Merge pull request #42 from tmilos/reauthentication

Support for SamlSpToken reauthentication
lightSAML · Mar 3, 2017 · c32db2e · c32db2e
2 parents 16ff87b + 077d3ea
commit c32db2e
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 6 deletions.
diff --git a/...ightSaml/SpBundle/Security/Authentication/Provider/LightsSamlSpAuthenticationProvider.php b/...ightSaml/SpBundle/Security/Authentication/Provider/LightsSamlSpAuthenticationProvider.php
@@ -92,12 +92,17 @@ public function __construct(
      */
     public function authenticate(TokenInterface $token)
     {
-        if (false === $this->supports($token)) {
-            throw new \LogicException('Unsupported token');
+        if ($token instanceof SamlSpResponseToken) {
+            return $this->authenticateResponse($token);
+        } elseif ($token instanceof SamlSpToken) {
+            return $this->reauthenticate($token);
         }
 
-        /* @var SamlSpResponseToken $token */
+        throw new \LogicException(sprintf('Unsupported token %s', get_class($token)));
+    }
 
+    private function authenticateResponse(SamlSpResponseToken $token)
+    {
         $user = null;
         try {
             $user = $this->loadUser($token);
@@ -142,6 +147,19 @@ public function authenticate(TokenInterface $token)
         return $result;
     }
 
+    private function reauthenticate(SamlSpToken $token)
+    {
+        $user = $token->getUser();
+        $result = new SamlSpToken(
+            $user instanceof UserInterface ? $user->getRoles() : $token->getRoles(),
+            $this->providerKey,
+            $token->getAttributes(),
+            $user
+        );
+
+        return $result;
+    }
+
     /**
      * Checks whether this provider supports the given token.
      *
@@ -151,7 +169,7 @@ public function authenticate(TokenInterface $token)
      */
     public function supports(TokenInterface $token)
     {
-        return $token instanceof SamlSpResponseToken;
+        return $token instanceof SamlSpToken;
     }
 
     /**

diff --git a/...pBundle/Tests/Security/Authentication/Provider/LightsSamlSpAuthenticationProviderTest.php b/...pBundle/Tests/Security/Authentication/Provider/LightsSamlSpAuthenticationProviderTest.php
@@ -47,10 +47,34 @@ public function test_supports_saml_sp_response_token()
         $this->assertTrue($provider->supports(new SamlSpResponseToken(new Response(), $providerKey)));
     }
 
-    public function test_does_not_support_non_saml_sp_response_token()
+    public function test_supports_saml_sp_token()
     {
         $provider = new LightsSamlSpAuthenticationProvider($providerKey = 'main');
-        $this->assertFalse($provider->supports($this->getMock(TokenInterface::class)));
+        $this->assertTrue($provider->supports(new SamlSpToken([], $providerKey, [], 'user')));
+    }
+
+    public function test_supports_reauthentication()
+    {
+        $provider = new LightsSamlSpAuthenticationProvider(
+            $providerKey = 'main',
+            $userProviderMock = $this->getUserProviderMock(),
+            false,
+            null,
+            $usernameMapperMock = $this->getUsernameMapperMock()
+        );
+
+        $user = 'some.user';
+        $roles = ['ROLE_USER'];
+        $attributes = ['a' =>1, 'b' => 'bbb'];
+        $inToken = new SamlSpToken($roles, $providerKey, $attributes, $user);
+
+        /** @var SamlSpToken $outToken */
+        $outToken = $provider->authenticate($inToken);
+        $this->assertInstanceOf(SamlSpToken::class, $outToken);
+        $this->assertEquals($user, $outToken->getUser());
+        $this->assertEquals($roles, array_map(function ($r) { return $r->getRole(); }, $outToken->getRoles()));
+        $this->assertEquals($providerKey, $outToken->getProviderKey());
+        $this->assertEquals($attributes, $outToken->getAttributes());
     }
 
     public function test_creates_authenticated_token_with_user_and_his_roles()