Merge pull request #158 from chives/dev

Added UserCheckerInterface implementation to check if user is enabled before logging in
fsi-open · Dec 14, 2023 · fa991f3 · fa991f3
2 parents 885b9cb + 44b3d8c
commit fa991f3
Show file tree

Hide file tree

Showing 8 changed files with 64 additions and 1 deletion.
diff --git a/Behat/Context/DataContext.php b/Behat/Context/DataContext.php
@@ -125,6 +125,16 @@ public function thereIsUserWithRoleAndPasswordWhichIsEnforcedToChangePassword(
         $this->getEntityManager()->flush();
     }
 
+    /**
+     * @Then /^user "([^"]*)" has been disabled$/
+     */
+    public function userHasBeenDisabled(string $userEmail): void
+    {
+        $user = $this->findUserByEmail($userEmail);
+        $user->setEnabled(false);
+        $this->getEntityManager()->flush();
+    }
+
     /**
      * @Then /^user "([^"]*)" password should be changed$/
      */

diff --git a/Resources/config/services.xml b/Resources/config/services.xml
@@ -160,6 +160,9 @@
             <tag name="kernel.event_subscriber" />
         </service>
 
+        <!-- Security -->
+        <service id="admin_security.user_checker.disabled_user_checker" class="FSi\Bundle\AdminSecurityBundle\Security\UserChecker\DisabledUserChecker" />
+
         <!-- Factories -->
         <service id="admin_security.token_factory.activation" class="FSi\Bundle\AdminSecurityBundle\Security\Token\TokenFactory">
             <argument type="service" id="Psr\Clock\ClockInterface"/>

diff --git a/Resources/doc/installation.md b/Resources/doc/installation.md
@@ -135,6 +135,7 @@ security:
 
         admin_panel:
             pattern:    ^/admin
+            user_checker: admin_security.user_checker.disabled_user_checker
             form_login:
                 provider: entity_provider
                 check_path: fsi_admin_security_user_check

diff --git a/Security/UserChecker/DisabledUserChecker.php b/Security/UserChecker/DisabledUserChecker.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * (c) FSi sp. z o.o. <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace FSi\Bundle\AdminSecurityBundle\Security\UserChecker;
+
+use FSi\Bundle\AdminSecurityBundle\Security\User\UserInterface;
+use Symfony\Component\Security\Core\Exception\LockedException;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface as SymfonyUserInterface;
+
+final class DisabledUserChecker implements UserCheckerInterface
+{
+    public function checkPreAuth(SymfonyUserInterface $user): void
+    {
+        if (false === $user instanceof UserInterface) {
+            return;
+        }
+
+        if (true === $user->isEnabled()) {
+            return;
+        }
+
+        throw new LockedException("User {$user->getUsername()} is disabled");
+    }
+
+    public function checkPostAuth(SymfonyUserInterface $user): void
+    {
+    }
+}
diff --git a/composer.json b/composer.json
@@ -66,6 +66,7 @@
         "fsi/datagrid": "*",
         "fsi/datasource": "*",
         "twig/twig": "<2.0",
+        "symfony/property-info": ">=7.0",
         "symfony/expression-language": "<4.4"
     },
     "config": {

diff --git a/features/admin/secure_admin_panel.feature b/features/admin/secure_admin_panel.feature
@@ -22,6 +22,16 @@ Feature: Secure admin panel
     And I press "Login" button
     Then I should be redirected to "Admin panel" page
 
+  Scenario: Login into admin panel using disabled user's credentials
+    Given user "[email protected]" has been disabled
+    And I am on the "Login" page
+    When I fill form with valid admin login and password
+    And I press "Login" button
+    And I should see message:
+    """
+    Invalid credentials.
+    """
+
   Scenario: Login into admin panel using bad credentials
     Given I am on the "Login" page
     When I fill form with invalid admin login and password

diff --git a/features/fixtures/project/config/conditional/security_4.yaml b/features/fixtures/project/config/conditional/security_4.yaml
@@ -10,7 +10,7 @@ security:
 
         admin_panel:
             pattern: ^/admin
-            logout_on_user_change: true
+            user_checker: admin_security.user_checker.disabled_user_checker
             form_login:
                 provider: entity_provider
                 check_path: fsi_admin_security_user_check

diff --git a/features/fixtures/project/config/conditional/security_5.yaml b/features/fixtures/project/config/conditional/security_5.yaml
@@ -10,6 +10,7 @@ security:
 
         admin_panel:
             pattern: ^/admin
+            user_checker: admin_security.user_checker.disabled_user_checker
             form_login:
                 provider: entity_provider
                 check_path: fsi_admin_security_user_check