Merge pull request #8 from xelan/master

use of $token instead of saving the password in the session; fixed typo ...

Resources/translations/messages.en.yml

@@ -2,4 +2,4 @@ ztec.security.active_directory.invalid_user: "The username is not valid : \"%rea
 ztec.security.active_directory.wrong_credential: "Wrong credential"
 ztec.security.active_directory.username_not_matching_rules: "The username \"%username%\" does not match rules"
 ztec.security.active_directory.ad.bad_response: "The Active Directory did not repsond well : %connexion_status% - %is_AD%"
-ztec.security.active_directory.bad_isntance: "Instance of \"%class_name%\" is not suported."
+ztec.security.active_directory.bad_instance: "Instance of \"%class_name%\" is not suported."

Resources/translations/messages.fr.yml

@@ -2,4 +2,4 @@ ztec.security.active_directory.invalid_user: "Le login est invalid : \"%reason%\
 ztec.security.active_directory.wrong_credential: "Identifiants erronés"
 ztec.security.active_directory.username_not_matching_rules: "Le login \"%username%\" ne correspond à aucune règle"
 ztec.security.active_directory.ad.bad_response: "L'Active Directory ne repond pas : %connexion_status% - %is_AD%"
-ztec.security.active_directory.bad_isntance: "Les instance \"%class_name%\" ne sont pas suportées"
+ztec.security.active_directory.bad_instance: "Les instance \"%class_name%\" ne sont pas suportées"

Security/Authentication/AdAuthProvider.php

@@ -56,8 +56,7 @@ public function authenticate(TokenInterface $token)
                 ); //'The credentials are wrong'
                 throw new BadCredentialsException($msg);
             }
-            $User->setPassword($token->getCredentials());
-            $this->userProvider->fetchData($User, $Adldap);
+            $this->userProvider->fetchData($User, $token, $Adldap);
         }
 
         $newToken = new UsernamePasswordToken(

Security/User/adUserProvider.php

@@ -4,6 +4,7 @@
 
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Translation\TranslatorInterface;
@@ -137,25 +138,22 @@ public function refreshUser(UserInterface $user)
     {
         if (!$user instanceof adUser) {
             $msg = $this->translator->trans(
-                'ztec.security.active_directory.bad_isntance',
+                'ztec.security.active_directory.bad_instance',
                 array(
                     '%class_name%' => get_class($user)
                 )
             );
             throw new UnsupportedUserException($msg);
         }
-        $newUser = $this->loadUserByUsername($user->getUsername());
-        $newUser->setPassword($user->getPassword()); //we reset the password
-        $newUser->setRoles($user->getRoles());
 
-        return $newUser;
+        return $user;
     }
 
 
-    public function fetchData(adUser $adUser, adLDAP $adLdap)
+    public function fetchData(adUser $adUser, TokenInterface $token, adLDAP $adLdap)
     {
         $connected = $adLdap->connect();
-        $isAD      = $adLdap->authenticate($adUser->getUsername(), $adUser->getPassword());
+        $isAD      = $adLdap->authenticate($adUser->getUsername(), $token->getCredentials());
         if (!$isAD || !$connected) {
             $msg = $this->translator->trans(
                 'ztec.security.active_directory.ad.bad_response',
@@ -192,10 +190,15 @@ public function fetchData(adUser $adUser, adLDAP $adLdap)
     }*/
             /** End Fetching */
             $sfRoles = array();
+            $sfRolesTemp = array();
             foreach ($groups as $r) {
-                $sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r));
+                if (in_array($r, $sfRolesTemp) === false) {
+                    $sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r));
+                    $sfRolesTemp[] = $r;
+                }
             }
             $adUser->setRoles($sfRoles);
+            unset($sfRolesTemp);
 
             return true;
         }