Merge pull request #10

jmikola · Jan 23, 2015 · eda014b · eda014b
2 parents f96e7bd + 3f77c96
commit eda014b
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -64,10 +64,10 @@ interactive login core event will be dispatched with the authenticated
 
 If a token parameter is present in the request, but the user is already
 authenticated, a custom event will be dispatched, which includes the token's
-value. After dispatching this event, the listener will return immediately, since
-there is no work to be done.
+value. After dispatching this event, the listener's default behavior is to
+return immediately, since there is likely no work to be done.
 
-A practical use for this event would be to mark user's email addresses as
+A practical use for this event would be to mark a user's email addresses as
 confirmed, assuming the auto-login link with the token was only delivered via
 email. As a business requirement, the confirmation service might also listen to
 the interactive login core event and operate when the authenticated token was an
@@ -80,3 +80,17 @@ may be helpful to inject this library's provider class.
 
   [Antonio Trapani]: https://github.com/TwistedLogic
   [PR #9]: https://github.com/jmikola/AutoLogin/pull/9
+
+#### Overriding Already Authenticated Users
+
+*This feature was contributed by [Mathieu Gauthier-Lafaye][] in [PR #10][].*
+
+By default, the listener will only dispatch an event if the user is already
+authenticated; it does not override the existing authenticated user. In some
+cases, it may be desirable to allow an auto-login link to override an existing
+authenticated user. Otherwise, the user would first need to log out before using
+the auto-login link. Setting the listener's `override_already_authenticated`
+boolean option to `true` will enable this behavior.
+
+  [Mathieu Gauthier-Lafaye]: https://github.com/gauthierl
+  [PR #10]: https://github.com/jmikola/AutoLogin/pull/10
diff --git a/composer.json b/composer.json
@@ -20,7 +20,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.1.x-dev"
+            "dev-master": "1.2.x-dev"
         }
     }
 }
diff --git a/src/Jmikola/AutoLogin/Http/Firewall/AutoLoginListener.php b/src/Jmikola/AutoLogin/Http/Firewall/AutoLoginListener.php
@@ -24,25 +24,31 @@ class AutoLoginListener implements ListenerInterface
     private $providerKey;
     private $securityContext;
     private $tokenParam;
+    private $options;
 
     /**
-     * Constructor
+     * Constructor.
      *
      * @param SecurityContextInterface       $securityContext
      * @param AuthenticationManagerInterface $authenticationManager
      * @param string                         $providerKey
      * @param string                         $tokenParam
      * @param LoggerInterface                $logger
      * @param EventDispatcherInterface       $dispatcher
+     * @param array                          $options
      */
-    public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, $tokenParam, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
+    public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, $tokenParam, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, array $options = array())
     {
         $this->securityContext = $securityContext;
         $this->authenticationManager = $authenticationManager;
         $this->providerKey = $providerKey;
         $this->tokenParam = $tokenParam;
         $this->logger = $logger;
         $this->dispatcher = $dispatcher;
+
+        $this->options = $options = array_merge(array(
+            'override_already_authenticated' => false,
+        ), $options);
     }
 
     /**
@@ -58,17 +64,24 @@ public function handle(GetResponseEvent $event)
 
         $tokenParam = $request->get($this->tokenParam);
 
-        /* If the security context has a token, a user is already authenticated
-         * and there is nothing to do. Before returning, dispatch an event with
-         * the token parameter so that a listener may track its usage.
+        /* If the security context has a token, a user is already authenticated.
+         * We will dispatch an event with the token parameter so that a listener
+         * may track its usage.
          */
         if (null !== $this->securityContext->getToken()) {
             if (null !== $this->dispatcher) {
                 $event = new AlreadyAuthenticatedEvent($tokenParam);
                 $this->dispatcher->dispatch(AutoLoginEvents::ALREADY_AUTHENTICATED, $event);
             }
 
-            return;
+            /* By default, ignore the token and return; however, in some cases
+             * it may be useful to override the existing token and allow the
+             * AutoLogin token to be used to switch users (without requiring
+             * the user to first log out).
+             */
+            if ( ! $this->options['override_already_authenticated']) {
+                return;
+            }
         }
 
         try {