feature #14721 [Security] Configuring a user checker per firewall (iltar)

fabpot · fabpot · commit 0d3da2a02c2e · 2015-10-02T14:49:38.000+02:00
This PR was squashed before being merged into the 2.8 branch (closes #14721). Discussion ---------- [Security] Configuring a user checker per firewall _Changed my base branch to avoid issues, closed old PR_ | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed ticket | #11090 and helps #14673 | License | MIT | Doc PR | symfony/symfony-docs/pull/5530 This pull request adds support for a configurable user checker per firewall. An example could be: ```yml services: app.user_checker: class: App\Security\UserChecker arguments: - "@request_stack" security: firewalls: secured_area: pattern: ^/ anonymous: ~ basic_auth: ~ user_checker: app.user_checker ``` The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`. I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`. Commits ------- 76bc662 [Security] Configuring a user checker per firewall
diff --git a/Core/User/UserCheckerInterface.php b/Core/User/UserCheckerInterface.php
@@ -11,10 +11,13 @@
 
 namespace Symfony\Component\Security\Core\User;
 
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
+
 /**
- * UserCheckerInterface checks user account when authentication occurs.
+ * Implement to throw AccountStatusException during the authentication process.
  *
- * This should not be used to make authentication decisions.
+ * Can be used when you want to check the account status, e.g when the account is
+ * disabled or blocked. This should not be used to make authentication decisions.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
@@ -24,13 +27,17 @@ interface UserCheckerInterface
      * Checks the user account before authentication.
      *
      * @param UserInterface $user a UserInterface instance
+     *
+     * @throws AccountStatusException
      */
     public function checkPreAuth(UserInterface $user);
 
     /**
      * Checks the user account after authentication.
      *
      * @param UserInterface $user a UserInterface instance
+     *
+     * @throws AccountStatusException
      */
     public function checkPostAuth(UserInterface $user);
 }
