[Security] Include build-in config for DoctrineTokenProvider

wouterj · wouterj · commit 3a7445e6dc5c · 2021-02-17T20:07:30.000+01:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
@@ -11,7 +11,9 @@
 
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
+use Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
 use Symfony\Component\DependencyInjection\ChildDefinition;
@@ -109,8 +111,9 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
             $container->setDefinition($rememberMeHandlerId, $container->getDefinition($options['service']))
                 ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
         } elseif (isset($options['token_provider'])) {
+            $tokenProviderId = $this->createTokenProvider($container, $firewallName, $config['token_provider']);
             $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.persistent_remember_me_handler'))
-                ->replaceArgument(0, new Reference($options['token_provider']))
+                ->replaceArgument(0, new Reference($tokenProviderId))
                 ->replaceArgument(2, new Reference($userProviderId))
                 ->replaceArgument(4, $options)
                 ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
@@ -175,7 +178,6 @@ public function addConfiguration(NodeDefinition $node)
         $builder
             ->scalarNode('secret')->isRequired()->cannotBeEmpty()->end()
             ->scalarNode('service')->end()
-            ->scalarNode('token_provider')->end()
             ->arrayNode('user_providers')
                 ->beforeNormalization()
                     ->ifString()->then(function ($v) { return [$v]; })
@@ -191,6 +193,23 @@ public function addConfiguration(NodeDefinition $node)
             ->end()
         ;
 
+        $tokenProviderBuilder = $builder
+            ->arrayNode('token_provider')
+                ->beforeNormalization()
+                    ->ifString()->then(function ($v) { return ['service' => $v]; })
+                ->end()
+                ->children()
+                    ->scalarNode('service')->end();
+        if (class_exists(DoctrineTokenProvider::class)) {
+            $tokenProviderBuilder
+                ->arrayNode('doctrine')
+                    ->canBeEnabled()
+                    ->children()
+                        ->scalarNode('connection')->defaultValue('default')->end()
+                    ->end()
+                ->end();
+        }
+
         foreach ($this->options as $name => $value) {
             if ('secure' === $name) {
                 $builder->enumNode($name)->values([true, false, 'auto'])->defaultValue('auto' === $value ? null : $value);
@@ -228,9 +247,8 @@ private function createRememberMeServices(ContainerBuilder $container, string $i
         $rememberMeServices->replaceArgument(2, $id);
 
         if (isset($config['token_provider'])) {
-            $rememberMeServices->addMethodCall('setTokenProvider', [
-                new Reference($config['token_provider']),
-            ]);
+            $tokenProviderId = $this->createTokenProvider($container, $id, $config['token_provider']);
+            $rememberMeServices->addMethodCall('setTokenProvider', [new Reference($tokenProviderId)]);
         }
 
         // remember-me options
@@ -249,4 +267,24 @@ private function createRememberMeServices(ContainerBuilder $container, string $i
 
         $rememberMeServices->replaceArgument(0, new IteratorArgument(array_unique($userProviders)));
     }
+
+    private function createTokenProvider(ContainerBuilder $container, string $firewallName, array $config): string
+    {
+        $tokenProviderId = $config['service'];
+        if ($config['doctrine'] ?? false) {
+            if (!class_exists(DoctrineTokenProvider::class)) {
+                throw new InvalidConfigurationException('"remember_me.token_provider.doctrine" cannot be enabled as symfony/doctrine-bridge is not installed.');
+            }
+
+            $tokenProviderId = 'security.remember_me.doctrine_token_provider.'.$firewallName;
+            $container->register($tokenProviderId, DoctrineTokenProvider::class)
+                ->addArgument(new Reference('doctrine.dbal.'.$config['doctrine']['connection'].'_connection'));
+        }
+
+        if (!$tokenProviderId) {
+            throw new InvalidConfigurationException(sprintf('No token provider was set for firewall "%s". Either configure a service ID or set "remember_me.token_provider.doctrine" to true.', $firewallName));
+        }
+
+        return $tokenProviderId;
+    }
 }
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/schema/security-1.0.xsd b/src/Symfony/Bundle/SecurityBundle/Resources/config/schema/security-1.0.xsd
@@ -309,9 +309,12 @@
     </xsd:complexType>
 
     <xsd:complexType name="remember_me">
-        <xsd:choice minOccurs="0" maxOccurs="unbounded">
-            <xsd:element name="user-provider" type="xsd:string" />
-        </xsd:choice>
+        <xsd:sequence minOccurs="0">
+            <xsd:choice minOccurs="0" maxOccurs="unbounded">
+                <xsd:element name="user-provider" type="xsd:string" />
+            </xsd:choice>
+            <xsd:element name="token-provider" type="remember_me_token_provider" />
+        </xsd:sequence>
         <xsd:attribute name="name" type="xsd:string" />
         <xsd:attribute name="lifetime" type="xsd:integer" />
         <xsd:attribute name="path" type="xsd:string" />
@@ -327,6 +330,18 @@
         <xsd:attribute name="samesite" type="remember_me_samesite" />
     </xsd:complexType>
 
+    <xsd:complexType name="remember_me_token_provider">
+        <xsd:sequence>
+            <xsd:element name="doctrine" type="remember_me_token_provider_doctrine" />
+        </xsd:sequence>
+        <xsd:attribute name="service" type="xsd:string" />
+    </xsd:complexType>
+
+    <xsd:complexType name="remember_me_token_provider_doctrine">
+        <xsd:attribute name="enabled" type="xsd:boolean" />
+        <xsd:attribute name="connection" type="xsd:string" />
+    </xsd:complexType>
+
     <xsd:simpleType name="remember_me_secure">
         <xsd:restriction base="xsd:string">
             <xsd:enumeration value="true" />
