symfony · fabpot · Aug 12, 2020 · Jun 18, 2020
diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php
@@ -26,6 +26,7 @@
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+use Symfony\Component\Security\Http\Event\AuthenticationTokenCreatedEvent;
 use Symfony\Component\Security\Http\Event\CheckPassportEvent;
 use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
 use Symfony\Component\Security\Http\Event\LoginFailureEvent;
@@ -70,6 +71,9 @@ public function authenticateUser(UserInterface $user, AuthenticatorInterface $au
         // create an authenticated token for the User
         $token = $authenticator->createAuthenticatedToken($passport = new SelfValidatingPassport($user, $badges), $this->firewallName);
 
+        // announce the authenticated token
+        $token = $this->eventDispatcher->dispatch(new AuthenticationTokenCreatedEvent($token))->getAuthenticatedToken();
+
         // authenticate this in the system
         return $this->handleAuthenticationSuccess($token, $passport, $request, $authenticator);
     }
@@ -167,6 +171,10 @@ private function executeAuthenticator(AuthenticatorInterface $authenticator, Req
 
             // create the authenticated token
             $authenticatedToken = $authenticator->createAuthenticatedToken($passport, $this->firewallName);
+
+            // announce the authenticated token
+            $authenticatedToken = $this->eventDispatcher->dispatch(new AuthenticationTokenCreatedEvent($authenticatedToken))->getAuthenticatedToken();
+
             if (true === $this->eraseCredentials) {
                 $authenticatedToken->eraseCredentials();
             }

diff --git a/src/Symfony/Component/Security/Http/Event/AuthenticationTokenCreatedEvent.php b/src/Symfony/Component/Security/Http/Event/AuthenticationTokenCreatedEvent.php
@@ -0,0 +1,40 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Event;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Contracts\EventDispatcher\Event;
+
+/**
+ * When a newly authenticated security token was created, before it becomes effective in the security system.
+ *
+ * @author Christian Scheb <me@christianscheb.de>
+ */
+class AuthenticationTokenCreatedEvent extends Event
+{
+    private $authenticatedToken;
+
+    public function __construct(TokenInterface $token)
+    {
+        $this->authenticatedToken = $token;
+    }
+
+    public function getAuthenticatedToken(): TokenInterface
+    {
+        return $this->authenticatedToken;
+    }
+
+    public function setAuthenticatedToken(TokenInterface $authenticatedToken): void
+    {
+        $this->authenticatedToken = $authenticatedToken;
+    }
+}
diff --git a/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticatorManagerTest.php b/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticatorManagerTest.php
@@ -24,6 +24,7 @@
 use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
 use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+use Symfony\Component\Security\Http\Event\AuthenticationTokenCreatedEvent;
 use Symfony\Component\Security\Http\Event\CheckPassportEvent;
 
 class AuthenticatorManagerTest extends TestCase
@@ -154,6 +155,29 @@ public function provideEraseCredentialsData()
         yield [false];
     }
 
+    public function testAuthenticateRequestCanModifyTokenFromEvent(): void
+    {
+        $authenticator = $this->createAuthenticator();
+        $this->request->attributes->set('_security_authenticators', [$authenticator]);
+
+        $authenticator->expects($this->any())->method('authenticate')->willReturn(new SelfValidatingPassport($this->user));
+
+        $authenticator->expects($this->any())->method('createAuthenticatedToken')->willReturn($this->token);
+
+        $modifiedToken = $this->createMock(TokenInterface::class);
+        $listenerCalled = false;
+        $this->eventDispatcher->addListener(AuthenticationTokenCreatedEvent::class, function (AuthenticationTokenCreatedEvent $event) use (&$listenerCalled, $modifiedToken) {
+            $event->setAuthenticatedToken($modifiedToken);
+            $listenerCalled = true;
+        });
+
+        $this->tokenStorage->expects($this->once())->method('setToken')->with($this->identicalTo($modifiedToken));
+
+        $manager = $this->createManager([$authenticator]);
+        $this->assertNull($manager->authenticateRequest($this->request));
+        $this->assertTrue($listenerCalled, 'The AuthenticationTokenCreatedEvent listener is not called');
+    }
+
     public function testAuthenticateUser()
     {
         $authenticator = $this->createAuthenticator();
@@ -166,6 +190,26 @@ public function testAuthenticateUser()
         $manager->authenticateUser($this->user, $authenticator, $this->request);
     }
 
+    public function testAuthenticateUserCanModifyTokenFromEvent(): void
+    {
+        $authenticator = $this->createAuthenticator();
+        $authenticator->expects($this->any())->method('createAuthenticatedToken')->willReturn($this->token);
+        $authenticator->expects($this->any())->method('onAuthenticationSuccess')->willReturn($this->response);
+
+        $modifiedToken = $this->createMock(TokenInterface::class);
+        $listenerCalled = false;
+        $this->eventDispatcher->addListener(AuthenticationTokenCreatedEvent::class, function (AuthenticationTokenCreatedEvent $event) use (&$listenerCalled, $modifiedToken) {
+            $event->setAuthenticatedToken($modifiedToken);
+            $listenerCalled = true;
+        });
+
+        $this->tokenStorage->expects($this->once())->method('setToken')->with($this->identicalTo($modifiedToken));
+
+        $manager = $this->createManager([$authenticator]);
+        $manager->authenticateUser($this->user, $authenticator, $this->request);
+        $this->assertTrue($listenerCalled, 'The AuthenticationTokenCreatedEvent listener is not called');
+    }
+
     public function testInteractiveAuthenticator()
     {
         $authenticator = $this->createMock(InteractiveAuthenticatorInterface::class);