Skip to content

Added user_checker support #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: 1.x
Choose a base branch
from
Open

Added user_checker support #200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions DependencyInjection/Security/Factory/SamlFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
$definition = $container->setDefinition($providerId, new $definitionClassname('hslavich_onelogin_saml.saml_provider'))
->replaceArgument(0, new Reference($userProviderId))
->replaceArgument(1, new Reference('event_dispatcher', ContainerInterface::NULL_ON_INVALID_REFERENCE))
->replaceArgument(2, new Reference('security.user_checker.'.$id))
;

if ($config['user_factory']) {
Expand Down
2 changes: 1 addition & 1 deletion Resources/config/services.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ services:

hslavich_onelogin_saml.saml_provider:
class: Hslavich\OneloginSamlBundle\Security\Authentication\Provider\SamlProvider
arguments: ["", ""]
arguments: ["", "", ""]

hslavich_onelogin_saml.saml_token_factory:
class: Hslavich\OneloginSamlBundle\Security\Authentication\Token\SamlTokenFactory
Expand Down
23 changes: 20 additions & 3 deletions Security/Authentication/Provider/SamlProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;

class SamlProvider implements AuthenticationProviderInterface
Expand All @@ -20,11 +21,13 @@ class SamlProvider implements AuthenticationProviderInterface
protected $userFactory;
protected $tokenFactory;
protected $eventDispatcher;
protected $userChecker;

public function __construct(UserProviderInterface $userProvider, $eventDispatcher)
public function __construct(UserProviderInterface $userProvider, $eventDispatcher, $userChecker)
{
$this->userProvider = $userProvider;
$this->eventDispatcher = $eventDispatcher;
$this->userChecker = $userChecker;
}

public function setUserFactory(SamlUserFactoryInterface $userFactory)
Expand Down Expand Up @@ -71,16 +74,30 @@ public function supports(TokenInterface $token)
protected function retrieveUser($token)
{
try {
return $this->userProvider->loadUserByUsername($token->getUsername());
$user = $this->userProvider->loadUserByUsername($token->getUsername());

return $this->checkUser($user);
} catch (UsernameNotFoundException $e) {
if ($this->userFactory instanceof SamlUserFactoryInterface) {
return $this->generateUser($token);
$user = $this->generateUser($token);

return $this->checkUser($user);
}

throw $e;
}
}

protected function checkUser($user)
{
if ($user && $this->userChecker instanceof UserCheckerInterface) {
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);
}

return $user;
}

protected function generateUser($token)
{
$user = $this->userFactory->createUser($token);
Expand Down
34 changes: 32 additions & 2 deletions Tests/Authentication/Provider/SamlProviderTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,36 @@ public function testAuthenticateInvalidUser()
$provider->authenticate($this->getSamlToken());
}

public function testAuthenticateCheckerInvalidUser()
{
$user = $this->createMock('Symfony\Component\Security\Core\User\UserInterface');

$userChecker = $this->createMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
$exception = new \Exception('This user is valid in SSO but invalid in app');
$userChecker->expects($this->once())->method('checkPreAuth')->willThrowException($exception);

$provider = $this->getProvider($user, null, null, $userChecker);

$this->expectExceptionMessage('This user is valid in SSO but invalid in app');

$provider->authenticate($this->getSamlToken());
}

public function testAuthenticateUserCheckerPostAuth()
{
$user = $this->createMock('Symfony\Component\Security\Core\User\UserInterface');
$user->expects($this->once())->method('getRoles')->willReturn(array());

$userChecker = $this->createMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
$userChecker->expects($this->once())->method('checkPostAuth');

$provider = $this->getProvider($user, null, null, $userChecker);

$token = $provider->authenticate($this->getSamlToken());

$this->assertSame($user, $token->getUser());
}

public function testAuthenticateWithUserFactory()
{
$user = $this->createMock('Symfony\Component\Security\Core\User\UserInterface');
Expand Down Expand Up @@ -117,7 +147,7 @@ protected function getSamlToken()
return $token;
}

protected function getProvider($user = null, $userFactory = null, $eventDispatcher = null)
protected function getProvider($user = null, $userFactory = null, $eventDispatcher = null, $userChecker = null)
{
$userProvider = $this->createMock('Symfony\Component\Security\Core\User\UserProviderInterface');
if ($user) {
Expand All @@ -126,7 +156,7 @@ protected function getProvider($user = null, $userFactory = null, $eventDispatch
$userProvider->method('loadUserByUsername')->will($this->throwException(new UsernameNotFoundException()));
}

$provider = new SamlProvider($userProvider, $eventDispatcher);
$provider = new SamlProvider($userProvider, $eventDispatcher, $userChecker);
$provider->setTokenFactory(new SamlTokenFactory());

if ($userFactory) {
Expand Down
3 changes: 2 additions & 1 deletion Tests/DependencyInjection/Security/Factory/SamlFactoryTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,8 @@ public function testBasicCreate()
$providerDefinition = $container->getDefinition('security.authentication.provider.saml.test_firewall');
$this->assertEquals(array(
'index_0' => new Reference('my_user_provider'),
'index_1' => new Reference('event_dispatcher', ContainerInterface::NULL_ON_INVALID_REFERENCE)
'index_1' => new Reference('event_dispatcher', ContainerInterface::NULL_ON_INVALID_REFERENCE),
'index_2' => new Reference('security.user_checker.test_firewall')
), $providerDefinition->getArguments());
}
}