diff --git a/CHANGELOG.md b/CHANGELOG.md index abc0c497..43c17dc2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ CHANGELOG ========= +7.2 +--- + + * Allow configuring the secret used to sign login links + * Allow passing optional passport attributes to `Security::login()` + 7.1 --- diff --git a/CacheWarmer/ExpressionCacheWarmer.php b/CacheWarmer/ExpressionCacheWarmer.php index 5b146871..748d0b28 100644 --- a/CacheWarmer/ExpressionCacheWarmer.php +++ b/CacheWarmer/ExpressionCacheWarmer.php @@ -20,16 +20,13 @@ */ class ExpressionCacheWarmer implements CacheWarmerInterface { - private iterable $expressions; - private ExpressionLanguage $expressionLanguage; - /** * @param iterable $expressions */ - public function __construct(iterable $expressions, ExpressionLanguage $expressionLanguage) - { - $this->expressions = $expressions; - $this->expressionLanguage = $expressionLanguage; + public function __construct( + private iterable $expressions, + private ExpressionLanguage $expressionLanguage, + ) { } public function isOptional(): bool diff --git a/Command/DebugFirewallCommand.php b/Command/DebugFirewallCommand.php index ffc3035a..e5994510 100644 --- a/Command/DebugFirewallCommand.php +++ b/Command/DebugFirewallCommand.php @@ -25,6 +25,7 @@ use Symfony\Component\Console\Style\SymfonyStyle; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticator; /** * @author Timo Bakx @@ -32,22 +33,16 @@ #[AsCommand(name: 'debug:firewall', description: 'Display information about your security firewall(s)')] final class DebugFirewallCommand extends Command { - private array $firewallNames; - private ContainerInterface $contexts; - private ContainerInterface $eventDispatchers; - private array $authenticators; - /** * @param string[] $firewallNames * @param AuthenticatorInterface[][] $authenticators */ - public function __construct(array $firewallNames, ContainerInterface $contexts, ContainerInterface $eventDispatchers, array $authenticators) - { - $this->firewallNames = $firewallNames; - $this->contexts = $contexts; - $this->eventDispatchers = $eventDispatchers; - $this->authenticators = $authenticators; - + public function __construct( + private array $firewallNames, + private ContainerInterface $contexts, + private ContainerInterface $eventDispatchers, + private array $authenticators, + ) { parent::__construct(); } @@ -75,7 +70,7 @@ protected function configure(): void EOF ) ->setDefinition([ - new InputArgument('name', InputArgument::OPTIONAL, sprintf('A firewall name (for example "%s")', $exampleName)), + new InputArgument('name', InputArgument::OPTIONAL, \sprintf('A firewall name (for example "%s")', $exampleName)), new InputOption('events', null, InputOption::VALUE_NONE, 'Include a list of event listeners (only available in combination with the "name" argument)'), ]); } @@ -92,10 +87,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int return 0; } - $serviceId = sprintf('security.firewall.map.context.%s', $name); + $serviceId = \sprintf('security.firewall.map.context.%s', $name); if (!$this->contexts->has($serviceId)) { - $io->error(sprintf('Firewall %s was not found. Available firewalls are: %s', $name, implode(', ', $this->firewallNames))); + $io->error(\sprintf('Firewall %s was not found. Available firewalls are: %s', $name, implode(', ', $this->firewallNames))); return 1; } @@ -103,7 +98,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int /** @var FirewallContext $context */ $context = $this->contexts->get($serviceId); - $io->title(sprintf('Firewall "%s"', $name)); + $io->title(\sprintf('Firewall "%s"', $name)); $this->displayFirewallSummary($name, $context, $io); @@ -125,7 +120,7 @@ protected function displayFirewallList(SymfonyStyle $io): void $io->listing($this->firewallNames); - $io->comment(sprintf('To view details of a specific firewall, re-run this command with a firewall name. (e.g. debug:firewall %s)', $this->getExampleName())); + $io->comment(\sprintf('To view details of a specific firewall, re-run this command with a firewall name. (e.g. debug:firewall %s)', $this->getExampleName())); } protected function displayFirewallSummary(string $name, FirewallContext $context, SymfonyStyle $io): void @@ -169,9 +164,9 @@ private function displaySwitchUser(FirewallContext $context, SymfonyStyle $io): protected function displayEventListeners(string $name, FirewallContext $context, SymfonyStyle $io): void { - $io->title(sprintf('Event listeners for firewall "%s"', $name)); + $io->title(\sprintf('Event listeners for firewall "%s"', $name)); - $dispatcherId = sprintf('security.event_dispatcher.%s', $name); + $dispatcherId = \sprintf('security.event_dispatcher.%s', $name); if (!$this->eventDispatchers->has($dispatcherId)) { $io->text('No event dispatcher has been registered for this firewall.'); @@ -183,12 +178,12 @@ protected function displayEventListeners(string $name, FirewallContext $context, $dispatcher = $this->eventDispatchers->get($dispatcherId); foreach ($dispatcher->getListeners() as $event => $listeners) { - $io->section(sprintf('"%s" event', $event)); + $io->section(\sprintf('"%s" event', $event)); $rows = []; foreach ($listeners as $order => $listener) { $rows[] = [ - sprintf('#%d', $order + 1), + \sprintf('#%d', $order + 1), $this->formatCallable($listener), $dispatcher->getListenerPriority($event, $listener), ]; @@ -203,7 +198,7 @@ protected function displayEventListeners(string $name, FirewallContext $context, private function displayAuthenticators(string $name, SymfonyStyle $io): void { - $io->title(sprintf('Authenticators for firewall "%s"', $name)); + $io->title(\sprintf('Authenticators for firewall "%s"', $name)); $authenticators = $this->authenticators[$name] ?? []; @@ -216,7 +211,7 @@ private function displayAuthenticators(string $name, SymfonyStyle $io): void $io->table( ['Classname'], array_map( - fn ($authenticator) => [$authenticator::class], + fn ($authenticator) => [($authenticator instanceof TraceableAuthenticator ? $authenticator->getAuthenticator() : $authenticator)::class], $authenticators ) ); @@ -226,14 +221,14 @@ private function formatCallable(mixed $callable): string { if (\is_array($callable)) { if (\is_object($callable[0])) { - return sprintf('%s::%s()', $callable[0]::class, $callable[1]); + return \sprintf('%s::%s()', $callable[0]::class, $callable[1]); } - return sprintf('%s::%s()', $callable[0], $callable[1]); + return \sprintf('%s::%s()', $callable[0], $callable[1]); } if (\is_string($callable)) { - return sprintf('%s()', $callable); + return \sprintf('%s()', $callable); } if ($callable instanceof \Closure) { @@ -242,14 +237,14 @@ private function formatCallable(mixed $callable): string return 'Closure()'; } if ($class = $r->getClosureCalledClass()) { - return sprintf('%s::%s()', $class->name, $r->name); + return \sprintf('%s::%s()', $class->name, $r->name); } return $r->name.'