symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/EntryPointFactoryInterface.php
Lines changed: 25 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/EntryPointFactoryInterface.php
Lines changed: 25 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
Lines changed: 4 additions & 3 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 5 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/authenticators.xml
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/authenticators.xml
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AbstractAuthenticator.php
Lines changed: 35 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AbstractAuthenticator.php
Lines changed: 35 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AbstractFormLoginAuthenticator.php
Lines changed: 62 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AbstractFormLoginAuthenticator.php
Lines changed: 62 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AnonymousAuthenticator.php
Lines changed: 16 additions & 13 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AnonymousAuthenticator.php
Lines changed: 16 additions & 13 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AuthenticatorInterface.php
Lines changed: 129 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Authenticator/AuthenticatorInterface.php
Lines changed: 129 additions & 0 deletions
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
+
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+
+/**
+ * @author Wouter de Jong <[email protected]>
+ */
+interface EntryPointFactoryInterface
+{
+    /**
+     * Creates the entry point and returns the service ID.
+     */
+    public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId): string;
+}
@@ -22,7 +22,7 @@
  * @author Fabien Potencier <[email protected]>
  * @author Johannes M. Schmitt <[email protected]>
  */
-class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface
+class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface, EntryPointFactoryInterface
 {
     public function __construct()
     {
@@ -84,7 +84,7 @@ protected function createListener(ContainerBuilder $container, string $id, array
         return $listenerId;
     }
 
-    protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint)
+    public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint): string
     {
         $entryPointId = 'security.authentication.form_entry_point.'.$id;
         $container
@@ -105,7 +105,8 @@ public function createGuard(ContainerBuilder $container, string $id, array $conf
         $container
             ->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.form_login'))
             ->replaceArgument(1, isset($config['csrf_token_generator']) ? new Reference($config['csrf_token_generator']) : null)
-            ->replaceArgument(3, $options);
+            ->replaceArgument(2, new Reference($userProviderId))
+            ->replaceArgument(4, $options);
 
         return $authenticatorId;
     }
 
@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
 
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\EntryPointFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\GuardFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
@@ -516,6 +517,10 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
                         } else {
                             $authenticationProviders[$id.'_'.$key] = $authenticators;
                         }
+
+                        if ($factory instanceof EntryPointFactoryInterface) {
+                            $defaultEntryPoint = $factory->createEntryPoint($container, $id, $firewall[$key], $defaultEntryPoint);
+                        }
                     } else {
                         list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint);
 
 
@@ -33,6 +33,7 @@
                  abstract="true">
             <argument type="service" id="security.http_utils" />
             <argument /> <!-- csrf token generator -->
+            <argument type="abstract">user provider</argument>
             <argument type="service" id="security.encoder_factory" />
             <argument type="abstract">options</argument>
         </service>
 
@@ -0,0 +1,35 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication\Authenticator;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
+
+/**
+ * An optional base class that creates the necessary tokens for you.
+ *
+ * @author Ryan Weaver <[email protected]>
+ */
+abstract class AbstractAuthenticator implements AuthenticatorInterface
+{
+    /**
+     * Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
+     * care about which authenticated token you're using.
+     *
+     * @return PostAuthenticationGuardToken
+     */
+    public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface
+    {
+        return new PostAuthenticationGuardToken($user, $providerKey, $user->getRoles());
+    }
+}
@@ -0,0 +1,62 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication\Authenticator;
+
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+
+/**
+ * A base class to make form login authentication easier!
+ *
+ * @author Ryan Weaver <[email protected]>
+ */
+abstract class AbstractFormLoginAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
+{
+    /**
+     * Return the URL to the login page.
+     */
+    abstract protected function getLoginUrl(): string;
+
+    /**
+     * Override to change what happens after a bad username/password is submitted.
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
+    {
+        if ($request->hasSession()) {
+            $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
+        }
+
+        $url = $this->getLoginUrl();
+
+        return new RedirectResponse($url);
+    }
+
+    public function supportsRememberMe(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Override to control what happens when the user hits a secure page
+     * but isn't logged in yet.
+     */
+    public function start(Request $request, AuthenticationException $authException = null): Response
+    {
+        $url = $this->getLoginUrl();
+
+        return new RedirectResponse($url);
+    }
+}
@@ -1,5 +1,14 @@
 <?php
 
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
 namespace Symfony\Component\Security\Core\Authentication\Authenticator;
 
 use Symfony\Component\HttpFoundation\Request;
@@ -9,9 +18,6 @@
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\User\User;
 use Symfony\Component\Security\Core\User\UserInterface;
-use Symfony\Component\Security\Core\User\UserProviderInterface;
-use Symfony\Component\Security\Guard\AuthenticatorInterface;
-use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
 
 /**
  * @author Wouter de Jong <[email protected]>
@@ -25,11 +31,6 @@ public function __construct(string $secret)
         $this->secret = $secret;
     }
 
-    public function start(Request $request, AuthenticationException $authException = null)
-    {
-        return new Response(null, Response::HTTP_UNAUTHORIZED);
-    }
-
     public function supports(Request $request): ?bool
     {
         return true;
@@ -40,27 +41,29 @@ public function getCredentials(Request $request)
         return [];
     }
 
-    public function getUser($credentials, UserProviderInterface $userProvider)
+    public function getUser($credentials): ?UserInterface
     {
         return new User('anon.', null);
     }
 
-    public function checkCredentials($credentials, UserInterface $user)
+    public function checkCredentials($credentials, UserInterface $user): bool
     {
         return true;
     }
 
-    public function createAuthenticatedToken(UserInterface $user, string $providerKey)
+    public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface
     {
         return new AnonymousToken($this->secret, 'anon.', []);
     }
 
-    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
+        return null;
     }
 
-    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
     {
+        return null;
     }
 
     public function supportsRememberMe(): bool
 
@@ -0,0 +1,129 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication\Authenticator;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * The interface for all authenticators.
+ *
+ * @author Ryan Weaver <[email protected]>
+ * @author Amaury Leroux de Lens <[email protected]>
+ * @author Wouter de Jong <[email protected]>
+ */
+interface AuthenticatorInterface
+{
+    /**
+     * Does the authenticator support the given Request?
+     *
+     * If this returns false, the authenticator will be skipped.
+     */
+    public function supports(Request $request): ?bool;
+
+    /**
+     * Get the authentication credentials from the request and return them
+     * as any type (e.g. an associate array).
+     *
+     * Whatever value you return here will be passed to getUser() and checkCredentials()
+     *
+     * For example, for a form login, you might:
+     *
+     *      return [
+     *          'username' => $request->request->get('_username'),
+     *          'password' => $request->request->get('_password'),
+     *      ];
+     *
+     * Or for an API token that's on a header, you might use:
+     *
+     *      return ['api_key' => $request->headers->get('X-API-TOKEN')];
+     *
+     * @return mixed Any non-null value
+     *
+     * @throws \UnexpectedValueException If null is returned
+     */
+    public function getCredentials(Request $request);
+
+    /**
+     * Return a UserInterface object based on the credentials.
+     *
+     * You may throw an AuthenticationException if you wish. If you return
+     * null, then a UsernameNotFoundException is thrown for you.
+     *
+     * @param mixed $credentials the value returned from getCredentials()
+     *
+     * @throws AuthenticationException
+     */
+    public function getUser($credentials): ?UserInterface;
+
+    /**
+     * Returns true if the credentials are valid.
+     *
+     * If false is returned, authentication will fail. You may also throw
+     * an AuthenticationException if you wish to cause authentication to fail.
+     *
+     * @param mixed $credentials the value returned from getCredentials()
+     *
+     * @throws AuthenticationException
+     */
+    public function checkCredentials($credentials, UserInterface $user): bool;
+
+    /**
+     * Create an authenticated token for the given user.
+     *
+     * If you don't care about which token class is used or don't really
+     * understand what a "token" is, you can skip this method by extending
+     * the AbstractAuthenticator class from your authenticator.
+     *
+     * @see AbstractAuthenticator
+     */
+    public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface;
+
+    /**
+     * Called when authentication executed, but failed (e.g. wrong username password).
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the login page or a 403 response.
+     *
+     * If you return null, the request will continue, but the user will
+     * not be authenticated. This is probably not what you want to do.
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response;
+
+    /**
+     * Called when authentication executed and was successful!
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the last page they visited.
+     *
+     * If you return null, the current request will continue, and the user
+     * will be authenticated. This makes sense, for example, with an API.
+     */
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response;
+
+    /**
+     * Does this method support remember me cookies?
