Added "security.hide_user_not_found" support in SecurityServiceProvider

9c614f5a · tomaszsobczak · Fabien Potencier · e7d4a2fd · 9c614f5a · 9c614f5a
Commit 9c614f5a authored Sep 02, 2013 by tomaszsobczak Committed by Fabien Potencier Oct 11, 2013
3 changed files
--- a/doc/providers/security.rst
+++ b/doc/providers/security.rst
@@ -7,7 +7,8 @@ your applications.
 Parameters
 ----------

-n/a
+* **security.hide_user_not_found** (optional): Defines whether to hide user not
+  found exception or not. Defaults to ``true``.

 Services
 --------

--- a/src/Silex/Provider/SecurityServiceProvider.php
+++ b/src/Silex/Provider/SecurityServiceProvider.php
@@ -71,6 +71,7 @@ class SecurityServiceProvider implements ServiceProviderInterface

        $app['security.role_hierarchy'] = array();
        $app['security.access_rules'] = array();
+        $app['security.hide_user_not_found'] = true;

        $app['security'] = $app->share(function ($app) {
            return new SecurityContext($app['security.authentication_manager'], $app['security.access_manager']);
@@ -510,7 +511,8 @@ class SecurityServiceProvider implements ServiceProviderInterface
                    $app['security.user_provider.'.$name],
                    $app['security.user_checker'],
                    $name,
-                    $app['security.encoder_factory']
+                    $app['security.encoder_factory'],
+                    $app['security.hide_user_not_found']
                );
            });
        });

--- a/tests/Silex/Tests/Provider/SecurityServiceProviderTest.php
+++ b/tests/Silex/Tests/Provider/SecurityServiceProviderTest.php
@@ -145,6 +145,25 @@ class SecurityServiceProviderTest extends WebTestCase
        $this->assertInstanceOf('Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator', $app['security.validator.user_password_validator']);
    }

+    public function testExposedExceptions()
+    {
+        $app = $this->createApplication('form');
+        $app['security.hide_user_not_found'] = false;
+
+        $client = new Client($app);
+
+        $client->request('get', '/');
+        $this->assertEquals('ANONYMOUS', $client->getResponse()->getContent());
+
+        $client->request('post', '/login_check', array('_username' => 'fabien', '_password' => 'bar'));
+        $this->assertEquals('The presented password is invalid.', $app['security.last_error']($client->getRequest()));
+        $client->getRequest()->getSession()->save();
+
+        $client->request('post', '/login_check', array('_username' => 'unknown', '_password' => 'bar'));
+        $this->assertEquals('Username "unknown" does not exist.', $app['security.last_error']($client->getRequest()));
+        $client->getRequest()->getSession()->save();
+    }
+
    public function createApplication($authenticationMethod = 'form')
    {
        $app = new Application();