bug #23256 [Security] Fix authentication.failure event not dispatched…

… on AccountStatusException (chalasr) This PR was merged into the 2.7 branch. Discussion ---------- [Security] Fix authentication.failure event not dispatched on AccountStatusException | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #18807 | License | MIT | Doc PR | n/a Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception. Commits ------- 64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
symfony · Jul 12, 2017 · c2a6a6e · c2a6a6e
2 parents 676a17e + 64c2efd
commit c2a6a6e
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 2 deletions.
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
@@ -83,9 +83,9 @@ public function authenticate(TokenInterface $token)
                     break;
                 }
             } catch (AccountStatusException $e) {
-                $e->setToken($token);
+                $lastException = $e;
 
-                throw $e;
+                break;
             } catch (AuthenticationException $e) {
                 $lastException = $e;
             }

diff --git a/...ymfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php b/...ymfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php
@@ -13,6 +13,9 @@
 
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+use Symfony\Component\Security\Core\Event\AuthenticationEvent;
+use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
 use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\AccountStatusException;
@@ -124,6 +127,50 @@ public function testEraseCredentialFlag()
         $this->assertEquals('bar', $token->getCredentials());
     }
 
+    public function testAuthenticateDispatchesAuthenticationFailureEvent()
+    {
+        $token = new UsernamePasswordToken('foo', 'bar', 'key');
+        $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
+        $provider->expects($this->once())->method('supports')->willReturn(true);
+        $provider->expects($this->once())->method('authenticate')->willThrowException($exception = new AuthenticationException());
+
+        $dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock();
+        $dispatcher
+            ->expects($this->once())
+            ->method('dispatch')
+            ->with(AuthenticationEvents::AUTHENTICATION_FAILURE, $this->equalTo(new AuthenticationFailureEvent($token, $exception)));
+
+        $manager = new AuthenticationProviderManager(array($provider));
+        $manager->setEventDispatcher($dispatcher);
+
+        try {
+            $manager->authenticate($token);
+            $this->fail('->authenticate() should rethrow exceptions');
+        } catch (AuthenticationException $e) {
+            $this->assertSame($token, $exception->getToken());
+        }
+    }
+
+    public function testAuthenticateDispatchesAuthenticationSuccessEvent()
+    {
+        $token = new UsernamePasswordToken('foo', 'bar', 'key');
+
+        $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
+        $provider->expects($this->once())->method('supports')->willReturn(true);
+        $provider->expects($this->once())->method('authenticate')->willReturn($token);
+
+        $dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock();
+        $dispatcher
+            ->expects($this->once())
+            ->method('dispatch')
+            ->with(AuthenticationEvents::AUTHENTICATION_SUCCESS, $this->equalTo(new AuthenticationEvent($token)));
+
+        $manager = new AuthenticationProviderManager(array($provider));
+        $manager->setEventDispatcher($dispatcher);
+
+        $this->assertSame($token, $manager->authenticate($token));
+    }
+
     protected function getAuthenticationProvider($supports, $token = null, $exception = null)
     {
         $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();