+     *
+     * Remember me cookie will be set if *all* of the following are met:
+     *  A) This method returns true
+     *  B) The remember_me key under your firewall is configured
+     *  C) The "remember me" functionality is activated. This is usually
+     *      done by having a _remember_me checkbox in your form, but
+     *      can be configured by the "always_remember_me" and "remember_me_parameter"
+     *      parameters under the "remember_me" firewall key
+     *  D) The onAuthenticationSuccess method returns a Response object
+     */
+    public function supportsRememberMe(): bool;
+}
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@`
`22`	`22`	`* @author Fabien Potencier <[email protected]>`
`23`	`23`	`* @author Johannes M. Schmitt <[email protected]>`
`24`	`24`	`*/`
`25`		`-class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface`
	`25`	`+class FormLoginFactory extends AbstractFactory implements GuardFactoryInterface, EntryPointFactoryInterface`
`26`	`26`	`{`
`27`	`27`	`public function __construct()`
`28`	`28`	`{`
`@@ -84,7 +84,7 @@ protected function createListener(ContainerBuilder $container, string $id, array`
`84`	`84`	`return $listenerId;`
`85`	`85`	`}`
`86`	`86`
`87`		`- protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint)`
	`87`	`+ public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint): string`
`88`	`88`	`{`
`89`	`89`	`$entryPointId = 'security.authentication.form_entry_point.'.$id;`
`90`	`90`	`$container`
`@@ -105,7 +105,8 @@ public function createGuard(ContainerBuilder $container, string $id, array $conf`
`105`	`105`	`$container`
`106`	`106`	`->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.form_login'))`
`107`	`107`	`->replaceArgument(1, isset($config['csrf_token_generator']) ? new Reference($config['csrf_token_generator']) : null)`
`108`		`- ->replaceArgument(3, $options);`
	`108`	`+ ->replaceArgument(2, new Reference($userProviderId))`
	`109`	`+ ->replaceArgument(4, $options);`
`109`	`110`
`110`	`111`	`return $authenticatorId;`
`111`	`112`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,14 @@`
`1`	`1`	`<?php`
`2`	`2`
	`3`	`+/*`
	`4`	`+ * This file is part of the Symfony package.`
	`5`	`+ *`
	`6`	`+ * (c) Fabien Potencier <[email protected]>`
	`7`	`+ *`
	`8`	`+ * For the full copyright and license information, please view the LICENSE`
	`9`	`+ * file that was distributed with this source code.`
	`10`	`+ */`
	`11`	`+`
`3`	`12`	`namespace Symfony\Component\Security\Core\Authentication\Authenticator;`
`4`	`13`
`5`	`14`	`use Symfony\Component\HttpFoundation\Request;`
`@@ -9,9 +18,6 @@`
`9`	`18`	`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
`10`	`19`	`use Symfony\Component\Security\Core\User\User;`
`11`	`20`	`use Symfony\Component\Security\Core\User\UserInterface;`
`12`		`-use Symfony\Component\Security\Core\User\UserProviderInterface;`
`13`		`-use Symfony\Component\Security\Guard\AuthenticatorInterface;`
`14`		`-use Symfony\Component\Security\Guard\Token\GuardTokenInterface;`
`15`	`21`
`16`	`22`	`/**`
`17`	`23`	`* @author Wouter de Jong <[email protected]>`
`@@ -25,11 +31,6 @@ public function __construct(string $secret)`
`25`	`31`	`$this->secret = $secret;`
`26`	`32`	`}`
`27`	`33`
`28`		`- public function start(Request $request, AuthenticationException $authException = null)`
`29`		`- {`
`30`		`- return new Response(null, Response::HTTP_UNAUTHORIZED);`
`31`		`- }`
`32`		`-`
`33`	`34`	`public function supports(Request $request): ?bool`
`34`	`35`	`{`
`35`	`36`	`return true;`
`@@ -40,27 +41,29 @@ public function getCredentials(Request $request)`
`40`	`41`	`return [];`
`41`	`42`	`}`
`42`	`43`
`43`		`- public function getUser($credentials, UserProviderInterface $userProvider)`
	`44`	`+ public function getUser($credentials): ?UserInterface`
`44`	`45`	`{`
`45`	`46`	`return new User('anon.', null);`
`46`	`47`	`}`
`47`	`48`
`48`		`- public function checkCredentials($credentials, UserInterface $user)`
	`49`	`+ public function checkCredentials($credentials, UserInterface $user): bool`
`49`	`50`	`{`
`50`	`51`	`return true;`
`51`	`52`	`}`
`52`	`53`
`53`		`- public function createAuthenticatedToken(UserInterface $user, string $providerKey)`
	`54`	`+ public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface`
`54`	`55`	`{`
`55`	`56`	`return new AnonymousToken($this->secret, 'anon.', []);`
`56`	`57`	`}`
`57`	`58`
`58`		`- public function onAuthenticationFailure(Request $request, AuthenticationException $exception)`
	`59`	`+ public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response`
`59`	`60`	`{`
	`61`	`+ return null;`
`60`	`62`	`}`
`61`	`63`
`62`		`- public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)`
	`64`	`+ public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response`
`63`	`65`	`{`
	`66`	`+ return null;`
`64`	`67`	`}`
`65`	`68`
`66`	`69`	`public function supportsRememberMe(): bool`