Permalink
Browse files

bug #23256 [Security] Fix authentication.failure event not dispatched…

… on AccountStatusException (chalasr)

This PR was merged into the 2.7 branch.

Discussion
----------

[Security] Fix authentication.failure event not dispatched on AccountStatusException

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #18807
| License       | MIT
| Doc PR        | n/a

Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.

Commits
-------

64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
  • Loading branch information...
nicolas-grekas committed Jul 12, 2017
2 parents 676a17e + 64c2efd commit c2a6a6e9b5077a01b031ab73118ed9b01dce7a08
@@ -83,9 +83,9 @@ public function authenticate(TokenInterface $token)
break;
}
} catch (AccountStatusException $e) {
$e->setToken($token);
$lastException = $e;
throw $e;
break;
} catch (AuthenticationException $e) {
$lastException = $e;
}
@@ -13,6 +13,9 @@
use PHPUnit\Framework\TestCase;
use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
use Symfony\Component\Security\Core\AuthenticationEvents;
use Symfony\Component\Security\Core\Event\AuthenticationEvent;
use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\AccountStatusException;
@@ -124,6 +127,50 @@ public function testEraseCredentialFlag()
$this->assertEquals('bar', $token->getCredentials());
}
public function testAuthenticateDispatchesAuthenticationFailureEvent()
{
$token = new UsernamePasswordToken('foo', 'bar', 'key');
$provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
$provider->expects($this->once())->method('supports')->willReturn(true);
$provider->expects($this->once())->method('authenticate')->willThrowException($exception = new AuthenticationException());
$dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock();
$dispatcher
->expects($this->once())
->method('dispatch')
->with(AuthenticationEvents::AUTHENTICATION_FAILURE, $this->equalTo(new AuthenticationFailureEvent($token, $exception)));
$manager = new AuthenticationProviderManager(array($provider));
$manager->setEventDispatcher($dispatcher);
try {
$manager->authenticate($token);
$this->fail('->authenticate() should rethrow exceptions');
} catch (AuthenticationException $e) {
$this->assertSame($token, $exception->getToken());
}
}
public function testAuthenticateDispatchesAuthenticationSuccessEvent()
{
$token = new UsernamePasswordToken('foo', 'bar', 'key');
$provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
$provider->expects($this->once())->method('supports')->willReturn(true);
$provider->expects($this->once())->method('authenticate')->willReturn($token);
$dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock();
$dispatcher
->expects($this->once())
->method('dispatch')
->with(AuthenticationEvents::AUTHENTICATION_SUCCESS, $this->equalTo(new AuthenticationEvent($token)));
$manager = new AuthenticationProviderManager(array($provider));
$manager->setEventDispatcher($dispatcher);
$this->assertSame($token, $manager->authenticate($token));
}
protected function getAuthenticationProvider($supports, $token = null, $exception = null)
{
$provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();

0 comments on commit c2a6a6e

Please sign in to comment.