Merge pull request #277 from petergallagher/master

Add pre auth checks to authentication.

Author: stof

Security/Authentication/Provider/OAuthProvider.php

@@ -47,6 +47,7 @@ class OAuthProvider implements AuthenticationProviderInterface
     /**
      * @param \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider      The user provider.
      * @param \OAuth2\OAuth2 $serverService The OAuth2 server service.
+     * @param \Symfony\Component\Security\Core\User\UserCheckerInterface $userChecker The Symfony User Checker for Pre and Post auth checks
      */
     public function __construct(UserProviderInterface $userProvider, OAuth2 $serverService, UserCheckerInterface $userChecker)
     {
@@ -71,6 +72,22 @@ public function authenticate(TokenInterface $token)
                 $scope = $accessToken->getScope();
                 $user  = $accessToken->getUser();
 
+                if (null !== $user) {
+
+                    try {
+                        $this->userChecker->checkPreAuth($user);
+                    } catch (AccountStatusException $e) {
+                        throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED,
+                            OAuth2::TOKEN_TYPE_BEARER,
+                            $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM),
+                            'access_denied',
+                            $e->getMessage()
+                        );
+                    }
+
+                    $token->setUser($user);
+                }
+
                 $roles = (null !== $user) ? $user->getRoles() : array();
 
                 if (!empty($scope)) {