NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commit2643ec8

Robin Chalas

committed

bug#27581 Fix bad method call with guard authentication + session migration (weaverryan)

This PR was squashed before being merged into the 2.8 branch (closes#27581).Discussion----------Fix bad method call with guard authentication + session migration| Q | A| ------------- | ---| Branch? | 2.8| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no (but there needs to be on master)| Tests pass? | yes| Fixed tickets |#27577| License | MIT| Doc PR | n/aI messed up#27452 :/. Guard is the one class where the session migration is not on the listener, it's on the handler. The tricky part is that there is only ONE handler (unlike listeners where there is 1 listener per firewall). That means that implementing a session migration strategy that avoids stateless firewalls was a bit more tricky: I could only think to inject a map into `GuardAuthenticationHandler`. On the bright side, this also fixes session migration (not happening) when people call the `authenticateUserAndHandleSuccess()` method directly.On master, we'll need to add a deprecation to make the 3rd argument of `authenticateWithToken()` required - it's optional now for BC. We may also need to re-order the constructor args.I DID test this in a real 2.8 project, to make sure that things were properly wired up. Apologies for not doing that for the other PR.Cheers!Commits-------2c0ac93 Fix bad method call with guard authentication + session migration

2 parents5c2b2bb +2c0ac93 commit2643ec8Copy full SHA for 2643ec8

File tree

7 files changed

+64

-8

lines changed

src/Symfony
- Bundle/SecurityBundle
  - DependencyInjection
    - SecurityExtension.php
    - Security/Factory
      - GuardAuthenticationFactory.php
  - Resources/config
    - guard.xml
  - Tests/DependencyInjection
    - SecurityExtensionTest.php
- Component/Security/Guard
  - Firewall
    - GuardAuthenticationListener.php
  - GuardAuthenticatorHandler.php
  - Tests
    - GuardAuthenticatorHandlerTest.php

7 files changed

+64

-8

lines changed

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,6 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,`
`77`	`77`	`$listener =$container->setDefinition($listenerId,newDefinitionDecorator('security.authentication.listener.guard'));`
`78`	`78`	`$listener->replaceArgument(2,$id);`
`79`	`79`	`$listener->replaceArgument(3,$authenticatorReferences);`
`80`		`-$listener->addMethodCall('setSessionAuthenticationStrategy',array(newReference('security.authentication.session_strategy.'.$id)));`
`81`	`80`
`82`	`81`	`// determine the entryPointId to use`
`83`	`82`	`$entryPointId =$this->determineEntryPoint($defaultEntryPoint,$config);`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ class SecurityExtension extends Extension`
`39`	`39`	`private$factories =array();`
`40`	`40`	`private$userProviderFactories =array();`
`41`	`41`	`private$expressionLanguage;`
	`42`	`+private$statelessFirewallKeys =array();`
`42`	`43`
`43`	`44`	`publicfunction__construct()`
`44`	`45`	`{`
`@@ -89,6 +90,9 @@ public function load(array $configs, ContainerBuilder $container)`
`89`	`90`	`$this->createAuthorization($config,$container);`
`90`	`91`	`$this->createRoleHierarchy($config,$container);`
`91`	`92`
	`93`	`+$container->getDefinition('security.authentication.guard_handler')`
	`94`	`+ ->replaceArgument(2,$this->statelessFirewallKeys);`
	`95`	`+`
`92`	`96`	`if ($config['encoders']) {`
`93`	`97`	`$this->createEncoders($config['encoders'],$container);`
`94`	`98`	`}`
`@@ -287,6 +291,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a`
`287`	`291`	`$listeners[] =newReference($this->createContextListener($container,$contextKey));`
`288`	`292`	`$sessionStrategyId ='security.authentication.session_strategy';`
`289`	`293`	`}else {`
	`294`	`+$this->statelessFirewallKeys[] =$id;`
`290`	`295`	`$sessionStrategyId ='security.authentication.session_strategy_noop';`
`291`	`296`	`}`
`292`	`297`	`$container->setAlias(newAlias('security.authentication.session_strategy.'.$id,false),$sessionStrategyId);`

`‎src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,10 @@`
`10`	`10`	`>`
`11`	`11`	`<argumenttype="service"id="security.token_storage" />`
`12`	`12`	`<argumenttype="service"id="event_dispatcher"on-invalid="null" />`
	`13`	`+ <argument /><!-- stateless firewall keys-->`
	`14`	`+ <callmethod="setSessionAuthenticationStrategy">`
	`15`	`+ <argumenttype="service"id="security.authentication.session_strategy" />`
	`16`	`+ </call>`
`13`	`17`	`</service>`
`14`	`18`
`15`	`19`	`<!-- See GuardAuthenticationFactory-->`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php‎`

Lines changed: 27 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -119,6 +119,33 @@ public function testDisableRoleHierarchyVoter()`
`119`	`119`	`$this->assertFalse($container->hasDefinition('security.access.role_hierarchy_voter'));`
`120`	`120`	`}`
`121`	`121`
	`122`	`+publicfunctiontestGuardHandlerIsPassedStatelessFirewalls()`
	`123`	`+ {`
	`124`	`+$container =$this->getRawContainer();`
	`125`	`+`
	`126`	`+$container->loadFromExtension('security',array(`
	`127`	`+'providers' =>array(`
	`128`	`+'default' =>array('id' =>'foo'),`
	`129`	`+ ),`
	`130`	`+`
	`131`	`+'firewalls' =>array(`
	`132`	`+'some_firewall' =>array(`
	`133`	`+'pattern' =>'^/admin',`
	`134`	`+'http_basic' =>null,`
	`135`	`+ ),`
	`136`	`+'stateless_firewall' =>array(`
	`137`	`+'pattern' =>'/.*',`
	`138`	`+'stateless' =>true,`
	`139`	`+'http_basic' =>null,`
	`140`	`+ ),`
	`141`	`+ ),`
	`142`	`+ ));`
	`143`	`+`
	`144`	`+$container->compile();`
	`145`	`+$definition =$container->getDefinition('security.authentication.guard_handler');`
	`146`	`+$this->assertSame(array('stateless_firewall'),$definition->getArgument(2));`
	`147`	`+ }`
	`148`	`+`
`122`	`149`	`protectedfunctiongetRawContainer()`
`123`	`150`	`{`
`124`	`151`	`$container =newContainerBuilder();`

`‎src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ private function executeGuardAuthenticator($uniqueGuardKey, GuardAuthenticatorIn`
`117`	`117`	`}`
`118`	`118`
`119`	`119`	`// sets the token on the token storage, etc`
`120`		`-$this->guardHandler->authenticateWithToken($token,$request);`
	`120`	`+$this->guardHandler->authenticateWithToken($token,$request,$this->providerKey);`
`121`	`121`	`}catch (AuthenticationException$e) {`
`122`	`122`	`// oh no! Authentication failed!`
`123`	`123`

`‎src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php‎`

Lines changed: 15 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,19 +35,28 @@ class GuardAuthenticatorHandler`
`35`	`35`	`private$tokenStorage;`
`36`	`36`	`private$dispatcher;`
`37`	`37`	`private$sessionStrategy;`
	`38`	`+private$statelessProviderKeys;`
`38`	`39`
`39`		`-publicfunction__construct(TokenStorageInterface$tokenStorage,EventDispatcherInterface$eventDispatcher =null)`
	`40`	`+/**`
	`41`	`+ * @param array $statelessProviderKeys An array of provider/firewall keys that are "stateless" and so do not need the session migrated on success`
	`42`	`+ */`
	`43`	`+publicfunction__construct(TokenStorageInterface$tokenStorage,EventDispatcherInterface$eventDispatcher =null,array$statelessProviderKeys =array())`
`40`	`44`	`{`
`41`	`45`	`$this->tokenStorage =$tokenStorage;`
`42`	`46`	`$this->dispatcher =$eventDispatcher;`
	`47`	`+$this->statelessProviderKeys =$statelessProviderKeys;`
`43`	`48`	`}`
`44`	`49`
`45`	`50`	`/**`
`46`	`51`	`* Authenticates the given token in the system.`
	`52`	`+ *`
	`53`	`+ * @param string $providerKey The name of the provider/firewall being used for authentication`
`47`	`54`	`*/`
`48`		`-publicfunctionauthenticateWithToken(TokenInterface$token,Request$request)`
	`55`	`+publicfunctionauthenticateWithToken(TokenInterface$token,Request$request/, string $providerKey /)`
`49`	`56`	`{`
`50`		`-$this->migrateSession($request,$token);`
	`57`	`+$providerKey =\func_num_args() >2 ?func_get_arg(2) :null;`
	`58`	`+`
	`59`	`+$this->migrateSession($request,$token,$providerKey);`
`51`	`60`	`$this->tokenStorage->setToken($token);`
`52`	`61`
`53`	`62`	`if (null !==$this->dispatcher) {`
`@@ -98,7 +107,7 @@ public function authenticateUserAndHandleSuccess(UserInterface $user, Request $r`
`98`	`107`	`// create an authenticated token for the User`
`99`	`108`	`$token =$authenticator->createAuthenticatedToken($user,$providerKey);`
`100`	`109`	`// authenticate this in the system`
`101`		`-$this->authenticateWithToken($token,$request);`
	`110`	`+$this->authenticateWithToken($token,$request,$providerKey);`
`102`	`111`
`103`	`112`	`// return the success metric`
`104`	`113`	`return$this->handleAuthenticationSuccess($token,$request,$authenticator,$providerKey);`
`@@ -140,9 +149,9 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn`
`140`	`149`	`$this->sessionStrategy =$sessionStrategy;`
`141`	`150`	`}`
`142`	`151`
`143`		`-privatefunctionmigrateSession(Request$request,TokenInterface$token)`
	`152`	`+privatefunctionmigrateSession(Request$request,TokenInterface$token,$providerKey)`
`144`	`153`	`{`
`145`		`-if (!$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession()) {`
	`154`	`+if (!$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession() \|\|\in_array($providerKey,$this->statelessProviderKeys,true)) {`
`146`	`155`	`return;`
`147`	`156`	`}`
`148`	`157`

`‎src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,18 @@ public function testSessionStrategyIsCalled()`
`143`	`143`	`$handler->authenticateWithToken($this->token,$this->request);`
`144`	`144`	`}`
`145`	`145`
	`146`	`+publicfunctiontestSessionStrategyIsNotCalledWhenStateless()`
	`147`	`+ {`
	`148`	`+$this->configurePreviousSession();`
	`149`	`+`
	`150`	`+$this->sessionStrategy->expects($this->never())`
	`151`	`+ ->method('onAuthentication');`
	`152`	`+`
	`153`	`+$handler =newGuardAuthenticatorHandler($this->tokenStorage,$this->dispatcher,array('some_provider_key'));`
	`154`	`+$handler->setSessionAuthenticationStrategy($this->sessionStrategy);`
	`155`	`+$handler->authenticateWithToken($this->token,$this->request,'some_provider_key');`
	`156`	`+ }`
	`157`	`+`
`146`	`158`	`protectedfunctionsetUp()`
`147`	`159`	`{`
`148`	`160`	`$this->tokenStorage =$this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit2643ec8

File tree

7 files changed

7 files changed

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php‎`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php‎`

`‎src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php‎`

`‎src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php‎`

`‎src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php‎`

0 commit comments