From 550e5dbd90787f306d5e42d0f2fff18d7baebee1 Mon Sep 17 00:00:00 2001 From: Wouter de Jong Date: Sat, 23 Oct 2021 13:11:11 +0200 Subject: [PATCH 1/4] [SecurityBundle] Default signature_properties to the previous behavior --- .../Security/Factory/RememberMeFactory.php | 1 + .../Security/UserChangingUserProvider.php | 23 ++++++++++------ Tests/Functional/RememberMeTest.php | 27 +++++++++++++++++-- 3 files changed, 41 insertions(+), 10 deletions(-) diff --git a/DependencyInjection/Security/Factory/RememberMeFactory.php b/DependencyInjection/Security/Factory/RememberMeFactory.php index de19f488..525726b0 100644 --- a/DependencyInjection/Security/Factory/RememberMeFactory.php +++ b/DependencyInjection/Security/Factory/RememberMeFactory.php @@ -208,6 +208,7 @@ public function addConfiguration(NodeDefinition $node) ->requiresAtLeastOneElement() ->info('An array of properties on your User that are used to sign the remember-me cookie. If any of these change, all existing cookies will become invalid.') ->example(['email', 'password']) + ->defaultValue(['password']) ->end() ->arrayNode('token_provider') ->beforeNormalization() diff --git a/Tests/Functional/Bundle/RememberMeBundle/Security/UserChangingUserProvider.php b/Tests/Functional/Bundle/RememberMeBundle/Security/UserChangingUserProvider.php index a5306b6b..f2eebacf 100644 --- a/Tests/Functional/Bundle/RememberMeBundle/Security/UserChangingUserProvider.php +++ b/Tests/Functional/Bundle/RememberMeBundle/Security/UserChangingUserProvider.php @@ -21,6 +21,8 @@ class UserChangingUserProvider implements UserProviderInterface { private $inner; + public static $changePassword = false; + public function __construct(InMemoryUserProvider $inner) { $this->inner = $inner; @@ -28,26 +30,31 @@ public function __construct(InMemoryUserProvider $inner) public function loadUserByUsername($username) { - return $this->inner->loadUserByUsername($username); + return $this->changeUser($this->inner->loadUserByUsername($username)); } public function loadUserByIdentifier(string $userIdentifier): UserInterface { - return $this->inner->loadUserByIdentifier($userIdentifier); + return $this->changeUser($this->inner->loadUserByIdentifier($userIdentifier)); } public function refreshUser(UserInterface $user) { - $user = $this->inner->refreshUser($user); - - $alterUser = \Closure::bind(function (InMemoryUser $user) { $user->password = 'foo'; }, null, class_exists(User::class) ? User::class : InMemoryUser::class); - $alterUser($user); - - return $user; + return $this->changeUser($this->inner->refreshUser($user)); } public function supportsClass($class) { return $this->inner->supportsClass($class); } + + private function changeUser(UserInterface $user): UserInterface + { + if (self::$changePassword) { + $alterUser = \Closure::bind(function (InMemoryUser $user) { $user->password = 'changed!'; }, null, class_exists(User::class) ? User::class : InMemoryUser::class); + $alterUser($user); + } + + return $user; + } } diff --git a/Tests/Functional/RememberMeTest.php b/Tests/Functional/RememberMeTest.php index 7af43e11..c1958c7d 100644 --- a/Tests/Functional/RememberMeTest.php +++ b/Tests/Functional/RememberMeTest.php @@ -11,8 +11,15 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional; +use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RememberMeBundle\Security\UserChangingUserProvider; + class RememberMeTest extends AbstractWebTestCase { + protected function setUp(): void + { + UserChangingUserProvider::$changePassword = false; + } + /** * @dataProvider provideConfigs */ @@ -51,11 +58,19 @@ public function testUserChangeClearsCookie() $this->assertSame(302, $client->getResponse()->getStatusCode()); $cookieJar = $client->getCookieJar(); - $this->assertNotNull($cookieJar->get('REMEMBERME')); + $this->assertNotNull($cookie = $cookieJar->get('REMEMBERME')); + + UserChangingUserProvider::$changePassword = true; + // change password (through user provider), this deauthenticates the session $client->request('GET', '/profile'); $this->assertRedirect($client->getResponse(), '/login'); $this->assertNull($cookieJar->get('REMEMBERME')); + + // restore the old remember me cookie, it should no longer be valid + $cookieJar->set($cookie); + $client->request('GET', '/profile'); + $this->assertRedirect($client->getResponse(), '/login'); } public function testSessionLessRememberMeLogout() @@ -121,11 +136,19 @@ public function testLegacyUserChangeClearsCookie() $this->assertSame(302, $client->getResponse()->getStatusCode()); $cookieJar = $client->getCookieJar(); - $this->assertNotNull($cookieJar->get('REMEMBERME')); + $this->assertNotNull($cookie = $cookieJar->get('REMEMBERME')); + + UserChangingUserProvider::$changePassword = true; + // change password (through user provider), this deauthenticates the session $client->request('GET', '/profile'); $this->assertRedirect($client->getResponse(), '/login'); $this->assertNull($cookieJar->get('REMEMBERME')); + + // restore the old remember me cookie, it should no longer be valid + $cookieJar->set($cookie); + $client->request('GET', '/profile'); + $this->assertRedirect($client->getResponse(), '/login'); } /** From 04a76b7db41d18f8230655238b17406ceb48ecb7 Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Mon, 1 Nov 2021 17:10:19 +0100 Subject: [PATCH 2/4] Fix misleading error on missing provider with authenticator manager --- DependencyInjection/SecurityExtension.php | 2 +- Tests/DependencyInjection/SecurityExtensionTest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php index f1ce0a9a..1deb0e86 100644 --- a/DependencyInjection/SecurityExtension.php +++ b/DependencyInjection/SecurityExtension.php @@ -677,7 +677,7 @@ private function getUserProvider(ContainerBuilder $container, string $id, array return 'security.user_providers'; } - throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $id)); + throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" %s on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $this->authenticatorManagerEnabled ? 'authenticator' : 'listener', $id)); } private function createEncoders(array $encoders, ContainerBuilder $container) diff --git a/Tests/DependencyInjection/SecurityExtensionTest.php b/Tests/DependencyInjection/SecurityExtensionTest.php index 3df35509..bd6fd9c3 100644 --- a/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/Tests/DependencyInjection/SecurityExtensionTest.php @@ -220,7 +220,7 @@ public function testPerListenerProvider() public function testMissingProviderForListener() { $this->expectException(InvalidConfigurationException::class); - $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" listener on "ambiguous" firewall is ambiguous as there is more than one registered provider.'); + $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" authenticator on "ambiguous" firewall is ambiguous as there is more than one registered provider.'); $container = $this->getRawContainer(); $container->loadFromExtension('security', [ 'enable_authenticator_manager' => true, From 18d4a6695b7daec4e62c31cede8cadc17499919b Mon Sep 17 00:00:00 2001 From: Artem Lopata Date: Wed, 3 Nov 2021 11:04:43 +0100 Subject: [PATCH 3/4] Default access_decision_manager.strategy option with merge. Security bundle should set default access_decision_manager.strategy in extension instead of configuration. Otherwise merging configurations will override first set option if the next configurations are empty. --- DependencyInjection/MainConfiguration.php | 18 ------------------ DependencyInjection/SecurityExtension.php | 3 ++- .../MainConfigurationTest.php | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+), 19 deletions(-) diff --git a/DependencyInjection/MainConfiguration.php b/DependencyInjection/MainConfiguration.php index da2cc10c..2f8714aa 100644 --- a/DependencyInjection/MainConfiguration.php +++ b/DependencyInjection/MainConfiguration.php @@ -47,24 +47,6 @@ public function getConfigTreeBuilder() $rootNode = $tb->getRootNode(); $rootNode - ->beforeNormalization() - ->ifTrue(function ($v) { - if (!isset($v['access_decision_manager'])) { - return true; - } - - if (!isset($v['access_decision_manager']['strategy']) && !isset($v['access_decision_manager']['service'])) { - return true; - } - - return false; - }) - ->then(function ($v) { - $v['access_decision_manager']['strategy'] = AccessDecisionManager::STRATEGY_AFFIRMATIVE; - - return $v; - }) - ->end() ->children() ->scalarNode('access_denied_url')->defaultNull()->example('/foo/error403')->end() ->enumNode('session_fixation_strategy') diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php index 5b81d857..22f3a8fa 100644 --- a/DependencyInjection/SecurityExtension.php +++ b/DependencyInjection/SecurityExtension.php @@ -27,6 +27,7 @@ use Symfony\Component\DependencyInjection\Loader\XmlFileLoader; use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\HttpKernel\DependencyInjection\Extension; +use Symfony\Component\Security\Core\Authorization\AccessDecisionManager; use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; use Symfony\Component\Security\Core\Encoder\NativePasswordEncoder; use Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder; @@ -130,7 +131,7 @@ public function load(array $configs, ContainerBuilder $container) } else { $container ->getDefinition('security.access.decision_manager') - ->addArgument($config['access_decision_manager']['strategy']) + ->addArgument($config['access_decision_manager']['strategy'] ?? AccessDecisionManager::STRATEGY_AFFIRMATIVE) ->addArgument($config['access_decision_manager']['allow_if_all_abstain']) ->addArgument($config['access_decision_manager']['allow_if_equal_granted_denied']); } diff --git a/Tests/DependencyInjection/MainConfigurationTest.php b/Tests/DependencyInjection/MainConfigurationTest.php index acdfff8d..ffefe42c 100644 --- a/Tests/DependencyInjection/MainConfigurationTest.php +++ b/Tests/DependencyInjection/MainConfigurationTest.php @@ -15,6 +15,7 @@ use Symfony\Bundle\SecurityBundle\DependencyInjection\MainConfiguration; use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException; use Symfony\Component\Config\Definition\Processor; +use Symfony\Component\Security\Core\Authorization\AccessDecisionManager; class MainConfigurationTest extends TestCase { @@ -113,4 +114,22 @@ public function testUserCheckers() $this->assertEquals('app.henk_checker', $processedConfig['firewalls']['stub']['user_checker']); } + + public function testConfigMergeWithAccessDecisionManager() + { + $config = [ + 'access_decision_manager' => [ + 'strategy' => AccessDecisionManager::STRATEGY_UNANIMOUS, + ], + ]; + $config = array_merge(static::$minimalConfig, $config); + + $config2 = []; + + $processor = new Processor(); + $configuration = new MainConfiguration([], []); + $processedConfig = $processor->processConfiguration($configuration, [$config, $config2]); + + $this->assertSame(AccessDecisionManager::STRATEGY_UNANIMOUS, $processedConfig['access_decision_manager']['strategy']); + } } From c5419267a655c294109ee5241a99ac7b7b8203b8 Mon Sep 17 00:00:00 2001 From: Thomas Calvet Date: Sat, 20 Nov 2021 15:57:49 +0100 Subject: [PATCH 4/4] [Tests] Remove some unused fixtures --- .../SecurityExtensionTest.php | 40 ------------------- 1 file changed, 40 deletions(-) diff --git a/Tests/DependencyInjection/SecurityExtensionTest.php b/Tests/DependencyInjection/SecurityExtensionTest.php index bd6fd9c3..450f6644 100644 --- a/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/Tests/DependencyInjection/SecurityExtensionTest.php @@ -35,7 +35,6 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; -use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator; use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface; @@ -835,45 +834,6 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio } } -class NullAuthenticator implements GuardAuthenticatorInterface -{ - public function start(Request $request, AuthenticationException $authException = null) - { - } - - public function supports(Request $request) - { - } - - public function getCredentials(Request $request) - { - } - - public function getUser($credentials, UserProviderInterface $userProvider) - { - } - - public function checkCredentials($credentials, UserInterface $user) - { - } - - public function createAuthenticatedToken(UserInterface $user, string $providerKey) - { - } - - public function onAuthenticationFailure(Request $request, AuthenticationException $exception) - { - } - - public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey) - { - } - - public function supportsRememberMe() - { - } -} - class TestUserChecker implements UserCheckerInterface { public function checkPreAuth(UserInterface $user) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy