Implement an alternative solution when user authentication has failed.

ecphp · Dec 5, 2019 · a7f8f99 · a7f8f99
1 parent 427e081
commit a7f8f99
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 13 deletions.
diff --git a/spec/drupol/CasBundle/Security/CasGuardAuthenticatorSpec.php b/spec/drupol/CasBundle/Security/CasGuardAuthenticatorSpec.php
@@ -16,7 +16,6 @@
 use Psr\Log\NullLogger;
 use Symfony\Component\Cache\Adapter\ArrayAdapter;
 use Symfony\Component\HttpClient\Psr18Client;
-use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -160,11 +159,23 @@ public function it_can_get_the_user_from_the_response()
 
     public function it_can_redirect_on_failed_authentication(TokenInterface $token, AuthenticationException $authenticationException)
     {
-        $request = Request::create('http://app/?ticket=ticket');
+        $request = Request::create('http://protected-resource/?ticket=ticket');
+
+        $this
+            ->onAuthenticationFailure($request, $authenticationException)
+            ->shouldBeAnInstanceOf(RedirectResponse::class);
+
+        $this
+            ->onAuthenticationFailure($request, $authenticationException)
+            ->headers
+            ->all()
+            ->shouldHaveKeyWithValue('location', ['http://protected-resource/?renew=true']);
+
+        $request = Request::create('http://protected-resource/');
 
         $this
             ->onAuthenticationFailure($request, $authenticationException)
-            ->shouldBeAnInstanceOf(JsonResponse::class);
+            ->shouldBeNull();
     }
 
     public function it_can_redirect_on_success_authentication(TokenInterface $token)

diff --git a/src/Security/CasGuardAuthenticator.php b/src/Security/CasGuardAuthenticator.php
@@ -12,7 +12,6 @@
 use InvalidArgumentException;
 use Psr\Http\Message\ServerRequestFactoryInterface;
 use Psr\Http\Message\UriFactoryInterface;
-use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -129,15 +128,20 @@ public function getUser($response, UserProviderInterface $userProvider)
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
     {
-        return new JsonResponse(
-            [
-                'error' => 'Authentication failed.',
-                'reason' => $exception->getMessage(),
-                'description' => 'You have been redirected here to prevent infinite redirection loops between the CAS server and your application.',
-            ]
-            ,
-            500
-        );
+        if (true === $request->query->has('ticket')) {
+            // Remove the ticket parameter.
+            $uri = Uri::removeParams(
+                $this->uriFactory->createUri(
+                    $request->getUri()
+                ),
+                'ticket'
+            );
+
+            // Add the renew parameter to force login again.
+            $uri = Uri::withParam($uri, 'renew', 'true');
+
+            return new RedirectResponse((string) $uri);
+        }
     }
 
     /**