feature #10793 [Security] Allow exception bubbling in RememberMeListener (lstrojny)

This PR was merged into the 2.6-dev branch.

Discussion
----------

[Security] Allow exception bubbling in RememberMeListener

- Allow optional exception bubbling so that the exception listener has a chance to handle those exceptions

#### While at it
- Test for dispatching the InteractiveLogin event
- Smaller cleanups in the test

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | ye
| Fixed tickets | n.A.
| License       | MIT
| Doc PR        | n.A.

Commits
-------

fcb7f74 Allow exception bubbling in RememberMeListener

Author: fabpot

Http/Firewall/RememberMeListener.php

@@ -33,6 +33,7 @@ class RememberMeListener implements ListenerInterface
     private $authenticationManager;
     private $logger;
     private $dispatcher;
+    private $catchExceptions = true;
 
     /**
      * Constructor.
@@ -42,14 +43,16 @@ class RememberMeListener implements ListenerInterface
      * @param AuthenticationManagerInterface $authenticationManager
      * @param LoggerInterface                $logger
      * @param EventDispatcherInterface       $dispatcher
+     * @param bool                           $catchExceptions
      */
-    public function __construct(SecurityContextInterface $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
+    public function __construct(SecurityContextInterface $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true)
     {
         $this->securityContext = $securityContext;
         $this->rememberMeServices = $rememberMeServices;
         $this->authenticationManager = $authenticationManager;
         $this->logger = $logger;
         $this->dispatcher = $dispatcher;
+        $this->catchExceptions = $catchExceptions;
     }
 
     /**
@@ -90,6 +93,10 @@ public function handle(GetResponseEvent $event)
             }
 
             $this->rememberMeServices->loginFail($request);
+
+            if (!$this->catchExceptions) {
+                throw $failed;
+            }
         }
     }
 }

Http/Tests/Firewall/RememberMeListenerTest.php

@@ -14,12 +14,13 @@
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Http\Firewall\RememberMeListener;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Http\SecurityEvents;
 
 class RememberMeListenerTest extends \PHPUnit_Framework_TestCase
 {
     public function testOnCoreSecurityDoesNotTryToPopulateNonEmptySecurityContext()
     {
-        list($listener, $context, $service,,) = $this->getListener();
+        list($listener, $context,,,,) = $this->getListener();
 
         $context
             ->expects($this->once())
@@ -99,6 +100,48 @@ public function testOnCoreSecurityIgnoresAuthenticationExceptionThrownByAuthenti
         $listener->handle($event);
     }
 
+    /**
+     * @expectedException Symfony\Component\Security\Core\Exception\AuthenticationException
+     * @expectedExceptionMessage Authentication failed.
+     */
+    public function testOnCoreSecurityIgnoresAuthenticationOptionallyRethrowsExceptionThrownAuthenticationManagerImplementation()
+    {
+        list($listener, $context, $service, $manager,) = $this->getListener(false, false);
+
+        $context
+            ->expects($this->once())
+            ->method('getToken')
+            ->will($this->returnValue(null))
+        ;
+
+        $service
+            ->expects($this->once())
+            ->method('autoLogin')
+            ->will($this->returnValue($this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')))
+        ;
+
+        $service
+            ->expects($this->once())
+            ->method('loginFail')
+        ;
+
+        $exception = new AuthenticationException('Authentication failed.');
+        $manager
+            ->expects($this->once())
+            ->method('authenticate')
+            ->will($this->throwException($exception))
+        ;
+
+        $event = $this->getGetResponseEvent();
+        $event
+            ->expects($this->once())
+            ->method('getRequest')
+            ->will($this->returnValue(new Request()))
+        ;
+
+        $listener->handle($event);
+    }
+
     public function testOnCoreSecurity()
     {
         list($listener, $context, $service, $manager,) = $this->getListener();
@@ -138,6 +181,55 @@ public function testOnCoreSecurity()
         $listener->handle($event);
     }
 
+    public function testOnCoreSecurityInteractiveLoginEventIsDispatchedIfDispatcherIsPresent()
+    {
+        list($listener, $context, $service, $manager,, $dispatcher) = $this->getListener(true);
+
+        $context
+            ->expects($this->once())
+            ->method('getToken')
+            ->will($this->returnValue(null))
+        ;
+
+        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+        $service
+            ->expects($this->once())
+            ->method('autoLogin')
+            ->will($this->returnValue($token))
+        ;
+
+        $context
+            ->expects($this->once())
+            ->method('setToken')
+            ->with($this->equalTo($token))
+        ;
+
+        $manager
+            ->expects($this->once())
+            ->method('authenticate')
+            ->will($this->returnValue($token))
+        ;
+
+        $event = $this->getGetResponseEvent();
+        $request = new Request();
+        $event
+            ->expects($this->once())
+            ->method('getRequest')
+            ->will($this->returnValue($request))
+        ;
+
+        $dispatcher
+            ->expects($this->once())
+            ->method('dispatch')
+            ->with(
+                SecurityEvents::INTERACTIVE_LOGIN,
+                $this->isInstanceOf('Symfony\Component\Security\Http\Event\InteractiveLoginEvent')
+            )
+        ;
+
+        $listener->handle($event);
+    }
+
     protected function getGetResponseEvent()
     {
         return $this->getMock('Symfony\Component\HttpKernel\Event\GetResponseEvent', array(), array(), '', false);
@@ -148,16 +240,18 @@ protected function getFilterResponseEvent()
         return $this->getMock('Symfony\Component\HttpKernel\Event\FilterResponseEvent', array(), array(), '', false);
     }
 
-    protected function getListener()
+    protected function getListener($withDispatcher = false, $catchExceptions = true)
     {
         $listener = new RememberMeListener(
             $context = $this->getContext(),
             $service = $this->getService(),
             $manager = $this->getManager(),
-            $logger = $this->getLogger()
+            $logger = $this->getLogger(),
+            $dispatcher = ($withDispatcher ? $this->getDispatcher() : null),
+            $catchExceptions
         );
 
-        return array($listener, $context, $service, $manager, $logger);
+        return array($listener, $context, $service, $manager, $logger, $dispatcher);
     }
 
     protected function getLogger()
@@ -177,8 +271,11 @@ protected function getService()
 
     protected function getContext()
     {
-        return $this->getMockBuilder('Symfony\Component\Security\Core\SecurityContext')
-                    ->disableOriginalConstructor()
-                    ->getMock();
+        return $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+    }
+
+    protected function getDispatcher()
+    {
+        return $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface');
     }
 }