[SecurityBundle][Routing] Add LogoutRouteLoader

MatTheCat · MatTheCat · commit e79f533568bf · 2023-08-11T16:22:46.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -7,6 +7,7 @@ CHANGELOG
  * Deprecate `Security::ACCESS_DENIED_ERROR`, `AUTHENTICATION_ERROR` and `LAST_USERNAME` constants, use the ones on `SecurityRequestAttributes` instead
  * Allow an array of `pattern` in firewall configuration
  * Add `$badges` argument to `Security::login`
+ * Add `LogoutRouteLoader`
 
 6.3
 ---
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -49,6 +49,7 @@
 use Symfony\Component\PasswordHasher\Hasher\Pbkdf2PasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\PlaintextPasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\SodiumPasswordHasher;
+use Symfony\Component\Routing\Loader\ContainerLoader;
 use Symfony\Component\Security\Core\Authorization\Strategy\AffirmativeStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\ConsensusStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
@@ -170,6 +171,13 @@ public function load(array $configs, ContainerBuilder $container)
         }
 
         $this->createFirewalls($config, $container);
+
+        if ($container::willBeAvailable('symfony/routing', ContainerLoader::class, ['symfony/security/bundle'])) {
+            $this->createLogoutPathsParameter($config['firewalls'] ?? [], $container);
+        } else {
+            $container->removeDefinition('security.route_loader.logout');
+        }
+
         $this->createAuthorization($config, $container);
         $this->createRoleHierarchy($config, $container);
 
@@ -1093,4 +1101,16 @@ private function getSortedFactories(): array
 
         return $this->sortedFactories;
     }
+
+    private function createLogoutPathsParameter(array $firewallsConfig, ContainerBuilder $container): void
+    {
+        $logoutPaths = [];
+        foreach ($firewallsConfig as $name => $config) {
+            if ($logoutPath = $config['logout']['path'] ?? null) {
+                $logoutPaths[$name] = $logoutPath;
+            }
+        }
+
+        $container->setParameter('security.logout_paths', $logoutPaths);
+    }
 }
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -13,6 +13,7 @@
 
 use Symfony\Bundle\SecurityBundle\CacheWarmer\ExpressionCacheWarmer;
 use Symfony\Bundle\SecurityBundle\EventListener\FirewallListener;
+use Symfony\Bundle\SecurityBundle\Routing\LogoutRouteLoader;
 use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
 use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
@@ -229,6 +230,13 @@
                 service('security.token_storage')->nullOnInvalid(),
             ])
 
+        ->set('security.route_loader.logout', LogoutRouteLoader::class)
+            ->args([
+                '%security.logout_paths%',
+                'security.logout_paths',
+            ])
+            ->tag('routing.route_loader')
+
         // Provisioning
         ->set('security.user.provider.missing', MissingUserProvider::class)
             ->abstract()
diff --git a/src/Symfony/Bundle/SecurityBundle/Routing/LogoutRouteLoader.php b/src/Symfony/Bundle/SecurityBundle/Routing/LogoutRouteLoader.php
@@ -0,0 +1,50 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Routing;
+
+use Symfony\Component\DependencyInjection\Config\ContainerParametersResource;
+use Symfony\Component\Routing\Route;
+use Symfony\Component\Routing\RouteCollection;
+
+class LogoutRouteLoader
+{
+    /**
+     * @param iterable<string, string> $logoutPaths Logout paths indexed by the corresponding firewall name
+     * @param string $parameterName Name of the container parameter containing {@see $logoutPaths}' value
+     */
+    public function __construct(
+        private readonly iterable $logoutPaths,
+        private readonly string $parameterName,
+    ) {
+    }
+
+    public function __invoke(): RouteCollection
+    {
+        $collection = new RouteCollection();
+        $collection->addResource(new ContainerParametersResource([$this->parameterName => $this->logoutPaths]));
+
+        $routeNames = [];
+        foreach ($this->logoutPaths as $firewallName => $logoutPath) {
+            $routeName = '_logout_'.$firewallName;
+
+            if (isset($routeNames[$logoutPath])) {
+                $collection->addAlias($routeNames[$logoutPath], $routeName);
+            } else {
+                $routeNames[$logoutPath] = $routeName;
+            }
+
+            $collection->add($routeName, new Route($logoutPath));
+        }
+
+        return $collection;
+    }
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Routing/LogoutRouteLoaderTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Routing/LogoutRouteLoaderTest.php
@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Routing;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\SecurityBundle\Routing\LogoutRouteLoader;
+use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Component\DependencyInjection\Config\ContainerParametersResource;
+use Symfony\Component\Routing\Route;
+use Symfony\Component\Routing\RouteCollection;
+
+class LogoutRouteLoaderTest extends TestCase
+{
+    public function testLoad()
+    {
+        $logoutPaths = [
+            'main' => '/logout',
+            'admin' => '/logout',
+        ];
+
+        $loader = new LogoutRouteLoader($logoutPaths, 'parameterName');
+        $collection = $loader();
+
+        self::assertInstanceOf(RouteCollection::class, $collection);
+        self::assertCount(1, $collection);
+        self::assertEquals(new Route('/logout'), $collection->get('_logout_main'));
+        self::assertCount(1, $collection->getAliases());
+        self::assertEquals('_logout_admin', $collection->getAlias('_logout_main')->getId());
+
+        $resources = $collection->getResources();
+        self::assertCount(1, $resources);
+
+        $resource = reset($resources);
+        self::assertInstanceOf(ContainerParametersResource::class, $resource);
+        self::assertSame(['parameterName' => $logoutPaths], $resource->getParameters());
+    }
+}