()'; } if (method_exists($callable, '__invoke')) { - return sprintf('%s::__invoke()', $callable::class); + return \sprintf('%s::__invoke()', $callable::class); } throw new \InvalidArgumentException('Callable is not describable.'); diff --git a/DataCollector/SecurityDataCollector.php b/DataCollector/SecurityDataCollector.php index 2c0562e4..f3c1cd1f 100644 --- a/DataCollector/SecurityDataCollector.php +++ b/DataCollector/SecurityDataCollector.php @@ -13,6 +13,7 @@ use Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener; use Symfony\Bundle\SecurityBundle\Security\FirewallMap; +use Symfony\Component\HttpFoundation\Cookie; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\DataCollector\DataCollector; @@ -36,22 +37,16 @@ */ class SecurityDataCollector extends DataCollector implements LateDataCollectorInterface { - private ?TokenStorageInterface $tokenStorage; - private ?RoleHierarchyInterface $roleHierarchy; - private ?LogoutUrlGenerator $logoutUrlGenerator; - private ?AccessDecisionManagerInterface $accessDecisionManager; - private ?FirewallMapInterface $firewallMap; - private ?TraceableFirewallListener $firewall; private bool $hasVarDumper; - public function __construct(?TokenStorageInterface $tokenStorage = null, ?RoleHierarchyInterface $roleHierarchy = null, ?LogoutUrlGenerator $logoutUrlGenerator = null, ?AccessDecisionManagerInterface $accessDecisionManager = null, ?FirewallMapInterface $firewallMap = null, ?TraceableFirewallListener $firewall = null) - { - $this->tokenStorage = $tokenStorage; - $this->roleHierarchy = $roleHierarchy; - $this->logoutUrlGenerator = $logoutUrlGenerator; - $this->accessDecisionManager = $accessDecisionManager; - $this->firewallMap = $firewallMap; - $this->firewall = $firewall; + public function __construct( + private ?TokenStorageInterface $tokenStorage = null, + private ?RoleHierarchyInterface $roleHierarchy = null, + private ?LogoutUrlGenerator $logoutUrlGenerator = null, + private ?AccessDecisionManagerInterface $accessDecisionManager = null, + private ?FirewallMapInterface $firewallMap = null, + private ?TraceableFirewallListener $firewall = null, + ) { $this->hasVarDumper = class_exists(ClassStub::class); } @@ -187,7 +182,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep if ($this->data['impersonated'] && null !== $switchUserConfig = $firewallConfig->getSwitchUser()) { $exitPath = $request->getRequestUri(); $exitPath .= null === $request->getQueryString() ? '?' : '&'; - $exitPath .= sprintf('%s=%s', urlencode($switchUserConfig['parameter']), SwitchUserListener::EXIT_VALUE); + $exitPath .= \sprintf('%s=%s', urlencode($switchUserConfig['parameter']), SwitchUserListener::EXIT_VALUE); $this->data['impersonation_exit_path'] = $exitPath; } @@ -201,6 +196,27 @@ public function collect(Request $request, Response $response, ?\Throwable $excep } $this->data['authenticators'] = $this->firewall ? $this->firewall->getAuthenticatorsInfo() : []; + + if ($this->data['listeners'] && !($this->data['firewall']['stateless'] ?? true)) { + $authCookieName = "{$this->data['firewall']['name']}_auth_profile_token"; + $deauthCookieName = "{$this->data['firewall']['name']}_deauth_profile_token"; + $profileToken = $response->headers->get('X-Debug-Token'); + + $this->data['auth_profile_token'] = $request->cookies->get($authCookieName); + $this->data['deauth_profile_token'] = $request->cookies->get($deauthCookieName); + + if ($this->data['authenticated'] && !$this->data['auth_profile_token']) { + $response->headers->setCookie(new Cookie($authCookieName, $profileToken)); + + $this->data['deauth_profile_token'] = null; + $response->headers->clearCookie($deauthCookieName); + } elseif (!$this->data['authenticated'] && !$this->data['deauth_profile_token']) { + $response->headers->setCookie(new Cookie($deauthCookieName, $profileToken)); + + $this->data['auth_profile_token'] = null; + $response->headers->clearCookie($authCookieName); + } + } } public function reset(): void @@ -345,6 +361,16 @@ public function getAuthenticators(): array|Data return $this->data['authenticators']; } + public function getAuthProfileToken(): string|Data|null + { + return $this->data['auth_profile_token'] ?? null; + } + + public function getDeauthProfileToken(): string|Data|null + { + return $this->data['deauth_profile_token'] ?? null; + } + public function getName(): string { return 'security'; diff --git a/Debug/TraceableFirewallListener.php b/Debug/TraceableFirewallListener.php index 16805009..45f4f498 100644 --- a/Debug/TraceableFirewallListener.php +++ b/Debug/TraceableFirewallListener.php @@ -27,78 +27,72 @@ final class TraceableFirewallListener extends FirewallListener implements ResetInterface { private array $wrappedListeners = []; - private array $authenticatorsInfo = []; + private ?TraceableAuthenticatorManagerListener $authenticatorManagerListener = null; public function getWrappedListeners(): array { - return $this->wrappedListeners; + return array_map( + static fn (WrappedListener|WrappedLazyListener $listener) => $listener->getInfo(), + $this->wrappedListeners + ); } public function getAuthenticatorsInfo(): array { - return $this->authenticatorsInfo; + return $this->authenticatorManagerListener?->getAuthenticatorsInfo() ?? []; } public function reset(): void { $this->wrappedListeners = []; - $this->authenticatorsInfo = []; + $this->authenticatorManagerListener = null; } protected function callListeners(RequestEvent $event, iterable $listeners): void { - $wrappedListeners = []; - $wrappedLazyListeners = []; - $authenticatorManagerListener = null; - + $requestListeners = []; foreach ($listeners as $listener) { if ($listener instanceof LazyFirewallContext) { - \Closure::bind(function () use (&$wrappedLazyListeners, &$wrappedListeners, &$authenticatorManagerListener) { - $listeners = []; + $contextWrappedListeners = []; + $contextAuthenticatorManagerListener = null; + + \Closure::bind(function () use (&$contextWrappedListeners, &$contextAuthenticatorManagerListener) { foreach ($this->listeners as $listener) { - if (!$authenticatorManagerListener && $listener instanceof TraceableAuthenticatorManagerListener) { - $authenticatorManagerListener = $listener; - } - if ($listener instanceof FirewallListenerInterface) { - $listener = new WrappedLazyListener($listener); - $listeners[] = $listener; - $wrappedLazyListeners[] = $listener; - } else { - $listeners[] = function (RequestEvent $event) use ($listener, &$wrappedListeners) { - $wrappedListener = new WrappedListener($listener); - $wrappedListener($event); - $wrappedListeners[] = $wrappedListener->getInfo(); - }; + if ($listener instanceof TraceableAuthenticatorManagerListener) { + $contextAuthenticatorManagerListener ??= $listener; } + $contextWrappedListeners[] = $listener instanceof FirewallListenerInterface + ? new WrappedLazyListener($listener) + : new WrappedListener($listener) + ; } - $this->listeners = $listeners; + $this->listeners = $contextWrappedListeners; }, $listener, FirewallContext::class)(); - $listener($event); + $this->authenticatorManagerListener ??= $contextAuthenticatorManagerListener; + $this->wrappedListeners = array_merge($this->wrappedListeners, $contextWrappedListeners); + + $requestListeners[] = $listener; } else { - $wrappedListener = $listener instanceof FirewallListenerInterface ? new WrappedLazyListener($listener) : new WrappedListener($listener); - $wrappedListener($event); - $wrappedListeners[] = $wrappedListener->getInfo(); - if (!$authenticatorManagerListener && $listener instanceof TraceableAuthenticatorManagerListener) { - $authenticatorManagerListener = $listener; + if ($listener instanceof TraceableAuthenticatorManagerListener) { + $this->authenticatorManagerListener ??= $listener; } - } + $wrappedListener = $listener instanceof FirewallListenerInterface + ? new WrappedLazyListener($listener) + : new WrappedListener($listener) + ; + $this->wrappedListeners[] = $wrappedListener; - if ($event->hasResponse()) { - break; + $requestListeners[] = $wrappedListener; } } - if ($wrappedLazyListeners) { - foreach ($wrappedLazyListeners as $lazyListener) { - $this->wrappedListeners[] = $lazyListener->getInfo(); - } - } - - $this->wrappedListeners = array_merge($this->wrappedListeners, $wrappedListeners); + foreach ($requestListeners as $listener) { + $listener($event); - if ($authenticatorManagerListener) { - $this->authenticatorsInfo = $authenticatorManagerListener->getAuthenticatorsInfo(); + if ($event->hasResponse()) { + break; + } } } } diff --git a/DependencyInjection/Compiler/AddSecurityVotersPass.php b/DependencyInjection/Compiler/AddSecurityVotersPass.php index 1664f8e7..f118a626 100644 --- a/DependencyInjection/Compiler/AddSecurityVotersPass.php +++ b/DependencyInjection/Compiler/AddSecurityVotersPass.php @@ -49,7 +49,7 @@ public function process(ContainerBuilder $container): void $class = $container->getParameterBag()->resolveValue($definition->getClass()); if (!is_a($class, VoterInterface::class, true)) { - throw new LogicException(sprintf('"%s" must implement the "%s" when used as a voter.', $class, VoterInterface::class)); + throw new LogicException(\sprintf('"%s" must implement the "%s" when used as a voter.', $class, VoterInterface::class)); } if ($debug) { diff --git a/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php b/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php index 8bab747d..38d89b47 100644 --- a/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php +++ b/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php @@ -28,10 +28,10 @@ public function process(ContainerBuilder $container): void } $sessionOptions = $container->getParameter('session.storage.options'); - $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.'))); + $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : \sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.'))); if ('auto' === ($sessionOptions['cookie_secure'] ?? null)) { - $secureDomainRegexp = sprintf('{^https://%s$}i', $domainRegexp); + $secureDomainRegexp = \sprintf('{^https://%s$}i', $domainRegexp); $domainRegexp = 'https?://'.$domainRegexp; } else { $secureDomainRegexp = null; @@ -39,7 +39,7 @@ public function process(ContainerBuilder $container): void } $container->findDefinition('security.http_utils') - ->addArgument(sprintf('{^%s$}i', $domainRegexp)) + ->addArgument(\sprintf('{^%s$}i', $domainRegexp)) ->addArgument($secureDomainRegexp); } } diff --git a/DependencyInjection/Compiler/RegisterEntryPointPass.php b/DependencyInjection/Compiler/RegisterEntryPointPass.php index 4dc4c4c9..6a1a8f25 100644 --- a/DependencyInjection/Compiler/RegisterEntryPointPass.php +++ b/DependencyInjection/Compiler/RegisterEntryPointPass.php @@ -73,7 +73,7 @@ public function process(ContainerBuilder $container): void $entryPointNames[] = is_numeric($key) ? $serviceId : $key; } - throw new InvalidConfigurationException(sprintf('Because you have multiple authenticators in firewall "%s", you need to set the "entry_point" key to one of your authenticators ("%s") or a service ID implementing "%s". The "entry_point" determines what should happen (e.g. redirect to "/login") when an anonymous user tries to access a protected page.', $firewallName, implode('", "', $entryPointNames), AuthenticationEntryPointInterface::class)); + throw new InvalidConfigurationException(\sprintf('Because you have multiple authenticators in firewall "%s", you need to set the "entry_point" key to one of your authenticators ("%s") or a service ID implementing "%s". The "entry_point" determines what should happen (e.g. redirect to "/login") when an anonymous user tries to access a protected page.', $firewallName, implode('", "', $entryPointNames), AuthenticationEntryPointInterface::class)); } $config->replaceArgument(7, $entryPoint); diff --git a/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php b/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php index 4727e62f..371617bd 100644 --- a/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php +++ b/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php @@ -37,9 +37,6 @@ public function process(ContainerBuilder $container): void // get the actual custom remember me handler definition (passed to the decorator) $realRememberMeHandler = $container->findDefinition((string) $definition->getArgument(0)); - if (null === $realRememberMeHandler) { - throw new \LogicException(sprintf('Invalid service definition for custom remember me handler; no service found with ID "%s".', (string) $definition->getArgument(0))); - } foreach ($rememberMeHandlerTags as $rememberMeHandlerTag) { // some custom handlers may be used on multiple firewalls in the same application diff --git a/DependencyInjection/Compiler/SortFirewallListenersPass.php b/DependencyInjection/Compiler/SortFirewallListenersPass.php index 7f0301a3..2c3e14fe 100644 --- a/DependencyInjection/Compiler/SortFirewallListenersPass.php +++ b/DependencyInjection/Compiler/SortFirewallListenersPass.php @@ -62,7 +62,7 @@ private function getListenerPriorities(IteratorArgument $listeners, ContainerBui $class = $def->getClass(); if (!$r = $container->getReflectionClass($class)) { - throw new InvalidArgumentException(sprintf('Class "%s" used for service "%s" cannot be found.', $class, $id)); + throw new InvalidArgumentException(\sprintf('Class "%s" used for service "%s" cannot be found.', $class, $id)); } $priority = 0; diff --git a/DependencyInjection/MainConfiguration.php b/DependencyInjection/MainConfiguration.php index bfd96d7c..a4527606 100644 --- a/DependencyInjection/MainConfiguration.php +++ b/DependencyInjection/MainConfiguration.php @@ -36,16 +36,13 @@ class MainConfiguration implements ConfigurationInterface /** @internal */ public const STRATEGY_PRIORITY = 'priority'; - private array $factories; - private array $userProviderFactories; - /** * @param array $factories */ - public function __construct(array $factories, array $userProviderFactories) - { - $this->factories = $factories; - $this->userProviderFactories = $userProviderFactories; + public function __construct( + private array $factories, + private array $userProviderFactories, + ) { } /** @@ -138,7 +135,7 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode): void ->scalarNode('requires_channel')->defaultNull()->end() ->scalarNode('path') ->defaultNull() - ->info('use the urldecoded format') + ->info('Use the urldecoded format.') ->example('^/path to resource/') ->end() ->scalarNode('host')->defaultNull()->end() @@ -193,7 +190,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->scalarNode('pattern') ->beforeNormalization() ->ifArray() - ->then(fn ($v) => sprintf('(?:%s)', implode('|', $v))) + ->then(fn ($v) => \sprintf('(?:%s)', implode('|', $v))) ->end() ->end() ->scalarNode('host')->end() @@ -211,7 +208,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->scalarNode('access_denied_url')->end() ->scalarNode('access_denied_handler')->end() ->scalarNode('entry_point') - ->info(sprintf('An enabled authenticator name or a service id that implements "%s"', AuthenticationEntryPointInterface::class)) + ->info(\sprintf('An enabled authenticator name or a service id that implements "%s".', AuthenticationEntryPointInterface::class)) ->end() ->scalarNode('provider')->end() ->booleanNode('stateless')->defaultFalse()->end() @@ -297,7 +294,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto } } - throw new InvalidConfigurationException(sprintf('Undefined security Badge class "%s" set in "security.firewall.required_badges".', $requiredBadge)); + throw new InvalidConfigurationException(\sprintf('Undefined security Badge class "%s" set in "security.firewall.required_badges".', $requiredBadge)); }, $requiredBadges); }) ->end() @@ -331,7 +328,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto } if (str_contains($firewall[$k]['check_path'], '/') && !preg_match('#'.$firewall['pattern'].'#', $firewall[$k]['check_path'])) { - throw new \LogicException(sprintf('The check_path "%s" for login method "%s" is not matched by the firewall pattern "%s".', $firewall[$k]['check_path'], $k, $firewall['pattern'])); + throw new \LogicException(\sprintf('The check_path "%s" for login method "%s" is not matched by the firewall pattern "%s".', $firewall[$k]['check_path'], $k, $firewall['pattern'])); } } diff --git a/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php b/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php index a1b41812..e3d8db49 100644 --- a/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php +++ b/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php @@ -79,7 +79,7 @@ public function addConfiguration(NodeBuilder $node): void if (isset($v['keyset'])) { throw new InvalidConfigurationException('You cannot use both "key" and "keyset" at the same time.'); } - $v['keyset'] = sprintf('{"keys":[%s]}', $v['key']); + $v['keyset'] = \sprintf('{"keys":[%s]}', $v['key']); return $v; }) diff --git a/DependencyInjection/Security/Factory/AccessTokenFactory.php b/DependencyInjection/Security/Factory/AccessTokenFactory.php index 50395522..371049c8 100644 --- a/DependencyInjection/Security/Factory/AccessTokenFactory.php +++ b/DependencyInjection/Security/Factory/AccessTokenFactory.php @@ -107,7 +107,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal { $successHandler = isset($config['success_handler']) ? new Reference($this->createAuthenticationSuccessHandler($container, $firewallName, $config)) : null; $failureHandler = isset($config['failure_handler']) ? new Reference($this->createAuthenticationFailureHandler($container, $firewallName, $config)) : null; - $authenticatorId = sprintf('security.authenticator.access_token.%s', $firewallName); + $authenticatorId = \sprintf('security.authenticator.access_token.%s', $firewallName); $extractorId = $this->createExtractor($container, $firewallName, $config['token_extractors']); $tokenHandlerId = $this->createTokenHandler($container, $firewallName, $config['token_handler'], $userProviderId); @@ -139,7 +139,7 @@ private function createExtractor(ContainerBuilder $container, string $firewallNa if (1 === \count($extractors)) { return current($extractors); } - $extractorId = sprintf('security.authenticator.access_token.chain_extractor.%s', $firewallName); + $extractorId = \sprintf('security.authenticator.access_token.chain_extractor.%s', $firewallName); $container ->setDefinition($extractorId, new ChildDefinition('security.authenticator.access_token.chain_extractor')) ->replaceArgument(0, array_map(fn (string $extractorId): Reference => new Reference($extractorId), $extractors)) @@ -151,7 +151,7 @@ private function createExtractor(ContainerBuilder $container, string $firewallNa private function createTokenHandler(ContainerBuilder $container, string $firewallName, array $config, ?string $userProviderId): string { $key = array_keys($config)[0]; - $id = sprintf('security.access_token_handler.%s', $firewallName); + $id = \sprintf('security.access_token_handler.%s', $firewallName); foreach ($this->tokenHandlerFactories as $factory) { if ($key !== $factory->getKey()) { diff --git a/DependencyInjection/Security/Factory/CustomAuthenticatorFactory.php b/DependencyInjection/Security/Factory/CustomAuthenticatorFactory.php index e443122e..ee9899ea 100644 --- a/DependencyInjection/Security/Factory/CustomAuthenticatorFactory.php +++ b/DependencyInjection/Security/Factory/CustomAuthenticatorFactory.php @@ -38,7 +38,7 @@ public function getKey(): string public function addConfiguration(NodeDefinition $builder): void { $builder - ->info('An array of service ids for all of your "authenticators"') + ->info('An array of service ids for all of your "authenticators".') ->requiresAtLeastOneElement() ->prototype('scalar')->end(); diff --git a/DependencyInjection/Security/Factory/LoginLinkFactory.php b/DependencyInjection/Security/Factory/LoginLinkFactory.php index 9a03a0f0..854cb972 100644 --- a/DependencyInjection/Security/Factory/LoginLinkFactory.php +++ b/DependencyInjection/Security/Factory/LoginLinkFactory.php @@ -61,14 +61,18 @@ public function addConfiguration(NodeDefinition $node): void ->info('Cache service id used to expired links of max_uses is set.') ->end() ->scalarNode('success_handler') - ->info(sprintf('A service id that implements %s.', AuthenticationSuccessHandlerInterface::class)) + ->info(\sprintf('A service id that implements %s.', AuthenticationSuccessHandlerInterface::class)) ->end() ->scalarNode('failure_handler') - ->info(sprintf('A service id that implements %s.', AuthenticationFailureHandlerInterface::class)) + ->info(\sprintf('A service id that implements %s.', AuthenticationFailureHandlerInterface::class)) ->end() ->scalarNode('provider') ->info('The user provider to load users from.') ->end() + ->scalarNode('secret') + ->cannotBeEmpty() + ->defaultValue('%kernel.secret%') + ->end() ; foreach (array_merge($this->defaultSuccessHandlerOptions, $this->defaultFailureHandlerOptions) as $name => $default) { @@ -113,6 +117,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal $container ->setDefinition($signatureHasherId, new ChildDefinition('security.authenticator.abstract_login_link_signature_hasher')) ->replaceArgument(1, $config['signature_properties']) + ->replaceArgument(2, $config['secret']) ->replaceArgument(3, $expiredStorageId ? new Reference($expiredStorageId) : null) ->replaceArgument(4, $config['max_uses'] ?? null) ; diff --git a/DependencyInjection/Security/Factory/LoginThrottlingFactory.php b/DependencyInjection/Security/Factory/LoginThrottlingFactory.php index bb96484a..93818f5a 100644 --- a/DependencyInjection/Security/Factory/LoginThrottlingFactory.php +++ b/DependencyInjection/Security/Factory/LoginThrottlingFactory.php @@ -49,10 +49,10 @@ public function addConfiguration(NodeDefinition $builder): void { $builder ->children() - ->scalarNode('limiter')->info(sprintf('A service id implementing "%s".', RequestRateLimiterInterface::class))->end() + ->scalarNode('limiter')->info(\sprintf('A service id implementing "%s".', RequestRateLimiterInterface::class))->end() ->integerNode('max_attempts')->defaultValue(5)->end() ->scalarNode('interval')->defaultValue('1 minute')->end() - ->scalarNode('lock_factory')->info('The service ID of the lock factory used by the login rate limiter (or null to disable locking)')->defaultNull()->end() + ->scalarNode('lock_factory')->info('The service ID of the lock factory used by the login rate limiter (or null to disable locking).')->defaultNull()->end() ->end(); } @@ -98,7 +98,7 @@ private function registerRateLimiter(ContainerBuilder $container, string $name, if (null !== $limiterConfig['lock_factory']) { if (!interface_exists(LockInterface::class)) { - throw new LogicException(sprintf('Rate limiter "%s" requires the Lock component to be installed. Try running "composer require symfony/lock".', $name)); + throw new LogicException(\sprintf('Rate limiter "%s" requires the Lock component to be installed. Try running "composer require symfony/lock".', $name)); } $limiter->replaceArgument(2, new Reference($limiterConfig['lock_factory'])); diff --git a/DependencyInjection/Security/Factory/RememberMeFactory.php b/DependencyInjection/Security/Factory/RememberMeFactory.php index d474e96c..c62c01d4 100644 --- a/DependencyInjection/Security/Factory/RememberMeFactory.php +++ b/DependencyInjection/Security/Factory/RememberMeFactory.php @@ -58,7 +58,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal // create remember me handler (which manage the remember-me cookies) $rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName; if (isset($config['service']) && isset($config['token_provider'])) { - throw new InvalidConfigurationException(sprintf('You cannot use both "service" and "token_provider" in "security.firewalls.%s.remember_me".', $firewallName)); + throw new InvalidConfigurationException(\sprintf('You cannot use both "service" and "token_provider" in "security.firewalls.%s.remember_me".', $firewallName)); } if (isset($config['service'])) { @@ -107,7 +107,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal $container ->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.remember_me')) ->replaceArgument(0, new Reference($rememberMeHandlerId)) - ->replaceArgument(3, $config['name'] ?? $this->options['name']) + ->replaceArgument(2, $config['name'] ?? $this->options['name']) ; return $authenticatorId; @@ -203,7 +203,7 @@ private function createTokenProvider(ContainerBuilder $container, string $firewa } if (!$tokenProviderId) { - throw new InvalidConfigurationException(sprintf('No token provider was set for firewall "%s". Either configure a service ID or set "remember_me.token_provider.doctrine" to true.', $firewallName)); + throw new InvalidConfigurationException(\sprintf('No token provider was set for firewall "%s". Either configure a service ID or set "remember_me.token_provider.doctrine" to true.', $firewallName)); } return $tokenProviderId; diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php index aafd975b..622b853d 100644 --- a/DependencyInjection/SecurityExtension.php +++ b/DependencyInjection/SecurityExtension.php @@ -58,6 +58,7 @@ use Symfony\Component\Security\Core\User\ChainUserProvider; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; +use Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticator; use Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticatorManagerListener; use Symfony\Component\Security\Http\Event\CheckPassportEvent; use Symfony\Flex\Command\InstallRecipesCommand; @@ -191,7 +192,7 @@ private function createStrategyDefinition(string $strategy, bool $allowIfAllAbst MainConfiguration::STRATEGY_CONSENSUS => new Definition(ConsensusStrategy::class, [$allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions]), MainConfiguration::STRATEGY_UNANIMOUS => new Definition(UnanimousStrategy::class, [$allowIfAllAbstainDecisions]), MainConfiguration::STRATEGY_PRIORITY => new Definition(PriorityStrategy::class, [$allowIfAllAbstainDecisions]), - default => throw new InvalidConfigurationException(sprintf('The strategy "%s" is not supported.', $strategy)), + default => throw new InvalidConfigurationException(\sprintf('The strategy "%s" is not supported.', $strategy)), }; } @@ -306,7 +307,7 @@ private function createFirewalls(array $config, ContainerBuilder $container): vo $configId = 'security.firewall.map.config.'.$name; - [$matcher, $listeners, $exceptionListener, $logoutListener, $firewallAuthenticators] = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId); + [$matcher, $listeners, $exceptionListener, $logoutListener, $firewallAuthenticators] = $this->createFirewall($container, $name, $firewall, $providerIds, $configId); if (!$firewallAuthenticators) { $authenticators[$name] = null; @@ -347,7 +348,7 @@ private function createFirewalls(array $config, ContainerBuilder $container): vo } } - private function createFirewall(ContainerBuilder $container, string $id, array $firewall, array &$authenticationProviders, array $providerIds, string $configId): array + private function createFirewall(ContainerBuilder $container, string $id, array $firewall, array $providerIds, string $configId): array { $config = $container->setDefinition($configId, new ChildDefinition('security.firewall.config')); $config->replaceArgument(0, $id); @@ -380,7 +381,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $ $defaultProvider = null; if (isset($firewall['provider'])) { if (!isset($providerIds[$normalizedName = str_replace('-', '_', $firewall['provider'])])) { - throw new InvalidConfigurationException(sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall['provider'])); + throw new InvalidConfigurationException(\sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall['provider'])); } $defaultProvider = $providerIds[$normalizedName]; @@ -614,7 +615,7 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri $userProvider = $this->getUserProvider($container, $id, $firewall, $key, $defaultProvider, $providerIds); if (!$factory instanceof AuthenticatorFactoryInterface) { - throw new InvalidConfigurationException(sprintf('Authenticator factory "%s" ("%s") must implement "%s".', get_debug_type($factory), $key, AuthenticatorFactoryInterface::class)); + throw new InvalidConfigurationException(\sprintf('Authenticator factory "%s" ("%s") must implement "%s".', get_debug_type($factory), $key, AuthenticatorFactoryInterface::class)); } if (null === $userProvider && !$factory instanceof StatelessAuthenticatorFactoryInterface) { @@ -641,6 +642,15 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri } } + if ($container->hasDefinition('debug.security.firewall')) { + foreach ($authenticationProviders as $authenticatorId) { + $container->register('debug.'.$authenticatorId, TraceableAuthenticator::class) + ->setDecoratedService($authenticatorId) + ->setArguments([new Reference('debug.'.$authenticatorId.'.inner')]) + ; + } + } + // the actual entry point is configured by the RegisterEntryPointPass $container->setParameter('security.'.$id.'._indexed_authenticators', $entryPoints); @@ -651,7 +661,7 @@ private function getUserProvider(ContainerBuilder $container, string $id, array { if (isset($firewall[$factoryKey]['provider'])) { if (!isset($providerIds[$normalizedName = str_replace('-', '_', $firewall[$factoryKey]['provider'])])) { - throw new InvalidConfigurationException(sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall[$factoryKey]['provider'])); + throw new InvalidConfigurationException(\sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall[$factoryKey]['provider'])); } return $providerIds[$normalizedName]; @@ -673,12 +683,12 @@ private function getUserProvider(ContainerBuilder $container, string $id, array return 'security.user_providers'; } - throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $factoryKey, $id)); + throw new InvalidConfigurationException(\sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $factoryKey, $id)); } private function createMissingUserProvider(ContainerBuilder $container, string $id, string $factoryKey): string { - $userProvider = sprintf('security.user.provider.missing.%s', $factoryKey); + $userProvider = \sprintf('security.user.provider.missing.%s', $factoryKey); $container->setDefinition( $userProvider, (new ChildDefinition('security.user.provider.missing'))->replaceArgument(0, $id) @@ -758,7 +768,7 @@ private function createHasher(array $config): Reference|array $config['algorithm'] = 'native'; $config['native_algorithm'] = \PASSWORD_ARGON2I; } else { - throw new InvalidConfigurationException(sprintf('Algorithm "argon2i" is not available; use "%s" instead.', \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13') ? 'argon2id" or "auto' : 'auto')); + throw new InvalidConfigurationException(\sprintf('Algorithm "argon2i" is not available; use "%s" instead.', \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13') ? 'argon2id" or "auto' : 'auto')); } return $this->createHasher($config); @@ -771,7 +781,7 @@ private function createHasher(array $config): Reference|array $config['algorithm'] = 'native'; $config['native_algorithm'] = \PASSWORD_ARGON2ID; } else { - throw new InvalidConfigurationException(sprintf('Algorithm "argon2id" is not available; use "%s" or libsodium 1.0.15+ instead.', \defined('PASSWORD_ARGON2I') || $hasSodium ? 'argon2i", "auto' : 'auto')); + throw new InvalidConfigurationException(\sprintf('Algorithm "argon2id" is not available; use "%s" or libsodium 1.0.15+ instead.', \defined('PASSWORD_ARGON2I') || $hasSodium ? 'argon2i", "auto' : 'auto')); } return $this->createHasher($config); @@ -855,7 +865,7 @@ private function createUserDaoProvider(string $name, array $provider, ContainerB return $name; } - throw new InvalidConfigurationException(sprintf('Unable to create definition for "%s" user provider.', $name)); + throw new InvalidConfigurationException(\sprintf('Unable to create definition for "%s" user provider.', $name)); } private function getUserProviderId(string $name): string @@ -886,10 +896,10 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i $userProvider = isset($config['provider']) ? $this->getUserProviderId($config['provider']) : $defaultProvider; if (!