From b4b2e577296b48da3dc904166dafcb29df93691f Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Wed, 20 May 2015 10:13:20 +0200 Subject: [PATCH 01/10] Implemented the ChainUserChecker --- .../Core/Tests/User/ChainUserCheckerTest.php | 116 ++++++++++++++++++ .../Security/Core/User/ChainUserChecker.php | 60 +++++++++ 2 files changed, 176 insertions(+) create mode 100644 src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php create mode 100644 src/Symfony/Component/Security/Core/User/ChainUserChecker.php diff --git a/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php b/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php new file mode 100644 index 0000000000000..0a6b1db1779ac --- /dev/null +++ b/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php @@ -0,0 +1,116 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Core\Tests\User; + +use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\User\ChainUserChecker; + +class ChainUserCheckerTest extends \PHPUnit_Framework_TestCase +{ + const USER_CHECKER_INTERFACE = 'Symfony\Component\Security\Core\User\UserCheckerInterface'; + const USER_INTERFACE = 'Symfony\Component\Security\Core\User\UserInterface'; + + public function testDefaultsWithoutFailures() + { + $user = $this->getMock(self::USER_INTERFACE); + $checkers = array( + $chained1 = $this->getMock(self::USER_CHECKER_INTERFACE), + $chained2 = $this->getMock(self::USER_CHECKER_INTERFACE), + ); + + $chained1 + ->expects($this->once()) + ->method('checkPreAuth') + ->with($user); + + $chained2 + ->expects($this->once()) + ->method('checkPreAuth') + ->with($user); + + $chained1 + ->expects($this->once()) + ->method('checkPostAuth') + ->with($user); + + $chained2 + ->expects($this->once()) + ->method('checkPostAuth') + ->with($user); + + $chainUserChecker = new ChainUserChecker($checkers); + + $chainUserChecker->checkPreAuth($user); + $chainUserChecker->checkPostAuth($user); + } + + /** + * @dataProvider methodProvider + * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationException + */ + public function testWithFailures($method) + { + $user = $this->getMock(self::USER_INTERFACE); + $checkers = array( + $chained1 = $this->getMock(self::USER_CHECKER_INTERFACE), + $chained2 = $this->getMock(self::USER_CHECKER_INTERFACE), + ); + + $chained1 + ->expects($this->once()) + ->method($method) + ->with($user) + ->willThrowException(new AuthenticationException()); + + $chained2 + ->expects($this->never()) + ->method($method) + ->with($user); + + $chainUserChecker = new ChainUserChecker($checkers); + + $chainUserChecker->$method($user); + } + + /** + * @dataProvider methodProvider + * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationException + */ + public function testWithFailuresOnLastToEnsureSequence($method) + { + $user = $this->getMock(self::USER_INTERFACE); + $checkers = array( + $chained1 = $this->getMock(self::USER_CHECKER_INTERFACE), + $chained2 = $this->getMock(self::USER_CHECKER_INTERFACE), + ); + + $chained1 + ->expects($this->once()) + ->method($method) + ->with($user); + + $chained2 + ->expects($this->once()) + ->method($method) + ->with($user) + ->willThrowException(new AuthenticationException()); + + $chainUserChecker = new ChainUserChecker($checkers); + + $chainUserChecker->$method($user); + } + + public function methodProvider() + { + return array(array('checkPreAuth'), array('checkPostAuth')); + } +} diff --git a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php new file mode 100644 index 0000000000000..5ad8c1ae62556 --- /dev/null +++ b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php @@ -0,0 +1,60 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Core\User; + +/** + * Supports multiple user checkers. + * + * This user checker is a collection of other user checkers + * and triggers each user checker in the sequence provided. + * + * @author Iltar van der Berg + */ +final class ChainUserChecker implements UserCheckerInterface +{ + /** + * @var UserCheckerInterface[] + */ + private $userCheckers; + + /** + * @param UserCheckerInterface[] $userCheckers + */ + public function __construct(array $userCheckers) + { + $this->userCheckers = $userCheckers; + } + + /** + * checkPreAuth on all available UserCheckers. + * + * {@inheritdoc} + */ + public function checkPreAuth(UserInterface $user) + { + foreach ($this->userCheckers as $userChecker) { + $userChecker->checkPreAuth($user); + } + } + + /** + * checkPostAuth on all available UserCheckers. + * + * {@inheritdoc} + */ + public function checkPostAuth(UserInterface $user) + { + foreach ($this->userCheckers as $userChecker) { + $userChecker->checkPostAuth($user); + } + } +} From f031185258866e6e3576abe40f3833d68b493324 Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Thu, 21 May 2015 11:21:53 +0200 Subject: [PATCH 02/10] Added the possibility to register multiple user checkers per firewall --- .../DependencyInjection/MainConfiguration.php | 5 +++ .../DependencyInjection/SecurityExtension.php | 22 ++++++------ .../CompleteConfigurationTest.php | 30 ++++++++++++++++ .../Fixtures/php/container1.php | 8 +++++ .../Fixtures/xml/container1.xml | 7 ++++ .../Fixtures/yml/container1.yml | 7 ++++ .../MainConfigurationTest.php | 34 +++++++++++++++++-- 7 files changed, 101 insertions(+), 12 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php index c2381a4344cbf..c8691b1d24106 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php @@ -216,6 +216,11 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->prototype('scalar')->end() ->end() ->booleanNode('security')->defaultTrue()->end() + ->arrayNode('user_checkers') + ->defaultValue(array('security.user_checker')) + ->info('A list of user checkers reserved for this firewall.') + ->prototype('scalar')->end() + ->end() ->scalarNode('request_matcher')->end() ->scalarNode('access_denied_url')->end() ->scalarNode('access_denied_handler')->end() diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 6db34e4d28101..401389a3370bc 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -14,6 +14,7 @@ use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface; use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException; +use Symfony\Component\DependencyInjection\Definition; use Symfony\Component\DependencyInjection\DefinitionDecorator; use Symfony\Component\DependencyInjection\Alias; use Symfony\Component\HttpKernel\DependencyInjection\Extension; @@ -100,16 +101,17 @@ public function load(array $configs, ContainerBuilder $container) // add some required classes for compilation $this->addClassesToCompile(array( - 'Symfony\\Component\\Security\\Http\\Firewall', - 'Symfony\\Component\\Security\\Core\\User\\UserProviderInterface', - 'Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager', - 'Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorage', - 'Symfony\\Component\\Security\\Core\\Authorization\\AccessDecisionManager', - 'Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationChecker', - 'Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface', - 'Symfony\\Bundle\\SecurityBundle\\Security\\FirewallMap', - 'Symfony\\Bundle\\SecurityBundle\\Security\\FirewallContext', - 'Symfony\\Component\\HttpFoundation\\RequestMatcher', + 'Symfony\Component\Security\Http\Firewall', + 'Symfony\Component\Security\Core\SecurityContext', + 'Symfony\Component\Security\Core\User\UserProviderInterface', + 'Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager', + 'Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage', + 'Symfony\Component\Security\Core\Authorization\AccessDecisionManager', + 'Symfony\Component\Security\Core\Authorization\AuthorizationChecker', + 'Symfony\Component\Security\Core\Authorization\Voter\VoterInterface', + 'Symfony\Bundle\SecurityBundle\Security\FirewallMap', + 'Symfony\Bundle\SecurityBundle\Security\FirewallContext', + 'Symfony\Component\HttpFoundation\RequestMatcher', )); } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index 5f139ca6e1157..5d91b6a68d34f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -93,6 +93,13 @@ public function testFirewalls() 'security.authentication.listener.anonymous.host', 'security.access_listener', ), + array( + 'security.channel_listener', + 'security.context_listener.1', + 'security.authentication.listener.basic.with_user_checkers', + 'security.authentication.listener.anonymous.with_user_checkers', + 'security.access_listener', + ), ), $listeners); } @@ -233,6 +240,29 @@ public function testRememberMeThrowExceptions() $this->assertFalse($service->getArgument(5)); } + public function testUserCheckerConfig() + { + $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.with_user_checkers'); + + $this->assertCount(1, $definition->getArguments()); + + $userCheckers = $definition->getArgument(0); + $this->assertCount(2, $userCheckers); + $this->assertEquals('app.user_checker1', $userCheckers[0]); + $this->assertEquals('app.user_checker2', $userCheckers[1]); + } + + public function testUserCheckerConfigWithDefaultChecker() + { + $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.secure'); + + $this->assertCount(1, $definition->getArguments()); + + $userCheckers = $definition->getArgument(0); + $this->assertCount(1, $userCheckers); + $this->assertEquals('security.user_checker', $userCheckers[0]); + } + protected function getContainer($file) { $container = new ContainerBuilder(); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index 4521c8cdcd227..caca9e17e679e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -80,6 +80,14 @@ 'anonymous' => true, 'http_basic' => true, ), + 'with_user_checkers' => array( + 'user_checkers' => array( + 'app.user_checker1', + 'app.user_checker2', + ), + 'anonymous' => true, + 'http_basic' => true, + ), ), 'access_control' => array( diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index e5f5905fa7e0b..aaed04e8e1312 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -64,6 +64,13 @@ + + + + app.user_checker1 + app.user_checker2 + + ROLE_USER ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH ROLE_USER,ROLE_ADMIN diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index 6b27806e564be..e938af87a440d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -63,6 +63,13 @@ security: anonymous: true http_basic: true + with_user_checkers: + anonymous: ~ + http_basic: ~ + user_checkers: + - "app.user_checker1" + - "app.user_checker2" + role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php index 8d9224673cd77..adc15d2a24d13 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php @@ -46,7 +46,7 @@ public function testNoConfigForProvider() $processor = new Processor(); $configuration = new MainConfiguration(array(), array()); - $config = $processor->processConfiguration($configuration, array($config)); + $processor->processConfiguration($configuration, array($config)); } /** @@ -65,7 +65,7 @@ public function testManyConfigForProvider() $processor = new Processor(); $configuration = new MainConfiguration(array(), array()); - $config = $processor->processConfiguration($configuration, array($config)); + $processor->processConfiguration($configuration, array($config)); } public function testCsrfAliases() @@ -108,8 +108,38 @@ public function testCsrfOriginalAndAliasValueCausesException() ); $config = array_merge(static::$minimalConfig, $config); + $processor = new Processor(); + $configuration = new MainConfiguration(array(), array()); + $processor->processConfiguration($configuration, array($config)); + } + + public function testDefaultUserCheckers() + { + $processor = new Processor(); + $configuration = new MainConfiguration(array(), array()); + $processedConfig = $processor->processConfiguration($configuration, array(static::$minimalConfig)); + + $this->assertEquals(array('security.user_checker'), $processedConfig['firewalls']['stub']['user_checkers']); + } + + public function testUserCheckers() + { + $config = array( + 'firewalls' => array( + 'stub' => array( + 'user_checkers' => array( + 'security.dummy_checker', + 'app.henk_checker', + ), + ), + ), + ); + $config = array_merge(static::$minimalConfig, $config); + $processor = new Processor(); $configuration = new MainConfiguration(array(), array()); $processedConfig = $processor->processConfiguration($configuration, array($config)); + + $this->assertEquals(array('security.dummy_checker', 'app.henk_checker'), $processedConfig['firewalls']['stub']['user_checkers']); } } From ef016faaa4267d67a4e0d0b82f32a046871b813f Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Thu, 21 May 2015 12:46:45 +0200 Subject: [PATCH 03/10] Security factories are now injecting the chain user checker per firewall --- .../DependencyInjection/Security/Factory/FormLoginFactory.php | 1 + .../DependencyInjection/Security/Factory/RememberMeFactory.php | 1 + .../DependencyInjection/Security/Factory/RemoteUserFactory.php | 1 + .../DependencyInjection/Security/Factory/X509Factory.php | 1 + .../SecurityBundle/DependencyInjection/SecurityExtension.php | 1 + 5 files changed, 5 insertions(+) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php index b674c47e15bf0..3de9f0ac51f8a 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php @@ -65,6 +65,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao')) ->replaceArgument(0, new Reference($userProviderId)) + ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) ->replaceArgument(2, $id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php index d8321f52456a2..3266173628995 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php @@ -35,6 +35,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $authProviderId = 'security.authentication.provider.rememberme.'.$id; $container ->setDefinition($authProviderId, new DefinitionDecorator('security.authentication.provider.rememberme')) + ->replaceArgument(0, new Reference('security.chain_user_checker.'.$id)) ->addArgument($config['secret']) ->addArgument($id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php index 01ac91ce2ce9d..c4141fd13c15c 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php @@ -30,6 +30,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated')) ->replaceArgument(0, new Reference($userProvider)) + ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) ->addArgument($id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php index f8ca5509d039d..cf486b71d8199 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php @@ -29,6 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated')) ->replaceArgument(0, new Reference($userProvider)) + ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) ->addArgument($id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 401389a3370bc..2447c3e22d8f8 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -579,6 +579,7 @@ private function createSwitchUserListener($container, $id, $config, $defaultProv $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id; $listener = $container->setDefinition($switchUserListenerId, new DefinitionDecorator('security.authentication.switchuser_listener')); $listener->replaceArgument(1, new Reference($userProvider)); + $listener->replaceArgument(2, new Reference('security.chain_user_checker.'.$id)); $listener->replaceArgument(3, $id); $listener->replaceArgument(6, $config['parameter']); $listener->replaceArgument(7, $config['role']); From 315421eb251c195afae889f543b53fba83c8bed1 Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Thu, 21 May 2015 14:53:35 +0200 Subject: [PATCH 04/10] Added a test case to cover when an empty set is passed --- .../CompleteConfigurationTest.php | 13 ++++++++++++- .../DependencyInjection/Fixtures/php/container1.php | 1 + .../DependencyInjection/Fixtures/xml/container1.xml | 1 + .../DependencyInjection/Fixtures/yml/container1.yml | 2 ++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index 5d91b6a68d34f..42b1421452c48 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -254,7 +254,7 @@ public function testUserCheckerConfig() public function testUserCheckerConfigWithDefaultChecker() { - $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.secure'); + $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.host'); $this->assertCount(1, $definition->getArguments()); @@ -263,6 +263,17 @@ public function testUserCheckerConfigWithDefaultChecker() $this->assertEquals('security.user_checker', $userCheckers[0]); } + public function testUserCheckerConfigWithNoCheckers() + { + $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.secure'); + + $this->assertCount(1, $definition->getArguments()); + + $userCheckers = $definition->getArgument(0); + + $this->assertEmpty($userCheckers); + } + protected function getContainer($file) { $container = new ContainerBuilder(); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index caca9e17e679e..4e7e6e91d687b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -72,6 +72,7 @@ 'remote_user' => true, 'logout' => true, 'remember_me' => array('secret' => 'TheSecret'), + 'user_checkers' => array(), ), 'host' => array( 'pattern' => '/test', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index aaed04e8e1312..9a78f0db0e0c5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -55,6 +55,7 @@ + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index e938af87a440d..2568dfb757dfb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -56,6 +56,8 @@ security: logout: true remember_me: secret: TheSecret + user_checkers: + host: pattern: /test host: foo\.example\.org From d2468f44abe5cd8e400cb5ec765f8f2af574ad9a Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Mon, 8 Jun 2015 09:12:22 +0200 Subject: [PATCH 05/10] Updated docs to briefly explain the exception thrown --- .../DependencyInjection/MainConfiguration.php | 2 +- .../Security/Core/User/UserCheckerInterface.php | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php index c8691b1d24106..3543c1e33185e 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php @@ -218,7 +218,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->booleanNode('security')->defaultTrue()->end() ->arrayNode('user_checkers') ->defaultValue(array('security.user_checker')) - ->info('A list of user checkers reserved for this firewall.') + ->info('A list of user checker service ids to use when authenticating users in this firewall.') ->prototype('scalar')->end() ->end() ->scalarNode('request_matcher')->end() diff --git a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php index 3dd8d51bf5354..df57b9b748ccd 100644 --- a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php +++ b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php @@ -11,10 +11,13 @@ namespace Symfony\Component\Security\Core\User; +use Symfony\Component\Security\Core\Exception\AccountStatusException; + /** - * UserCheckerInterface checks user account when authentication occurs. + * Implement to throw AccountStatusException during the authentication process. * - * This should not be used to make authentication decisions. + * Can be used when you want to check the account status, e.g when the account is + * disabled or blocked. This should not be used to make authentication decisions. * * @author Fabien Potencier */ @@ -24,6 +27,7 @@ interface UserCheckerInterface * Checks the user account before authentication. * * @param UserInterface $user a UserInterface instance + * @throws AccountStatusException */ public function checkPreAuth(UserInterface $user); @@ -31,6 +35,7 @@ public function checkPreAuth(UserInterface $user); * Checks the user account after authentication. * * @param UserInterface $user a UserInterface instance + * @throws AccountStatusException */ public function checkPostAuth(UserInterface $user); } From 9c35cbb225cfac548a35ff2d9f747d6c2ef703ac Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Mon, 8 Jun 2015 10:09:36 +0200 Subject: [PATCH 06/10] Put some code back that was merged out by accident --- .../DependencyInjection/SecurityExtension.php | 10 ++++++++++ .../Component/Security/Core/User/ChainUserChecker.php | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 2447c3e22d8f8..9b9a1f4486672 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -371,6 +371,16 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a // Exception listener $exceptionListener = new Reference($this->createExceptionListener($container, $firewall, $id, $configuredEntryPoint ?: $defaultEntryPoint, $firewall['stateless'])); + $userCheckers = array(); + foreach ($firewall['user_checkers'] as $userChecker) { + $userCheckers[] = new Reference($userChecker); + } + + $chainUserChecker = new Definition('Symfony\Component\Security\Core\User\ChainUserChecker', array($userCheckers)); + $chainUserChecker->setPublic(false); + + $container->setDefinition('security.chain_user_checker.'.$id, $chainUserChecker); + return array($matcher, $listeners, $exceptionListener); } diff --git a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php index 5ad8c1ae62556..bbc30a4d5fe16 100644 --- a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php +++ b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php @@ -17,7 +17,7 @@ * This user checker is a collection of other user checkers * and triggers each user checker in the sequence provided. * - * @author Iltar van der Berg + * @author Iltar van der Berg */ final class ChainUserChecker implements UserCheckerInterface { From 75f766d1d78f13448185ed6c18b960d3cfbcb253 Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Thu, 16 Jul 2015 10:56:11 +0200 Subject: [PATCH 07/10] Thanks fabbot.io --- .../Component/Security/Core/User/UserCheckerInterface.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php index df57b9b748ccd..62ea9f0b05e8f 100644 --- a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php +++ b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php @@ -27,6 +27,7 @@ interface UserCheckerInterface * Checks the user account before authentication. * * @param UserInterface $user a UserInterface instance + * * @throws AccountStatusException */ public function checkPreAuth(UserInterface $user); @@ -35,6 +36,7 @@ public function checkPreAuth(UserInterface $user); * Checks the user account after authentication. * * @param UserInterface $user a UserInterface instance + * * @throws AccountStatusException */ public function checkPostAuth(UserInterface $user); From 331a52aff10627673254c8b6ca9dc6aa2e38f47b Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Thu, 16 Jul 2015 19:52:48 +0200 Subject: [PATCH 08/10] Removed bad merge --- .../SecurityBundle/DependencyInjection/SecurityExtension.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 9b9a1f4486672..6dfa284a72bd6 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -102,7 +102,6 @@ public function load(array $configs, ContainerBuilder $container) // add some required classes for compilation $this->addClassesToCompile(array( 'Symfony\Component\Security\Http\Firewall', - 'Symfony\Component\Security\Core\SecurityContext', 'Symfony\Component\Security\Core\User\UserProviderInterface', 'Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager', 'Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage', From c41960361b03eaf6c9cc38599984f96e02ee18ba Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Mon, 28 Sep 2015 14:49:42 +0200 Subject: [PATCH 09/10] Removed security.user_checker from services Also added the chain_user_checker to freshly added authenticators: - LDAP - Guard --- .../Security/Factory/FormLoginLdapFactory.php | 1 + .../Security/Factory/GuardAuthenticationFactory.php | 1 + .../Security/Factory/HttpBasicFactory.php | 1 + .../Security/Factory/HttpBasicLdapFactory.php | 1 + .../Bundle/SecurityBundle/Resources/config/guard.xml | 2 +- .../Resources/config/security_listeners.xml | 8 ++++---- .../Resources/config/security_rememberme.xml | 2 +- .../Security/Factory/GuardAuthenticationFactoryTest.php | 3 ++- 8 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php index c758b32b8d867..cfce9c3411a16 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php @@ -30,6 +30,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind')) ->replaceArgument(0, new Reference($userProviderId)) + ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) ->replaceArgument(2, $id) ->replaceArgument(3, new Reference($config['service'])) ->replaceArgument(4, $config['dn_string']) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php index 23752677775eb..4b85c3d0b820b 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php @@ -69,6 +69,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, ->replaceArgument(0, $authenticatorReferences) ->replaceArgument(1, new Reference($userProvider)) ->replaceArgument(2, $id) + ->replaceArgument(3, new Reference('security.chain_user_checker.'.$id)) ; // listener diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php index 0b81f8001b426..98af07c4ad456 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php @@ -29,6 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao')) ->replaceArgument(0, new Reference($userProvider)) + ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) ->replaceArgument(2, $id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php index 23c0130584089..73bf21cc30e1b 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php @@ -31,6 +31,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind')) ->replaceArgument(0, new Reference($userProvider)) + ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) ->replaceArgument(2, $id) ->replaceArgument(3, new Reference($config['service'])) ->replaceArgument(4, $config['dn_string']) diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml index 0524cf2b95b4b..80318c243a970 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml @@ -21,7 +21,7 @@ - + - + %security.authentication.hide_user_not_found% @@ -225,7 +225,7 @@ - + @@ -240,7 +240,7 @@ - + @@ -260,7 +260,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml index 0bad7940c361c..b83c50bd96ef8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml @@ -28,7 +28,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php index cfbc37859b97a..0bfa051c78c32 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php @@ -109,6 +109,7 @@ public function testBasicCreate() 'index_0' => array(new Reference('authenticator123')), 'index_1' => new Reference('my_user_provider'), 'index_2' => 'my_firewall', + 'index_3' => new Reference('security.chain_user_checker.my_firewall'), ), $providerDefinition->getArguments()); $listenerDefinition = $container->getDefinition('security.authentication.listener.guard.my_firewall'); @@ -123,7 +124,7 @@ public function testExistingDefaultEntryPointUsed() 'authenticators' => array('authenticator123'), 'entry_point' => null, ); - list($container, $entryPointId) = $this->executeCreate($config, 'some_default_entry_point'); + list(, $entryPointId) = $this->executeCreate($config, 'some_default_entry_point'); $this->assertEquals('some_default_entry_point', $entryPointId); } From 6189cf2845d90d5a70bc46fea1ed650b466b6c20 Mon Sep 17 00:00:00 2001 From: Iltar van der Berg Date: Tue, 29 Sep 2015 08:49:40 +0200 Subject: [PATCH 10/10] Removed ChainUser checker & simplified config --- .../DependencyInjection/MainConfiguration.php | 8 +- .../Security/Factory/FormLoginFactory.php | 2 +- .../Security/Factory/FormLoginLdapFactory.php | 2 +- .../Factory/GuardAuthenticationFactory.php | 2 +- .../Security/Factory/HttpBasicFactory.php | 2 +- .../Security/Factory/HttpBasicLdapFactory.php | 2 +- .../Security/Factory/RememberMeFactory.php | 2 +- .../Security/Factory/RemoteUserFactory.php | 2 +- .../Security/Factory/X509Factory.php | 2 +- .../DependencyInjection/SecurityExtension.php | 12 +- .../CompleteConfigurationTest.php | 29 +---- .../Fixtures/php/container1.php | 9 +- .../Fixtures/xml/container1.xml | 7 +- .../Fixtures/yml/container1.yml | 8 +- .../MainConfigurationTest.php | 9 +- .../GuardAuthenticationFactoryTest.php | 2 +- .../Core/Tests/User/ChainUserCheckerTest.php | 116 ------------------ .../Security/Core/User/ChainUserChecker.php | 60 --------- 18 files changed, 32 insertions(+), 244 deletions(-) delete mode 100644 src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php delete mode 100644 src/Symfony/Component/Security/Core/User/ChainUserChecker.php diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php index 3543c1e33185e..c07794b6b4727 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php @@ -216,10 +216,10 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->prototype('scalar')->end() ->end() ->booleanNode('security')->defaultTrue()->end() - ->arrayNode('user_checkers') - ->defaultValue(array('security.user_checker')) - ->info('A list of user checker service ids to use when authenticating users in this firewall.') - ->prototype('scalar')->end() + ->scalarNode('user_checker') + ->defaultValue('security.user_checker') + ->treatNullLike('security.user_checker') + ->info('The UserChecker to use when authenticating users in this firewall.') ->end() ->scalarNode('request_matcher')->end() ->scalarNode('access_denied_url')->end() diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php index 3de9f0ac51f8a..ac9523c507208 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php @@ -65,7 +65,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao')) ->replaceArgument(0, new Reference($userProviderId)) - ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(1, new Reference('security.user_checker.'.$id)) ->replaceArgument(2, $id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php index cfce9c3411a16..026a3d65ac6ba 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php @@ -30,7 +30,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind')) ->replaceArgument(0, new Reference($userProviderId)) - ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(1, new Reference('security.user_checker.'.$id)) ->replaceArgument(2, $id) ->replaceArgument(3, new Reference($config['service'])) ->replaceArgument(4, $config['dn_string']) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php index 4b85c3d0b820b..67bdeceb346c7 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php @@ -69,7 +69,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, ->replaceArgument(0, $authenticatorReferences) ->replaceArgument(1, new Reference($userProvider)) ->replaceArgument(2, $id) - ->replaceArgument(3, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(3, new Reference('security.user_checker.'.$id)) ; // listener diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php index 98af07c4ad456..162ea05157984 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php @@ -29,7 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao')) ->replaceArgument(0, new Reference($userProvider)) - ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(1, new Reference('security.user_checker.'.$id)) ->replaceArgument(2, $id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php index 73bf21cc30e1b..f2b1695c83772 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php @@ -31,7 +31,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind')) ->replaceArgument(0, new Reference($userProvider)) - ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(1, new Reference('security.user_checker.'.$id)) ->replaceArgument(2, $id) ->replaceArgument(3, new Reference($config['service'])) ->replaceArgument(4, $config['dn_string']) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php index 3266173628995..fe932315b8ef9 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php @@ -35,7 +35,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $authProviderId = 'security.authentication.provider.rememberme.'.$id; $container ->setDefinition($authProviderId, new DefinitionDecorator('security.authentication.provider.rememberme')) - ->replaceArgument(0, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(0, new Reference('security.user_checker.'.$id)) ->addArgument($config['secret']) ->addArgument($id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php index c4141fd13c15c..cf2e2ed71b16c 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php @@ -30,7 +30,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated')) ->replaceArgument(0, new Reference($userProvider)) - ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(1, new Reference('security.user_checker.'.$id)) ->addArgument($id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php index cf486b71d8199..0467ef2ba2c75 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php @@ -29,7 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider, $container ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated')) ->replaceArgument(0, new Reference($userProvider)) - ->replaceArgument(1, new Reference('security.chain_user_checker.'.$id)) + ->replaceArgument(1, new Reference('security.user_checker.'.