[Security] Support custom remember me handlers

wouterj · wouterj · commit e26d6c47caf1 · 2021-04-08T11:46:35.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php
@@ -0,0 +1,61 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler;
+
+use Symfony\Bundle\SecurityBundle\RememberMe\DecoratedRememberMeHandler;
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+
+/**
+ * Replaces the DecoratedRememberMeHandler services with the real definition.
+ *
+ * @author Wouter de Jong <wouter@wouterj.nl>
+ *
+ * @internal
+ */
+final class ReplaceDecoratedRememberMeHandlerPass implements CompilerPassInterface
+{
+    private static $handlerServiceTag = 'security.remember_me_handler';
+
+    /**
+     * {@inheritDoc}
+     */
+    public function process(ContainerBuilder $container): void
+    {
+        $handledFirewalls = [];
+        foreach ($container->findTaggedServiceIds(self::$handlerServiceTag) as $definitionId => $rememberMeHandlerTags) {
+            $definition = $container->findDefinition($definitionId);
+            if (DecoratedRememberMeHandler::class !== $definition->getClass()) {
+                continue;
+            }
+
+            // get the actual custom remember me handler definition (passed to the decorator)
+            $realRememberMeHandler = $container->findDefinition((string) $definition->getArgument(0));
+            if (null === $realRememberMeHandler) {
+                throw new \LogicException(sprintf('Invalid service definition for custom remember me handler; no service found with ID "%s".', (string) $definition->getArgument(0)));
+            }
+
+            foreach ($rememberMeHandlerTags as $rememberMeHandlerTag) {
+                // some custom handlers may be used on multiple firewalls in the same application
+                if (\in_array($rememberMeHandlerTag['firewall'], $handledFirewalls, true)) {
+                    continue;
+                }
+
+                $rememberMeHandler = clone $realRememberMeHandler;
+                $rememberMeHandler->addTag(self::$handlerServiceTag, $rememberMeHandlerTag);
+                $container->setDefinition('security.authenticator.remember_me_handler.'.$rememberMeHandlerTag['firewall'], $rememberMeHandler);
+
+                $handledFirewalls[] = $rememberMeHandlerTag['firewall'];
+            }
+        }
+    }
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
@@ -12,6 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider;
+use Symfony\Bundle\SecurityBundle\RememberMe\DecoratedRememberMeHandler;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Config\FileLocator;
@@ -110,7 +111,8 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
         }
 
         if (isset($config['service'])) {
-            $container->setDefinition($rememberMeHandlerId, $container->getDefinition($config['service']))
+            $container->register($rememberMeHandlerId, DecoratedRememberMeHandler::class)
+                ->addArgument(new Reference($config['service']))
                 ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
         } elseif (isset($config['token_provider'])) {
             $tokenProviderId = $this->createTokenProvider($container, $firewallName, $config['token_provider']);
diff --git a/src/Symfony/Bundle/SecurityBundle/RememberMe/DecoratedRememberMeHandler.php b/src/Symfony/Bundle/SecurityBundle/RememberMe/DecoratedRememberMeHandler.php
@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\RememberMe;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\RememberMe\RememberMeDetails;
+use Symfony\Component\Security\Http\RememberMe\RememberMeHandlerInterface;
+
+/**
+ * Used as a "workaround" for tagging aliases in the RememberMeFactory.
+ *
+ * @author Wouter de Jong <wouter@wouterj.nl>
+ *
+ * @internal
+ */
+final class DecoratedRememberMeHandler implements RememberMeHandlerInterface
+{
+    private $handler;
+
+    public function __construct(RememberMeHandlerInterface $handler)
+    {
+        $this->handler = $handler;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function createRememberMeCookie(UserInterface $user): void
+    {
+        $this->handler->createRememberMeCookie($user);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function consumeRememberMeCookie(RememberMeDetails $rememberMeDetails): UserInterface
+    {
+        return $this->handler->consumeRememberMeCookie($rememberMeDetails);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function clearRememberMeCookie(): void
+    {
+        $this->handler->clearRememberMeCookie();
+    }
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php
@@ -19,6 +19,7 @@
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterGlobalSecurityEventListenersPass;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterLdapLocatorPass;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterTokenUsageTrackingPass;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\ReplaceDecoratedRememberMeHandlerPass;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\SortFirewallListenersPass;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AnonymousFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\CustomAuthenticatorFactory;
@@ -83,6 +84,7 @@ public function build(ContainerBuilder $container)
         $container->addCompilerPass(new RegisterGlobalSecurityEventListenersPass(), PassConfig::TYPE_BEFORE_REMOVING, -200);
         // execute after ResolveChildDefinitionsPass optimization pass, to ensure class names are set
         $container->addCompilerPass(new SortFirewallListenersPass(), PassConfig::TYPE_BEFORE_REMOVING);
+        $container->addCompilerPass(new ReplaceDecoratedRememberMeHandlerPass(), PassConfig::TYPE_OPTIMIZE);
 
         $container->addCompilerPass(new AddEventAliasesPass(array_merge(
             AuthenticationEvents::ALIASES,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -388,6 +388,27 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same
         $this->assertEquals($secure, $definition->getArgument(3)['secure']);
     }
 
+    public function testCustomRememberMeHandler()
+    {
+        $container = $this->getRawContainer();
+
+        $container->register('custom_remember_me', \stdClass::class);
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => [
+                'default' => [
+                    'remember_me' => ['secret' => 'very', 'service' => 'custom_remember_me'],
+                ],
+            ],
+        ]);
+
+        $container->compile();
+
+        $handler = $container->getDefinition('security.authenticator.remember_me_handler.default');
+        $this->assertEquals(\stdClass::class, $handler->getClass());
+        $this->assertEquals([['firewall' => 'default']], $handler->getTag('security.remember_me_handler'));
+    }
+
     public function sessionConfigurationProvider()
     {
         return [
@@ -661,13 +682,13 @@ protected function getRawContainer()
         $security = new SecurityExtension();
         $container->registerExtension($security);
 
-        $bundle = new SecurityBundle();
-        $bundle->build($container);
-
         $container->getCompilerPassConfig()->setOptimizationPasses([new ResolveChildDefinitionsPass()]);
         $container->getCompilerPassConfig()->setRemovingPasses([]);
         $container->getCompilerPassConfig()->setAfterRemovingPasses([]);
 
+        $bundle = new SecurityBundle();
+        $bundle->build($container);
+
         return $container;
     }
 