$userProvider) { - throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "switch_user" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $id)); + throw new InvalidConfigurationException(\sprintf('Not configuring explicitly the provider for the "switch_user" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $id)); } if ($stateless && null !== $config['target_route']) { - throw new InvalidConfigurationException(sprintf('Cannot set a "target_route" for the "switch_user" listener on the "%s" firewall as it is stateless.', $id)); + throw new InvalidConfigurationException(\sprintf('Cannot set a "target_route" for the "switch_user" listener on the "%s" firewall as it is stateless.', $id)); } $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id; @@ -934,7 +944,7 @@ private function createRequestMatcher(ContainerBuilder $container, ?string $path $container->resolveEnvPlaceholders($ip, null, $usedEnvs); if (!$usedEnvs && !$this->isValidIps($ip)) { - throw new \LogicException(sprintf('The given value "%s" in the "security.access_control" config option is not a valid IP address.', $ip)); + throw new \LogicException(\sprintf('The given value "%s" in the "security.access_control" config option is not a valid IP address.', $ip)); } $usedEnvs = null; diff --git a/EventListener/FirewallListener.php b/EventListener/FirewallListener.php index 4c63ec18..391a4b31 100644 --- a/EventListener/FirewallListener.php +++ b/EventListener/FirewallListener.php @@ -25,14 +25,11 @@ */ class FirewallListener extends Firewall { - private FirewallMapInterface $map; - private LogoutUrlGenerator $logoutUrlGenerator; - - public function __construct(FirewallMapInterface $map, EventDispatcherInterface $dispatcher, LogoutUrlGenerator $logoutUrlGenerator) - { - $this->map = $map; - $this->logoutUrlGenerator = $logoutUrlGenerator; - + public function __construct( + private FirewallMapInterface $map, + EventDispatcherInterface $dispatcher, + private LogoutUrlGenerator $logoutUrlGenerator, + ) { parent::__construct($map, $dispatcher); } diff --git a/EventListener/VoteListener.php b/EventListener/VoteListener.php index 34ca91c3..54eac438 100644 --- a/EventListener/VoteListener.php +++ b/EventListener/VoteListener.php @@ -24,11 +24,9 @@ */ class VoteListener implements EventSubscriberInterface { - private TraceableAccessDecisionManager $traceableAccessDecisionManager; - - public function __construct(TraceableAccessDecisionManager $traceableAccessDecisionManager) - { - $this->traceableAccessDecisionManager = $traceableAccessDecisionManager; + public function __construct( + private TraceableAccessDecisionManager $traceableAccessDecisionManager, + ) { } public function onVoterVote(VoteEvent $event): void diff --git a/RememberMe/DecoratedRememberMeHandler.php b/RememberMe/DecoratedRememberMeHandler.php index ed6d0ed2..dd607245 100644 --- a/RememberMe/DecoratedRememberMeHandler.php +++ b/RememberMe/DecoratedRememberMeHandler.php @@ -24,11 +24,9 @@ */ final class DecoratedRememberMeHandler implements RememberMeHandlerInterface { - private RememberMeHandlerInterface $handler; - - public function __construct(RememberMeHandlerInterface $handler) - { - $this->handler = $handler; + public function __construct( + private RememberMeHandlerInterface $handler, + ) { } public function createRememberMeCookie(UserInterface $user): void diff --git a/Resources/config/security_authenticator.php b/Resources/config/security_authenticator.php index 92c91e98..1ea4ef55 100644 --- a/Resources/config/security_authenticator.php +++ b/Resources/config/security_authenticator.php @@ -67,7 +67,7 @@ // Listeners ->set('security.listener.check_authenticator_credentials', CheckCredentialsListener::class) ->args([ - service('security.password_hasher_factory'), + service('security.password_hasher_factory'), ]) ->tag('kernel.event_subscriber') diff --git a/Resources/config/security_authenticator_login_link.php b/Resources/config/security_authenticator_login_link.php index 9a46a092..cb08d61b 100644 --- a/Resources/config/security_authenticator_login_link.php +++ b/Resources/config/security_authenticator_login_link.php @@ -12,6 +12,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator; use Symfony\Bundle\SecurityBundle\LoginLink\FirewallAwareLoginLinkHandler; +use Symfony\Component\DependencyInjection\Parameter; use Symfony\Component\Security\Core\Signature\ExpiredSignatureStorage; use Symfony\Component\Security\Core\Signature\SignatureHasher; use Symfony\Component\Security\Http\Authenticator\LoginLinkAuthenticator; @@ -43,7 +44,7 @@ ->args([ service('property_accessor'), abstract_arg('signature properties'), - '%kernel.secret%', + new Parameter('kernel.secret'), abstract_arg('expired signature storage'), abstract_arg('max signature uses'), ]) diff --git a/Resources/config/security_authenticator_remember_me.php b/Resources/config/security_authenticator_remember_me.php index b861d0de..d45c26df 100644 --- a/Resources/config/security_authenticator_remember_me.php +++ b/Resources/config/security_authenticator_remember_me.php @@ -12,6 +12,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator; use Symfony\Bundle\SecurityBundle\RememberMe\FirewallAwareRememberMeHandler; +use Symfony\Component\DependencyInjection\Parameter; use Symfony\Component\Security\Core\Signature\SignatureHasher; use Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator; use Symfony\Component\Security\Http\EventListener\CheckRememberMeConditionsListener; @@ -30,7 +31,7 @@ ->args([ service('property_accessor'), abstract_arg('signature properties'), - '%kernel.secret%', + new Parameter('kernel.secret'), null, null, ]) @@ -85,7 +86,6 @@ ->abstract() ->args([ abstract_arg('remember me handler'), - param('kernel.secret'), service('security.token_storage'), abstract_arg('options'), service('logger')->nullOnInvalid(), diff --git a/Resources/views/Collector/security.html.twig b/Resources/views/Collector/security.html.twig index 4dd0b021..635d61e2 100644 --- a/Resources/views/Collector/security.html.twig +++ b/Resources/views/Collector/security.html.twig @@ -29,10 +29,50 @@ padding: 0 0 8px 0; } + #collector-content .authenticator-name { + align-items: center; + display: flex; + gap: 16px; + } + + #collector-content .authenticators .toggle-button { + margin-left: auto; + } + #collector-content .authenticators .sf-toggle-on .toggle-button { + transform: rotate(180deg); + } + #collector-content .authenticators .toggle-button svg { + display: block; + } + + #collector-content .authenticators th, + #collector-content .authenticators td { + vertical-align: baseline; + } + #collector-content .authenticators th, + #collector-content .authenticators td { + vertical-align: baseline; + } + + #collector-content .authenticators .label { + display: block; + text-align: center; + } + + #collector-content .authenticator-data { + box-shadow: none; + margin: 0; + } + + #collector-content .authenticator-data tr:first-child th, + #collector-content .authenticator-data tr:first-child td { + border-top: 0; + } + #collector-content .authenticators .badge { color: var(--white); display: inline-block; - text-align: center; + margin: 4px 0; } #collector-content .authenticators .badge.badge-resolved { background-color: var(--green-500); @@ -40,13 +80,6 @@ #collector-content .authenticators .badge.badge-not_resolved { background-color: var(--yellow-500); } - - #collector-content .authenticators svg[data-icon-name="icon-tabler-check"] { - color: var(--green-500); - } - #collector-content .authenticators svg[data-icon-name="icon-tabler-x"] { - color: var(--red-500); - } {% endblock %} @@ -181,6 +214,17 @@ {{ source('@WebProfiler/Icon/' ~ (collector.authenticated ? 'yes' : 'no') ~ '.svg') }} Authenticated + + {% if collector.authProfileToken %} +
+ + + {{- collector.authProfileToken -}} + + + From +
+ {% endif %} @@ -219,7 +263,15 @@
{% elseif collector.enabled %}
-

There is no security token.

+

+ There is no security token. + {% if collector.deauthProfileToken %} + It was removed in + + {{- collector.deauthProfileToken -}} + . + {% endif %} +

{% endif %} @@ -318,7 +370,7 @@ {{ profiler_dump(listener.stub) }} - {{ '%0.2f'|format(listener.time * 1000) }} ms + {{ listener.time is null ? '(none)' : '%0.2f ms'|format(listener.time * 1000) }} {{ listener.response ? profiler_dump(listener.response) : '(none)' }} @@ -336,48 +388,90 @@
{% if collector.authenticators|default([]) is not empty %} + + + + - - - - - - + + - - {% set previous_event = (collector.listeners|first) %} - {% for authenticator in collector.authenticators %} - {% if loop.first or authenticator != previous_event %} - {% if not loop.first %} - - {% endif %} - - - {% set previous_event = authenticator %} - {% endif %} - - - - - - - - + + - - {% if loop.last %} - - {% endif %} {% endfor %}
AuthenticatorSupportsAuthenticatedDurationPassportBadgesStatusAuthenticator
{{ profiler_dump(authenticator.stub) }}{{ source('@WebProfiler/Icon/' ~ (authenticator.supports ? 'yes' : 'no') ~ '.svg') }}{{ authenticator.authenticated is not null ? source('@WebProfiler/Icon/' ~ (authenticator.authenticated ? 'yes' : 'no') ~ '.svg') : '' }}{{ '%0.2f'|format(authenticator.duration * 1000) }} ms{{ authenticator.passport ? profiler_dump(authenticator.passport) : '(none)' }} - {% for badge in authenticator.badges ?? [] %} - - {{ badge.stub|abbr_class }} - + {% for i, authenticator in collector.authenticators %} +
+ {% if authenticator.authenticated %} + {% set status_text, label_status = 'success', 'success' %} + {% elseif authenticator.authenticated is null %} + {% set status_text, label_status = 'skipped', false %} {% else %} - (none) - {% endfor %} + {% set status_text, label_status = 'failure', 'error' %} + {% endif %} + {{ status_text }} + + + {{ profiler_dump(authenticator.stub) }} + + +
+ {% if authenticator.supports is same as(false) %} +
+

This authenticator did not support the request.

+
+ {% elseif authenticator.authenticated is null %} +
+

An authenticator ran before this one.

+
+ {% else %} + + + + + + + + + + + + + + {% if authenticator.passport %} + + + + + {% endif %} + {% if authenticator.badges %} + + + + + {% endif %} + {% if authenticator.exception %} + + + + + {% endif %} +
Lazy{{ authenticator.supports is null ? 'yes' : 'no' }}
Duration{{ '%0.2f ms'|format(authenticator.duration * 1000) }}
Passport{{ profiler_dump(authenticator.passport) }}
Badges + {% for badge in authenticator.badges %} + + {{ badge.stub|abbr_class }} + + {% endfor %} +
Exception{{ profiler_dump(authenticator.exception) }}
+ {% endif %} +
{% else %} diff --git a/Security.php b/Security.php index e0aa0042..915f766f 100644 --- a/Security.php +++ b/Security.php @@ -74,14 +74,15 @@ public function getFirewallConfig(Request $request): ?FirewallConfig } /** - * @param UserInterface $user The user to authenticate - * @param string|null $authenticatorName The authenticator name (e.g. "form_login") or service id (e.g. SomeApiKeyAuthenticator::class) - required only if multiple authenticators are configured - * @param string|null $firewallName The firewall name - required only if multiple firewalls are configured - * @param BadgeInterface[] $badges Badges to add to the user's passport + * @param UserInterface $user The user to authenticate + * @param string|null $authenticatorName The authenticator name (e.g. "form_login") or service id (e.g. SomeApiKeyAuthenticator::class) - required only if multiple authenticators are configured + * @param string|null $firewallName The firewall name - required only if multiple firewalls are configured + * @param BadgeInterface[] $badges Badges to add to the user's passport + * @param array $attributes Attributes to add to the user's passport * * @return Response|null The authenticator success response if any */ - public function login(UserInterface $user, ?string $authenticatorName = null, ?string $firewallName = null, array $badges = []): ?Response + public function login(UserInterface $user, ?string $authenticatorName = null, ?string $firewallName = null, array $badges = [], array $attributes = []): ?Response { $request = $this->container->get('request_stack')->getCurrentRequest(); if (null === $request) { @@ -99,7 +100,7 @@ public function login(UserInterface $user, ?string $authenticatorName = null, ?s $userCheckerLocator = $this->container->get('security.user_checker_locator'); $userCheckerLocator->get($firewallName)->checkPreAuth($user); - return $this->container->get('security.authenticator.managers_locator')->get($firewallName)->authenticateUser($user, $authenticator, $request, $badges); + return $this->container->get('security.authenticator.managers_locator')->get($firewallName)->authenticateUser($user, $authenticator, $request, $badges, $attributes); } /** @@ -131,7 +132,7 @@ public function logout(bool $validateCsrfToken = true): ?Response if ($validateCsrfToken) { if (!$this->container->has('security.csrf.token_manager') || !$logoutConfig = $firewallConfig->getLogout()) { - throw new LogicException(sprintf('Unable to logout with CSRF token validation. Either make sure that CSRF protection is enabled and "logout" is configured on the "%s" firewall, or bypass CSRF token validation explicitly by passing false to the $validateCsrfToken argument of this method.', $firewallConfig->getName())); + throw new LogicException(\sprintf('Unable to logout with CSRF token validation. Either make sure that CSRF protection is enabled and "logout" is configured on the "%s" firewall, or bypass CSRF token validation explicitly by passing false to the $validateCsrfToken argument of this method.', $firewallConfig->getName())); } $csrfToken = ParameterBagUtils::getRequestParameterValue($request, $logoutConfig['csrf_parameter']); if (!\is_string($csrfToken) || !$this->container->get('security.csrf.token_manager')->isTokenValid(new CsrfToken($logoutConfig['csrf_token_id'], $csrfToken))) { @@ -150,7 +151,7 @@ public function logout(bool $validateCsrfToken = true): ?Response private function getAuthenticator(?string $authenticatorName, string $firewallName): AuthenticatorInterface { if (!isset($this->authenticators[$firewallName])) { - throw new LogicException(sprintf('No authenticators found for firewall "%s".', $firewallName)); + throw new LogicException(\sprintf('No authenticators found for firewall "%s".', $firewallName)); } /** @var ServiceProviderInterface $firewallAuthenticatorLocator */ @@ -160,10 +161,10 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa $authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices()); if (!