From 532f4aaa8e26c765171d56eaf2b18cbb1fae65dd Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Wed, 24 Mar 2021 00:59:52 +0100 Subject: [PATCH] [Security] Move the badges resolution check to `AuthenticatorManager` --- UPGRADE-5.3.md | 2 ++ src/Symfony/Component/Security/CHANGELOG.md | 3 +++ .../Http/Authentication/AuthenticatorManager.php | 7 ++++++- .../Authenticator/Passport/PassportInterface.php | 7 ++----- .../Http/Authenticator/Passport/PassportTrait.php | 15 +++++---------- 5 files changed, 18 insertions(+), 16 deletions(-) diff --git a/UPGRADE-5.3.md b/UPGRADE-5.3.md index 6c9f656e5609c..32615caf15b6f 100644 --- a/UPGRADE-5.3.md +++ b/UPGRADE-5.3.md @@ -91,6 +91,8 @@ Routing Security -------- + * [BC BREAK] Remove method `checkIfCompletelyResolved()` from `PassportInterface`, checking that passport badges are + resolved is up to `AuthenticatorManager` * Deprecate class `User`, use `InMemoryUser` or your own implementation instead. If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing them in your own user class, as they are not part of the `InMemoryUser` API diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md index 40db39f449431..d3f7ca0322823 100644 --- a/src/Symfony/Component/Security/CHANGELOG.md +++ b/src/Symfony/Component/Security/CHANGELOG.md @@ -4,6 +4,9 @@ CHANGELOG 5.3 --- + * Add `PassportInterface:getBadges()`, implemented by `PassportTrait` + * [BC BREAK] Remove method `checkIfCompletelyResolved()` from `PassportInterface`, checking that passport badges are + resolved is up to `AuthenticatorManager` * Deprecate class `User`, use `InMemoryUser` instead * Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead * [BC break] Remove support for passing a `UserInterface` implementation to `Passport`, use the `UserBadge` instead. diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php index 0b48a5b24594a..501a9e2fb1a3c 100644 --- a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php +++ b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php @@ -19,6 +19,7 @@ use Symfony\Component\Security\Core\AuthenticationEvents; use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent; use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface; @@ -168,7 +169,11 @@ private function executeAuthenticator(AuthenticatorInterface $authenticator, Req $this->eventDispatcher->dispatch($event); // check if all badges are resolved - $passport->checkIfCompletelyResolved(); + foreach ($passport->getBadges() as $badge) { + if (!$badge->isResolved()) { + throw new BadCredentialsException(sprintf('Authentication failed: Security badge "%s" is not resolved, did you forget to register the correct listeners?', get_debug_type($badge))); + } + } // create the authenticated token $authenticatedToken = $authenticator->createAuthenticatedToken($passport, $this->firewallName); diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php index 15034b20e5e3b..9d4318a58bdba 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php +++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Http\Authenticator\Passport; -use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface; /** @@ -43,9 +42,7 @@ public function hasBadge(string $badgeFqcn): bool; public function getBadge(string $badgeFqcn): ?BadgeInterface; /** - * Checks if all badges are marked as resolved. - * - * @throws BadCredentialsException when a badge is not marked as resolved + * @return array, BadgeInterface> An array of badge instances indexed by class name */ - public function checkIfCompletelyResolved(): void; + public function getBadges(): array; } diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php index 1846c80214b8f..f3d402ef03140 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php +++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Http\Authenticator\Passport; -use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface; /** @@ -21,9 +20,6 @@ */ trait PassportTrait { - /** - * @var BadgeInterface[] - */ private $badges = []; public function addBadge(BadgeInterface $badge): PassportInterface @@ -43,12 +39,11 @@ public function getBadge(string $badgeFqcn): ?BadgeInterface return $this->badges[$badgeFqcn] ?? null; } - public function checkIfCompletelyResolved(): void + /** + * @return array, BadgeInterface> + */ + public function getBadges(): array { - foreach ($this->badges as $badge) { - if (!$badge->isResolved()) { - throw new BadCredentialsException(sprintf('Authentication failed security badge "%s" is not resolved, did you forget to register the correct listeners?', \get_class($badge))); - } - } + return $this->badges; } } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy