cleanup per pr comments and refactored event and tests

robfrawley · robfrawley · commit f3873c858893 · 2018-05-21T17:02:10.000-04:00
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
@@ -11,7 +11,6 @@
 
 namespace Symfony\Component\Security\Core\Authentication;
 
-use Symfony\Component\EventDispatcher\Event;
 use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
 use Symfony\Component\Security\Core\Event\AuthenticationEvent;
 use Symfony\Component\Security\Core\AuthenticationEvents;
@@ -36,7 +35,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
     private $eraseCredentials;
 
     /**
-     * @var EventDispatcherInterface
+     * @var EventDispatcherInterface|null
      */
     private $eventDispatcher;
 
@@ -97,7 +96,7 @@ public function authenticate(TokenInterface $token)
 
         if (null !== $result) {
             if (null !== $this->eventDispatcher) {
-                $this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, new AuthenticationSensitiveEvent($result, $token, $providerClassName));
+                $this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, new AuthenticationSensitiveEvent($token, $result, $providerClassName));
             }
 
             if (true === $this->eraseCredentials) {
diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php
@@ -28,7 +28,7 @@ public function __construct(TokenInterface $token)
         $this->authenticationToken = $token;
     }
 
-    public function getAuthenticationToken(): TokenInterface
+    public function getAuthenticationToken()
     {
         return $this->authenticationToken;
     }
diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php
@@ -25,10 +25,10 @@ class AuthenticationSensitiveEvent extends Event
     private $preAuthenticationToken;
     private $authenticationProviderClassName;
 
-    public function __construct(TokenInterface $authenticationToken, TokenInterface $preAuthenticationToken, string $authenticationProviderClassName = null)
+    public function __construct(TokenInterface $preAuthenticationToken, TokenInterface $authenticationToken, ?string $authenticationProviderClassName = null)
     {
-        $this->authenticationToken = $authenticationToken;
         $this->preAuthenticationToken = $preAuthenticationToken;
+        $this->authenticationToken = $authenticationToken;
         $this->authenticationProviderClassName = $authenticationProviderClassName;
     }
 
@@ -47,28 +47,52 @@ public function getAuthenticationProviderClassName(): ?string
         return $this->authenticationProviderClassName;
     }
 
+    /**
+     * Attempts to extract the credentials password, first from the authentication token and second from the pre-
+     * authentication token. It uses either a custom extractor closure (optionally passed as its only argument) or
+     * the default extractor implementation, which returns the token's credentials string representation if it is
+     * not an array, or if it is, searches for the index "password", "secret", or "api_key" (in that order) if the
+     * token's credentials is an array.
+     *
+     * @param \Closure|null $extractor An optional custom token credentials password extraction \Closure that is
+     *                                 provided an auth token (as an instance of TokenInterface) and an auth event
+     *                                 (as an instance of AuthenticationSensitiveEvent). This closure is called
+     *                                 first with the final-auth token and second with the pre-auth token, returning
+     *                                 early if a non-null value (which must be string castable) is returned.
+     *
+     * @return null|string Either a credentials password/secret/auth_key is returned or null on extraction failure
+     */
     public function getAuthenticationTokenPassword(\Closure $extractor = null): ?string
     {
-        return $this->extractAuthenticationTokenPassword($this->preAuthenticationToken, $extractor)
-            ?: $this->extractAuthenticationTokenPassword($this->authenticationToken, $extractor);
+        $extractor = $extractor ?? function (TokenInterface $token): ?string {
+            return $this->scalarCredentialsToString($credentials = $token->getCredentials())
+                ?: $this->arrayCredentialsToString($credentials);
+        };
+
+        return $extractor($this->authenticationToken, $this)
+            ?: $extractor($this->preAuthenticationToken, $this);
     }
 
-    private function extractAuthenticationTokenPassword(TokenInterface $token, \Closure $extractor = null): ?string
+    private function scalarCredentialsToString($credentials): ?string
     {
-        return ($extractor ?? function (TokenInterface $token): ?string {
-            $c = $token->getCredentials();
+        if (is_scalar($credentials)) {
+            return $credentials ?: null;
+        }
 
-            return is_array($c) && (null !== $p = $this->resolveArrayAuthenticationTokenCredentialsPassword($c))
-                ? $p ?: null
-                : $c ?: null;
-        })($token, $this);
+        if (is_object($credentials) && method_exists($credentials, '__toString')) {
+            return $credentials->__toString() ?: null;
+        }
+
+        return null;
     }
 
-    private function resolveArrayAuthenticationTokenCredentialsPassword(array $credentials): ?string
+    private function arrayCredentialsToString($credentials): ?string
     {
-        foreach (array('password', 'secret', 'api_key') as $index) {
-            if (isset($credentials[$index]) && !empty($credentials[$index])) {
-                return $credentials[$index];
+        if (is_array($credentials)) {
+            foreach (array('password', 'secret', 'api_key') as $index) {
+                if (isset($credentials[$index]) && null !== $c = $this->scalarCredentialsToString($credentials[$index])) {
+                    return $c;
+                }
             }
         }
 
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php
@@ -15,6 +15,7 @@
 use Symfony\Component\EventDispatcher\EventDispatcher;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
+use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
 use Symfony\Component\Security\Core\AuthenticationEvents;
 use Symfony\Component\Security\Core\Event\AuthenticationEvent;
 use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
@@ -168,7 +169,7 @@ public function testAuthenticateDispatchesAuthenticationSuccessEvents()
             ->expects($this->exactly(2))
             ->method('dispatch')
             ->withConsecutive(array(
-                AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, $this->equalTo(new AuthenticationSensitiveEvent($finalToken, $priorToken, $providerCN)),
+                AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, $this->equalTo(new AuthenticationSensitiveEvent($priorToken, $finalToken, $providerCN)),
             ), array(
                 AuthenticationEvents::AUTHENTICATION_SUCCESS, $this->equalTo(new AuthenticationEvent($finalToken)),
             ));
@@ -205,7 +206,7 @@ public function testAuthenticateDispatchesAuthenticationSuccessEventsWithCredent
 
     protected function getAuthenticationProvider($supports, $token = null, $exception = null)
     {
-        $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
+        $provider = $this->getMockBuilder(AuthenticationProviderInterface::class)->getMock();
         $provider->expects($this->once())
                  ->method('supports')
                  ->will($this->returnValue($supports))
diff --git a/src/Symfony/Component/Security/Core/Tests/Event/AuthenticationSensitiveEventTest.php b/src/Symfony/Component/Security/Core/Tests/Event/AuthenticationSensitiveEventTest.php
@@ -12,98 +12,154 @@
 namespace Symfony\Component\Security\Core\Tests\Authentication;
 
 use PHPUnit\Framework\TestCase;
-use Symfony\Component\EventDispatcher\EventDispatcher;
-use Symfony\Component\EventDispatcher\EventDispatcherInterface;
-use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
+use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\AuthenticationEvents;
-use Symfony\Component\Security\Core\Event\AuthenticationEvent;
 use Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 
 class AuthenticationSensitiveEventTest extends TestCase
 {
-    public function testAuthenticateDispatchesAuthenticationSuccessEvents()
+    public static function provideTestAccessorMethodsData(): \Iterator
     {
-        $finalToken = new UsernamePasswordToken('foo', 'bar', 'baz', array('role-01', 'role-02'));
-        $priorToken = new UsernamePasswordToken('foo', 'bar', 'baz');
-
-        $provider = $this->getAuthenticationProvider(true, $finalToken);
-        $providerCN = get_class($provider);
-
-        $dispatcher = $this->getMockBuilder(EventDispatcherInterface::class)->getMock();
-        $dispatcher
-            ->expects($this->exactly(2))
-            ->method('dispatch')
-            ->withConsecutive(array(
-                AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, $this->equalTo(new AuthenticationSensitiveEvent($finalToken, $priorToken, $providerCN)),
-            ), array(
-                AuthenticationEvents::AUTHENTICATION_SUCCESS, $this->equalTo(new AuthenticationEvent($finalToken)),
-            ));
-
-        $manager = new AuthenticationProviderManager(array($provider));
-        $manager->setEventDispatcher($dispatcher);
-
-        $this->assertSame($finalToken, $manager->authenticate($priorToken));
+        $getExtractorFunction = function ($default = null) {
+            return function ($token, $event) use ($default): ?string {
+                self::assertInstanceOf(TokenInterface::class, $token);
+                self::assertInstanceOf(AuthenticationSensitiveEvent::class, $event);
+
+                if (method_exists($token, 'getCredentials')) {
+                    $c = $token->getCredentials();
+
+                    if ($c instanceof \Closure) {
+                        return ($c)();
+                    }
+
+                    if (method_exists($c, 'getInnerCredentials')) {
+                        return $c->getInnerCredentials();
+                    }
+                }
+
+                return $c ?? $default;
+            };
+        };
+
+        $getHasCastableClass = function ($return = null) {
+            return new class($return) {
+                private $inner;
+
+                public function __construct(?string $return = null)
+                {
+                    $this->return = $return;
+                }
+
+                public function __toString(): string
+                {
+                    return $this->return ?? '';
+                }
+            };
+        };
+
+        $getNotCastableClass = function ($return = null) {
+            return new class($return) {
+                private $return;
+
+                public function __construct(?string $return = null)
+                {
+                    $this->return = $return;
+                }
+
+                public function getInnerCredentials(): string
+                {
+                    return $this->return ?? '';
+                }
+            };
+        };
+
+        $getTokenCredentialsValue = function ($return = null) {
+            return function () use ($return) {
+                return $return;
+            };
+        };
+
+        // expects credential password of "null" type
+        yield array(null);
+        yield array(null, $getHasCastableClass(''));
+        yield array(null, $getNotCastableClass('foo'));
+        yield array(null, array('unknown-index-foo' => 'foo'));
+        yield array(null, null, $getHasCastableClass(''));
+        yield array(null, null, $getNotCastableClass('foo'));
+        yield array(null, null, array('unknown-index-bar' => 'bar'));
+        yield array(null, null, null, $getExtractorFunction(null));
+
+        // expects credential password of "foo" value
+        yield array('foo', 'foo');
+        yield array('foo', 'foo', 'bar');
+        yield array('foo', $getHasCastableClass('foo'));
+        yield array('foo', $getNotCastableClass('foo'), null, $getExtractorFunction());
+        yield array('foo', $getTokenCredentialsValue('foo'), null, $getExtractorFunction());
+
+        // expects credential password of "bar" value
+        yield array('bar', null, 'bar');
+        yield array('bar', null, $getHasCastableClass('bar'));
+        yield array('bar', null, $getNotCastableClass('bar'), $getExtractorFunction());
+        yield array('bar', null, $getTokenCredentialsValue('bar'), $getExtractorFunction());
+
+        // expects credential password of "baz" value
+        yield array('baz', null, null, $getExtractorFunction('baz'));
+
+        // expects array value will be extracted for all supported indexes
+        foreach (array('password', 'secret', 'api_key') as $index) {
+            // expects credential password of "null" type
+            yield array(null, array($index => null));
+            yield array(null, null, array($index => ''));
+            yield array(null, array($index => ''), array($index => null));
+
+            // expects credential password of "foo" value
+            yield array('foo', array($index => 'foo'));
+            yield array('foo', array($index => 'foo'), array($index => null));
+            yield array('foo', array($index => 'foo'), array($index => ''));
+            yield array('foo', array($index => 'foo'), array('unknown-index-bar' => 'bar'));
+            yield array('foo', array($index => 'foo'), array($index => 'bar'));
+
+            // expects credential password of "bar" value
+            yield array('bar', null, array($index => 'bar'));
+            yield array('bar', array($index => null), array($index => 'bar'));
+            yield array('bar', array($index => ''), array($index => 'bar'));
+            yield array('bar', array('unknown-index-foo' => 'foo'), array($index => 'bar'));
+            yield array('bar', array($index => $getNotCastableClass), array($index => 'bar'));
+        }
     }
 
-    public function testAuthenticateDispatchesAuthenticationSuccessEventsWithCredentialsAvailableAndRemovedForSuccessiveDispatches()
+    /**
+     * @dataProvider provideTestAccessorMethodsData
+     *
+     * @param string            $expectedPassword
+     * @param string|array|null $finalCredentials
+     * @param string|array|null $priorCredentials
+     * @param \Closure|null     $passwordExtractor
+     */
+    public function testAccessorMethods(string $expectedPassword = null, $finalCredentials = null, $priorCredentials = null, \Closure $passwordExtractor = null)
     {
-        $finalToken = $this->getTokenInterfaceMock();
-        $priorToken = $this->getTokenInterfaceMock($credentials = array('password' => 'foobar'));
-
-        $provider = $this->getAuthenticationProvider(true, $finalToken);
-        $providerCN = get_class($provider);
-
-        $dispatcher = new EventDispatcher();
-        $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, function (AuthenticationSensitiveEvent $event) use ($credentials, $providerCN) {
-            $this->assertSame($providerCN, $event->getAuthenticationProviderClassName());
-            $this->assertSame('foobar', $event->getAuthenticationTokenPassword());
-            $this->assertEquals($credentials, $event->getPreAuthenticationToken()->getCredentials());
-        });
-        $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS, function (AuthenticationEvent $event) {
-            $this->assertEquals('', $event->getAuthenticationToken()->getCredentials());
-        });
-
-        $manager = new AuthenticationProviderManager(array($provider));
-        $manager->setEventDispatcher($dispatcher);
-        $manager->authenticate($priorToken);
+        $event = new AuthenticationSensitiveEvent(
+            $priorToken = $this->getTokenInterfaceMock($priorCredentials),
+            $finalToken = $this->getTokenInterfaceMock($finalCredentials),
+            AuthenticationProviderInterface::class
+        );
+
+        $this->assertSame($priorToken, $event->getPreAuthenticationToken());
+        $this->assertSame($finalToken, $event->getAuthenticationToken());
+        $this->assertSame(AuthenticationProviderInterface::class, $event->getAuthenticationProviderClassName());
+        $this->assertSame($expectedPassword, $event->getAuthenticationTokenPassword($passwordExtractor));
     }
 
     private function getTokenInterfaceMock($credentials = null): TokenInterface
     {
-        $token = $this->getMockBuilder(TokenInterface::class)->getMock();
+        $token = $this
+            ->getMockBuilder(TokenInterface::class)
+            ->getMock();
 
-        if (null !== $credentials) {
-            $token
-                ->expects($this->atLeastOnce())
-                ->method('getCredentials')
-                ->will($this->returnValue($credentials));
-        }
+        $token->expects($this->any())
+            ->method('getCredentials')
+            ->will($this->returnValue($credentials));
 
         return $token;
     }
-
-    private function getAuthenticationProvider($supports, $token = null, $exception = null)
-    {
-        $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
-        $provider->expects($this->once())
-                 ->method('supports')
-                 ->will($this->returnValue($supports))
-        ;
-
-        if (null !== $token) {
-            $provider->expects($this->once())
-                     ->method('authenticate')
-                     ->will($this->returnValue($token))
-            ;
-        } elseif (null !== $exception) {
-            $provider->expects($this->once())
-                     ->method('authenticate')
-                     ->will($this->throwException($this->getMockBuilder($exception)->setMethods(null)->getMock()))
-            ;
-        }
-
-        return $provider;
-    }
 }

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public function __construct(TokenInterface $token)`
`28`	`28`	`$this->authenticationToken = $token;`
`29`	`29`	`}`
`30`	`30`
`31`		`- public function getAuthenticationToken(): TokenInterface`
	`31`	`+ public function getAuthenticationToken()`
`32`	`32`	`{`
`33`	`33`	`return $this->authenticationToken;`
`34`	`34`	`}`