From bfd20b04e5e0c3df06e42930244dc75cba22ce99 Mon Sep 17 00:00:00 2001 From: Rob Frawley 2nd Date: Sun, 7 Apr 2019 10:10:32 +0200 Subject: [PATCH 1/3] [Security] Add authentication success sensitive event to authentication provider manager --- .../AuthenticationProviderManager.php | 7 + .../Security/Core/AuthenticationEvents.php | 25 ++- .../Event/AuthenticationSensitiveEvent.php | 97 ++++++++++ .../AuthenticationProviderManagerTest.php | 53 +++++- .../AuthenticationSensitiveEventTest.php | 175 ++++++++++++++++++ 5 files changed, 346 insertions(+), 11 deletions(-) create mode 100644 src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php create mode 100644 src/Symfony/Component/Security/Core/Tests/Event/AuthenticationSensitiveEventTest.php diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php index 9a64565c523a0..e8854d94262a4 100644 --- a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php +++ b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php @@ -17,6 +17,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\AuthenticationEvents; use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent; +use Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent; use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent; use Symfony\Component\Security\Core\Exception\AccountStatusException; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -66,6 +67,7 @@ public function authenticate(TokenInterface $token) { $lastException = null; $result = null; + $providerClassName = null; foreach ($this->providers as $provider) { if (!$provider instanceof AuthenticationProviderInterface) { @@ -80,6 +82,7 @@ public function authenticate(TokenInterface $token) $result = $provider->authenticate($token); if (null !== $result) { + $providerClassName = \get_class($provider); break; } } catch (AccountStatusException $e) { @@ -92,6 +95,10 @@ public function authenticate(TokenInterface $token) } if (null !== $result) { + if (null !== $this->eventDispatcher) { + $this->eventDispatcher->dispatch(new AuthenticationSensitiveEvent($token, $result, $providerClassName), AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE); + } + if (true === $this->eraseCredentials) { $result->eraseCredentials(); } diff --git a/src/Symfony/Component/Security/Core/AuthenticationEvents.php b/src/Symfony/Component/Security/Core/AuthenticationEvents.php index 06358275f7310..a824f5fd3b44b 100644 --- a/src/Symfony/Component/Security/Core/AuthenticationEvents.php +++ b/src/Symfony/Component/Security/Core/AuthenticationEvents.php @@ -13,9 +13,32 @@ final class AuthenticationEvents { + /** + * The AUTHENTICATION_SUCCESS_SENSITIVE event occurs after a user is + * authenticated by one provider. It is dispatched immediately *prior* to + * the companion AUTHENTICATION_SUCCESS event. + * + * This event *does* contain user credentials and other sensitive data. This + * enables rehashing and other credentials-aware actions. Listeners and + * subscribers of this event carry the added responsibility of passing + * around sensitive data and usage should be limited to cases where this + * extra information is explicitly utilized; otherwise, use the + * AUTHENTICATION_SUCCESS event instead. + * + * @Event("Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent") + */ + const AUTHENTICATION_SUCCESS_SENSITIVE = 'security.authentication.success_sensitive'; + /** * The AUTHENTICATION_SUCCESS event occurs after a user is authenticated - * by one provider. + * by one provider. It is dispatched immediately *after* the companion + * AUTHENTICATION_SUCCESS_SENSITIVE event. + * + * This event does *not* contain user credentials and other sensitive data + * by default. Listeners and subscribers of this event are shielded from + * the added responsibility of passing around sensitive data and this event + * should be used unless such extra information is required; use the + * AUTHENTICATION_SUCCESS_SENSITIVE event instead if this is the case. * * @Event("Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent") */ diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php new file mode 100644 index 0000000000000..876296f609ed3 --- /dev/null +++ b/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php @@ -0,0 +1,97 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Core\Event; + +use Symfony\Component\EventDispatcher\Event; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; + +/** + * This is an authentication event that includes sensitive data. + * + * @author Rob Frawley 2nd + */ +class AuthenticationSensitiveEvent extends Event +{ + private $preAuthenticationToken; + private $authenticationToken; + private $authenticationProviderClassName; + + public function __construct(TokenInterface $preAuthenticationToken, TokenInterface $authenticationToken, ?string $authenticationProviderClassName = null) + { + $this->preAuthenticationToken = $preAuthenticationToken; + $this->authenticationToken = $authenticationToken; + $this->authenticationProviderClassName = $authenticationProviderClassName; + } + + public function getPreAuthenticationToken(): TokenInterface + { + return $this->preAuthenticationToken; + } + + public function getAuthenticationToken(): TokenInterface + { + return $this->authenticationToken; + } + + public function getAuthenticationProviderClassName(): ?string + { + return $this->authenticationProviderClassName; + } + + /** + * Tries to extract the credentials password, first from the post-auth token and second from the pre-auth token. + * It uses either a custom extraction closure (optionally passed as its first and only argument) or the default + * extraction implementation. The default extractor fetches the token's credentials and directly returns it if + * the value is a scalar or object that implements a "__toString()" method. If the credentials val is an array + * the first "password", "api_key", "api-key", or "secret" index value (that exists and is non-false after being + * cast to a sting using the prior described method) is returned. Lastly, if none of the previous conditions are + * met, "null" is returned. + * + * @param \Closure|null $extractor An optional custom token credentials password extraction \Closure that is + * provided an auth token (as an instance of TokenInterface) and an auth event + * (as an instance of AuthenticationSensitiveEvent). This closure is called + * first with the final-auth token and second with the pre-auth token, returning + * early if a non-null/non-empty scalar/castable-object value is returned. + * + * @return string|null Either a credentials password/secret/auth_key is returned or null on extraction failure + */ + public function getAuthenticationTokenPassword(?\Closure $extractor = null): ?string + { + $extractor = $extractor ?? function (TokenInterface $token): ?string { + return $this->tryCoercibleCredentialsPasswordToString($credentials = $token->getCredentials()) + ?: $this->tryArrayFindCredentialsPasswordToString($credentials); + }; + + return ($extractor($this->authenticationToken, $this) ?: null) + ?: ($extractor($this->preAuthenticationToken, $this) ?: null); + } + + private function tryCoercibleCredentialsPasswordToString($credentials): ?string + { + return is_scalar($credentials) || method_exists($credentials, '__toString') + ? $credentials + : null; + } + + private function tryArrayFindCredentialsPasswordToString($credentials): ?string + { + if (\is_array($credentials)) { + foreach (['password', 'api_key', 'api-key', 'secret'] as $index) { + if ($c = $this->tryCoercibleCredentialsPasswordToString($credentials[$index] ?? null)) { + return $c; + } + } + } + + return null; + } +} diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php index 4252bfe64dc9d..1908f017df18f 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php @@ -12,11 +12,15 @@ namespace Symfony\Component\Security\Core\Tests\Authentication; use PHPUnit\Framework\TestCase; +use Symfony\Component\EventDispatcher\EventDispatcher; +use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager; +use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\AuthenticationEvents; use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent; +use Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent; use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent; use Symfony\Component\Security\Core\Exception\AccountStatusException; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -152,29 +156,58 @@ public function testAuthenticateDispatchesAuthenticationFailureEvent() } } - public function testAuthenticateDispatchesAuthenticationSuccessEvent() + public function testAuthenticateDispatchesAuthenticationSuccessEvents() { - $token = new UsernamePasswordToken('foo', 'bar', 'key'); + $finalToken = new UsernamePasswordToken('foo', 'bar', 'baz', ['role-01', 'role-02']); + $priorToken = new UsernamePasswordToken('foo', 'bar', 'baz'); - $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock(); - $provider->expects($this->once())->method('supports')->willReturn(true); - $provider->expects($this->once())->method('authenticate')->willReturn($token); + $provider = $this->getAuthenticationProvider(true, $finalToken); + $providerCN = \get_class($provider); - $dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock(); + $dispatcher = $this->getMockBuilder(EventDispatcherInterface::class)->getMock(); $dispatcher - ->expects($this->once()) + ->expects($this->exactly(2)) ->method('dispatch') - ->with($this->equalTo(new AuthenticationSuccessEvent($token)), AuthenticationEvents::AUTHENTICATION_SUCCESS); + ->withConsecutive([ + $this->equalTo(new AuthenticationSensitiveEvent($priorToken, $finalToken, $providerCN)), AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, + ], [ + $this->equalTo(new AuthenticationSuccessEvent($finalToken)), AuthenticationEvents::AUTHENTICATION_SUCCESS, + ]); $manager = new AuthenticationProviderManager([$provider]); $manager->setEventDispatcher($dispatcher); - $this->assertSame($token, $manager->authenticate($token)); + $this->assertSame($finalToken, $manager->authenticate($priorToken)); + } + + public function testAuthenticateDispatchesAuthenticationSuccessEventsWithCredentialsAvailableAndRemovedForSuccessiveDispatches() + { + $finalToken = new UsernamePasswordToken('foo', 'bar', 'baz', ['role-01', 'role-02']); + $priorToken = new UsernamePasswordToken('foo', 'bar', 'baz'); + + $provider = $this->getAuthenticationProvider(true, $finalToken); + $providerCN = \get_class($provider); + + $dispatcher = new EventDispatcher(); + $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, function (AuthenticationSensitiveEvent $event) use ($providerCN) { + $this->assertSame($providerCN, $event->getAuthenticationProviderClassName()); + $this->assertSame('bar', $event->getAuthenticationTokenPassword()); + $this->assertEquals('bar', $event->getPreAuthenticationToken()->getCredentials()); + $this->assertEquals('bar', $event->getAuthenticationToken()->getCredentials()); + }); + $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS, function (AuthenticationSuccessEvent $event) { + $this->assertEquals('', $event->getAuthenticationToken()->getCredentials()); + }); + + $manager = new AuthenticationProviderManager([$provider]); + $manager->setEventDispatcher($dispatcher); + + $this->assertSame($finalToken, $manager->authenticate($priorToken)); } protected function getAuthenticationProvider($supports, $token = null, $exception = null) { - $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock(); + $provider = $this->getMockBuilder(AuthenticationProviderInterface::class)->getMock(); $provider->expects($this->once()) ->method('supports') ->will($this->returnValue($supports)) diff --git a/src/Symfony/Component/Security/Core/Tests/Event/AuthenticationSensitiveEventTest.php b/src/Symfony/Component/Security/Core/Tests/Event/AuthenticationSensitiveEventTest.php new file mode 100644 index 0000000000000..be127a8bca6f5 --- /dev/null +++ b/src/Symfony/Component/Security/Core/Tests/Event/AuthenticationSensitiveEventTest.php @@ -0,0 +1,175 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Core\Tests\Authentication; + +use PHPUnit\Framework\TestCase; +use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent; + +class AuthenticationSensitiveEventTest extends TestCase +{ + public static function provideTestAccessorMethodsData(): \Iterator + { + $createPassExtractorFunc = function ($default = null) { + return function ($token, $event) use ($default): ?string { + self::assertInstanceOf(TokenInterface::class, $token); + self::assertInstanceOf(AuthenticationSensitiveEvent::class, $event); + + $c = $token->getCredentials(); + + if (method_exists($c, 'getInnerCredentials')) { + return $c->getInnerCredentials(); + } + + if ($c instanceof \Closure) { + return ($c)(); + } + + if (isset($c[$k = sprintf('%s-key', $default)])) { + return $c[$k]; + } + + return $default; + }; + }; + + $createHasStrCastableClass = function (?string $return = null) { + return new class($return) { + private $return; + + public function __construct(?string $return = null) + { + $this->return = $return; + } + + public function __toString(): string + { + return $this->return ?? ''; + } + }; + }; + + $createNotStrCastableClass = function (?string $return = null) { + return new class($return) { + private $return; + + public function __construct(?string $return = null) + { + $this->return = $return; + } + + public function getInnerCredentials(): string + { + return $this->return ?? ''; + } + }; + }; + + $createCredentialsAFuncVal = function ($return = null) { + return function () use ($return) { + return $return; + }; + }; + + // expects credential password of "null" type + yield [null]; + yield [null, $createHasStrCastableClass('')]; + yield [null, $createNotStrCastableClass('foo')]; + yield [null, ['unknown-index-foo' => 'foo']]; + yield [null, null, $createHasStrCastableClass('')]; + yield [null, null, $createNotStrCastableClass('foo')]; + yield [null, null, ['unknown-index-bar' => 'bar']]; + yield [null, null, null, $createPassExtractorFunc(null)]; + + // expects credential password of "foo" value + yield ['foo', 'foo']; + yield ['foo', 'foo', 'bar']; + yield ['foo', $createHasStrCastableClass('foo')]; + yield ['foo', $createNotStrCastableClass('foo'), null, $createPassExtractorFunc()]; + yield ['foo', $createCredentialsAFuncVal('foo'), null, $createPassExtractorFunc()]; + + // expects credential password of "bar" value + yield ['bar', null, 'bar']; + yield ['bar', null, $createHasStrCastableClass('bar')]; + yield ['bar', null, $createNotStrCastableClass('bar'), $createPassExtractorFunc()]; + yield ['bar', null, $createCredentialsAFuncVal('bar'), $createPassExtractorFunc()]; + + // expects credential password of "baz" value + yield ['baz', null, null, $createPassExtractorFunc('baz')]; + + // expects array value will be extracted for all supported indexes + foreach (['password', 'api_key', 'api-key', 'secret'] as $index) { + // expects credential password of "null" type + yield [null, [$index => null]]; + yield [null, null, [$index => '']]; + yield [null, [$index => ''], [$index => null]]; + + // expects credential password of "foo" value + yield ['foo', [$index => 'foo']]; + yield ['foo', [$index => 'foo'], [$index => null]]; + yield ['foo', [$index => 'foo'], [$index => '']]; + yield ['foo', [$index => 'foo'], ['unknown-index-bar' => 'bar']]; + yield ['foo', [$index => 'foo'], [$index => 'bar']]; + + // expects credential password of "bar" value + yield ['bar', null, [$index => 'bar']]; + yield ['bar', [$index => null], [$index => 'bar']]; + yield ['bar', [$index => ''], [$index => 'bar']]; + yield ['bar', ['unknown-index-foo' => 'foo'], [$index => 'bar']]; + yield ['bar', [$index => $createNotStrCastableClass], [$index => 'bar']]; + + // expects credential password of "{$index}-val" variable + yield [ + sprintf('%s-val', $index), + [sprintf('%s-key', $index) => sprintf('%s-val', $index)], + null, + $createPassExtractorFunc($index), + ]; + } + } + + /** + * @dataProvider provideTestAccessorMethodsData + * + * @param string $expectedPassword + * @param string|array|null $finalCredentials + * @param string|array|null $priorCredentials + * @param \Closure|null $passwordExtractor + */ + public function testAccessorMethods(string $expectedPassword = null, $finalCredentials = null, $priorCredentials = null, \Closure $passwordExtractor = null): void + { + $event = new AuthenticationSensitiveEvent( + $priorToken = $this->getTokenInterfaceMock($priorCredentials), + $finalToken = $this->getTokenInterfaceMock($finalCredentials), + AuthenticationProviderInterface::class + ); + + $this->assertSame($priorToken, $event->getPreAuthenticationToken()); + $this->assertSame($finalToken, $event->getAuthenticationToken()); + $this->assertSame(AuthenticationProviderInterface::class, $event->getAuthenticationProviderClassName()); + $this->assertSame($expectedPassword, $event->getAuthenticationTokenPassword($passwordExtractor)); + } + + private function getTokenInterfaceMock($credentials = null): TokenInterface + { + $token = $this + ->getMockBuilder(TokenInterface::class) + ->getMock(); + + $token->expects($this->any()) + ->method('getCredentials') + ->will($this->returnValue($credentials)); + + return $token; + } +} From 05965f208da48a8a5e299aefb99af39d5214f0e2 Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Sun, 7 Apr 2019 15:50:44 +0200 Subject: [PATCH 2/3] Upgrade security events to 5.0 standards --- .../Security/Core/Event/AuthenticationEvent.php | 2 +- .../Core/Event/AuthenticationSensitiveEvent.php | 2 +- .../AuthenticationProviderManagerTest.php | 16 ++++++++++++++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php index d99aea5084b40..6be35e326f93a 100644 --- a/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php +++ b/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Event; -use Symfony\Component\EventDispatcher\Event; +use Symfony\Contracts\EventDispatcher\Event; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; /** diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php index 876296f609ed3..8c9ddf168043d 100644 --- a/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php +++ b/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Event; -use Symfony\Component\EventDispatcher\Event; +use Symfony\Contracts\EventDispatcher\Event; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; /** diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php index 1908f017df18f..267c13dae0761 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php @@ -14,6 +14,7 @@ use PHPUnit\Framework\TestCase; use Symfony\Component\EventDispatcher\EventDispatcher; use Symfony\Component\EventDispatcher\EventDispatcherInterface; +use Symfony\Component\EventDispatcher\WrappedEvent; use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -25,6 +26,7 @@ use Symfony\Component\Security\Core\Exception\AccountStatusException; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\ProviderNotFoundException; +use Symfony\Contracts\EventDispatcher\Event; class AuthenticationProviderManagerTest extends TestCase { @@ -189,13 +191,23 @@ public function testAuthenticateDispatchesAuthenticationSuccessEventsWithCredent $providerCN = \get_class($provider); $dispatcher = new EventDispatcher(); - $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, function (AuthenticationSensitiveEvent $event) use ($providerCN) { + $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, function ($event) use ($providerCN) { + if (\get_class($event) === 'Symfony\Component\EventDispatcher\WrappedEvent') { + $event = $event->getWrappedEvent(); + } + + /** @var AuthenticationSensitiveEvent $event */ $this->assertSame($providerCN, $event->getAuthenticationProviderClassName()); $this->assertSame('bar', $event->getAuthenticationTokenPassword()); $this->assertEquals('bar', $event->getPreAuthenticationToken()->getCredentials()); $this->assertEquals('bar', $event->getAuthenticationToken()->getCredentials()); }); - $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS, function (AuthenticationSuccessEvent $event) { + $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS, function ($event) { + if (\get_class($event) === 'Symfony\Component\EventDispatcher\WrappedEvent') { + $event = $event->getWrappedEvent(); + } + + /** @var AuthenticationSuccessEvent $event */ $this->assertEquals('', $event->getAuthenticationToken()->getCredentials()); }); From d7ab6cd63abf65e56464beffdd835c6ad91c4b72 Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Sun, 7 Apr 2019 15:52:22 +0200 Subject: [PATCH 3/3] Comply with Fabbot --- .../Security/Core/Event/AuthenticationEvent.php | 2 +- .../Security/Core/Event/AuthenticationSensitiveEvent.php | 2 +- .../Authentication/AuthenticationProviderManagerTest.php | 9 ++++----- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php index 6be35e326f93a..4fc151960b296 100644 --- a/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php +++ b/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Core\Event; -use Symfony\Contracts\EventDispatcher\Event; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Contracts\EventDispatcher\Event; /** * This is a general purpose authentication event. diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php index 8c9ddf168043d..4fa0d8b1cbb20 100644 --- a/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php +++ b/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php @@ -11,8 +11,8 @@ namespace Symfony\Component\Security\Core\Event; -use Symfony\Contracts\EventDispatcher\Event; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Contracts\EventDispatcher\Event; /** * This is an authentication event that includes sensitive data. diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php index 267c13dae0761..1d56630ff46e1 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php @@ -14,7 +14,6 @@ use PHPUnit\Framework\TestCase; use Symfony\Component\EventDispatcher\EventDispatcher; use Symfony\Component\EventDispatcher\EventDispatcherInterface; -use Symfony\Component\EventDispatcher\WrappedEvent; use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -192,22 +191,22 @@ public function testAuthenticateDispatchesAuthenticationSuccessEventsWithCredent $dispatcher = new EventDispatcher(); $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, function ($event) use ($providerCN) { - if (\get_class($event) === 'Symfony\Component\EventDispatcher\WrappedEvent') { + if ('Symfony\Component\EventDispatcher\WrappedEvent' === \get_class($event)) { $event = $event->getWrappedEvent(); } - /** @var AuthenticationSensitiveEvent $event */ + /* @var AuthenticationSensitiveEvent $event */ $this->assertSame($providerCN, $event->getAuthenticationProviderClassName()); $this->assertSame('bar', $event->getAuthenticationTokenPassword()); $this->assertEquals('bar', $event->getPreAuthenticationToken()->getCredentials()); $this->assertEquals('bar', $event->getAuthenticationToken()->getCredentials()); }); $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS, function ($event) { - if (\get_class($event) === 'Symfony\Component\EventDispatcher\WrappedEvent') { + if ('Symfony\Component\EventDispatcher\WrappedEvent' === \get_class($event)) { $event = $event->getWrappedEvent(); } - /** @var AuthenticationSuccessEvent $event */ + /* @var AuthenticationSuccessEvent $event */ $this->assertEquals('', $event->getAuthenticationToken()->getCredentials()); });