From b98633f4a0731f4984f26b435b952358ce6bf947 Mon Sep 17 00:00:00 2001 From: rstrash Date: Thu, 6 Aug 2015 16:49:08 -0700 Subject: [PATCH] Introducing SecurityManagerInterface for customizing vote() implementations --- Component/Authorisation/SecurityManager.php | 7 +--- .../SecurityManagerInterface.php | 42 +++++++++++++++++++ .../Authorisation/Voter/ClientLoginVoter.php | 7 ++-- Component/Listener/BlockingLoginListener.php | 10 ++--- Component/Listener/DeferLoginListener.php | 17 ++++---- .../CCDNUserSecurityExtension.php | 1 + DependencyInjection/Configuration.php | 7 ++++ Resources/config/services/components.yml | 2 +- 8 files changed, 69 insertions(+), 24 deletions(-) mode change 100644 => 100755 Component/Authorisation/SecurityManager.php create mode 100755 Component/Authorisation/SecurityManagerInterface.php mode change 100644 => 100755 Component/Authorisation/Voter/ClientLoginVoter.php mode change 100644 => 100755 Component/Listener/BlockingLoginListener.php mode change 100644 => 100755 Component/Listener/DeferLoginListener.php mode change 100644 => 100755 DependencyInjection/CCDNUserSecurityExtension.php mode change 100644 => 100755 DependencyInjection/Configuration.php mode change 100644 => 100755 Resources/config/services/components.yml diff --git a/Component/Authorisation/SecurityManager.php b/Component/Authorisation/SecurityManager.php old mode 100644 new mode 100755 index 735648b..cc4e175 --- a/Component/Authorisation/SecurityManager.php +++ b/Component/Authorisation/SecurityManager.php @@ -27,7 +27,7 @@ * @link https://github.com/codeconsortium/CCDNUserSecurityBundle * */ -class SecurityManager +class SecurityManager implements SecurityManagerInterface { /** * @@ -64,15 +64,10 @@ class SecurityManager */ protected $blockPages; - const ACCESS_ALLOWED = 0; - const ACCESS_DENIED_DEFER = 1; - const ACCESS_DENIED_BLOCK = 2; - /** * * @access public * @param \Symfony\Component\HttpFoundation\RequestStack $requestStack - * @param \Symfony\Bundle\FrameworkBundle\Routing\Router $router * @param \CCDNUser\SecurityBundle\Component\Authentication\Tracker\LoginFailureTracker $loginFailureTracker * @param array $routeLogin * @param array $forceAccountRecovery diff --git a/Component/Authorisation/SecurityManagerInterface.php b/Component/Authorisation/SecurityManagerInterface.php new file mode 100755 index 0000000..36338ab --- /dev/null +++ b/Component/Authorisation/SecurityManagerInterface.php @@ -0,0 +1,42 @@ + + * + * Available on github + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace CCDNUser\SecurityBundle\Component\Authorisation; + +use Symfony\Component\HttpFoundation\RequestStack; +use CCDNUser\SecurityBundle\Component\Authentication\Tracker\LoginFailureTracker; + +interface SecurityManagerInterface +{ + const ACCESS_ALLOWED = 0; + const ACCESS_DENIED_DEFER = 1; + const ACCESS_DENIED_BLOCK = 2; + + /** + * Constructor + * + * @access public + * @param \Symfony\Component\HttpFoundation\RequestStack $requestStack + * @param \CCDNUser\SecurityBundle\Component\Authentication\Tracker\LoginFailureTracker $loginFailureTracker + * @param array $routeLogin + * @param array $forceAccountRecovery + * @param array $blockPages + */ + public function __construct(RequestStack $requestStack, LoginFailureTracker $loginFailureTracker, $routeLogin, $forceAccountRecovery, $blockPages); + + /** + * @access public + * @return int + */ + public function vote(); +} diff --git a/Component/Authorisation/Voter/ClientLoginVoter.php b/Component/Authorisation/Voter/ClientLoginVoter.php old mode 100644 new mode 100755 index 198b1ec..5efbd35 --- a/Component/Authorisation/Voter/ClientLoginVoter.php +++ b/Component/Authorisation/Voter/ClientLoginVoter.php @@ -13,6 +13,7 @@ namespace CCDNUser\SecurityBundle\Component\Authorisation\Voter; +use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface; use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -32,16 +33,16 @@ class ClientLoginVoter implements VoterInterface /** * * @access protected - * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager + * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager */ protected $securityManager; /** * * @access public - * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $loginFailureTracker + * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager */ - public function __construct($securityManager) + public function __construct(SecurityManagerInterface $securityManager) { $this->securityManager = $securityManager; } diff --git a/Component/Listener/BlockingLoginListener.php b/Component/Listener/BlockingLoginListener.php old mode 100644 new mode 100755 index 3be9dba..bd63b10 --- a/Component/Listener/BlockingLoginListener.php +++ b/Component/Listener/BlockingLoginListener.php @@ -13,9 +13,8 @@ namespace CCDNUser\SecurityBundle\Component\Listener; -use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager; +use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpFoundation\RedirectResponse; /** * @@ -33,7 +32,7 @@ class BlockingLoginListener /** * * @access protected - * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager + * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager */ protected $securityManager; @@ -45,11 +44,10 @@ class BlockingLoginListener /** * * @access public - * @param \Symfony\Component\Routing\RouterInterface $router - * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $loginFailureTracker + * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager * @param \CCDNUser\SecurityBundle\Component\Listener\AccessDeniedExceptionFactoryInterface $exceptionFactory */ - public function __construct(SecurityManager $securityManager, AccessDeniedExceptionFactoryInterface $exceptionFactory) + public function __construct(SecurityManagerInterface $securityManager, AccessDeniedExceptionFactoryInterface $exceptionFactory) { $this->securityManager = $securityManager; $this->exceptionFactory = $exceptionFactory; diff --git a/Component/Listener/DeferLoginListener.php b/Component/Listener/DeferLoginListener.php old mode 100644 new mode 100755 index b0eaa2d..b067c1e --- a/Component/Listener/DeferLoginListener.php +++ b/Component/Listener/DeferLoginListener.php @@ -2,7 +2,7 @@ namespace CCDNUser\SecurityBundle\Component\Listener; -use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager; +use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\HttpKernelInterface; @@ -27,19 +27,19 @@ class DeferLoginListener /** * * @access protected - * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager + * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager */ protected $securityManager; /** * * @access public - * @param \Symfony\Component\Routing\RouterInterface $router - * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager - * @param array $forceAccountRecovery + * @param \Symfony\Component\Routing\RouterInterface $router + * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager + * @param array $forceAccountRecovery * */ - public function __construct(RouterInterface $router, SecurityManager $securityManager, array $forceAccountRecovery) + public function __construct(RouterInterface $router, SecurityManagerInterface $securityManager, array $forceAccountRecovery) { $this->router = $router; $this->securityManager = $securityManager; @@ -52,9 +52,10 @@ public function onKernelRequest(GetResponseEvent $event) return; } - $result = $this->securityManager->vote(); + $securityManager = $this->securityManager; // Avoid the silly cryptic error 'T_PAAMAYIM_NEKUDOTAYIM' + $result = $securityManager->vote(); - if ($result === SecurityManager::ACCESS_DENIED_DEFER) { + if ($result === $securityManager::ACCESS_DENIED_DEFER) { $event->stopPropagation(); $redirectUrl = $this->router->generate( diff --git a/DependencyInjection/CCDNUserSecurityExtension.php b/DependencyInjection/CCDNUserSecurityExtension.php old mode 100644 new mode 100755 index 672ad08..7b6264a --- a/DependencyInjection/CCDNUserSecurityExtension.php +++ b/DependencyInjection/CCDNUserSecurityExtension.php @@ -160,6 +160,7 @@ private function getComponentSection(ContainerBuilder $container, $config) $container->setParameter('ccdn_user_security.component.authentication.handler.login_failure_handler.class', $config['component']['authentication']['handler']['login_failure_handler']['class']); $container->setParameter('ccdn_user_security.component.authentication.tracker.login_failure_tracker.class', $config['component']['authentication']['tracker']['login_failure_tracker']['class']); + $container->setParameter('ccdn_user_security.component.authorisation.security_manager.class', $config['component']['authorisation']['security_manager']['class']); $container->setParameter('ccdn_user_security.component.authorisation.voter.client_login_voter.class', $config['component']['authorisation']['voter']['client_login_voter']['class']); $container->setParameter('ccdn_user_security.component.listener.blocking_login_listener.class', $config['component']['listener']['blocking_login_listener']['class']); diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php old mode 100644 new mode 100755 index 00c8c4d..7a5c65c --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -305,6 +305,13 @@ private function addComponentSection(ArrayNodeDefinition $node) ->addDefaultsIfNotSet() ->canBeUnset() ->children() + ->arrayNode('security_manager') + ->addDefaultsIfNotSet() + ->canBeUnset() + ->children() + ->scalarNode('class')->defaultValue('CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager')->end() + ->end() + ->end() ->arrayNode('voter') ->addDefaultsIfNotSet() ->canBeUnset() diff --git a/Resources/config/services/components.yml b/Resources/config/services/components.yml old mode 100644 new mode 100755 index f8bc5ad..1166f77 --- a/Resources/config/services/components.yml +++ b/Resources/config/services/components.yml @@ -22,7 +22,7 @@ services: # Access Decision Manager # ccdn_user_security.component.authorisation.security_manager: - class: 'CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager' + class: %ccdn_user_security.component.authorisation.security_manager.class% arguments: - @request_stack - @ccdn_user_security.component.authentication.tracker.login_failure_tracker