NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.4k

Commit1679e6a

committed

Removed AnonymousToken from the authenticator system

* Anonymous users are actual to unauthenticated users, both are now represented by no token* Added a PUBLIC_ACCESS Security attribute to be used in access_control* Deprecated "anonymous: lazy" in favor of "lazy: true"

1 parentc30d6f9 commit1679e6aCopy full SHA for 1679e6a

File tree

12 files changed

+138

-156

lines changed

UPGRADE-5.1.md
src/Symfony
- Bundle/SecurityBundle
  - DependencyInjection
    - MainConfiguration.php
    - Security/Factory
      - AnonymousFactory.php
    - SecurityExtension.php
  - Resources/config
    - security_authenticator.xml
- Component/Security
  - Core
    - Authorization
      - AuthorizationChecker.php
    - Tests/Authorization
      - AuthorizationCheckerTest.php
  - Http
    - Authenticator
      - AnonymousAuthenticator.php
    - Firewall
      - AccessListener.php
      - ExceptionListener.php
    - Tests
      - Authenticator
        AnonymousAuthenticatorTest.php
      - Firewall
        AccessListenerTest.php

12 files changed

+138

-156

lines changed

`‎UPGRADE-5.1.md`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -112,6 +112,24 @@ Routing`
`112`	`112`	`SecurityBundle`
`113`	`113`	`--------------`
`114`	`114`
	`115`	+* Deprecated`anonymous: lazy` in favor of`lazy: true`
	`116`	`+`
	`117`	`+Before`
	`118`	+```yaml
	`119`	`+security:`
	`120`	`+firewalls:`
	`121`	`+main:`
	`122`	`+anonymous:lazy`
	`123`	+```
	`124`	`+`
	`125`	`+ After`
	`126`	+```yaml
	`127`	`+security:`
	`128`	`+firewalls:`
	`129`	`+main:`
	`130`	`+anonymous:true`
	`131`	`+lazy:true`
	`132`	+```
`115`	`133`	* Marked the`AbstractFactory`, `AnonymousFactory`, `FormLoginFactory`, `FormLoginLdapFactory`, `GuardAuthenticationFactory`,
`116`	`134`	`HttpBasicFactory`, `HttpBasicLdapFactory`, `JsonLoginFactory`, `JsonLoginLdapFactory`, `RememberMeFactory`, `RemoteUserFactory`
`117`	`135`	and `X509Factory` as `@internal`. Instead of extending these classes, create your own implementation based on

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto`
`197`	`197`	`->scalarNode('entry_point')->end()`
`198`	`198`	`->scalarNode('provider')->end()`
`199`	`199`	`->booleanNode('stateless')->defaultFalse()->end()`
	`200`	`+ ->booleanNode('lazy')->defaultFalse()->end()`
`200`	`201`	`->scalarNode('context')->cannotBeEmpty()->end()`
`201`	`202`	`->arrayNode('logout')`
`202`	`203`	`->treatTrueLike([])`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php`

