Autoconfigure CacheTokenVerifier if possible

Seldaek · Seldaek · commit 29b8f487d789 · 2021-05-14T23:00:32.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/CleanRememberMeVerifierPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/CleanRememberMeVerifierPass.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler;
+
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+
+/**
+ * Cleans up the remember me verifier cache if cache is missing.
+ *
+ * @author Jordi Boggiano <j.boggiano@seld.be>
+ */
+class CleanRememberMeVerifierPass implements CompilerPassInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function process(ContainerBuilder $container)
+    {
+        if (!$container->hasDefinition('cache.system')) {
+            $container->removeDefinition('cache.security_token_verifier');
+        }
+    }
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
@@ -23,6 +23,7 @@
 use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\HttpFoundation\Cookie;
+use Symfony\Component\Security\Core\Authentication\RememberMe\CacheTokenVerifier;
 use Symfony\Component\Security\Http\EventListener\RememberMeLogoutListener;
 
 /**
@@ -116,12 +117,12 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
                 ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
         } elseif (isset($config['token_provider'])) {
             $tokenProviderId = $this->createTokenProvider($container, $firewallName, $config['token_provider']);
-            $tokenVerifierId = $config['token_verifier'] ?? null;
+            $tokenVerifier = $this->createTokenVerifier($container, $firewallName, $config['token_verifier'] ?? null);
             $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.persistent_remember_me_handler'))
                 ->replaceArgument(0, new Reference($tokenProviderId))
                 ->replaceArgument(2, new Reference($userProviderId))
                 ->replaceArgument(4, $config)
-                ->replaceArgument(6, $tokenVerifierId ? new Reference($tokenVerifierId) : null)
+                ->replaceArgument(6, $tokenVerifier)
                 ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
         } else {
             $signatureHasherId = 'security.authenticator.remember_me_signature_hasher.'.$firewallName;
@@ -309,4 +310,20 @@ private function createTokenProvider(ContainerBuilder $container, string $firewa
 
         return $tokenProviderId;
     }
+
+    private function createTokenVerifier(ContainerBuilder $container, string $firewallName, ?string $serviceId): string
+    {
+        if ($serviceId) {
+            return new Reference($serviceId);
+        }
+
+        $tokenVerifierId = 'security.remember_me.token_verifier.'.$firewallName;
+
+        $container->register($tokenVerifierId, CacheTokenVerifier::class)
+            ->addArgument(new Reference('cache.security_token_verifier', ContainterInterface::NULL_ON_INVALID_REFERENCE))
+            ->addArgument(60)
+            ->addArgument('rememberme-'.$firewallName.'-stale-');
+
+        return new Reference($tokenVerifierId, ContainterInterface::NULL_ON_INVALID_REFERENCE);
+    }
 }
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_remember_me.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_remember_me.php
@@ -88,5 +88,11 @@
                 service('logger')->nullOnInvalid(),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
+
+        // Cache
+        ->set('cache.security_token_verifier')
+            ->parent('cache.system')
+            ->private()
+            ->tag('cache.pool')
     ;
 };
diff --git a/src/Symfony/Component/Security/Core/Authentication/RememberMe/CacheTokenVerifier.php b/src/Symfony/Component/Security/Core/Authentication/RememberMe/CacheTokenVerifier.php
@@ -28,7 +28,7 @@ class CacheTokenVerifier implements TokenVerifierInterface
      *                              most refresh tokens. Increasing to more than that is not recommended,
      *                              but you may use a lower value.
      */
-    public function __construct(CacheItemPoolInterface $cache, int $outdatedTokenTtl = 60, string $cacheKeyPrefix = 'rememberme-')
+    public function __construct(CacheItemPoolInterface $cache, int $outdatedTokenTtl = 60, string $cacheKeyPrefix = 'rememberme-stale-')
     {
         $this->cache = $cache;
         $this->outdatedTokenTtl = $outdatedTokenTtl;

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ class CacheTokenVerifier implements TokenVerifierInterface`
`28`	`28`	`* most refresh tokens. Increasing to more than that is not recommended,`
`29`	`29`	`* but you may use a lower value.`
`30`	`30`	`*/`
`31`		`- public function __construct(CacheItemPoolInterface $cache, int $outdatedTokenTtl = 60, string $cacheKeyPrefix = 'rememberme-')`
	`31`	`+ public function __construct(CacheItemPoolInterface $cache, int $outdatedTokenTtl = 60, string $cacheKeyPrefix = 'rememberme-stale-')`
`32`	`32`	`{`
`33`	`33`	`$this->cache = $cache;`
`34`	`34`	`$this->outdatedTokenTtl = $outdatedTokenTtl;`