Created
July 24, 2013 10:36
-
-
Save mplx/6069527 to your computer and use it in GitHub Desktop.
do not store password in session and use of $token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
Resources/translations/messages.en.yml | 2 +- | |
Resources/translations/messages.fr.yml | 2 +- | |
Security/Authentication/AdAuthProvider.php | 3 +-- | |
Security/User/adUserProvider.php | 12 +++++------- | |
4 files changed, 8 insertions(+), 11 deletions(-) | |
diff --git a/Resources/translations/messages.en.yml b/Resources/translations/messages.en.yml | |
index e30ff56..bca4b6f 100644 | |
--- a/Resources/translations/messages.en.yml | |
+++ b/Resources/translations/messages.en.yml | |
@@ -2,4 +2,4 @@ ztec.security.active_directory.invalid_user: "The username is not valid : \"%rea | |
ztec.security.active_directory.wrong_credential: "Wrong credential" | |
ztec.security.active_directory.username_not_matching_rules: "The username \"%username%\" does not match rules" | |
ztec.security.active_directory.ad.bad_response: "The Active Directory did not repsond well : %connexion_status% - %is_AD%" | |
-ztec.security.active_directory.bad_isntance: "Instance of \"%class_name%\" is not suported." | |
\ No newline at end of file | |
+ztec.security.active_directory.bad_instance: "Instance of \"%class_name%\" is not suported." | |
\ No newline at end of file | |
diff --git a/Resources/translations/messages.fr.yml b/Resources/translations/messages.fr.yml | |
index ee38d9b..13b02f0 100644 | |
--- a/Resources/translations/messages.fr.yml | |
+++ b/Resources/translations/messages.fr.yml | |
@@ -2,4 +2,4 @@ ztec.security.active_directory.invalid_user: "Le login est invalid : \"%reason%\ | |
ztec.security.active_directory.wrong_credential: "Identifiants erronés" | |
ztec.security.active_directory.username_not_matching_rules: "Le login \"%username%\" ne correspond à aucune règle" | |
ztec.security.active_directory.ad.bad_response: "L'Active Directory ne repond pas : %connexion_status% - %is_AD%" | |
-ztec.security.active_directory.bad_isntance: "Les instance \"%class_name%\" ne sont pas suportées" | |
\ No newline at end of file | |
+ztec.security.active_directory.bad_instance: "Les instance \"%class_name%\" ne sont pas suportées" | |
\ No newline at end of file | |
diff --git a/Security/Authentication/AdAuthProvider.php b/Security/Authentication/AdAuthProvider.php | |
index e2fd642..bf4e940 100644 | |
--- a/Security/Authentication/AdAuthProvider.php | |
+++ b/Security/Authentication/AdAuthProvider.php | |
@@ -56,8 +56,7 @@ class AdAuthProvider implements AuthenticationProviderInterface | |
); //'The credentials are wrong' | |
throw new BadCredentialsException($msg); | |
} | |
- $User->setPassword($token->getCredentials()); | |
- $this->userProvider->fetchData($User, $Adldap); | |
+ $this->userProvider->fetchData($User, $token, $Adldap); | |
} | |
$newToken = new UsernamePasswordToken( | |
diff --git a/Security/User/adUserProvider.php b/Security/User/adUserProvider.php | |
index aa55184..782e2ae 100644 | |
--- a/Security/User/adUserProvider.php | |
+++ b/Security/User/adUserProvider.php | |
@@ -4,6 +4,7 @@ namespace Ztec\Security\ActiveDirectoryBundle\Security\User; | |
use Symfony\Component\Security\Core\User\UserProviderInterface; | |
use Symfony\Component\Security\Core\User\UserInterface; | |
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | |
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; | |
use Symfony\Component\Security\Core\Exception\UnsupportedUserException; | |
use Symfony\Component\Translation\TranslatorInterface; | |
@@ -137,25 +138,22 @@ class adUserProvider implements UserProviderInterface | |
{ | |
if (!$user instanceof adUser) { | |
$msg = $this->translator->trans( | |
- 'ztec.security.active_directory.bad_isntance', | |
+ 'ztec.security.active_directory.bad_instance', | |
array( | |
'%class_name%' => get_class($user) | |
) | |
); | |
throw new UnsupportedUserException($msg); | |
} | |
- $newUser = $this->loadUserByUsername($user->getUsername()); | |
- $newUser->setPassword($user->getPassword()); //we reset the password | |
- $newUser->setRoles($user->getRoles()); | |
- return $newUser; | |
+ return $user; | |
} | |
- public function fetchData(adUser $adUser, adLDAP $adLdap) | |
+ public function fetchData(adUser $adUser, TokenInterface $token, adLDAP $adLdap) | |
{ | |
$connected = $adLdap->connect(); | |
- $isAD = $adLdap->authenticate($adUser->getUsername(), $adUser->getPassword()); | |
+ $isAD = $adLdap->authenticate($adUser->getUsername(), $token->getCredentials()); | |
if (!$isAD || !$connected) { | |
$msg = $this->translator->trans( | |
'ztec.security.active_directory.ad.bad_response', | |
-- | |
1.8.0.msysgit.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment