From 983029a335f6cc7b6e16afe6489f31be35bc4723 Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Sun, 7 Apr 2019 10:40:19 +0200 Subject: [PATCH 1/3] Document AUTHENTICATION_SUCCESS_SENSITIVE event --- components/security/authentication.rst | 33 ++++++++++++++++++-------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/components/security/authentication.rst b/components/security/authentication.rst index ee4e99b6529..86f28799da0 100644 --- a/components/security/authentication.rst +++ b/components/security/authentication.rst @@ -274,16 +274,17 @@ in) is correct, you can use:: Authentication Events --------------------- -The security component provides 4 related authentication events: - -=============================== ================================================ ============================================================================== -Name Event Constant Argument Passed to the Listener -=============================== ================================================ ============================================================================== -security.authentication.success ``AuthenticationEvents::AUTHENTICATION_SUCCESS`` :class:`Symfony\\Component\\Security\\Core\\Event\\AuthenticationEvent` -security.authentication.failure ``AuthenticationEvents::AUTHENTICATION_FAILURE`` :class:`Symfony\\Component\\Security\\Core\\Event\\AuthenticationFailureEvent` -security.interactive_login ``SecurityEvents::INTERACTIVE_LOGIN`` :class:`Symfony\\Component\\Security\\Http\\Event\\InteractiveLoginEvent` -security.switch_user ``SecurityEvents::SWITCH_USER`` :class:`Symfony\\Component\\Security\\Http\\Event\\SwitchUserEvent` -=============================== ================================================ ============================================================================== +The security component provides 5 related authentication events: + +========================================= ========================================================== ============================================================================== +Name Event Constant Argument Passed to the Listener +========================================= ========================================================== ============================================================================== +security.authentication.success_sensitive ``AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE`` :class:`Symfony\\Component\\Security\\Core\\Event\\AuthenticationSensitiveEvent` +security.authentication.success ``AuthenticationEvents::AUTHENTICATION_SUCCESS`` :class:`Symfony\\Component\\Security\\Core\\Event\\AuthenticationSuccessEvent` +security.authentication.failure ``AuthenticationEvents::AUTHENTICATION_FAILURE`` :class:`Symfony\\Component\\Security\\Core\\Event\\AuthenticationFailureEvent` +security.interactive_login ``SecurityEvents::INTERACTIVE_LOGIN`` :class:`Symfony\\Component\\Security\\Http\\Event\\InteractiveLoginEvent` +security.switch_user ``SecurityEvents::SWITCH_USER`` :class:`Symfony\\Component\\Security\\Http\\Event\\SwitchUserEvent` +========================================= ========================================================== ============================================================================== Authentication Success and Failure Events ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -298,6 +299,18 @@ a ``security.authentication.failure`` event is dispatched. You could listen on the ``security.authentication.failure`` event, for example, in order to log failed login attempts. +Authentication Sensitive Event +------------------------------ + +When a user is successfully authenticated, the security component will also +dispatch a ``security.authentication.success_sensitive`` just before erasing +credentials and dispatching the regular success event. The event object will +contain the token used to authenticate, allowing you to act upon its sensitive +information. + +A common use for this would be to check whether a user's password needs +rehashing to stay up to date with current encryption standards. + Security Events ~~~~~~~~~~~~~~~ From fbd4edf93e60bc9281244b930b8ce8769048cbc7 Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Sun, 7 Apr 2019 14:29:38 +0200 Subject: [PATCH 2/3] Address concerns --- components/security/authentication.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/components/security/authentication.rst b/components/security/authentication.rst index 86f28799da0..1f502ba0b0c 100644 --- a/components/security/authentication.rst +++ b/components/security/authentication.rst @@ -274,7 +274,7 @@ in) is correct, you can use:: Authentication Events --------------------- -The security component provides 5 related authentication events: +The security component provides the following authentication events: ========================================= ========================================================== ============================================================================== Name Event Constant Argument Passed to the Listener @@ -303,10 +303,10 @@ Authentication Sensitive Event ------------------------------ When a user is successfully authenticated, the security component will also -dispatch a ``security.authentication.success_sensitive`` just before erasing -credentials and dispatching the regular success event. The event object will -contain the token used to authenticate, allowing you to act upon its sensitive -information. +dispatch a ``security.authentication.success_sensitive`` event just before +erasing credentials and dispatching the regular success event. The event object +will contain the token used to authenticate, allowing you to act upon its +sensitive information. A common use for this would be to check whether a user's password needs rehashing to stay up to date with current encryption standards. From 2dea85b09a14709610525ea73abbde87c815c156 Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Sun, 7 Apr 2019 15:55:51 +0200 Subject: [PATCH 3/3] Add versionadded directive --- components/security/authentication.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/security/authentication.rst b/components/security/authentication.rst index 1f502ba0b0c..4ff5dfd2f57 100644 --- a/components/security/authentication.rst +++ b/components/security/authentication.rst @@ -302,6 +302,10 @@ failed login attempts. Authentication Sensitive Event ------------------------------ +.. versionadded:: 4.3 + + The ``security.authentication.success_sensitive`` event was introduced in Symfony 4.3. + When a user is successfully authenticated, the security component will also dispatch a ``security.authentication.success_sensitive`` event just before erasing credentials and dispatching the regular success event. The event object