bug #41139 [Security] [DataCollector] Remove allows anonymous information in datacollector (ismail1432)

wouterj · wouterj · commit e83c9927aff9 · 2021-05-18T15:25:32.000+02:00
This PR was submitted for the 5.x branch but it was squashed and merged into the 5.2 branch instead. Discussion ---------- [Security] [DataCollector] Remove allows anonymous information in datacollector | Q | A | ------------- | --- | Branch? | 5.2 | Bug fix? | no | New feature? | yes/no  | Deprecations? | yes/no  | Tickets | Fix #40907 | License | MIT | Doc PR | symfony/symfony-docs#...  As mentioned In #40907 there is no longer anonymous users no longer in the new authentication system. This PR remove this information **if the new system is used** as it always a red cross With `enable_authenticator_manager` at `false` ![image](https://user-images.githubusercontent.com/13260307/117574692-34c8d900-b0d6-11eb-9bef-a6c9abdfad2f.png) With `enable_authenticator_manager` at `true` ![image](https://user-images.githubusercontent.com/13260307/117574619-f3382e00-b0d5-11eb-945a-3613425ccdbe.png) Commits ------- 92cd096 [Security] [DataCollector] Remove allows anonymous information in datacollector
diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -44,8 +44,9 @@ class SecurityDataCollector extends DataCollector implements LateDataCollectorIn
     private $firewallMap;
     private $firewall;
     private $hasVarDumper;
+    private $authenticatorManagerEnabled;
 
-    public function __construct(TokenStorageInterface $tokenStorage = null, RoleHierarchyInterface $roleHierarchy = null, LogoutUrlGenerator $logoutUrlGenerator = null, AccessDecisionManagerInterface $accessDecisionManager = null, FirewallMapInterface $firewallMap = null, TraceableFirewallListener $firewall = null)
+    public function __construct(TokenStorageInterface $tokenStorage = null, RoleHierarchyInterface $roleHierarchy = null, LogoutUrlGenerator $logoutUrlGenerator = null, AccessDecisionManagerInterface $accessDecisionManager = null, FirewallMapInterface $firewallMap = null, TraceableFirewallListener $firewall = null, $authenticatorManagerEnabled = false)
     {
         $this->tokenStorage = $tokenStorage;
         $this->roleHierarchy = $roleHierarchy;
@@ -54,6 +55,7 @@ public function __construct(TokenStorageInterface $tokenStorage = null, RoleHier
         $this->firewallMap = $firewallMap;
         $this->firewall = $firewall;
         $this->hasVarDumper = class_exists(ClassStub::class);
+        $this->authenticatorManagerEnabled = $authenticatorManagerEnabled;
     }
 
     /**
@@ -204,6 +206,8 @@ public function collect(Request $request, Response $response, \Throwable $except
         if ($this->firewall) {
             $this->data['listeners'] = $this->firewall->getWrappedListeners();
         }
+
+        $this->data['authenticator_manager_enabled'] = $this->authenticatorManagerEnabled;
     }
 
     /**
@@ -389,4 +393,9 @@ public function getName()
     {
         return 'security';
     }
+
+    public function isAuthenticatorManagerEnabled(): bool
+    {
+        return $this->data['authenticator_manager_enabled'];
+    }
 }
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -132,6 +132,8 @@ public function load(array $configs, ContainerBuilder $container)
         $loader->load('collectors.php');
         $loader->load('guard.php');
 
+        $container->getDefinition('data_collector.security')->addArgument($this->authenticatorManagerEnabled);
+
         if ($container->hasParameter('kernel.debug') && $container->getParameter('kernel.debug')) {
             $loader->load('security_debug.php');
         }
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig b/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
@@ -159,10 +159,12 @@
                     <span class="value">{{ include('@WebProfiler/Icon/' ~ (collector.firewall.stateless ? 'yes' : 'no') ~ '.svg') }}</span>
                     <span class="label">Stateless</span>
                 </div>
+                {% if collector.authenticatorManagerEnabled == false %}
                 <div class="metric">
                     <span class="value">{{ include('@WebProfiler/Icon/' ~ (collector.firewall.allows_anonymous ? 'yes' : 'no') ~ '.svg') }}</span>
                     <span class="label">Allows anonymous</span>
                 </div>
+                {% endif %}
             </div>
 
             {% if collector.firewall.security_enabled %}
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
@@ -71,6 +71,7 @@ public function testCollectWhenAuthenticationTokenIsNull()
         $this->assertCount(0, $collector->getInheritedRoles());
         $this->assertEmpty($collector->getUser());
         $this->assertNull($collector->getFirewall());
+        $this->assertFalse($collector->isAuthenticatorManagerEnabled());
     }
 
     /** @dataProvider provideRoles */
@@ -93,6 +94,7 @@ public function testCollectAuthenticationTokenAndRoles(array $roles, array $norm
         $this->assertSame($normalizedRoles, $collector->getRoles()->getValue(true));
         $this->assertSame($inheritedRoles, $collector->getInheritedRoles()->getValue(true));
         $this->assertSame('hhamon', $collector->getUser());
+        $this->assertFalse($collector->isAuthenticatorManagerEnabled());
     }
 
     public function testCollectSwitchUserToken()
@@ -132,7 +134,7 @@ public function testGetFirewall()
             ->with($request)
             ->willReturn($firewallConfig);
 
-        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()));
+        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()), true);
         $collector->collect($request, new Response());
         $collector->lateCollect();
         $collected = $collector->getFirewall();
@@ -149,6 +151,7 @@ public function testGetFirewall()
         $this->assertSame($firewallConfig->getAccessDeniedUrl(), $collected['access_denied_url']);
         $this->assertSame($firewallConfig->getUserChecker(), $collected['user_checker']);
         $this->assertSame($firewallConfig->getListeners(), $collected['listeners']->getValue());
+        $this->assertTrue($collector->isAuthenticatorManagerEnabled());
     }
 
     public function testGetFirewallReturnsNull()

Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,9 @@ class SecurityDataCollector extends DataCollector implements LateDataCollectorIn`
`44`	`44`	`private $firewallMap;`
`45`	`45`	`private $firewall;`
`46`	`46`	`private $hasVarDumper;`
	`47`	`+ private $authenticatorManagerEnabled;`
`47`	`48`
`48`		`- public function __construct(TokenStorageInterface $tokenStorage = null, RoleHierarchyInterface $roleHierarchy = null, LogoutUrlGenerator $logoutUrlGenerator = null, AccessDecisionManagerInterface $accessDecisionManager = null, FirewallMapInterface $firewallMap = null, TraceableFirewallListener $firewall = null)`
	`49`	`+ public function __construct(TokenStorageInterface $tokenStorage = null, RoleHierarchyInterface $roleHierarchy = null, LogoutUrlGenerator $logoutUrlGenerator = null, AccessDecisionManagerInterface $accessDecisionManager = null, FirewallMapInterface $firewallMap = null, TraceableFirewallListener $firewall = null, $authenticatorManagerEnabled = false)`
`49`	`50`	`{`
`50`	`51`	`$this->tokenStorage = $tokenStorage;`
`51`	`52`	`$this->roleHierarchy = $roleHierarchy;`
`@@ -54,6 +55,7 @@ public function __construct(TokenStorageInterface $tokenStorage = null, RoleHier`
`54`	`55`	`$this->firewallMap = $firewallMap;`
`55`	`56`	`$this->firewall = $firewall;`
`56`	`57`	`$this->hasVarDumper = class_exists(ClassStub::class);`
	`58`	`+ $this->authenticatorManagerEnabled = $authenticatorManagerEnabled;`
`57`	`59`	`}`
`58`	`60`
`59`	`61`	`/**`
`@@ -204,6 +206,8 @@ public function collect(Request $request, Response $response, \Throwable $except`
`204`	`206`	`if ($this->firewall) {`
`205`	`207`	`$this->data['listeners'] = $this->firewall->getWrappedListeners();`
`206`	`208`	`}`
	`209`	`+`
	`210`	`+ $this->data['authenticator_manager_enabled'] = $this->authenticatorManagerEnabled;`
`207`	`211`	`}`
`208`	`212`
`209`	`213`	`/**`
`@@ -389,4 +393,9 @@ public function getName()`
`389`	`393`	`{`
`390`	`394`	`return 'security';`
`391`	`395`	`}`
	`396`	`+`
	`397`	`+ public function isAuthenticatorManagerEnabled(): bool`
	`398`	`+ {`
	`399`	`+ return $this->data['authenticator_manager_enabled'];`
	`400`	`+ }`
`392`	`401`	`}`
Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,8 @@ public function load(array $configs, ContainerBuilder $container)`
`132`	`132`	`$loader->load('collectors.php');`
`133`	`133`	`$loader->load('guard.php');`
`134`	`134`
	`135`	`+ $container->getDefinition('data_collector.security')->addArgument($this->authenticatorManagerEnabled);`
	`136`	`+`
`135`	`137`	`if ($container->hasParameter('kernel.debug') && $container->getParameter('kernel.debug')) {`
`136`	`138`	`$loader->load('security_debug.php');`
`137`	`139`	`}`