From 44b3d8c8e7282a91f03b05b276de6219f8697757 Mon Sep 17 00:00:00 2001 From: Lukasz Cybula Date: Thu, 14 Dec 2023 14:20:59 +0100 Subject: [PATCH] Added UserCheckerInterface implementation to check if user is enabled before logging in --- Behat/Context/DataContext.php | 10 +++++ Resources/config/services.xml | 3 ++ Resources/doc/installation.md | 1 + Security/UserChecker/DisabledUserChecker.php | 37 +++++++++++++++++++ composer.json | 1 + features/admin/secure_admin_panel.feature | 10 +++++ .../config/conditional/security_4.yaml | 2 +- .../config/conditional/security_5.yaml | 1 + 8 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 Security/UserChecker/DisabledUserChecker.php diff --git a/Behat/Context/DataContext.php b/Behat/Context/DataContext.php index 329486aa..8c5328e1 100644 --- a/Behat/Context/DataContext.php +++ b/Behat/Context/DataContext.php @@ -125,6 +125,16 @@ public function thereIsUserWithRoleAndPasswordWhichIsEnforcedToChangePassword( $this->getEntityManager()->flush(); } + /** + * @Then /^user "([^"]*)" has been disabled$/ + */ + public function userHasBeenDisabled(string $userEmail): void + { + $user = $this->findUserByEmail($userEmail); + $user->setEnabled(false); + $this->getEntityManager()->flush(); + } + /** * @Then /^user "([^"]*)" password should be changed$/ */ diff --git a/Resources/config/services.xml b/Resources/config/services.xml index 73e72007..633e69b2 100644 --- a/Resources/config/services.xml +++ b/Resources/config/services.xml @@ -160,6 +160,9 @@ + + + diff --git a/Resources/doc/installation.md b/Resources/doc/installation.md index 927daca5..b4969196 100644 --- a/Resources/doc/installation.md +++ b/Resources/doc/installation.md @@ -135,6 +135,7 @@ security: admin_panel: pattern: ^/admin + user_checker: admin_security.user_checker.disabled_user_checker form_login: provider: entity_provider check_path: fsi_admin_security_user_check diff --git a/Security/UserChecker/DisabledUserChecker.php b/Security/UserChecker/DisabledUserChecker.php new file mode 100644 index 00000000..1753d026 --- /dev/null +++ b/Security/UserChecker/DisabledUserChecker.php @@ -0,0 +1,37 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +declare(strict_types=1); + +namespace FSi\Bundle\AdminSecurityBundle\Security\UserChecker; + +use FSi\Bundle\AdminSecurityBundle\Security\User\UserInterface; +use Symfony\Component\Security\Core\Exception\LockedException; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface as SymfonyUserInterface; + +final class DisabledUserChecker implements UserCheckerInterface +{ + public function checkPreAuth(SymfonyUserInterface $user): void + { + if (false === $user instanceof UserInterface) { + return; + } + + if (true === $user->isEnabled()) { + return; + } + + throw new LockedException("User {$user->getUsername()} is disabled"); + } + + public function checkPostAuth(SymfonyUserInterface $user): void + { + } +} diff --git a/composer.json b/composer.json index 33a4aeba..ee025ca3 100644 --- a/composer.json +++ b/composer.json @@ -66,6 +66,7 @@ "fsi/datagrid": "*", "fsi/datasource": "*", "twig/twig": "<2.0", + "symfony/property-info": ">=7.0", "symfony/expression-language": "<4.4" }, "config": { diff --git a/features/admin/secure_admin_panel.feature b/features/admin/secure_admin_panel.feature index 922db866..a525a462 100644 --- a/features/admin/secure_admin_panel.feature +++ b/features/admin/secure_admin_panel.feature @@ -22,6 +22,16 @@ Feature: Secure admin panel And I press "Login" button Then I should be redirected to "Admin panel" page + Scenario: Login into admin panel using disabled user's credentials + Given user "admin@fsi.pl" has been disabled + And I am on the "Login" page + When I fill form with valid admin login and password + And I press "Login" button + And I should see message: + """ + Invalid credentials. + """ + Scenario: Login into admin panel using bad credentials Given I am on the "Login" page When I fill form with invalid admin login and password diff --git a/features/fixtures/project/config/conditional/security_4.yaml b/features/fixtures/project/config/conditional/security_4.yaml index 1081407e..4eae73ff 100644 --- a/features/fixtures/project/config/conditional/security_4.yaml +++ b/features/fixtures/project/config/conditional/security_4.yaml @@ -10,7 +10,7 @@ security: admin_panel: pattern: ^/admin - logout_on_user_change: true + user_checker: admin_security.user_checker.disabled_user_checker form_login: provider: entity_provider check_path: fsi_admin_security_user_check diff --git a/features/fixtures/project/config/conditional/security_5.yaml b/features/fixtures/project/config/conditional/security_5.yaml index fd22dbaa..019ea7b3 100644 --- a/features/fixtures/project/config/conditional/security_5.yaml +++ b/features/fixtures/project/config/conditional/security_5.yaml @@ -10,6 +10,7 @@ security: admin_panel: pattern: ^/admin + user_checker: admin_security.user_checker.disabled_user_checker form_login: provider: entity_provider check_path: fsi_admin_security_user_check