Lines changed: 3 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespaceSymfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;`
`13`	`13`
`14`	`14`	`useSymfony\Component\Config\Definition\Builder\NodeDefinition;`
	`15`	`+useSymfony\Component\Config\Definition\Exception\InvalidConfigurationException;`
`15`	`16`	`useSymfony\Component\DependencyInjection\ChildDefinition;`
`16`	`17`	`useSymfony\Component\DependencyInjection\ContainerBuilder;`
`17`	`18`	`useSymfony\Component\DependencyInjection\Parameter;`
`@@ -46,16 +47,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,`
`46`	`47`
`47`	`48`	`publicfunctioncreateAuthenticator(ContainerBuilder$container,string$firewallName,array$config,string$userProviderId):string`
`48`	`49`	`{`
`49`		`-if (null ===$config['secret']) {`
`50`		`-$config['secret'] =newParameter('container.build_hash');`
`51`		`- }`
`52`		`-`
`53`		`-$authenticatorId ='security.authenticator.anonymous.'.$firewallName;`
`54`		`-$container`
`55`		`- ->setDefinition($authenticatorId,newChildDefinition('security.authenticator.anonymous'))`
`56`		`- ->replaceArgument(0,$config['secret']);`
`57`		`-`
`58`		`-return$authenticatorId;`
	`50`	`+thrownewInvalidConfigurationException(sprintf('The authenticator manager no longer has "anonymous" security. Please remove this option under the "%s" firewall'.($config['lazy'] ?' and add "lazy: true"' :'').'.',$firewallName));`
`59`	`51`	`}`
`60`	`52`
`61`	`53`	`publicfunctiongetPosition()`
`@@ -76,7 +68,7 @@ public function addConfiguration(NodeDefinition $builder)`
`76`	`68`	`->then(function ($v) {return ['lazy' =>true]; })`
`77`	`69`	`->end()`
`78`	`70`	`->children()`
`79`		`- ->booleanNode('lazy')->defaultFalse()->end()`
	`71`	`+ ->booleanNode('lazy')->defaultFalse()->setDeprecated('symfony/security-bundle','5.1','Using "anonymous: lazy" to make the firewall lazy is deprecated, use "lazy: true" instead.')->end()`
`80`	`72`	`->scalarNode('secret')->defaultNull()->end()`
`81`	`73`	`->end()`
`82`	`74`	`;`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,13 @@ public function load(array $configs, ContainerBuilder $container)`
`111`	`111`
`112`	`112`	`if ($this->authenticatorManagerEnabled =$config['enable_authenticator_manager']) {`
`113`	`113`	`$loader->load('security_authenticator.xml');`
	`114`	`+`
	`115`	`+// The authenticator system no longer has anonymous tokens. This makes sure AccessListener`
	`116`	`+// and AuthorizationChecker do not throw AuthenticationCredentialsNotFoundException when no`
	`117`	`+// token is available in the token storage.`
	`118`	`+$container->getDefinition('security.access_listener')->setArgument(4,false);`
	`119`	`+$container->getDefinition('security.authorization_checker')->setArgument(4,false);`
	`120`	`+$container->getDefinition('security.authorization_checker')->setArgument(5,false);`
`114`	`121`	`}else {`
`115`	`122`	`$loader->load('security_legacy.xml');`
`116`	`123`	`}`
`@@ -268,7 +275,8 @@ private function createFirewalls(array $config, ContainerBuilder $container)`
`268`	`275`	`list($matcher,$listeners,$exceptionListener,$logoutListener) =$this->createFirewall($container,$name,$firewall,$authenticationProviders,$providerIds,$configId);`
`269`	`276`
`270`	`277`	`$contextId ='security.firewall.map.context.'.$name;`
`271`		`-$context =newChildDefinition($firewall['stateless'] \|\|empty($firewall['anonymous']['lazy']) ?'security.firewall.context' :'security.firewall.lazy_context');`
	`278`	`+$isLazy = !$firewall['stateless'] && (!empty($firewall['anonymous']['lazy']) \|\|$firewall['lazy']);`
	`279`	`+$context =newChildDefinition($isLazy ?'security.firewall.lazy_context' :'security.firewall.context');`
`272`	`280`	`$context =$container->setDefinition($contextId,$context);`
`273`	`281`	`$context`
`274`	`282`	`->replaceArgument(0,newIteratorArgument($listeners))`

`‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml`

Lines changed: 0 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -111,13 +111,6 @@`
`111`	`111`	`<argumenttype="service"id="property_accessor"on-invalid="null" />`
`112`	`112`	`</service>`
`113`	`113`
`114`		`- <serviceid="security.authenticator.anonymous"`
`115`		`-class="Symfony\Component\Security\Http\Authenticator\AnonymousAuthenticator"`
`116`		`-abstract="true">`
`117`		`- <argumenttype="abstract">secret</argument>`
`118`		`- <argumenttype="service"id="security.untracked_token_storage" />`
`119`		`- </service>`
`120`		`-`
`121`	`114`	`<serviceid="security.authenticator.remember_me"`
`122`	`115`	`class="Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator"`
`123`	`116`	`abstract="true">`

`‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php`

Lines changed: 9 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,24 +29,30 @@ class AuthorizationChecker implements AuthorizationCheckerInterface`
`29`	`29`	`private$accessDecisionManager;`
`30`	`30`	`private$authenticationManager;`
`31`	`31`	`private$alwaysAuthenticate;`
	`32`	`+private$exceptionOnNoToken;`
`32`	`33`
`33`		`-publicfunction__construct(TokenStorageInterface$tokenStorage,AuthenticationManagerInterface$authenticationManager,AccessDecisionManagerInterface$accessDecisionManager,bool$alwaysAuthenticate =false)`
	`34`	`+publicfunction__construct(TokenStorageInterface$tokenStorage,AuthenticationManagerInterface$authenticationManager,AccessDecisionManagerInterface$accessDecisionManager,bool$alwaysAuthenticate =false,bool$exceptionOnNoToken =true)`
`34`	`35`	`{`
`35`	`36`	`$this->tokenStorage =$tokenStorage;`
`36`	`37`	`$this->authenticationManager =$authenticationManager;`
`37`	`38`	`$this->accessDecisionManager =$accessDecisionManager;`
`38`	`39`	`$this->alwaysAuthenticate =$alwaysAuthenticate;`
	`40`	`+$this->exceptionOnNoToken =$exceptionOnNoToken;`
`39`	`41`	`}`
`40`	`42`
`41`	`43`	`/**`
`42`	`44`	`* {@inheritdoc}`
`43`	`45`	`*`
`44`		`- * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token`
	`46`	`+ * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true`
`45`	`47`	`*/`
`46`	`48`	`finalpublicfunctionisGranted($attribute,$subject =null):bool`
`47`	`49`	`{`
`48`	`50`	`if (null === ($token =$this->tokenStorage->getToken())) {`
`49`		`-thrownewAuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');`
	`51`	`+if ($this->exceptionOnNoToken) {`
	`52`	`+thrownewAuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');`
	`53`	`+ }`
	`54`	`+`
	`55`	`+returnfalse;`
`50`	`56`	`}`
`51`	`57`
`52`	`58`	`if ($this->alwaysAuthenticate \|\| !$token->isAuthenticated()) {`

`‎src/Symfony/Component/Security/Core/Tests/Authorization/AuthorizationCheckerTest.php`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,13 @@ public function testVoteWithoutAuthenticationToken()`
`73`	`73`	`$this->authorizationChecker->isGranted('ROLE_FOO');`
`74`	`74`	`}`
`75`	`75`
	`76`	`+publicfunctiontestVoteWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse()`
	`77`	`+ {`
	`78`	`+$authorizationChecker =newAuthorizationChecker($this->tokenStorage,$this->authenticationManager,$this->accessDecisionManager,false,false);`
	`79`	`+`
	`80`	`+$this->assertFalse($authorizationChecker->isGranted('ROLE_FOO'));`
	`81`	`+ }`
	`82`	`+`
`76`	`83`	`/**`
`77`	`84`	`* @dataProvider isGrantedProvider`
`78`	`85`	`*/`

`‎src/Symfony/Component/Security/Http/Authenticator/AnonymousAuthenticator.php`

Lines changed: 0 additions & 67 deletions

This file was deleted.

`‎src/Symfony/Component/Security/Http/Firewall/AccessListener.php`

Lines changed: 38 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,17 +31,21 @@`
`31`	`31`	`*/`
`32`	`32`	`class AccessListenerextends AbstractListener`
`33`	`33`	`{`
	`34`	`+constPUBLIC_ACCESS ='PUBLIC_ACCESS';`
	`35`	`+`
`34`	`36`	`private$tokenStorage;`
`35`	`37`	`private$accessDecisionManager;`
`36`	`38`	`private$map;`
`37`	`39`	`private$authManager;`
	`40`	`+private$exceptionOnNoToken;`
`38`	`41`
`39`		`-publicfunction__construct(TokenStorageInterface$tokenStorage,AccessDecisionManagerInterface$accessDecisionManager,AccessMapInterface$map,AuthenticationManagerInterface$authManager)`
	`42`	`+publicfunction__construct(TokenStorageInterface$tokenStorage,AccessDecisionManagerInterface$accessDecisionManager,AccessMapInterface$map,AuthenticationManagerInterface$authManager,bool$exceptionOnNoToken =true)`
`40`	`43`	`{`
`41`	`44`	`$this->tokenStorage =$tokenStorage;`
`42`	`45`	`$this->accessDecisionManager =$accessDecisionManager;`
`43`	`46`	`$this->map =$map;`
`44`	`47`	`$this->authManager =$authManager;`
	`48`	`+$this->exceptionOnNoToken =$exceptionOnNoToken;`
`45`	`49`	`}`
`46`	`50`
`47`	`51`	`/**`
`@@ -52,18 +56,18 @@ public function supports(Request $request): ?bool`
`52`	`56`	`[$attributes] =$this->map->getPatterns($request);`
`53`	`57`	`$request->attributes->set('_access_control_attributes',$attributes);`
`54`	`58`
`55`		`-return$attributes && [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !==$attributes ?true :null;`
	`59`	`+return$attributes &&([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !==$attributes && [self::PUBLIC_ACCESS] !==$attributes) ?true :null;`
`56`	`60`	`}`
`57`	`61`
`58`	`62`	`/**`
`59`	`63`	`* Handles access authorization.`
`60`	`64`	`*`
`61`	`65`	`* @throws AccessDeniedException`
`62`		`- * @throws AuthenticationCredentialsNotFoundException`
	`66`	`+ * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true`
`63`	`67`	`*/`
`64`	`68`	`publicfunctionauthenticate(RequestEvent$event)`
`65`	`69`	`{`
`66`		`-if (!$eventinstanceof LazyResponseEvent &&null ===$token =$this->tokenStorage->getToken()) {`
	`70`	`+if (!$eventinstanceof LazyResponseEvent &&null ===($token =$this->tokenStorage->getToken()) &&$this->exceptionOnNoToken) {`
`67`	`71`	`thrownewAuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');`
`68`	`72`	`}`
`69`	`73`
`@@ -76,8 +80,26 @@ public function authenticate(RequestEvent $event)`
`76`	`80`	`return;`
`77`	`81`	`}`
`78`	`82`
`79`		`-if ($eventinstanceof LazyResponseEvent &&null ===$token =$this->tokenStorage->getToken()) {`
`80`		`-thrownewAuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');`
	`83`	`+if ($eventinstanceof LazyResponseEvent) {`
	`84`	`+$token =$this->tokenStorage->getToken();`
	`85`	`+ }`
	`86`	`+`
	`87`	`+if (null ===$token) {`
	`88`	`+if ($this->exceptionOnNoToken) {`
	`89`	`+thrownewAuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');`
	`90`	`+ }`
	`91`	`+`
	`92`	`+if ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] ===$attributes) {`
	`93`	`+trigger_deprecation('symfony/security-http','5.1','Using "IS_AUTHENTICATED_ANONYMOUSLY" in your access_control rules when using the authenticator Security system is deprecated, use "PUBLIC_ACCESS" instead.');`
	`94`	`+`
	`95`	`+return;`
	`96`	`+ }`
	`97`	`+`
	`98`	`+if ([self::PUBLIC_ACCESS] ===$attributes) {`
	`99`	`+return;`
	`100`	`+ }`
	`101`	`+`
	`102`	`+throw$this->createAccessDeniedException($request,$attributes);`
`81`	`103`	`}`
`82`	`104`
`83`	`105`	`if (!$token->isAuthenticated()) {`
`@@ -86,11 +108,16 @@ public function authenticate(RequestEvent $event)`
`86`	`108`	`}`
`87`	`109`
`88`	`110`	`if (!$this->accessDecisionManager->decide($token,$attributes,$request,true)) {`
`89`		`-$exception =newAccessDeniedException();`
`90`		`-$exception->setAttributes($attributes);`
`91`		`-$exception->setSubject($request);`
`92`		`-`
`93`		`-throw$exception;`
	`111`	`+throw$this->createAccessDeniedException($request,$attributes);`
`94`	`112`	`}`
`95`	`113`	`}`
	`114`	`+`
	`115`	`+privatefunctioncreateAccessDeniedException(Request$request,array$attributes)`
	`116`	`+ {`
	`117`	`+$exception =newAccessDeniedException();`
	`118`	`+$exception->setAttributes($attributes);`
	`119`	`+$exception->setSubject($request);`
	`120`	`+`
	`121`	`+return$exception;`
	`122`	`+ }`
`96`	`123`	`}`

`‎src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,9 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied`
`144`	`144`
`145`	`145`	`try {`
`146`	`146`	`$insufficientAuthenticationException =newInsufficientAuthenticationException('Full authentication is required to access this resource.',0,$exception);`
`147`		`-$insufficientAuthenticationException->setToken($token);`
	`147`	`+if (null !==$token) {`
	`148`	`+$insufficientAuthenticationException->setToken($token);`
	`149`	`+ }`
`148`	`150`
`149`	`151`	`$event->setResponse($this->startAuthentication($event->getRequest(),$insufficientAuthenticationException));`
`150`	`152`	`}catch (\Exception$e) {`

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit1679e6a

File tree

12 files changed

12 files changed

`‎UPGRADE-5.1.md`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php`

`‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml`

`‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php`

`‎src/Symfony/Component/Security/Core/Tests/Authorization/AuthorizationCheckerTest.php`

`‎src/Symfony/Component/Security/Http/Authenticator/AnonymousAuthenticator.php`

`‎src/Symfony/Component/Security/Http/Firewall/AccessListener.php`

`‎src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php`

`‎src/Symfony/Component/Security/Http/Tests/Authenticator/AnonymousAuthenticatorTest.php`

0 commit comments