Merge pull request #48 from rstrash/security-manager-interface

reecefowell · reecefowell · commit c77b192a2388 · 2015-09-21T20:58:37.000+01:00
Introducing SecurityManagerInterface for custom vote() implementations
diff --git a/Component/Authorisation/SecurityManager.php b/Component/Authorisation/SecurityManager.php
@@ -27,7 +27,7 @@
  * @link     https://github.com/codeconsortium/CCDNUserSecurityBundle
  *
  */
-class SecurityManager
+class SecurityManager implements SecurityManagerInterface
 {
     /**
      *
@@ -64,15 +64,10 @@ class SecurityManager
      */
     protected $blockPages;
 
-    const ACCESS_ALLOWED = 0;
-    const ACCESS_DENIED_DEFER = 1;
-    const ACCESS_DENIED_BLOCK = 2;
-
     /**
      *
      * @access public
      * @param \Symfony\Component\HttpFoundation\RequestStack                                $requestStack
-     * @param \Symfony\Bundle\FrameworkBundle\Routing\Router                                $router
      * @param \CCDNUser\SecurityBundle\Component\Authentication\Tracker\LoginFailureTracker $loginFailureTracker
      * @param array                                                                         $routeLogin
      * @param array                                                                         $forceAccountRecovery
diff --git a/Component/Authorisation/SecurityManagerInterface.php b/Component/Authorisation/SecurityManagerInterface.php
@@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the CCDNUser SecurityBundle
+ *
+ * (c) CCDN (c) CodeConsortium <http://www.codeconsortium.com/>
+ *
+ * Available on github <http://www.github.com/codeconsortium/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CCDNUser\SecurityBundle\Component\Authorisation;
+
+use Symfony\Component\HttpFoundation\RequestStack;
+use CCDNUser\SecurityBundle\Component\Authentication\Tracker\LoginFailureTracker;
+
+interface SecurityManagerInterface
+{
+    const ACCESS_ALLOWED = 0;
+    const ACCESS_DENIED_DEFER = 1;
+    const ACCESS_DENIED_BLOCK = 2;
+
+    /**
+     * Constructor
+     *
+     * @access public
+     * @param \Symfony\Component\HttpFoundation\RequestStack                                $requestStack
+     * @param \CCDNUser\SecurityBundle\Component\Authentication\Tracker\LoginFailureTracker $loginFailureTracker
+     * @param array                                                                         $routeLogin
+     * @param array                                                                         $forceAccountRecovery
+     * @param array                                                                         $blockPages
+     */
+    public function __construct(RequestStack $requestStack, LoginFailureTracker $loginFailureTracker, $routeLogin, $forceAccountRecovery, $blockPages);
+
+    /**
+     * @access public
+     * @return int
+     */
+    public function vote();
+}
diff --git a/Component/Authorisation/Voter/ClientLoginVoter.php b/Component/Authorisation/Voter/ClientLoginVoter.php
@@ -13,6 +13,7 @@
 
 namespace CCDNUser\SecurityBundle\Component\Authorisation\Voter;
 
+use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
@@ -32,16 +33,16 @@ class ClientLoginVoter implements VoterInterface
     /**
      *
      * @access protected
-     * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager
+     * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager
      */
     protected $securityManager;
 
     /**
      *
      * @access public
-     * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $loginFailureTracker
+     * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager
      */
-    public function __construct($securityManager)
+    public function __construct(SecurityManagerInterface $securityManager)
     {
         $this->securityManager = $securityManager;
     }
diff --git a/Component/Listener/BlockingLoginListener.php b/Component/Listener/BlockingLoginListener.php
@@ -13,9 +13,8 @@
 
 namespace CCDNUser\SecurityBundle\Component\Listener;
 
-use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager;
+use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
-use Symfony\Component\HttpFoundation\RedirectResponse;
 
 /**
  *
@@ -33,7 +32,7 @@ class BlockingLoginListener
     /**
      *
      * @access protected
-     * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager
+     * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager
      */
     protected $securityManager;
 
@@ -45,11 +44,10 @@ class BlockingLoginListener
     /**
      *
      * @access public
-     * @param \Symfony\Component\Routing\RouterInterface                                              $router
-     * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager                        $loginFailureTracker
+     * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface         $securityManager
      * @param \CCDNUser\SecurityBundle\Component\Listener\AccessDeniedExceptionFactoryInterface $exceptionFactory
      */
-    public function __construct(SecurityManager $securityManager, AccessDeniedExceptionFactoryInterface $exceptionFactory)
+    public function __construct(SecurityManagerInterface $securityManager, AccessDeniedExceptionFactoryInterface $exceptionFactory)
     {
         $this->securityManager = $securityManager;
         $this->exceptionFactory = $exceptionFactory;
diff --git a/Component/Listener/DeferLoginListener.php b/Component/Listener/DeferLoginListener.php
@@ -2,7 +2,7 @@
 
 namespace CCDNUser\SecurityBundle\Component\Listener;
 
-use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager;
+use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -27,19 +27,19 @@ class DeferLoginListener
     /**
      *
      * @access protected
-     * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager
+     * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager
      */
     protected $securityManager;
 
     /**
      *
      * @access public
-     * @param \Symfony\Component\Routing\RouterInterface                        $router
-     * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager  $securityManager
-     * @param array                                                             $forceAccountRecovery
+     * @param \Symfony\Component\Routing\RouterInterface                                $router
+     * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager
+     * @param array                                                                     $forceAccountRecovery
      *
      */
-    public function __construct(RouterInterface $router, SecurityManager $securityManager, array $forceAccountRecovery)
+    public function __construct(RouterInterface $router, SecurityManagerInterface $securityManager, array $forceAccountRecovery)
     {
         $this->router               = $router;
         $this->securityManager      = $securityManager;
@@ -52,9 +52,10 @@ public function onKernelRequest(GetResponseEvent $event)
             return;
         }
 
