[Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.

Author: pawaclawczyk

Authentication/AuthenticationManagerInterface.php

@@ -0,0 +1,35 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+
+/**
+ * AuthenticationManagerInterface is the interface for authentication managers,
+ * which process Token authentication.
+ *
+ * @author Fabien Potencier <[email protected]>
+ */
+interface AuthenticationManagerInterface
+{
+    /**
+     * Attempts to authenticate a TokenInterface object.
+     *
+     * @param TokenInterface $token The TokenInterface instance to authenticate
+     *
+     * @return TokenInterface An authenticated TokenInterface instance, never null
+     *
+     * @throws AuthenticationException if the authentication fails
+     */
+    public function authenticate(TokenInterface $token);
+}

Authentication/AuthenticationProviderManager.php

@@ -0,0 +1,112 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication;
+
+use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
+use Symfony\Component\Security\Core\Event\AuthenticationEvent;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
+use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+
+/**
+ * AuthenticationProviderManager uses a list of AuthenticationProviderInterface
+ * instances to authenticate a Token.
+ *
+ * @author Fabien Potencier <[email protected]>
+ * @author Johannes M. Schmitt <[email protected]>
+ */
+class AuthenticationProviderManager implements AuthenticationManagerInterface
+{
+    private $providers;
+    private $eraseCredentials;
+    private $eventDispatcher;
+
+    /**
+     * Constructor.
+     *
+     * @param AuthenticationProviderInterface[] $providers        An array of AuthenticationProviderInterface instances
+     * @param Boolean                           $eraseCredentials Whether to erase credentials after authentication or not
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function __construct(array $providers, $eraseCredentials = true)
+    {
+        if (!$providers) {
+            throw new \InvalidArgumentException('You must at least add one authentication provider.');
+        }
+
+        $this->providers = $providers;
+        $this->eraseCredentials = (Boolean) $eraseCredentials;
+    }
+
+    public function setEventDispatcher(EventDispatcherInterface $dispatcher)
+    {
+        $this->eventDispatcher = $dispatcher;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function authenticate(TokenInterface $token)
+    {
+        $lastException = null;
+        $result = null;
+
+        foreach ($this->providers as $provider) {
+            if (!$provider->supports($token)) {
+                continue;
+            }
+
+            try {
+                $result = $provider->authenticate($token);
+
+                if (null !== $result) {
+                    break;
+                }
+            } catch (AccountStatusException $e) {
+                $e->setToken($token);
+
+                throw $e;
+            } catch (AuthenticationException $e) {
+                $lastException = $e;
+            }
+        }
+
+        if (null !== $result) {
+            if (true === $this->eraseCredentials) {
+                $result->eraseCredentials();
+            }
+
+            if (null !== $this->eventDispatcher) {
+                $this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_SUCCESS, new AuthenticationEvent($result));
+            }
+
+            return $result;
+        }
+
+        if (null === $lastException) {
+            $lastException = new ProviderNotFoundException(sprintf('No Authentication Provider found for token of class "%s".', get_class($token)));
+        }
+
+        if (null !== $this->eventDispatcher) {
+            $this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_FAILURE, new AuthenticationFailureEvent($token, $lastException));
+        }
+
+        $lastException->setToken($token);
+
+        throw $lastException;
+    }
+}

Authentication/AuthenticationTrustResolver.php

@@ -0,0 +1,73 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+
+/**
+ * The default implementation of the authentication trust resolver.
+ *
+ * @author Johannes M. Schmitt <[email protected]>
+ */
+class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface
+{
+    private $anonymousClass;
+    private $rememberMeClass;
+
+    /**
+     * Constructor
+     *
+     * @param string $anonymousClass
+     * @param string $rememberMeClass
+     */
+    public function __construct($anonymousClass, $rememberMeClass)
+    {
+        $this->anonymousClass = $anonymousClass;
+        $this->rememberMeClass = $rememberMeClass;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function isAnonymous(TokenInterface $token = null)
+    {
+        if (null === $token) {
+            return false;
+        }
+
+        return $token instanceof $this->anonymousClass;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function isRememberMe(TokenInterface $token = null)
+    {
+        if (null === $token) {
+            return false;
+        }
+
+        return $token instanceof $this->rememberMeClass;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function isFullFledged(TokenInterface $token = null)
+    {
+        if (null === $token) {
+            return false;
+        }
+
+        return !$this->isAnonymous($token) && !$this->isRememberMe($token);
+    }
+}

Authentication/AuthenticationTrustResolverInterface.php

@@ -0,0 +1,53 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+
+/**
+ * Interface for resolving the authentication status of a given token.
+ *
+ * @author Johannes M. Schmitt <[email protected]>
+ */
+interface AuthenticationTrustResolverInterface
+{
+    /**
+     * Resolves whether the passed token implementation is authenticated
+     * anonymously.
+     *
+     * If null is passed, the method must return false.
+     *
+     * @param TokenInterface $token
+     *
+     * @return Boolean
+     */
+    public function isAnonymous(TokenInterface $token = null);
+
+    /**
+     * Resolves whether the passed token implementation is authenticated
+     * using remember-me capabilities.
+     *
+     * @param TokenInterface $token
+     *
+     * @return Boolean
+     */
+    public function isRememberMe(TokenInterface $token = null);
+
+    /**
+     * Resolves whether the passed token implementation is fully authenticated.
+     *
+     * @param TokenInterface $token
+     *
+     * @return Boolean
+     */
+    public function isFullFledged(TokenInterface $token = null);
+}

Authentication/Provider/AnonymousAuthenticationProvider.php

@@ -0,0 +1,60 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication\Provider;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
+
+/**
+ * AnonymousAuthenticationProvider validates AnonymousToken instances.
+ *
+ * @author Fabien Potencier <[email protected]>
+ */
+class AnonymousAuthenticationProvider implements AuthenticationProviderInterface
+{
+    private $key;
+
+    /**
+     * Constructor.
+     *
+     * @param string $key The key shared with the authentication token
+     */
+    public function __construct($key)
+    {
+        $this->key = $key;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function authenticate(TokenInterface $token)
+    {
+        if (!$this->supports($token)) {
+            return null;
+        }
+
+        if ($this->key !== $token->getKey()) {
+            throw new BadCredentialsException('The Token does not contain the expected key.');
+        }
+
+        return $token;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function supports(TokenInterface $token)
+    {
+        return $token instanceof AnonymousToken;
+    }
+}

Authentication/Provider/AuthenticationProviderInterface.php

@@ -0,0 +1,35 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication\Provider;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
+
+/**
+ * AuthenticationProviderInterface is the interface for all authentication
+ * providers.
+ *
+ * Concrete implementations processes specific Token instances.
+ *
+ * @author Fabien Potencier <[email protected]>
+ */
+interface AuthenticationProviderInterface extends AuthenticationManagerInterface
+{
+    /**
+     * Checks whether this provider supports the given token.
+     *
+     * @param TokenInterface $token A TokenInterface instance
+     *
+     * @return Boolean true if the implementation supports the Token, false otherwise
+     */
+     public function supports(TokenInterface $token);
+}