Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc1a964d

Browse files
committed
Allow to use ldap in a chain provider
1 parentb39fcef commitc1a964d

File tree

8 files changed

+266
-21
lines changed

8 files changed

+266
-21
lines changed

‎src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@
1717
useSymfony\Component\Ldap\LdapInterface;
1818
useSymfony\Component\Security\Core\Exception\BadCredentialsException;
1919
useSymfony\Component\Security\Core\Exception\LogicException;
20-
useSymfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
2120
useSymfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
2221
useSymfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
2322
useSymfony\Component\Security\Http\Event\CheckPassportEvent;
@@ -46,9 +45,6 @@ public function onCheckPassport(CheckPassportEvent $event)
4645

4746
/** @var LdapBadge $ldapBadge */
4847
$ldapBadge =$passport->getBadge(LdapBadge::class);
49-
if ($ldapBadge->isResolved()) {
50-
return;
51-
}
5248

5349
if (!$passportinstanceof UserPassportInterface || !$passport->hasBadge(PasswordCredentials::class)) {
5450
thrownew \LogicException(sprintf('LDAP authentication requires a passport containing a user and password credentials, authenticator "%s" does not fulfill these requirements.',\get_class($event->getAuthenticator())));
@@ -70,8 +66,8 @@ public function onCheckPassport(CheckPassportEvent $event)
7066
}
7167

7268
$user =$passport->getUser();
73-
if (!$userinstanceofPasswordAuthenticatedUserInterface) {
74-
trigger_deprecation('symfony/ldap','5.3','Not implementing the "%s" interface in class "%s" while using password-based authenticators is deprecated.', PasswordAuthenticatedUserInterface::class,get_debug_type($user));
69+
if (!$userinstanceofLdapUser) {
70+
return;
7571
}
7672

7773
/** @var LdapInterface $ldap */
@@ -104,7 +100,6 @@ public function onCheckPassport(CheckPassportEvent $event)
104100
}
105101

106102
$passwordCredentials->markResolved();
107-
$ldapBadge->markResolved();
108103
}
109104

110105
publicstaticfunctiongetSubscribedEvents():array

‎src/Symfony/Component/Ldap/Security/LdapAuthenticator.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ public function supports(Request $request): ?bool
6060
publicfunctionauthenticate(Request$request):Passport
6161
{
6262
$passport =$this->authenticator->authenticate($request);
63-
$passport->addBadge(newLdapBadge($this->ldapServiceId,$this->dnString,$this->searchDn,$this->searchPassword,$this->queryString));
63+
$passport->addBadge(newLdapBadge($this->ldapServiceId,$this->dnString,$this->searchDn,$this->searchPassword,$this->queryString,true));
6464

6565
return$passport;
6666
}

‎src/Symfony/Component/Ldap/Security/LdapBadge.php

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,20 +24,24 @@
2424
*/
2525
class LdapBadgeimplements BadgeInterface
2626
{
27-
private$resolved =false;
27+
private$resolved =true;
2828
private$ldapServiceId;
2929
private$dnString;
3030
private$searchDn;
3131
private$searchPassword;
3232
private$queryString;
3333

34-
publicfunction__construct(string$ldapServiceId,string$dnString ='{username}',string$searchDn ='',string$searchPassword ='',string$queryString =null)
34+
publicfunction__construct(string$ldapServiceId,string$dnString ='{user_identifier}',string$searchDn ='',string$searchPassword ='',string$queryString =null,$resolved =false)
3535
{
3636
$this->ldapServiceId =$ldapServiceId;
3737
$this->dnString =$dnString;
3838
$this->searchDn =$searchDn;
3939
$this->searchPassword =$searchPassword;
4040
$this->queryString =$queryString;
41+
$this->resolved =$resolved;
42+
if (false ===$this->resolved) {
43+
trigger_deprecation('symfony/ldap','5.4','Passing false as resolved initial value is deprecated, use true instead.');
44+
}
4145
}
4246

4347
publicfunctiongetLdapServiceId():string
@@ -67,6 +71,8 @@ public function getQueryString(): ?string
6771

6872
publicfunctionmarkResolved():void
6973
{
74+
trigger_deprecation('symfony/ldap','5.4','Calling %s is deprecated.',__METHOD__);
75+
7076
$this->resolved =true;
7177
}
7278

‎src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
useSymfony\Component\Ldap\LdapInterface;
2323
useSymfony\Component\Ldap\Security\CheckLdapCredentialsListener;
2424
useSymfony\Component\Ldap\Security\LdapBadge;
25+
useSymfony\Component\Ldap\Security\LdapUser;
2526
useSymfony\Component\Security\Core\Authentication\Token\TokenInterface;
2627
useSymfony\Component\Security\Core\Exception\AuthenticationException;
2728
useSymfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -69,9 +70,10 @@ public static function provideShouldNotCheckPassport()
6970
yield [newTestAuthenticator(),newPassport(newUserBadge('test'),newPasswordCredentials('s3cret'))];
7071

7172
// ldap already resolved
72-
$badge =newLdapBadge('app.ldap');
73-
$badge->markResolved();
74-
yield [newTestAuthenticator(),newPassport(newUserBadge('test'),newPasswordCredentials('s3cret'), [$badge])];
73+
$ldapBadge =newLdapBadge('app.ldap','{user_identifier}','','',null,true);
74+
$userBadge =newUserBadge('test');
75+
$userBadge->setUserLoader(function () {returnnewInMemoryUser('test','pass', ['ROLE_USER']); });
76+
yield [newTestAuthenticator(),newPassport($userBadge,newPasswordCredentials('s3cret'), [$ldapBadge])];
7577
}
7678

7779
publicfunctiontestPasswordCredentialsAlreadyResolvedThrowsException()
@@ -81,7 +83,7 @@ public function testPasswordCredentialsAlreadyResolvedThrowsException()
8183

8284
$badge =newPasswordCredentials('s3cret');
8385
$badge->markResolved();
84-
$passport =newPassport(newUserBadge('test'),$badge, [newLdapBadge('app.ldap')]);
86+
$passport =newPassport(newUserBadge('test'),$badge, [newLdapBadge('app.ldap','{user_identifier}','','',null,true)]);
8587

8688
$listener =$this->createListener();
8789
$listener->onCheckPassport(newCheckPassportEvent(newTestAuthenticator(),$passport));
@@ -93,7 +95,7 @@ public function testInvalidLdapServiceId()
9395
$this->expectExceptionMessage('Cannot check credentials using the "not_existing_ldap_service" ldap service, as such service is not found. Did you maybe forget to add the "ldap" service tag to this service?');
9496

9597
$listener =$this->createListener();
96-
$listener->onCheckPassport($this->createEvent('s3cr3t',newLdapBadge('not_existing_ldap_service')));
98+
$listener->onCheckPassport($this->createEvent('s3cr3t',newLdapBadge('not_existing_ldap_service','{user_identifier}','','',null,true)));
9799
}
98100

99101
/**
@@ -115,7 +117,10 @@ public static function provideWrongPassportData()
115117
}
116118

117119
// no password credentials
118-
yield [newSelfValidatingPassport(newUserBadge('test'), [newLdapBadge('app.ldap')])];
120+
yield [newSelfValidatingPassport(
121+
newUserBadge('test'),
122+
[newLdapBadge('app.ldap','{user_identifier}','','',null,true)]
123+
)];
119124
}
120125

121126
/**
@@ -129,7 +134,7 @@ public function testLegacyWrongPassport()
129134
// no user passport
130135
$passport =$this->createMock(PassportInterface::class);
131136
$passport->expects($this->any())->method('hasBadge')->with(LdapBadge::class)->willReturn(true);
132-
$passport->expects($this->any())->method('getBadge')->with(LdapBadge::class)->willReturn(newLdapBadge('app.ldap'));
137+
$passport->expects($this->any())->method('getBadge')->with(LdapBadge::class)->willReturn(newLdapBadge('app.ldap','{user_identifier}','','',null,true));
133138

