Skip to content

Fix Authenticator Class (getCredentials) example #7065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

Fix Authenticator Class (getCredentials) example #7065

Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
234d537
Fix Authenticator Class (getCredentials) example
thtroyer Oct 18, 2016
a5832a2
Authenticator class example - adjusting solution.
thtroyer Oct 31, 2016
df4266e
Authenticator class example - fixing comment
thtroyer Nov 9, 2016
90de243
Authenticator class example - adjusting solution from feedback
thtroyer Nov 9, 2016
ebb8153
Authenticator class example - adjusting solution from feedback.
thtroyer Nov 28, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions security/guard_authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,14 +164,18 @@ This requires you to implement six methods::
class TokenAuthenticator extends AbstractGuardAuthenticator
{
/**
* Called on every request. Return whatever credentials you want,
* or null to stop authentication.
* Called on every request. Return whatever credentials you want to
* be passed to getUser(). Returning null will cause this authenticator
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

- * be passed to getUser().  Returning null will cause this authenticator
+ * be passed to getUser(). Returning null will cause this authenticator

* to be skipped.
*/
public function getCredentials(Request $request)
{
if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
// no token? Return null and no other methods will be called
return;
// No token?
// Throwing an exception will cause authentication
// to fail and prevent other authenticators from
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please reduce the number of spaces here so that all comments are aligned?

// attempting to authenticate.
throw new AuthenticationException('No token provided.');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a bad implementation, because it prevents any other auth system to be used (including the anonymous auth). We should not advocate it. The Symfony security system is precisely meant to allow multiple auth strategies in parallel.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, this should be reverted and added in a note or caution block.

}

// What you return here will be passed to getUser() as $credentials
Expand Down