Moved new authenticator to the HTTP namespace

This removes the introduced dependency on Guard from core. It also allows an
easier migration path, as the complete Guard subcomponent can now be deprecated
later in the 5.x life.

Author: wouterj

Authentication/Authenticator/AbstractAuthenticator.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Authentication\Authenticator;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
+
+/**
+ * An optional base class that creates the necessary tokens for you.
+ *
+ * @author Ryan Weaver <ryan@knpuniversity.com>
+ *
+ * @experimental in 5.1
+ */
+abstract class AbstractAuthenticator implements AuthenticatorInterface
+{
+    /**
+     * Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
+     * care about which authenticated token you're using.
+     *
+     * @return PostAuthenticationGuardToken
+     */
+    public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface
+    {
+        return new PostAuthenticationGuardToken($user, $providerKey, $user->getRoles());
+    }
+}

Authentication/Authenticator/AbstractFormLoginAuthenticator.php

@@ -0,0 +1,64 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Authentication\Authenticator;
+
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+
+/**
+ * A base class to make form login authentication easier!
+ *
+ * @author Ryan Weaver <ryan@knpuniversity.com>
+ *
+ * @experimental in 5.1
+ */
+abstract class AbstractFormLoginAuthenticator extends AbstractAuthenticator implements AuthenticationEntryPointInterface
+{
+    /**
+     * Return the URL to the login page.
+     */
+    abstract protected function getLoginUrl(): string;
+
+    /**
+     * Override to change what happens after a bad username/password is submitted.
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
+    {
+        if ($request->hasSession()) {
+            $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
+        }
+
+        $url = $this->getLoginUrl();
+
+        return new RedirectResponse($url);
+    }
+
+    public function supportsRememberMe(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Override to control what happens when the user hits a secure page
+     * but isn't logged in yet.
+     */
+    public function start(Request $request, AuthenticationException $authException = null): Response
+    {
+        $url = $this->getLoginUrl();
+
+        return new RedirectResponse($url);
+    }
+}

Authentication/Authenticator/AnonymousAuthenticator.php

@@ -0,0 +1,81 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Authentication\Authenticator;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\User;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * @author Wouter de Jong <wouter@wouterj.nl>
+ * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @final
+ * @experimental in 5.1
+ */
+class AnonymousAuthenticator implements AuthenticatorInterface
+{
+    private $secret;
+    private $tokenStorage;
+
+    public function __construct(string $secret, TokenStorageInterface $tokenStorage)
+    {
+        $this->secret = $secret;
+        $this->tokenStorage = $tokenStorage;
+    }
+
+    public function supports(Request $request): ?bool
+    {
+        // do not overwrite already stored tokens (i.e. from the session)
+        return null === $this->tokenStorage->getToken();
+    }
+
+    public function getCredentials(Request $request)
+    {
+        return [];
+    }
+
+    public function getUser($credentials): ?UserInterface
+    {
+        return new User('anon.', null);
+    }
+
+    public function checkCredentials($credentials, UserInterface $user): bool
+    {
+        return true;
+    }
+
+    public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface
+    {
+        return new AnonymousToken($this->secret, 'anon.', []);
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        return null;
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response
+    {
+        return null;
+    }
+
+    public function supportsRememberMe(): bool
+    {
+        return false;
+    }
+}

Authentication/Authenticator/AuthenticatorInterface.php

@@ -0,0 +1,131 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Authentication\Authenticator;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * The interface for all authenticators.
+ *
+ * @author Ryan Weaver <ryan@knpuniversity.com>
+ * @author Amaury Leroux de Lens <amaury@lerouxdelens.com>
+ * @author Wouter de Jong <wouter@wouterj.nl>
+ *
+ * @experimental in 5.1
+ */
+interface AuthenticatorInterface
+{
+    /**
+     * Does the authenticator support the given Request?
+     *
+     * If this returns false, the authenticator will be skipped.
+     */
+    public function supports(Request $request): ?bool;
+
+    /**
+     * Get the authentication credentials from the request and return them
+     * as any type (e.g. an associate array).
+     *
+     * Whatever value you return here will be passed to getUser() and checkCredentials()
+     *
+     * For example, for a form login, you might:
+     *
+     *      return [
+     *          'username' => $request->request->get('_username'),
+     *          'password' => $request->request->get('_password'),
+     *      ];
+     *
+     * Or for an API token that's on a header, you might use:
+     *
+     *      return ['api_key' => $request->headers->get('X-API-TOKEN')];
+     *
+     * @return mixed Any non-null value
+     *
+     * @throws \UnexpectedValueException If null is returned
+     */
+    public function getCredentials(Request $request);
+
+    /**
+     * Return a UserInterface object based on the credentials.
+     *
+     * You may throw an AuthenticationException if you wish. If you return
+     * null, then a UsernameNotFoundException is thrown for you.
+     *
+     * @param mixed $credentials the value returned from getCredentials()
+     *
+     * @throws AuthenticationException
+     */
+    public function getUser($credentials): ?UserInterface;
+
+    /**
+     * Returns true if the credentials are valid.
+     *
+     * If false is returned, authentication will fail. You may also throw
+     * an AuthenticationException if you wish to cause authentication to fail.
+     *
+     * @param mixed $credentials the value returned from getCredentials()
+     *
+     * @throws AuthenticationException
+     */
+    public function checkCredentials($credentials, UserInterface $user): bool;
+
+    /**
+     * Create an authenticated token for the given user.
+     *
+     * If you don't care about which token class is used or don't really
+     * understand what a "token" is, you can skip this method by extending
+     * the AbstractAuthenticator class from your authenticator.
+     *
+     * @see AbstractAuthenticator
+     */
+    public function createAuthenticatedToken(UserInterface $user, string $providerKey): TokenInterface;
+
+    /**
+     * Called when authentication executed, but failed (e.g. wrong username password).
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the login page or a 403 response.
+     *
+     * If you return null, the request will continue, but the user will
+     * not be authenticated. This is probably not what you want to do.
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response;
+
+    /**
+     * Called when authentication executed and was successful!
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the last page they visited.
+     *
+     * If you return null, the current request will continue, and the user
+     * will be authenticated. This makes sense, for example, with an API.
+     */
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey): ?Response;
+
+    /**
+     * Does this method support remember me cookies?
+     *
+     * Remember me cookie will be set if *all* of the following are met:
+     *  A) This method returns true
+     *  B) The remember_me key under your firewall is configured
+     *  C) The "remember me" functionality is activated. This is usually
+     *      done by having a _remember_me checkbox in your form, but
+     *      can be configured by the "always_remember_me" and "remember_me_parameter"
+     *      parameters under the "remember_me" firewall key
+     *  D) The onAuthenticationSuccess method returns a Response object
+     */
+    public function supportsRememberMe(): bool;
+}