134139
$listener =$this->createListener();
135140
$listener->onCheckPassport(newCheckPassportEvent(newTestAuthenticator(),$passport));
@@ -156,6 +161,9 @@ public function testBindFailureShouldThrowAnException()
156161
$listener->onCheckPassport($this->createEvent());
157162
}
158163

164+
/**
165+
* @group legacy
166+
*/
159167
publicfunctiontestQueryForDn()
160168
{
161169
$collection =newclass([newEntry('')])extends \ArrayObjectimplements CollectionInterface {
@@ -183,7 +191,7 @@ public function toArray(): array
183191
$this->ldap->expects($this->once())->method('query')->with('{username}','wouter_test')->willReturn($query);
184192

185193
$listener =$this->createListener();
186-
$listener->onCheckPassport($this->createEvent('s3cr3t',newLdapBadge('app.ldap','{username}','elsa','test1234A$','{username}_test')));
194+
$listener->onCheckPassport($this->createEvent('s3cr3t',newLdapBadge('app.ldap','{username}','elsa','test1234A$','{username}_test',true)));
187195
}
188196

189197
publicfunctiontestEmptyQueryResultShouldThrowAnException()
@@ -211,14 +219,16 @@ public function testEmptyQueryResultShouldThrowAnException()
211219
$this->ldap->expects($this->once())->method('query')->willReturn($query);
212220

213221
$listener =$this->createListener();
214-
$listener->onCheckPassport($this->createEvent('s3cr3t',newLdapBadge('app.ldap','{username}','elsa','test1234A$','{username}_test')));
222+
$listener->onCheckPassport($this->createEvent('s3cr3t',newLdapBadge('app.ldap','{username}','elsa','test1234A$','{username}_test',true)));
215223
}
216224

217225
privatefunctioncreateEvent($password ='s3cr3t',$ldapBadge =null)
218226
{
227+
$ldapUser =newLdapUser(newEntry('cn=Wouter,dc=example,dc=com'),'Wouter',null, ['ROLE_USER']);
228+
219229
returnnewCheckPassportEvent(
220230
newTestAuthenticator(),
221-
newPassport(newUserBadge('Wouter',function (){returnnewInMemoryUser('Wouter',null, ['ROLE_USER']); }),newPasswordCredentials($password), [$ldapBadge ??newLdapBadge('app.ldap')])
231+
newPassport(newUserBadge('Wouter',function ()use ($ldapUser) {return$ldapUser; }),newPasswordCredentials($password), [$ldapBadge ??newLdapBadge('app.ldap','{user_identifier}','','',null,true)])
222232
);
223233
}
224234

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespaceSecurity;
13+
14+
usePHPUnit\Framework\TestCase;
15+
useSymfony\Bridge\PhpUnit\ExpectDeprecationTrait;
16+
useSymfony\Component\Ldap\Security\LdapBadge;
17+
18+
finalclass LdapBadgeTestextends TestCase
19+
{
20+
use ExpectDeprecationTrait;
21+
22+
/**
23+
* @group legacy
24+
*/
25+
publicfunctiontestDeprecationOnResolvedInitialValue()
26+
{
27+
$this->expectDeprecation('Since symfony/ldap 5.4: Passing false as resolved initial value is deprecated, use true instead.');
28+
29+
newLdapBadge('foo');
30+
}
31+
32+
/**
33+
* @group legacy
34+
*/
35+
publicfunctiontestDeprecationOnMarkAsResolved()
36+
{
37+
$this->expectDeprecation('Since symfony/ldap 5.4: Calling Symfony\Component\Ldap\Security\LdapBadge::markResolved is deprecated.');
38+
39+
$sut =newLdapBadge('foo','{user_identifier}','','',null,true);
40+
$sut->markResolved();
41+
}
42+
}

‎src/Symfony/Component/Ldap/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,8 @@
2323
"ext-ldap":"*"
2424
},
2525
"require-dev": {
26-
"symfony/security-core":"^5.3|^6.0"
26+
"symfony/security-core":"^5.3|^6.0",
27+
"symfony/security-http":"^5.4"
2728
},
2829
"conflict": {
2930
"symfony/options-resolver":"<4.4",

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp