Merge pull request #41 from ricbra/fix_block

reecefowell · reecefowell · commit aecaa5a3cb9a · 2015-02-19T00:20:01.000Z
Refactored BlockingLoginListener into DeferLoginListener and BlockingLoginListener
diff --git a/Component/Listener/BlockingLoginListener.php b/Component/Listener/BlockingLoginListener.php
@@ -16,7 +16,6 @@
 use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\Routing\RouterInterface;
 
 /**
  *
@@ -31,20 +30,6 @@
  */
 class BlockingLoginListener
 {
-    /**
-     *
-     * @access protected
-     * @var \Symfony\Component\Routing\RouterInterface $router
-     */
-    protected $router;
-
-    /**
-     *
-     * @access protected
-     * @var array $forceAccountRecovery
-     */
-    protected $forceAccountRecovery;
-
     /**
      *
      * @access protected
@@ -63,13 +48,10 @@ class BlockingLoginListener
      * @param \Symfony\Component\Routing\RouterInterface                                              $router
      * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager                        $loginFailureTracker
      * @param \CCDNUser\SecurityBundle\Component\Listener\AccessDeniedExceptionFactoryInterface $exceptionFactory
-     * @param array                                                                                   $forceAccountRecovery
      */
-    public function __construct(RouterInterface $router, SecurityManager $securityManager, AccessDeniedExceptionFactoryInterface $exceptionFactory, $forceAccountRecovery)
+    public function __construct(SecurityManager $securityManager, AccessDeniedExceptionFactoryInterface $exceptionFactory)
     {
         $this->securityManager = $securityManager;
-        $this->router = $router;
-        $this->forceAccountRecovery = $forceAccountRecovery;
         $this->exceptionFactory = $exceptionFactory;
     }
 
@@ -94,17 +76,6 @@ public function onKernelRequest(GetResponseEvent $event)
             return;
         }
 
-        if ($result == $securityManager::ACCESS_DENIED_DEFER) {
-            $event->stopPropagation();
-
-            $redirectUrl = $this->router->generate(
-                $this->forceAccountRecovery['route_recover_account']['name'],
-                $this->forceAccountRecovery['route_recover_account']['params']
-            );
-
-            $event->setResponse(new RedirectResponse($redirectUrl));
-        }
-
         if ($result == $securityManager::ACCESS_DENIED_BLOCK) {
             $event->stopPropagation();
 
diff --git a/Component/Listener/DeferLoginListener.php b/Component/Listener/DeferLoginListener.php
@@ -0,0 +1,68 @@
+<?php
+
+namespace CCDNUser\SecurityBundle\Component\Listener;
+
+use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Routing\RouterInterface;
+
+class DeferLoginListener
+{
+    /**
+     *
+     * @access protected
+     * @var \Symfony\Component\Routing\RouterInterface $router
+     */
+    protected $router;
+
+    /**
+     *
+     * @access protected
+     * @var array $forceAccountRecovery
+     */
+    protected $forceAccountRecovery;
+
+    /**
+     *
+     * @access protected
+     * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager
+     */
+    protected $securityManager;
+
+    /**
+     *
+     * @access public
+     * @param \Symfony\Component\Routing\RouterInterface                        $router
+     * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager  $securityManager
+     * @param array                                                             $forceAccountRecovery
+     *
+     */
+    public function __construct(RouterInterface $router, SecurityManager $securityManager, array $forceAccountRecovery)
+    {
+        $this->router               = $router;
+        $this->securityManager      = $securityManager;
+        $this->forceAccountRecovery = $forceAccountRecovery;
+    }
+
+    public function onKernelRequest(GetResponseEvent $event)
+    {
+        if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST) {
+            return;
+        }
+
+        $result = $this->securityManager->vote();
+
+        if ($result === SecurityManager::ACCESS_DENIED_DEFER) {
+            $event->stopPropagation();
+
+            $redirectUrl = $this->router->generate(
+                $this->forceAccountRecovery['route_recover_account']['name'],
+                $this->forceAccountRecovery['route_recover_account']['params']
+            );
+
+            $event->setResponse(new RedirectResponse($redirectUrl));
+        }
+    }
+}
diff --git a/DependencyInjection/CCDNUserSecurityExtension.php b/DependencyInjection/CCDNUserSecurityExtension.php
@@ -166,6 +166,7 @@ private function getComponentSection(ContainerBuilder $container, $config)
 
         $container->setParameter('ccdn_user_security.component.listener.route_referer_listener.class', $config['component']['listener']['route_referer_listener']['class']);
         $container->setParameter('ccdn_user_security.component.listener.blocking_login_listener.class', $config['component']['listener']['blocking_login_listener']['class']);
+        $container->setParameter('ccdn_user_security.component.listener.defer_login_listener.class', $config['component']['listener']['defer_login_listener']['class']);
         $container->setParameter('ccdn_user_security.component.access_denied_exception_factory.class', $config['component']['listener']['blocking_login_listener']['access_denied_exception_factory']);
 
         $container->setParameter('ccdn_user_security.component.route_referer_ignore.chain.class', $config['component']['route_referer_ignore']['chain']['class']);
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -310,6 +310,13 @@ private function addComponentSection(ArrayNodeDefinition $node)
                                         ->scalarNode('class')->defaultValue('CCDNUser\SecurityBundle\Component\Listener\RouteRefererListener')->end()
                                     ->end()
                                 ->end()
+                                ->arrayNode('defer_login_listener')
+                                    ->addDefaultsIfNotSet()
+                                    ->canBeUnset()
+                                    ->children()
+                                        ->scalarNode('class')->defaultValue('CCDNUser\SecurityBundle\Component\Listener\DeferLoginListener')->end()
+                                    ->end()
+                                ->end()
                                 ->arrayNode('blocking_login_listener')
                                     ->addDefaultsIfNotSet()
                                     ->canBeUnset()
diff --git a/Resources/config/services/components.yml b/Resources/config/services/components.yml
@@ -67,15 +67,25 @@ services:
     ccdn_user_security.component.listener.blocking_login_listener:
         class: %ccdn_user_security.component.listener.blocking_login_listener.class%
         arguments:
-            - @router
             - @ccdn_user_security.component.authorisation.security_manager
             - @ccdn_user_security.component.access_denied_exception_factory
-            - %ccdn_user_security.login_shield.force_account_recovery%
         tags:
-            - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest }
+            - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 9 }
     ccdn_user_security.component.access_denied_exception_factory:
         class: %ccdn_user_security.component.access_denied_exception_factory.class%
 
+    #
+    # Defer login Listener.
+    #
+    ccdn_user_security.component.listener.defer_login_listener:
+        class: %ccdn_user_security.component.listener.defer_login_listener.class%
+        arguments:
+            - @router
+            - @ccdn_user_security.component.authorisation.security_manager
+            - %ccdn_user_security.login_shield.force_account_recovery%
+        tags:
+            - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest }
+
     #
     # Referer Listener.
     #
diff --git a/Resources/views/home.html.twig b/Resources/views/home.html.twig
@@ -0,0 +1,5 @@
+<html>
+    <body>
+        <p>Hi on this test home page</p>
+    </body>
+</html>
diff --git a/Tests/Functional/app/config/routing.yml b/Tests/Functional/app/config/routing.yml
@@ -21,3 +21,9 @@ fos_user_change_password:
 ccdn_user_security_circumvent_login:
     pattern:  /circumvent_login
     defaults: { _controller: CCDNUserSecurityBundle:TestLogin:circumvent }
+
+home:
+    path: /
+    defaults:
+        _controller: FrameworkBundle:Template:template
+        template:    'CCDNUserSecurityBundle::home.html.twig'
diff --git a/features/user_login.feature b/features/user_login.feature
@@ -37,6 +37,10 @@ Feature: Check Blocking Functionalities
 		And I circumvent login with "user1@foo.com" and "wrongpass"
 		And I should not be logged in
 		And I circumvent login with "user1@foo.com" and "wrongpass"
-		And I should not be logged in
-		And I should be blocked
-
+		Then I should be blocked
+		And I go to "/login"
+		Then I should be blocked
+		And I circumvent login with "user1@foo.com" and "root"
+		Then I should be blocked
+		And I go to "/"
+		Then I should not be logged in

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +<html>
 +    <body>
 +        <p>Hi on this test home page</p>
 +    </body>
 +</html>