From 5113886f34b4d6224a28ebefb5e71515e291d1a9 Mon Sep 17 00:00:00 2001 From: Jeremy Mikola Date: Wed, 23 Feb 2011 16:03:01 -0500 Subject: [PATCH 1/2] [Security] Copy token attributes when auth providers create a new token from another PreAuthenticatedAuthenticationProvider and UserAuthenticationProvider tend to copy a token instead of modifying it during their authenticate() methods, which is probably a good idea if the token might be immutable. Ensure that the token's attributes get copied along with everything else. --- .../Provider/PreAuthenticatedAuthenticationProvider.php | 5 ++++- .../Authentication/Provider/UserAuthenticationProvider.php | 5 ++++- .../Provider/PreAuthenticatedAuthenticationProviderTest.php | 3 +++ .../Provider/UserAuthenticationProviderTest.php | 3 +++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php index 17443b967cc86..c67e586fc76a4 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php @@ -68,7 +68,10 @@ public function authenticate(TokenInterface $token) $this->accountChecker->checkPostAuth($user); - return new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); + $authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); + $authenticatedToken->setAttributes($token->getAttributes()); + + return $authenticatedToken; } /** diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php index 6947de3d4ffde..d59a3862b2712 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -70,7 +70,10 @@ public function authenticate(TokenInterface $token) $this->checkAuthentication($user, $token); $this->accountChecker->checkPostAuth($user); - return new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); + $authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles()); + $authenticatedToken->setAttributes($token->getAttributes()); + + return $authenticatedToken; } catch (UsernameNotFoundException $notFound) { if ($this->hideUserNotFoundExceptions) { throw new BadCredentialsException('Bad credentials', 0, $notFound); diff --git a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php index 0ffbe85c35cc9..ca2a459e5f5cf 100644 --- a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php +++ b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php @@ -60,6 +60,7 @@ public function testAuthenticate() $this->assertEquals('pass', $token->getCredentials()); $this->assertEquals('key', $token->getProviderKey()); $this->assertEquals(array(), $token->getRoles()); + $this->assertEquals(array('foo' => 'bar'), $token->getAttributes(), '->authenticate() copies token attributes'); $this->assertSame($user, $token->getUser()); } @@ -103,6 +104,8 @@ protected function getSupportedToken($user = false, $credentials = false) ->will($this->returnValue('key')) ; + $token->setAttributes(array('foo' => 'bar')); + return $token; } diff --git a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php index 5c72920a32578..2f6fcc7053c25 100644 --- a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php +++ b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/UserAuthenticationProviderTest.php @@ -157,6 +157,7 @@ public function testAuthenticate() $this->assertSame($user, $authToken->getUser()); $this->assertEquals(array(new Role('ROLE_FOO')), $authToken->getRoles()); $this->assertEquals('foo', $authToken->getCredentials()); + $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes'); } protected function getSupportedToken() @@ -168,6 +169,8 @@ protected function getSupportedToken() ->will($this->returnValue('key')) ; + $mock->setAttributes(array('foo' => 'bar')); + return $mock; } From 621a79f1f229f834620d590691413450123a58ca Mon Sep 17 00:00:00 2001 From: Johannes Schmitt Date: Sat, 26 Feb 2011 21:44:40 +0100 Subject: [PATCH 2/2] [Security] added method to retrieve the configured remember-me parameter --- .../Security/Http/RememberMe/RememberMeServices.php | 11 +++++++++++ .../Http/RememberMe/RememberMeServicesTest.php | 7 +++++++ 2 files changed, 18 insertions(+) diff --git a/src/Symfony/Component/Security/Http/RememberMe/RememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/RememberMeServices.php index 8b837df363b77..2d727ca9f5201 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/RememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/RememberMeServices.php @@ -62,6 +62,17 @@ public function __construct(array $userProviders, $key, $providerKey, array $opt $this->logger = $logger; } + /** + * Returns the parameter that is used for checking whether remember-me + * services have been requested. + * + * @return string + */ + public function getRememberMeParameter() + { + return $this->options['remember_me_parameter']; + } + /** * Implementation of RememberMeServicesInterface. Detects whether a remember-me * cookie was set, decodes it, and hands it to subclasses for further processing. diff --git a/tests/Symfony/Tests/Component/Security/Http/RememberMe/RememberMeServicesTest.php b/tests/Symfony/Tests/Component/Security/Http/RememberMe/RememberMeServicesTest.php index c0777908f1bf4..05c29cfef88a6 100644 --- a/tests/Symfony/Tests/Component/Security/Http/RememberMe/RememberMeServicesTest.php +++ b/tests/Symfony/Tests/Component/Security/Http/RememberMe/RememberMeServicesTest.php @@ -7,6 +7,13 @@ class RememberMeServicesTest extends \PHPUnit_Framework_TestCase { + public function testGetRememberMeParameter() + { + $service = $this->getService(null, array('remember_me_parameter' => 'foo')); + + $this->assertEquals('foo', $service->getRememberMeParameter()); + } + public function testAutoLoginReturnsNullWhenNoCookie() { $service = $this->getService(null, array('name' => 'foo')); pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy