/** * Checks if the passed value is valid. * * @param UserInterface $value The value that should be validated * @param Constraint $constraint The constraint for the validation * * @throws UnexpectedTypeException if $value is not instance of \Symfony\Component\Security\Core\User\UserInterface */ public function validate($value, Constraint $constraint) { if (!$value instanceof UserInterface) { throw new UnexpectedTypeException($value, 'Symfony\\Component\\Security\\Core\\User\\UserInterface'); } $user = $this->ldapManager->findUserByUsername($value->getUsername()); if ($user) { $this->context->addViolation($constraint->message, array('%property%' => $constraint->property)); } }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); $presentedPassword = $token->getCredentials(); if ($currentUser instanceof UserInterface) { if ('' === $presentedPassword) { throw new BadCredentialsException('The password in the token is empty. You may forgive turn off `erase_credentials` in your `security.yml`'); } if (!$this->ldapManager->bind($currentUser, $presentedPassword)) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if ('' === $presentedPassword) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->ldapManager->bind($user, $presentedPassword)) { throw new BadCredentialsException('The presented password is invalid.'); } } }
public function testCheckAuthenticationUnknownUserPasswordIs0() { $method = $this->setMethodAccessible('checkAuthentication'); $username = '******'; $password = '******'; $user = new TestUser(); $user->setUsername($username); $token = new UsernamePasswordToken($username, $password, 'provider_key', array()); $this->ldapManager->expects($this->once())->method('bind')->with($this->equalTo($user), $this->equalTo($password))->will($this->returnValue(true)); $method->invoke($this->ldapAuthenticationProvider, $user, $token); $this->assertTrue(true); }
/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof LdapUserInterface) { if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!$user->getDn()) { $userLdap = $this->ldapManager->findUserByUsername($user->getUsername()); if (!$userLdap) { throw new BadCredentialsException(sprintf('User "%s" not found', $user->getUsername())); } $user->setDn($userLdap->getDn()); } if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->ldapManager->bind($user, $presentedPassword)) { throw new BadCredentialsException('The presented password is invalid.'); } } }
public function testNoViolationsOnUniqueUserProperty() { $this->ldapManagerMock->expects($this->once())->method('findUserByUsername')->will($this->returnValue(null))->with($this->equalTo($this->user->getUsername())); $this->validatorContext->expects($this->never())->method('addViolation'); $this->validator->validate($this->user, $this->constraint); }
public function testTrueOnUniqueUserProperty() { $this->ldapManagerMock->expects($this->once())->method('findUserByUsername')->will($this->returnValue(null))->with($this->equalTo($this->user->getUsername())); $this->assertTrue($this->validator->isValid($this->user, $this->constraint)); }