initial commit

.gitignore

+vendor

composer.json

+{
+    "name": "nek/symfony-security",
+    "description": "Usage of Sf Sec component",
+    "type": "project",
+    "autoload": {
+        "psr-4": {
+            "BiiG\\SecurityTest\\": "src/"
+        }
+    },
+    "require": {
+        "silex/silex": "^2.2",
+        "symfony/security": "^3.3"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^6.3"
+    },
+    "license": "private",
+    "authors": [
+        {
+            "name": "Nek (Maxime Veber)",
+            "email": "nek.dev@gmail.com"
+        }
+    ]
+}

foo.php

+<?php
+
+require __DIR__ . '/vendor/autoload.php';
+
+
+$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
+$dispatcher = new \Symfony\Component\EventDispatcher\EventDispatcher();
+
+
+
+/////////////////////////
+/// AUTHENTICATION
+
+// Preparation
+
+
+// Auth
+
+// Should happen in CustomAuthenticationListener
+/*
+$providers = [new \BiiG\SecurityTest\CustomAuthenticationProvider()];
+$authenticationManager = new \Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager($providers);
+$authenticatedToken = $authenticationManager->authenticate($unauthenticatedToken);
+//*/
+
+
+
+///////////////////////
+/// FIREWALL
+
+$map = new \Symfony\Component\Security\Http\FirewallMap();
+
+$requestMatcher = new \Symfony\Component\HttpFoundation\RequestMatcher('^/');
+
+$tokenStorage = new \Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage();
+
+// instances of Symfony\Component\Security\Http\Firewall\ListenerInterface
+$listeners = [new \BiiG\SecurityTest\CustomAuthenticationListener(
+    $tokenStorage,
+    new \BiiG\SecurityTest\CustomAuthenticationProvider(),
+    'swagg'
+)];
+
+
+$anonymousClass = \Symfony\Component\Security\Core\Authentication\Token\AnonymousToken::class;
+$rememberMeClass = \Symfony\Component\Security\Core\Authentication\Token\RememberMeToken::class;
+
+$trustResolver = new \Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver($anonymousClass, $rememberMeClass);
+
+// The exception listener object is too complex for this example
+/*
+$exceptionListener = new \Symfony\Component\Security\Http\Firewall\ExceptionListener($tokenStorage, $trustResolver);
+//*/
+
+$map->add($requestMatcher, $listeners);
+
+
+$firewall = new \Symfony\Component\Security\Http\Firewall($map, $dispatcher);
+
+
+$dispatcher->addListener(
+    \Symfony\Component\HttpKernel\KernelEvents::REQUEST,
+    array($firewall, 'onKernelRequest')
+);
+
+$kernel = new \BiiG\SecurityTest\Kernel($dispatcher, function() {
+    echo "<h1>Hello</h1>";
+});
+
+$kernel->handle($request);

index.php

+<?php
+
+require __DIR__ . '/vendor/autoload.php';
+
+use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\InMemoryUserProvider;
+
+use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider;
+use Symfony\Component\Security\Core\User\UserChecker;
+
+use Symfony\Component\Security\Core\Encoder\EncoderFactory;
+use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;
+use Symfony\Component\Security\Core\User\User;
+
+$app = new Silex\Application();
+
+$app['debug'] = true;
+
+$userProvider = new InMemoryUserProvider(
+    array(
+        'admin' => array(
+            // password is "foo"
+            'password' => '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg==',
+            'roles'    => array('ROLE_ADMIN'),
+        ),
+    )
+);
+
+
+$app->get('/', function () use ($userProvider) {
+
+
+    $providers = [new \BiiG\SecurityTest\CustomAuthenticationProvider()];
+    $authenticationManager = new AuthenticationProviderManager($providers);
+
+    // for some extra checks: is account enabled, locked, expired, etc.
+    $userChecker = new \Symfony\Component\Security\Core\User\UserChecker();
+
+    try {
+        $authenticatedToken = $authenticationManager
+            ->authenticate($unauthenticatedToken);
+
+
+// for some extra checks: is account enabled, locked, expired, etc.
+        $userChecker = new UserChecker();
+
+// an array of password encoders (see below)
+        $encoderFactory = new EncoderFactory([
+            User::class => new MessageDigestPasswordEncoder('sha512', true, 5000),
+        ]);
+
+        $provider = new DaoAuthenticationProvider(
+            $userProvider,
+            $userChecker,
+            'secured_area',
+            $encoderFactory
+        );
+
+        $provider->authenticate($unauthenticatedToken);
+
+    } catch (AuthenticationException $failed) {
+        // authentication failed
+    }
+
+
+    return '<h1>Hello world</h1>';
+});
+
+
+$app->run();

