Permalink
Browse files

Handle reauthenticating the current user's token

  • Loading branch information...
mrtorrent committed Nov 8, 2011
1 parent 6f81fdd commit 53881d909ae98d45487d1d11acb1ff423cc2e1de
@@ -16,6 +16,7 @@
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
+use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Hypebeast\WordpressBundle\Security\User\WordpressUser;
@@ -65,11 +66,17 @@ public function __construct(ApiAbstraction $api, $rememberMeParameter = '_rememb
public function authenticate(TokenInterface $token)
{
- $wpUser = $this->api->wp_signon(array(
- 'user_login' => $token->getUsername(),
- 'user_password' => $token->getCredentials(),
- 'remember' => $this->isRememberMeRequested()
- ));
+ # If the user is already logged-in, just check that their credentials are still valid
+ if ($token->getUser() instanceof UserInterface) {
+ $wpUser = $this->api->get_user_by('login', $token->getUsername());
+
+ } else {
+ $wpUser = $this->api->wp_signon(array(
+ 'user_login' => $token->getUsername(),
+ 'user_password' => $token->getCredentials(),
+ 'remember' => $this->isRememberMeRequested()
+ ));
+ }
if ($wpUser instanceof \WP_User) {
$user = new WordpressUser($wpUser);
@@ -3,6 +3,7 @@
namespace Hypebeast\WordpressBundle\Tests\Security\Authentication\Provider;
use Hypebeast\WordpressBundle\Security\Authentication\Provider\WordpressLoginAuthenticationProvider;
+use Hypebeast\WordpressBundle\Security\User\WordpressUser;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\HttpFoundation\Request;
@@ -35,7 +36,9 @@ class WordpressLoginAuthenticationProviderTest extends \PHPUnit_Framework_TestCa
protected function setUp()
{
$this->api = $this->getMockBuilder('Hypebeast\\WordpressBundle\\Wordpress\\ApiAbstraction')
- ->disableOriginalConstructor()->setMethods(array('wp_signon'))->getMock();
+ ->disableOriginalConstructor()
+ ->setMethods(array('wp_signon', 'get_user_by'))
+ ->getMock();
$this->object = new WordpressLoginAuthenticationProvider($this->api);
}
@@ -51,18 +54,20 @@ protected function tearDown()
public function testAuthenticateLogsUserIntoWordpress()
{
- $token = new UsernamePasswordToken($username = 'user', $password = 'password', 'key');
-
$user = $this->getMock('\WP_User');
$user->ID = 99;
- $user->user_login = $username;
+ $user->user_login = $username = 'user';
$user->roles = array('somerole', 'anotherrole');
$this->api->expects($this->once())->method('wp_signon')
- ->with(array('user_login' => $username, 'user_password' => $password, 'remember' => false))
- ->will($this->returnValue($user));
+ ->with(array(
+ 'user_login' => $username,
+ 'user_password' => $password = 'password',
+ 'remember' => false
+ ))->will($this->returnValue($user));
- $result = $this->object->authenticate($token);
+ $result = $this->object->authenticate(
+ new UsernamePasswordToken($username, $password, $key = 'key'));
# We should get back an equivalent authenticated UsernamePasswordToken
$this->assertInstanceOf(
@@ -72,6 +77,7 @@ public function testAuthenticateLogsUserIntoWordpress()
$this->assertTrue($result->isAuthenticated());
$this->assertEquals($username, $result->getUsername());
$this->assertEquals($password, $result->getCredentials());
+ $this->assertEquals($key, $result->getProviderKey());
$this->assertEquals(
array(new Role('ROLE_WP_SOMEROLE'), new Role('ROLE_WP_ANOTHERROLE')),
$result->getRoles()
@@ -96,6 +102,37 @@ public function testAuthenticateWithRememberMeUsesWordpressRememberMe()
$provider = new WordpressLoginAuthenticationProvider($this->api, 'remember me', $container);
$provider->authenticate(new UsernamePasswordToken('user', 'pass', 'key'));
}
+
+ public function testAuthenticateWithCurrentUserReturnsToken()
+ {
+ # Return a mock user from the username lookup
+ $wpUser = $this->getMock('\WP_User');
+ $wpUser->ID = 99;
+ $wpUser->user_login = $username = 'frankenfurter';
+ $wpUser->roles = array('somerole', 'anotherrole');
+
+ $this->api->expects($this->any())->method('get_user_by')->with('login', $username)
+ ->will($this->returnValue($wpUser));
+ $this->api->expects($this->never())->method('wp_signon');
+
+ $user = $this->getMockBuilder('Hypebeast\\WordpressBundle\\Security\\User\\WordpressUser')
+ ->disableOriginalConstructor()->setMethods(array('none'))->getMock();
+ $user->user_login = $username;
+
+ $result = $this->object->authenticate(new UsernamePasswordToken($user, null, 'key'));
+
+ # We should get back an equivalent authenticated UsernamePasswordToken
+ $this->assertInstanceOf(
+ 'Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken',
+ $result
+ );
+ $this->assertTrue($result->isAuthenticated());
+ $this->assertEquals(new WordpressUser($wpUser), $result->getUser());
+ $this->assertEquals(
+ array(new Role('ROLE_WP_SOMEROLE'), new Role('ROLE_WP_ANOTHERROLE')),
+ $result->getRoles()
+ );
+ }
public function testAuthenticateThrowsExceptionOnFailure()
{

0 comments on commit 53881d9

Please sign in to comment.