Merge pull request FriendsOfSymfony#117 from mtotheikle/support-post-auth-checks

willdurand · willdurand · commit bfe2a36949b4 · 2013-06-26T05:44:58.000-07:00
Add support for the OAuthProvider to perform post auth checks
diff --git a/Resources/config/security.xml b/Resources/config/security.xml
@@ -14,6 +14,7 @@
         <service id="fos_oauth_server.security.authentication.provider" class="%fos_oauth_server.security.authentication.provider.class%" public="false">
             <argument /> <!-- user provider -->
             <argument type="service" id="fos_oauth_server.server" />
+            <argument type="service" id="security.user_checker" />
         </service>
 
         <service id="fos_oauth_server.security.authentication.listener" class="%fos_oauth_server.security.authentication.listener.class%" public="false">
diff --git a/Security/Authentication/Provider/OAuthProvider.php b/Security/Authentication/Provider/OAuthProvider.php
@@ -16,9 +16,13 @@
 use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+
 use OAuth2\OAuth2;
 use OAuth2\OAuth2ServerException;
+use OAuth2\OAuth2AuthenticateException;
 
 /**
  * OAuthProvider class.
@@ -35,15 +39,20 @@ class OAuthProvider implements AuthenticationProviderInterface
      * @var \OAuth2\OAuth2
      */
     protected $serverService;
+    /**
+     * @var \Symfony\Component\Security\Core\User\UserChecker
+     */
+    protected $userChecker;
 
     /**
      * @param \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider      The user provider.
      * @param \OAuth2\OAuth2 $serverService The OAuth2 server service.
      */
-    public function __construct(UserProviderInterface $userProvider, OAuth2 $serverService)
+    public function __construct(UserProviderInterface $userProvider, OAuth2 $serverService, UserCheckerInterface $userChecker)
     {
         $this->userProvider  = $userProvider;
         $this->serverService = $serverService;
+        $this->userChecker = $userChecker;
     }
 
     /**
@@ -75,6 +84,18 @@ public function authenticate(TokenInterface $token)
                 $token->setToken($tokenString);
 
                 if (null !== $user) {
+
+                    try {
+                        $this->userChecker->checkPostAuth($user);
+                    } catch (AccountStatusException $e) {
+                        throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED,
+                            OAuth2::TOKEN_TYPE_BEARER,
+                            $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM),
+                            'access_denied',
+                            $e->getMessage()
+                        );
+                    }
+
                     $token->setUser($user);
                 }
 
diff --git a/Tests/Security/Authentification/Provider/OAuthProviderTest.php b/Tests/Security/Authentification/Provider/OAuthProviderTest.php
@@ -21,13 +21,15 @@ class OAuthProviderTest extends \PHPUnit_Framework_TestCase
     protected $userProvider;
     protected $provider;
     protected $serverService;
+    protected $userChecker;
 
     public function setUp()
     {
         $this->user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
         $this->userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
         $this->serverService = $this->getMock('OAuth2\OAuth2', array('verifyAccessToken'), array(), '', false);
-        $this->provider = new OAuthProvider($this->userProvider, $this->serverService);
+        $this->userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
+        $this->provider = new OAuthProvider($this->userProvider, $this->serverService, $this->userChecker);
     }
 
     public function testAuthenticateReturnsTokenIfValid()