src/CustomAuthenticationListener.php

+<?php
+
+namespace BiiG\SecurityTest;
+
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Http\Firewall\ListenerInterface;
+
+/**
+ * Class CustomAuthenticationListener
+ * @package BiiG\SecurityTest
+ *
+ * Son job: transformer la request en token non authentifié puis l'authentifier avec le authenticationManager
+ */
+class CustomAuthenticationListener implements ListenerInterface
+{
+    /**
+     * @var TokenStorageInterface
+     */
+    private $tokenStorage;
+
+    /**
+     * @var AuthenticationManagerInterface
+     */
+    private $authenticationManager;
+
+    /**
+     * @var string Uniquely identifies the secured area
+     */
+    private $providerKey;
+
+    /**
+     * CustomAuthenticationListener constructor.
+     * @param TokenStorageInterface $tokenStorage
+     * @param AuthenticationManagerInterface $authenticationManager
+     * @param string $providerKey
+     */
+    public function __construct(
+        TokenStorageInterface $tokenStorage,
+        AuthenticationManagerInterface $authenticationManager,
+        $providerKey
+    ) {
+        $this->tokenStorage = $tokenStorage;
+        $this->authenticationManager = $authenticationManager;
+        $this->providerKey = $providerKey;
+    }
+
+
+    public function handle(GetResponseEvent $event)
+    {
+        $request = $event->getRequest();
+
+        $username = $request->query->get('username', '');
+        $password = $request->query->get('password', '');
+
+        $unauthenticatedToken = new UsernamePasswordToken(
+            $username,
+            $password,
+            $this->providerKey
+        );
+
+        $authenticatedToken = $this
+            ->authenticationManager
+            ->authenticate($unauthenticatedToken);
+
+        $this->tokenStorage->setToken($authenticatedToken);
+    }
+}

src/CustomAuthenticationProvider.php

+<?php
+/**
+ * This file is a part of SymfonySecurity package.
+ *
+ * (c) Nekland <dev@nekland.fr>
+ *
+ * For the full license, take a look to the LICENSE file
+ * on the root directory of this project
+ */
+
+namespace BiiG\SecurityTest;
+
+
+use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Encoder\EncoderFactory;
+use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Core\User\InMemoryUserProvider;
+use Symfony\Component\Security\Core\User\User;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * Class CustomAuthenticationProvider
+ * @package BiiG\SecurityTest
+ *
+ * Pourrait hériter de UserAuthenticationProvider pour simplifier le traitement d'un utilisateur standard.
+ */
+class CustomAuthenticationProvider implements AuthenticationProviderInterface
+{
+    private $userProvider;
+
+    private $encoderFactory;
+
+    public function __construct()
+    {
+        $this->userProvider = new InMemoryUserProvider(
+            array(
+                'admin' => array(
+                    // password is "foo"
+                    'password' => '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg==',
+                    'roles'    => array('ROLE_ADMIN'),
+                ),
+            )
+        );
+
+        $this->encoderFactory = new EncoderFactory([
+            User::class => new MessageDigestPasswordEncoder('sha512', true, 5000)
+        ]);
+    }
+
+    public function authenticate(TokenInterface $token)
+    {
+        $user = $this->userProvider->loadUserByUsername($token->getUsername());
+
+        // Un certain nombre de cas comme celui-ci sont à gérer
+        if (!$user instanceof UserInterface) {
+            throw new AuthenticationServiceException('The user provider must return a UserInterface object.');
+        }
+
+        $encoder = $this->encoderFactory->getEncoder($user);
+
+        if (!$encoder->isPasswordValid($user->getPassword(), $token->getCredentials(), $user->getSalt())) {
+            throw new BadCredentialsException('The presented password is invalid.');
+        }
+    }
+
+    public function supports(TokenInterface $token)
+    {
+        return $token instanceof UsernamePasswordToken;
+    }
+}

src/Kernel.php

+<?php
+/**
+ * This file is a part of SymfonySecurity package.
+ *
+ * (c) Nekland <dev@nekland.fr>
+ *
+ * For the full license, take a look to the LICENSE file
+ * on the root directory of this project
+ */
+
+namespace BiiG\SecurityTest;
+
+
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+class Kernel implements HttpKernelInterface
+{
+    private $dispatcher;
+
+    private $run;
+
+    public function __construct(EventDispatcher $dispatcher, \Closure $run)
+    {
+        $this->dispatcher = $dispatcher;
+        $this->run = $run;
+    }
+
+    public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = true)
+    {
+        $this->dispatcher->dispatch(KernelEvents::REQUEST, new GetResponseEvent($this, $request, $type));
+
+        // Some work
+        $run = $this->run;
+        $run();
+
+        $this->dispatcher->dispatch(KernelEvents::FINISH_REQUEST, new FinishRequestEvent($this, $request, $type));
+    }
+}