symfony
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
+9Lines changed: 9 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
+9Lines changed: 9 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/AuthenticationEvents.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/AuthenticationEvents.php
+23-1Lines changed: 23 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/AuthenticationEvents.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/AuthenticationEvents.php
+23-1Lines changed: 23 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Event/AuthenticationEvent.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php
Copy file name to clipboard
+21Lines changed: 21 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Event/AuthenticationSensitiveEvent.php
Copy file name to clipboard
+21Lines changed: 21 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php
+31-9Lines changed: 31 additions & 9 deletions b/‎src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php
+31-9Lines changed: 31 additions & 9 deletions
@@ -15,6 +15,7 @@
 use Symfony\Component\Security\Core\Event\AuthenticationEvent;
 use Symfony\Component\Security\Core\AuthenticationEvents;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent;
 use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
@@ -32,6 +33,10 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
 {
     private $providers;
     private $eraseCredentials;
+
+    /**
+     * @var EventDispatcherInterface
+     */
     private $eventDispatcher;
 
     /**
@@ -88,6 +93,10 @@ public function authenticate(TokenInterface $token)
         }
 
         if (null !== $result) {
+            if (null !== $this->eventDispatcher) {
+                $this->eventDispatcher->dispatch(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, new AuthenticationSensitiveEvent($result));
+            }
+
             if (true === $this->eraseCredentials) {
                 $result->eraseCredentials();
             }
 
@@ -13,9 +13,31 @@
 
 final class AuthenticationEvents
 {
+    /**
+     * The AUTHENTICATION_SUCCESS_SENSITIVE event occurs after a user is
+     * authenticated by one provider and is dispatched immediately prior to
+     * the associated AUTHENTICATION_SUCCESS event.
+     *
+     * This event contains user credentials and other sensitive data. This
+     * enables operations such as password rehashing and other credentials-
+     * aware actions, and provides an explicit distinction between code that
+     * has access to sensitive user data and code that does not; use the
+     * existing AUTHENTICATION_SUCCESS event for the latter case.
+     *
+     * @Event("Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent")
+     */
+    const AUTHENTICATION_SUCCESS_SENSITIVE = 'security.authentication.success_sensitive';
+
     /**
      * The AUTHENTICATION_SUCCESS event occurs after a user is authenticated
-     * by one provider.
+     * by one provider and is dispatched immediately after to the associated
+     * AUTHENTICATION_SUCCESS_SENSITIVE event.
+     *
+     * This event is stripped of user credentials and other sensitive data by
+     * default, and provides an explicit distinction between code that is
+     * shielded from the responsibility of handling sensitive user data and
+     * code that is not; use the new AUTHENTICATION_SUCCESS_SENSITIVE event
+     * for the latter case.
      *
      * @Event("Symfony\Component\Security\Core\Event\AuthenticationEvent")
      */
 
@@ -28,7 +28,7 @@ public function __construct(TokenInterface $token)
         $this->authenticationToken = $token;
     }
 
-    public function getAuthenticationToken()
+    public function getAuthenticationToken(): TokenInterface
     {
         return $this->authenticationToken;
     }
 
@@ -0,0 +1,21 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Event;
+
+/**
+ * This is an authentication event that includes sensitive data.
+ *
+ * @author Rob Frawley 2nd <rmf@src.run>
+ */
+class AuthenticationSensitiveEvent extends AuthenticationEvent
+{
+}
@@ -12,10 +12,13 @@
 namespace Symfony\Component\Security\Core\Tests\Authentication;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
 use Symfony\Component\Security\Core\AuthenticationEvents;
 use Symfony\Component\Security\Core\Event\AuthenticationEvent;
 use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
+use Symfony\Component\Security\Core\Event\AuthenticationSensitiveEvent;
 use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\AccountStatusException;
@@ -152,26 +155,45 @@ public function testAuthenticateDispatchesAuthenticationFailureEvent()
         }
     }
 
-    public function testAuthenticateDispatchesAuthenticationSuccessEvent()
+    public function testAuthenticateDispatchesAuthenticationSuccessEvents()
     {
         $token = new UsernamePasswordToken('foo', 'bar', 'key');
 
-        $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
-        $provider->expects($this->once())->method('supports')->willReturn(true);
-        $provider->expects($this->once())->method('authenticate')->willReturn($token);
-
-        $dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock();
+        $dispatcher = $this->getMockBuilder(EventDispatcherInterface::class)->getMock();
         $dispatcher
-            ->expects($this->once())
+            ->expects($this->exactly(2))
             ->method('dispatch')
-            ->with(AuthenticationEvents::AUTHENTICATION_SUCCESS, $this->equalTo(new AuthenticationEvent($token)));
+            ->withConsecutive(array(
+                AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, $this->equalTo(new AuthenticationSensitiveEvent($token)),
+            ), array(
+                AuthenticationEvents::AUTHENTICATION_SUCCESS, $this->equalTo(new AuthenticationEvent($token)),
+            ));
 
-        $manager = new AuthenticationProviderManager(array($provider));
+        $manager = new AuthenticationProviderManager(array(
+            $this->getAuthenticationProvider(true, $token),
+        ));
         $manager->setEventDispatcher($dispatcher);
 
         $this->assertSame($token, $manager->authenticate($token));
     }
 
+    public function testAuthenticateDispatchesAuthenticationSuccessEventsWithCredentialsAvailableAndRemovedForSuccessiveDispatches()
+    {
+        $dispatcher = new EventDispatcher();
+        $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS_SENSITIVE, function (AuthenticationSensitiveEvent $event) {
+            $this->assertEquals('bar', $event->getAuthenticationToken()->getCredentials());
+        });
+        $dispatcher->addListener(AuthenticationEvents::AUTHENTICATION_SUCCESS, function (AuthenticationEvent $event) {
+            $this->assertEquals('', $event->getAuthenticationToken()->getCredentials());
+        });
+
+        $manager = new AuthenticationProviderManager(array(
+            $this->getAuthenticationProvider(true, $token = new UsernamePasswordToken('foo', 'bar', 'key')),
+        ));
+        $manager->setEventDispatcher($dispatcher);
+        $manager->authenticate($token);
+    }
+
     protected function getAuthenticationProvider($supports, $token = null, $exception = null)
     {
         $provider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public function __construct(TokenInterface $token)`
`28`	`28`	`$this->authenticationToken = $token;`
`29`	`29`	`}`
`30`	`30`
`31`		`- public function getAuthenticationToken()`
	`31`	`+ public function getAuthenticationToken(): TokenInterface`
`32`	`32`	`{`
`33`	`33`	`return $this->authenticationToken;`
`34`	`34`	`}`