimpleAuthenticationProvider [Security] added userChecker to SimpleAuthenticationProvider [SecurityBundle] [DependencyInjection] updated SimpleFormFactory | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #26314 | License | MIT | Doc PR | no Introduces user checker to the simple authentication provider. Commits ------- cb9c92d [Security] added userChecker to SimpleAuthenticationProvider
symfony · Mar 19, 2018 · 7753282 · 7753282
2 parents bd49884 + cb9c92d
commit 7753282
Show file tree

Hide file tree

Showing 3 changed files with 102 additions and 4 deletions.
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
@@ -55,6 +55,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
             ->replaceArgument(0, new Reference($config['authenticator']))
             ->replaceArgument(1, new Reference($userProviderId))
             ->replaceArgument(2, $id)
+            ->replaceArgument(3, new Reference('security.user_checker.'.$id))
         ;
 
         return $provider;

diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Provider;
 
+use Symfony\Component\Security\Core\User\UserChecker;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
@@ -24,23 +26,29 @@ class SimpleAuthenticationProvider implements AuthenticationProviderInterface
     private $simpleAuthenticator;
     private $userProvider;
     private $providerKey;
+    private $userChecker;
 
-    public function __construct(SimpleAuthenticatorInterface $simpleAuthenticator, UserProviderInterface $userProvider, $providerKey)
+    public function __construct(SimpleAuthenticatorInterface $simpleAuthenticator, UserProviderInterface $userProvider, $providerKey, UserCheckerInterface $userChecker = null)
     {
         $this->simpleAuthenticator = $simpleAuthenticator;
         $this->userProvider = $userProvider;
         $this->providerKey = $providerKey;
+        $this->userChecker = $userChecker ?: new UserChecker();
     }
 
     public function authenticate(TokenInterface $token)
     {
         $authToken = $this->simpleAuthenticator->authenticateToken($token, $this->userProvider, $this->providerKey);
 
-        if ($authToken instanceof TokenInterface) {
-            return $authToken;
+        if (!$authToken instanceof TokenInterface) {
+            throw new AuthenticationException('Simple authenticator failed to return an authenticated token.');
         }
 
-        throw new AuthenticationException('Simple authenticator failed to return an authenticated token.');
+        $user = $authToken->getUser();
+        $this->userChecker->checkPreAuth($user);
+        $this->userChecker->checkPostAuth($user);
+
+        return $authToken;
     }
 
     public function supports(TokenInterface $token)

diff --git a/...omponent/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php b/...omponent/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php
@@ -0,0 +1,89 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\Authentication\Provider;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Exception\DisabledException;
+use Symfony\Component\Security\Core\Authentication\Provider\SimpleAuthenticationProvider;
+use Symfony\Component\Security\Core\Exception\LockedException;
+
+class SimpleAuthenticationProviderTest extends TestCase
+{
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\DisabledException
+     */
+    public function testAuthenticateWhenPreChecksFails()
+    {
+        $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
+
+        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
+        $token->expects($this->any())
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        $userChecker->expects($this->once())
+            ->method('checkPreAuth')
+            ->will($this->throwException(new DisabledException()));
+
+        $authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        $authenticator->expects($this->once())
+            ->method('authenticateToken')
+            ->will($this->returnValue($token));
+
+        $provider = $this->getProvider($authenticator, null, $userChecker);
+
+        $provider->authenticate($token);
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\LockedException
+     */
+    public function testAuthenticateWhenPostChecksFails()
+    {
+        $user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
+
+        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
+        $token->expects($this->any())
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        $userChecker->expects($this->once())
+            ->method('checkPostAuth')
+            ->will($this->throwException(new LockedException()));
+
+        $authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        $authenticator->expects($this->once())
+            ->method('authenticateToken')
+            ->will($this->returnValue($token));
+
+        $provider = $this->getProvider($authenticator, null, $userChecker);
+
+        $provider->authenticate($token);
+    }
+
+    protected function getProvider($simpleAuthenticator = null, $userProvider = null, $userChecker = null, $key = 'test')
+    {
+        if (null === $userChecker) {
+            $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
+        }
+        if (null === $simpleAuthenticator) {
+            $simpleAuthenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
+        }
+        if (null === $userProvider) {
+            $userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
+        }
+
+        return new SimpleAuthenticationProvider($simpleAuthenticator, $userProvider, $key, $userChecker);
+    }
+}