$id)) ->addArgument($id) ; diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 6dfa284a72bd6..5914e3fe2be33 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -370,15 +370,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a // Exception listener $exceptionListener = new Reference($this->createExceptionListener($container, $firewall, $id, $configuredEntryPoint ?: $defaultEntryPoint, $firewall['stateless'])); - $userCheckers = array(); - foreach ($firewall['user_checkers'] as $userChecker) { - $userCheckers[] = new Reference($userChecker); - } - - $chainUserChecker = new Definition('Symfony\Component\Security\Core\User\ChainUserChecker', array($userCheckers)); - $chainUserChecker->setPublic(false); - - $container->setDefinition('security.chain_user_checker.'.$id, $chainUserChecker); + $container->setAlias(new Alias('security.user_checker.'.$id, false), $firewall['user_checker']); return array($matcher, $listeners, $exceptionListener); } @@ -588,7 +580,7 @@ private function createSwitchUserListener($container, $id, $config, $defaultProv $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id; $listener = $container->setDefinition($switchUserListenerId, new DefinitionDecorator('security.authentication.switchuser_listener')); $listener->replaceArgument(1, new Reference($userProvider)); - $listener->replaceArgument(2, new Reference('security.chain_user_checker.'.$id)); + $listener->replaceArgument(2, new Reference('security.user_checker.'.$id)); $listener->replaceArgument(3, $id); $listener->replaceArgument(6, $config['parameter']); $listener->replaceArgument(7, $config['role']); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index 42b1421452c48..110312599ef2c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -96,8 +96,8 @@ public function testFirewalls() array( 'security.channel_listener', 'security.context_listener.1', - 'security.authentication.listener.basic.with_user_checkers', - 'security.authentication.listener.anonymous.with_user_checkers', + 'security.authentication.listener.basic.with_user_checker', + 'security.authentication.listener.anonymous.with_user_checker', 'security.access_listener', ), ), $listeners); @@ -242,36 +242,17 @@ public function testRememberMeThrowExceptions() public function testUserCheckerConfig() { - $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.with_user_checkers'); - - $this->assertCount(1, $definition->getArguments()); - - $userCheckers = $definition->getArgument(0); - $this->assertCount(2, $userCheckers); - $this->assertEquals('app.user_checker1', $userCheckers[0]); - $this->assertEquals('app.user_checker2', $userCheckers[1]); + $this->assertEquals('app.user_checker', $this->getContainer('container1')->getAlias('security.user_checker.with_user_checker')); } public function testUserCheckerConfigWithDefaultChecker() { - $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.host'); - - $this->assertCount(1, $definition->getArguments()); - - $userCheckers = $definition->getArgument(0); - $this->assertCount(1, $userCheckers); - $this->assertEquals('security.user_checker', $userCheckers[0]); + $this->assertEquals('security.user_checker', $this->getContainer('container1')->getAlias('security.user_checker.host')); } public function testUserCheckerConfigWithNoCheckers() { - $definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.secure'); - - $this->assertCount(1, $definition->getArguments()); - - $userCheckers = $definition->getArgument(0); - - $this->assertEmpty($userCheckers); + $this->assertEquals('security.user_checker', $this->getContainer('container1')->getAlias('security.user_checker.secure')); } protected function getContainer($file) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index 4e7e6e91d687b..4789a6d3ab33d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -72,7 +72,7 @@ 'remote_user' => true, 'logout' => true, 'remember_me' => array('secret' => 'TheSecret'), - 'user_checkers' => array(), + 'user_checker' => null, ), 'host' => array( 'pattern' => '/test', @@ -81,11 +81,8 @@ 'anonymous' => true, 'http_basic' => true, ), - 'with_user_checkers' => array( - 'user_checkers' => array( - 'app.user_checker1', - 'app.user_checker2', - ), + 'with_user_checker' => array( + 'user_checker' => 'app.user_checker', 'anonymous' => true, 'http_basic' => true, ), diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index 9a78f0db0e0c5..61873a9f5123e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -55,7 +55,7 @@ - + @@ -65,11 +65,10 @@ - + - app.user_checker1 - app.user_checker2 + app.user_checker ROLE_USER diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index 2568dfb757dfb..e14e793176248 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -56,7 +56,7 @@ security: logout: true remember_me: secret: TheSecret - user_checkers: + user_checker: ~ host: pattern: /test @@ -65,12 +65,10 @@ security: anonymous: true http_basic: true - with_user_checkers: + with_user_checker: anonymous: ~ http_basic: ~ - user_checkers: - - "app.user_checker1" - - "app.user_checker2" + user_checker: app.user_checker role_hierarchy: ROLE_ADMIN: ROLE_USER diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php index adc15d2a24d13..9d8009ea8a9e0 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php @@ -119,7 +119,7 @@ public function testDefaultUserCheckers() $configuration = new MainConfiguration(array(), array()); $processedConfig = $processor->processConfiguration($configuration, array(static::$minimalConfig)); - $this->assertEquals(array('security.user_checker'), $processedConfig['firewalls']['stub']['user_checkers']); + $this->assertEquals('security.user_checker', $processedConfig['firewalls']['stub']['user_checker']); } public function testUserCheckers() @@ -127,10 +127,7 @@ public function testUserCheckers() $config = array( 'firewalls' => array( 'stub' => array( - 'user_checkers' => array( - 'security.dummy_checker', - 'app.henk_checker', - ), + 'user_checker' => 'app.henk_checker', ), ), ); @@ -140,6 +137,6 @@ public function testUserCheckers() $configuration = new MainConfiguration(array(), array()); $processedConfig = $processor->processConfiguration($configuration, array($config)); - $this->assertEquals(array('security.dummy_checker', 'app.henk_checker'), $processedConfig['firewalls']['stub']['user_checkers']); + $this->assertEquals('app.henk_checker', $processedConfig['firewalls']['stub']['user_checker']); } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php index 0bfa051c78c32..4c1634850275c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php @@ -109,7 +109,7 @@ public function testBasicCreate() 'index_0' => array(new Reference('authenticator123')), 'index_1' => new Reference('my_user_provider'), 'index_2' => 'my_firewall', - 'index_3' => new Reference('security.chain_user_checker.my_firewall'), + 'index_3' => new Reference('security.user_checker.my_firewall'), ), $providerDefinition->getArguments()); $listenerDefinition = $container->getDefinition('security.authentication.listener.guard.my_firewall'); diff --git a/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php b/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php deleted file mode 100644 index 0a6b1db1779ac..0000000000000 --- a/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php +++ /dev/null @@ -1,116 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Tests\User; - -use Symfony\Component\Security\Core\Exception\AuthenticationException; -use Symfony\Component\Security\Core\User\ChainUserChecker; - -class ChainUserCheckerTest extends \PHPUnit_Framework_TestCase -{ - const USER_CHECKER_INTERFACE = 'Symfony\Component\Security\Core\User\UserCheckerInterface'; - const USER_INTERFACE = 'Symfony\Component\Security\Core\User\UserInterface'; - - public function testDefaultsWithoutFailures() - { - $user = $this->getMock(self::USER_INTERFACE); - $checkers = array( - $chained1 = $this->getMock(self::USER_CHECKER_INTERFACE), - $chained2 = $this->getMock(self::USER_CHECKER_INTERFACE), - ); - - $chained1 - ->expects($this->once()) - ->method('checkPreAuth') - ->with($user); - - $chained2 - ->expects($this->once()) - ->method('checkPreAuth') - ->with($user); - - $chained1 - ->expects($this->once()) - ->method('checkPostAuth') - ->with($user); - - $chained2 - ->expects($this->once()) - ->method('checkPostAuth') - ->with($user); - - $chainUserChecker = new ChainUserChecker($checkers); - - $chainUserChecker->checkPreAuth($user); - $chainUserChecker->checkPostAuth($user); - } - - /** - * @dataProvider methodProvider - * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationException - */ - public function testWithFailures($method) - { - $user = $this->getMock(self::USER_INTERFACE); - $checkers = array( - $chained1 = $this->getMock(self::USER_CHECKER_INTERFACE), - $chained2 = $this->getMock(self::USER_CHECKER_INTERFACE), - ); - - $chained1 - ->expects($this->once()) - ->method($method) - ->with($user) - ->willThrowException(new AuthenticationException()); - - $chained2 - ->expects($this->never()) - ->method($method) - ->with($user); - - $chainUserChecker = new ChainUserChecker($checkers); - - $chainUserChecker->$method($user); - } - - /** - * @dataProvider methodProvider - * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationException - */ - public function testWithFailuresOnLastToEnsureSequence($method) - { - $user = $this->getMock(self::USER_INTERFACE); - $checkers = array( - $chained1 = $this->getMock(self::USER_CHECKER_INTERFACE), - $chained2 = $this->getMock(self::USER_CHECKER_INTERFACE), - ); - - $chained1 - ->expects($this->once()) - ->method($method) - ->with($user); - - $chained2 - ->expects($this->once()) - ->method($method) - ->with($user) - ->willThrowException(new AuthenticationException()); - - $chainUserChecker = new ChainUserChecker($checkers); - - $chainUserChecker->$method($user); - } - - public function methodProvider() - { - return array(array('checkPreAuth'), array('checkPostAuth')); - } -} diff --git a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php deleted file mode 100644 index bbc30a4d5fe16..0000000000000 --- a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php +++ /dev/null @@ -1,60 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\User; - -/** - * Supports multiple user checkers. - * - * This user checker is a collection of other user checkers - * and triggers each user checker in the sequence provided. - * - * @author Iltar van der Berg - */ -final class ChainUserChecker implements UserCheckerInterface -{ - /** - * @var UserCheckerInterface[] - */ - private $userCheckers; - - /** - * @param UserCheckerInterface[] $userCheckers - */ - public function __construct(array $userCheckers) - { - $this->userCheckers = $userCheckers; - } - - /** - * checkPreAuth on all available UserCheckers. - * - * {@inheritdoc} - */ - public function checkPreAuth(UserInterface $user) - { - foreach ($this->userCheckers as $userChecker) { - $userChecker->checkPreAuth($user); - } - } - - /** - * checkPostAuth on all available UserCheckers. - * - * {@inheritdoc} - */ - public function checkPostAuth(UserInterface $user) - { - foreach ($this->userCheckers as $userChecker) { - $userChecker->checkPostAuth($user); - } - } -} pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy