[SecurityBundle][Routing] Add LogoutRouteLoader

MatTheCat · MatTheCat · commit 70e68d285435 · 2023-07-11T23:41:22.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
 ---
 
  * Deprecate `Security::ACCESS_DENIED_ERROR`, `AUTHENTICATION_ERROR` and `LAST_USERNAME` constants, use the ones on `SecurityRequestAttributes` instead
+ * Add `LogoutRouteLoader`
 
 6.3
 ---
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -49,6 +49,7 @@
 use Symfony\Component\PasswordHasher\Hasher\Pbkdf2PasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\PlaintextPasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\SodiumPasswordHasher;
+use Symfony\Component\Routing\Loader\ContainerLoader;
 use Symfony\Component\Security\Core\Authorization\Strategy\AffirmativeStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\ConsensusStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
@@ -170,6 +171,11 @@ public function load(array $configs, ContainerBuilder $container)
         }
 
         $this->createFirewalls($config, $container);
+
+        if (!$container::willBeAvailable('symfony/routing', ContainerLoader::class, ['symfony/security/bundle'])) {
+            $container->removeDefinition('security.route_loader.logout');
+        }
+
         $this->createAuthorization($config, $container);
         $this->createRoleHierarchy($config, $container);
 
@@ -307,7 +313,7 @@ private function createFirewalls(array $config, ContainerBuilder $container): vo
 
         // load firewall map
         $mapDef = $container->getDefinition('security.firewall.map');
-        $map = $authenticationProviders = $contextRefs = $authenticators = [];
+        $map = $authenticationProviders = $contextRefs = $authenticators = $configs = [];
         foreach ($firewalls as $name => $firewall) {
             if (isset($firewall['user_checker']) && 'security.user_checker' !== $firewall['user_checker']) {
                 $customUserChecker = true;
@@ -317,6 +323,8 @@ private function createFirewalls(array $config, ContainerBuilder $container): vo
 
             [$matcher, $listeners, $exceptionListener, $logoutListener, $firewallAuthenticators] = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
 
+            $configs[] = new Reference($configId);
+
             if (!$firewallAuthenticators) {
                 $authenticators[$name] = null;
             } else {
@@ -354,6 +362,11 @@ private function createFirewalls(array $config, ContainerBuilder $container): vo
         if (!$customUserChecker) {
             $container->setAlias(UserCheckerInterface::class, new Alias('security.user_checker', false));
         }
+
+        $container
+            ->getDefinition('security.route_loader.logout')
+            ->replaceArgument(0, new IteratorArgument($configs))
+        ;
     }
 
     private function createFirewall(ContainerBuilder $container, string $id, array $firewall, array &$authenticationProviders, array $providerIds, string $configId): array
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -13,6 +13,7 @@
 
 use Symfony\Bundle\SecurityBundle\CacheWarmer\ExpressionCacheWarmer;
 use Symfony\Bundle\SecurityBundle\EventListener\FirewallListener;
+use Symfony\Bundle\SecurityBundle\Routing\LogoutRouteLoader;
 use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
 use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
@@ -229,6 +230,12 @@
                 service('security.token_storage')->nullOnInvalid(),
             ])
 
+        ->set('security.route_loader.logout', LogoutRouteLoader::class)
+            ->args([
+                abstract_arg('Firewall config iterator')
+            ])
+            ->tag('routing.route_loader')
+
         // Provisioning
         ->set('security.user.provider.missing', MissingUserProvider::class)
             ->abstract()
diff --git a/src/Symfony/Bundle/SecurityBundle/Routing/LogoutRouteLoader.php b/src/Symfony/Bundle/SecurityBundle/Routing/LogoutRouteLoader.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace Symfony\Bundle\SecurityBundle\Routing;
+
+use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Component\Routing\Route;
+use Symfony\Component\Routing\RouteCollection;
+
+class LogoutRouteLoader
+{
+    /**
+     * @param iterable<FirewallConfig> $firewallConfigs
+     */
+    public function __construct(
+        private readonly iterable $firewallConfigs
+    ) {}
+
+    public function __invoke(): RouteCollection
+    {
+        $collection = new RouteCollection();
+
+        foreach ($this->firewallConfigs as $config) {
+            if (!$logoutConfig = $config->getLogout()) {
+                continue;
+            }
+
+            $collection->add('_logout_'.$config->getName(), new Route($logoutConfig['path']));
+        }
+
+        return $collection;
+    }
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Routing/LogoutRouteLoaderTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Routing/LogoutRouteLoaderTest.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Routing;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\SecurityBundle\Routing\LogoutRouteLoader;
+use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Component\Routing\Route;
+use Symfony\Component\Routing\RouteCollection;
+
+class LogoutRouteLoaderTest extends TestCase
+{
+    public function testLoad(): void
+    {
+        $loader = new LogoutRouteLoader([
+            new FirewallConfig('dev', 'security.user_checker'),
+            new FirewallConfig('main', 'security.user_checker', logout: ['path' => '/logout']),
+        ]);
+        $collection = $loader();
+
+        self::assertInstanceOf(RouteCollection::class, $collection);
+        self::assertCount(1, $collection);
+        self::assertEquals(new Route('/logout'), $collection->get('_logout_main'));
+    }
+}