-        $result = $this->securityManager->vote();
+        $securityManager = $this->securityManager; // Avoid the silly cryptic error 'T_PAAMAYIM_NEKUDOTAYIM'
+        $result = $securityManager->vote();
 
-        if ($result === SecurityManager::ACCESS_DENIED_DEFER) {
+        if ($result === $securityManager::ACCESS_DENIED_DEFER) {
             $event->stopPropagation();
 
             $redirectUrl = $this->router->generate(
diff --git a/DependencyInjection/CCDNUserSecurityExtension.php b/DependencyInjection/CCDNUserSecurityExtension.php
@@ -160,6 +160,7 @@ private function getComponentSection(ContainerBuilder $container, $config)
         $container->setParameter('ccdn_user_security.component.authentication.handler.login_failure_handler.class', $config['component']['authentication']['handler']['login_failure_handler']['class']);
         $container->setParameter('ccdn_user_security.component.authentication.tracker.login_failure_tracker.class', $config['component']['authentication']['tracker']['login_failure_tracker']['class']);
 
+        $container->setParameter('ccdn_user_security.component.authorisation.security_manager.class', $config['component']['authorisation']['security_manager']['class']);
         $container->setParameter('ccdn_user_security.component.authorisation.voter.client_login_voter.class', $config['component']['authorisation']['voter']['client_login_voter']['class']);
 
         $container->setParameter('ccdn_user_security.component.listener.blocking_login_listener.class', $config['component']['listener']['blocking_login_listener']['class']);
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -305,6 +305,13 @@ private function addComponentSection(ArrayNodeDefinition $node)
                             ->addDefaultsIfNotSet()
                             ->canBeUnset()
                             ->children()
+                                ->arrayNode('security_manager')
+                                    ->addDefaultsIfNotSet()
+                                    ->canBeUnset()
+                                    ->children()
+                                        ->scalarNode('class')->defaultValue('CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager')->end()
+                                    ->end()
+                                ->end()
                                 ->arrayNode('voter')
                                     ->addDefaultsIfNotSet()
                                     ->canBeUnset()
diff --git a/Resources/config/services/components.yml b/Resources/config/services/components.yml
@@ -22,7 +22,7 @@ services:
     # Access Decision Manager
     #
     ccdn_user_security.component.authorisation.security_manager:
-        class: 'CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager'
+        class: %ccdn_user_security.component.authorisation.security_manager.class%
         arguments:
             - @request_stack
             - @ccdn_user_security.component.authentication.tracker.login_failure_tracker

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`	`* @link https://github.com/codeconsortium/CCDNUserSecurityBundle`
`28`	`28`	`*`
`29`	`29`	`*/`
`30`		`-class SecurityManager`
	`30`	`+class SecurityManager implements SecurityManagerInterface`
`31`	`31`	`{`
`32`	`32`	`/**`
`33`	`33`	`*`
`@@ -64,15 +64,10 @@ class SecurityManager`
`64`	`64`	`*/`
`65`	`65`	`protected $blockPages;`
`66`	`66`
`67`		`- const ACCESS_ALLOWED = 0;`
`68`		`- const ACCESS_DENIED_DEFER = 1;`
`69`		`- const ACCESS_DENIED_BLOCK = 2;`
`70`		`-`
`71`	`67`	`/**`
`72`	`68`	`*`
`73`	`69`	`* @access public`
`74`	`70`	`* @param \Symfony\Component\HttpFoundation\RequestStack $requestStack`
`75`		`- * @param \Symfony\Bundle\FrameworkBundle\Routing\Router $router`
`76`	`71`	`* @param \CCDNUser\SecurityBundle\Component\Authentication\Tracker\LoginFailureTracker $loginFailureTracker`
`77`	`72`	`* @param array $routeLogin`
`78`	`73`	`* @param array $forceAccountRecovery`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`
`14`	`14`	`namespace CCDNUser\SecurityBundle\Component\Authorisation\Voter;`
`15`	`15`
	`16`	`+use CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface;`
`16`	`17`	`use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;`
`17`	`18`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`18`	`19`
`@@ -32,16 +33,16 @@ class ClientLoginVoter implements VoterInterface`
`32`	`33`	`/**`
`33`	`34`	`*`
`34`	`35`	`* @access protected`
`35`		`- * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $securityManager`
	`36`	`+ * @var \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager`
`36`	`37`	`*/`
`37`	`38`	`protected $securityManager;`
`38`	`39`
`39`	`40`	`/**`
`40`	`41`	`*`
`41`	`42`	`* @access public`
`42`		`- * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager $loginFailureTracker`
	`43`	`+ * @param \CCDNUser\SecurityBundle\Component\Authorisation\SecurityManagerInterface $securityManager`
`43`	`44`	`*/`
`44`		`- public function __construct($securityManager)`
	`45`	`+ public function __construct(SecurityManagerInterface $securityManager)`
`45`	`46`	`{`
`46`	`47`	`$this->securityManager = $securityManager;`
`47`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ services:`
`22`	`22`	`# Access Decision Manager`
`23`	`23`	`#`
`24`	`24`	`ccdn_user_security.component.authorisation.security_manager:`
`25`		`- class: 'CCDNUser\SecurityBundle\Component\Authorisation\SecurityManager'`
	`25`	`+ class: %ccdn_user_security.component.authorisation.security_manager.class%`
`26`	`26`	`arguments:`
`27`	`27`	`- @request_stack`
`28`	`28`	`- @ccdn_user_security.component.authentication.tracker.login_failure_tracker`