It is injected in SecurityContext to replace the original token as this one holds a new user.
public function testConstruct()
{
$user = $this->getMock('eZ\\Publish\\Core\\MVC\\Symfony\\Security\\UserInterface');
$originalTokenType = 'FooBar';
$credentials = 'my_credentials';
$providerKey = 'key';
$roles = array('ROLE_USER', 'ROLE_TEST', new Role('ROLE_FOO'));
$expectedRoles = array();
foreach ($roles as $role) {
if (is_string($role)) {
$expectedRoles[] = new Role($role);
} else {
$expectedRoles[] = $role;
}
}
$token = new InteractiveLoginToken($user, $originalTokenType, $credentials, $providerKey, $roles);
$this->assertSame($user, $token->getUser());
$this->assertTrue($token->isAuthenticated());
$this->assertSame($originalTokenType, $token->getOriginalTokenType());
$this->assertSame($credentials, $token->getCredentials());
$this->assertSame($providerKey, $token->getProviderKey());
$this->assertEquals($expectedRoles, $token->getRoles());
}
/**
* @param UserEvent $event
*/
public function onImplicitLogin(UserEvent $event)
{
$originalUser = $event->getUser();
if ($originalUser instanceof eZUser || !$originalUser instanceof UserInterface) {
return;
}
// Already Authenticated Token ( we are in ImplicitLogin of FOS)
$token = $this->tokenStorage->getToken();
$subLoginEvent = new InteractiveLoginEvent($event->getRequest(), $token);
$this->eventDispatcher->dispatch(MVCEvents::INTERACTIVE_LOGIN, $subLoginEvent);
if ($subLoginEvent->hasAPIUser()) {
$apiUser = $subLoginEvent->getAPIUser();
} else {
$apiUser = $this->repository->getUserService()->loadUser($this->configResolver->getParameter('anonymous_user_id'));
}
$this->repository->setCurrentUser($apiUser);
$providerKey = method_exists($token, 'getProviderKey') ? $token->getProviderKey() : __CLASS__;
$interactiveToken = new InteractiveLoginToken(new UserWrapped($originalUser, $apiUser), get_class($token), $token->getCredentials(), $providerKey, $token->getRoles());
$interactiveToken->setAttributes($token->getAttributes());
$this->tokenStorage->setToken($interactiveToken);
}
/**
* Tries to retrieve a valid eZ user if authenticated user doesn't come from the repository (foreign user provider).
* Will dispatch an event allowing listeners to return a valid eZ user for current authenticated user.
* Will by default let the repository load the anonymous user.
*
* @param \Symfony\Component\Security\Http\Event\InteractiveLoginEvent $event
*/
public function onInteractiveLogin(BaseInteractiveLoginEvent $event)
{
$token = $event->getAuthenticationToken();
$originalUser = $token->getUser();
if ($originalUser instanceof eZUser || !$originalUser instanceof UserInterface) {
return;
}
/*
* 1. Send the event.
* 2. If no eZ user is returned, load Anonymous user.
* 3. Inject eZ user in repository.
* 4. Create the UserWrapped user object (implementing eZ UserInterface) with loaded eZ user.
* 5. Create new token with UserWrapped user
* 6. Inject the new token in security context
*/
$subLoginEvent = new InteractiveLoginEvent($event->getRequest(), $token);
$this->eventDispatcher->dispatch(MVCEvents::INTERACTIVE_LOGIN, $subLoginEvent);
if ($subLoginEvent->hasAPIUser()) {
$apiUser = $subLoginEvent->getAPIUser();
} else {
$apiUser = $this->repository->getUserService()->loadUser($this->configResolver->getParameter("anonymous_user_id"));
}
$this->repository->setCurrentUser($apiUser);
$providerKey = method_exists($token, 'getProviderKey') ? $token->getProviderKey() : __CLASS__;
$interactiveToken = new InteractiveLoginToken($this->getUser($originalUser, $apiUser), get_class($token), $token->getCredentials(), $providerKey, $token->getRoles());
$interactiveToken->setAttributes($token->getAttributes());
$this->securityContext->setToken($interactiveToken);
}
