* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Guard\Tests\Provider; use PHPUnit\Framework\TestCase; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Guard\AuthenticatorInterface; use Symfony\Component\Security\Guard\Provider\GuardAuthenticationProvider; use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken; use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; /** * @author Ryan Weaver */ class GuardAuthenticationProviderTest extends TestCase { private $userProvider; private $userChecker; private $preAuthenticationToken; public function testAuthenticate() { $providerKey = 'my_cool_firewall'; $authenticatorA = $this->getMockBuilder(AuthenticatorInterface::class)->getMock(); $authenticatorB = $this->getMockBuilder(AuthenticatorInterface::class)->getMock(); $authenticatorC = $this->getMockBuilder(AuthenticatorInterface::class)->getMock(); $authenticators = array($authenticatorA, $authenticatorB, $authenticatorC); // called 2 times - for authenticator A and B (stops on B because of match) $this->preAuthenticationToken->expects($this->exactly(2)) ->method('getGuardProviderKey') // it will return the "1" index, which will match authenticatorB ->will($this->returnValue('my_cool_firewall_1')); $enteredCredentials = array( 'username' => '_weaverryan_test_user', 'password' => 'guard_auth_ftw', ); $this->preAuthenticationToken->expects($this->atLeastOnce()) ->method('getCredentials') ->will($this->returnValue($enteredCredentials)); // authenticators A and C are never called $authenticatorA->expects($this->never()) ->method('getUser'); $authenticatorC->expects($this->never()) ->method('getUser'); $mockedUser = $this->getMockBuilder(UserInterface::class)->getMock(); $authenticatorB->expects($this->once()) ->method('getUser') ->with($enteredCredentials, $this->userProvider) ->will($this->returnValue($mockedUser)); // checkCredentials is called $authenticatorB->expects($this->once()) ->method('checkCredentials') ->with($enteredCredentials, $mockedUser) // authentication works! ->will($this->returnValue(true)); $authedToken = $this->getMockBuilder(TokenInterface::class)->getMock(); $authenticatorB->expects($this->once()) ->method('createAuthenticatedToken') ->with($mockedUser, $providerKey) ->will($this->returnValue($authedToken)); // user checker should be called $this->userChecker->expects($this->once()) ->method('checkPreAuth') ->with($mockedUser); $this->userChecker->expects($this->once()) ->method('checkPostAuth') ->with($mockedUser); $provider = new GuardAuthenticationProvider($authenticators, $this->userProvider, $providerKey, $this->userChecker); $actualAuthedToken = $provider->authenticate($this->preAuthenticationToken); $this->assertSame($authedToken, $actualAuthedToken); } /** * @group legacy */ public function testLegacyAuthenticate() { $providerKey = 'my_cool_firewall'; $authenticatorA = $this->getMockBuilder('Symfony\Component\Security\Guard\GuardAuthenticatorInterface')->getMock(); $authenticatorB = $this->getMockBuilder('Symfony\Component\Security\Guard\GuardAuthenticatorInterface')->getMock(); $authenticatorC = $this->getMockBuilder('Symfony\Component\Security\Guard\GuardAuthenticatorInterface')->getMock(); $authenticators = array($authenticatorA, $authenticatorB, $authenticatorC); // called 2 times - for authenticator A and B (stops on B because of match) $this->preAuthenticationToken->expects($this->exactly(2)) ->method('getGuardProviderKey') // it will return the "1" index, which will match authenticatorB ->will($this->returnValue('my_cool_firewall_1')); $enteredCredentials = array( 'username' => '_weaverryan_test_user', 'password' => 'guard_auth_ftw', ); $this->preAuthenticationToken->expects($this->atLeastOnce()) ->method('getCredentials') ->will($this->returnValue($enteredCredentials)); // authenticators A and C are never called $authenticatorA->expects($this->never()) ->method('getUser'); $authenticatorC->expects($this->never()) ->method('getUser'); $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $authenticatorB->expects($this->once()) ->method('getUser') ->with($enteredCredentials, $this->userProvider) ->will($this->returnValue($mockedUser)); // checkCredentials is called $authenticatorB->expects($this->once()) ->method('checkCredentials') ->with($enteredCredentials, $mockedUser) // authentication works! ->will($this->returnValue(true)); $authedToken = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock(); $authenticatorB->expects($this->once()) ->method('createAuthenticatedToken') ->with($mockedUser, $providerKey) ->will($this->returnValue($authedToken)); // user checker should be called $this->userChecker->expects($this->once()) ->method('checkPreAuth') ->with($mockedUser); $this->userChecker->expects($this->once()) ->method('checkPostAuth') ->with($mockedUser); $provider = new GuardAuthenticationProvider($authenticators, $this->userProvider, $providerKey, $this->userChecker); $actualAuthedToken = $provider->authenticate($this->preAuthenticationToken); $this->assertSame($authedToken, $actualAuthedToken); } /** * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException */ public function testCheckCredentialsReturningNonTrueFailsAuthentication() { $providerKey = 'my_uncool_firewall'; $authenticator = $this->getMockBuilder(AuthenticatorInterface::class)->getMock(); // make sure the authenticator is used $this->preAuthenticationToken->expects($this->any()) ->method('getGuardProviderKey') // the 0 index, to match the only authenticator ->will($this->returnValue('my_uncool_firewall_0')); $this->preAuthenticationToken->expects($this->atLeastOnce()) ->method('getCredentials') ->will($this->returnValue('non-null-value')); $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $authenticator->expects($this->once()) ->method('getUser') ->will($this->returnValue($mockedUser)); // checkCredentials is called $authenticator->expects($this->once()) ->method('checkCredentials') // authentication fails :( ->will($this->returnValue(null)); $provider = new GuardAuthenticationProvider(array($authenticator), $this->userProvider, $providerKey, $this->userChecker); $provider->authenticate($this->preAuthenticationToken); } /** * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationExpiredException */ public function testGuardWithNoLongerAuthenticatedTriggersLogout() { $providerKey = 'my_firewall_abc'; // create a token and mark it as NOT authenticated anymore // this mimics what would happen if a user "changed" between request $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $token = new PostAuthenticationGuardToken($mockedUser, $providerKey, array('ROLE_USER')); $token->setAuthenticated(false); $provider = new GuardAuthenticationProvider(array(), $this->userProvider, $providerKey, $this->userChecker); $actualToken = $provider->authenticate($token); } public function testSupportsChecksGuardAuthenticatorsTokenOrigin() { $authenticatorA = $this->getMockBuilder(AuthenticatorInterface::class)->getMock(); $authenticatorB = $this->getMockBuilder(AuthenticatorInterface::class)->getMock(); $authenticators = array($authenticatorA, $authenticatorB); $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $provider = new GuardAuthenticationProvider($authenticators, $this->userProvider, 'first_firewall', $this->userChecker); $token = new PreAuthenticationGuardToken($mockedUser, 'first_firewall_1'); $supports = $provider->supports($token); $this->assertTrue($supports); $token = new PreAuthenticationGuardToken($mockedUser, 'second_firewall_0'); $supports = $provider->supports($token); $this->assertFalse($supports); } /** * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationException * @expectedExceptionMessageRegExp /second_firewall_0/ */ public function testAuthenticateFailsOnNonOriginatingToken() { $authenticatorA = $this->getMockBuilder(AuthenticatorInterface::class)->getMock(); $authenticators = array($authenticatorA); $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(); $provider = new GuardAuthenticationProvider($authenticators, $this->userProvider, 'first_firewall', $this->userChecker); $token = new PreAuthenticationGuardToken($mockedUser, 'second_firewall_0'); $provider->authenticate($token); } protected function setUp() { $this->userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock(); $this->userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock(); $this->preAuthenticationToken = $this->getMockBuilder('Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken') ->disableOriginalConstructor() ->getMock(); } protected function tearDown() { $this->userProvider = null; $this->userChecker = null; $this->preAuthenticationToken = null; } } __halt_compiler();----SIGNATURE:----grS7M/mV9C7cPoZ9IAn2I+G4kz1/kGVcTWRookzBO6tEIYH2d4ufb2MNmDbXoAUdFlkqfQ8rVOScjlMfTBLkcBVg4W332yXWjbJPFtioWkWOooNQ2t5awfi0OwltPl9nyhdsnYadzi0ba1vABLsnmOr/ExaWW7BzcrXLbSyjol904S6953jJ7lpmzx/9DRryTWa3jBlF6u7JAcOkAq5EKLxKwC7T/+P21oBozQFfeD8/JBLvNN3L+T4A5fzWUud0gUGTAyVNrVlWZaY1V45zqqFFrC9llu8DGf/jSr1bfQ2+YYaa0wsObdry1Xz2/4UivN2kKXM7OB/oGwqYCEckvCBoegbqHyjyyzK7zn6rtPai/lwnDlH/gtnGtT0t78Vx2fuZxRSEHjetYWrCeqCyeAdXYk1QnOiR4uLQQ1pRIfMPxOuKLH+NR8KiYh53QGC2n7R6wm5ZM/aakzTrXOGV+uz/+Oeg0XBDrBv7ZWGozJj288kH4cykOOn6csLin51Boy8Iz7N1/DdSQmW1g6c8aRdoiSrq9ZSNN2OBAyP2/J+BzQQ/WhEkCSqqC+Z9kofRsToCeNQmTR4Zv4080OXCKN7NyaJIoeEVI3FvtX+mSyDm0brgg4Iavn1FrniUKPjGh7WCFEAHirpbIKjdNOLUf1YHzjDij69tEdbgG1APrjY=----ATTACHMENT:----NTE4NDEwNzk0ODY2NTA5OSA1NjE4MzQzOTgwNzg4NjQ2IDYxOTIzMzk3MDk1NjAzNTk=