$authenticatorIds) { - throw new LogicException(sprintf('No authenticator was found for the firewall "%s".', $firewallName)); + throw new LogicException(\sprintf('No authenticator was found for the firewall "%s".', $firewallName)); } if (1 < \count($authenticatorIds)) { - throw new LogicException(sprintf('Too many authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds))); + throw new LogicException(\sprintf('Too many authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds))); } return $firewallAuthenticatorLocator->get($authenticatorIds[0]); @@ -176,7 +177,7 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName; if (!$firewallAuthenticatorLocator->has($authenticatorId)) { - throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Available authenticators: "%s".', $authenticatorName, $firewallName, implode('", "', array_keys($firewallAuthenticatorLocator->getProvidedServices())))); + throw new LogicException(\sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Available authenticators: "%s".', $authenticatorName, $firewallName, implode('", "', array_keys($firewallAuthenticatorLocator->getProvidedServices())))); } return $firewallAuthenticatorLocator->get($authenticatorId); diff --git a/Security/FirewallAwareTrait.php b/Security/FirewallAwareTrait.php index c5f04511..38260aab 100644 --- a/Security/FirewallAwareTrait.php +++ b/Security/FirewallAwareTrait.php @@ -44,7 +44,7 @@ private function getForFirewall(): object if (!$this->locator->has($firewallName)) { $message = 'No '.$serviceIdentifier.' found for this firewall.'; if (\defined(static::class.'::FIREWALL_OPTION')) { - $message .= sprintf(' Did you forget to add a "'.static::FIREWALL_OPTION.'" key under your "%s" firewall?', $firewallName); + $message .= \sprintf(' Did you forget to add a "'.static::FIREWALL_OPTION.'" key under your "%s" firewall?', $firewallName); } throw new \LogicException($message); diff --git a/Security/FirewallContext.php b/Security/FirewallContext.php index c100d353..63648bd6 100644 --- a/Security/FirewallContext.php +++ b/Security/FirewallContext.php @@ -22,20 +22,15 @@ */ class FirewallContext { - private iterable $listeners; - private ?ExceptionListener $exceptionListener; - private ?LogoutListener $logoutListener; - private ?FirewallConfig $config; - /** * @param iterable $listeners */ - public function __construct(iterable $listeners, ?ExceptionListener $exceptionListener = null, ?LogoutListener $logoutListener = null, ?FirewallConfig $config = null) - { - $this->listeners = $listeners; - $this->exceptionListener = $exceptionListener; - $this->logoutListener = $logoutListener; - $this->config = $config; + public function __construct( + private iterable $listeners, + private ?ExceptionListener $exceptionListener = null, + private ?LogoutListener $logoutListener = null, + private ?FirewallConfig $config = null, + ) { } public function getConfig(): ?FirewallConfig diff --git a/Security/FirewallMap.php b/Security/FirewallMap.php index 2c4f85cf..fc6968f8 100644 --- a/Security/FirewallMap.php +++ b/Security/FirewallMap.php @@ -24,13 +24,10 @@ */ class FirewallMap implements FirewallMapInterface { - private ContainerInterface $container; - private iterable $map; - - public function __construct(ContainerInterface $container, iterable $map) - { - $this->container = $container; - $this->map = $map; + public function __construct( + private ContainerInterface $container, + private iterable $map, + ) { } public function getListeners(Request $request): array diff --git a/Security/LazyFirewallContext.php b/Security/LazyFirewallContext.php index 500b29b1..68357623 100644 --- a/Security/LazyFirewallContext.php +++ b/Security/LazyFirewallContext.php @@ -25,13 +25,14 @@ */ class LazyFirewallContext extends FirewallContext { - private TokenStorage $tokenStorage; - - public function __construct(iterable $listeners, ?ExceptionListener $exceptionListener, ?LogoutListener $logoutListener, ?FirewallConfig $config, TokenStorage $tokenStorage) - { + public function __construct( + iterable $listeners, + ?ExceptionListener $exceptionListener, + ?LogoutListener $logoutListener, + ?FirewallConfig $config, + private TokenStorage $tokenStorage, + ) { parent::__construct($listeners, $exceptionListener, $logoutListener, $config); - - $this->tokenStorage = $tokenStorage; } public function getListeners(): iterable diff --git a/Security/UserAuthenticator.php b/Security/UserAuthenticator.php index 78645780..8989d895 100644 --- a/Security/UserAuthenticator.php +++ b/Security/UserAuthenticator.php @@ -38,8 +38,8 @@ public function __construct(FirewallMap $firewallMap, ContainerInterface $userAu $this->requestStack = $requestStack; } - public function authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request, array $badges = []): ?Response + public function authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request, array $badges = [], array $attributes = []): ?Response { - return $this->getForFirewall()->authenticateUser($user, $authenticator, $request, $badges); + return $this->getForFirewall()->authenticateUser($user, $authenticator, $request, $badges, $attributes); } } diff --git a/Tests/DataCollector/SecurityDataCollectorTest.php b/Tests/DataCollector/SecurityDataCollectorTest.php index e4173b1f..21161d28 100644 --- a/Tests/DataCollector/SecurityDataCollectorTest.php +++ b/Tests/DataCollector/SecurityDataCollectorTest.php @@ -226,7 +226,7 @@ public function testCollectCollectsDecisionLogWhenStrategyIsAffirmative() $voter1 = new DummyVoter(); $voter2 = new DummyVoter(); - $decoratedVoter1 = new TraceableVoter($voter1, new class() implements EventDispatcherInterface { + $decoratedVoter1 = new TraceableVoter($voter1, new class implements EventDispatcherInterface { public function dispatch(object $event, ?string $eventName = null): object { return new \stdClass(); @@ -301,7 +301,7 @@ public function testCollectCollectsDecisionLogWhenStrategyIsUnanimous() $voter1 = new DummyVoter(); $voter2 = new DummyVoter(); - $decoratedVoter1 = new TraceableVoter($voter1, new class() implements EventDispatcherInterface { + $decoratedVoter1 = new TraceableVoter($voter1, new class implements EventDispatcherInterface { public function dispatch(object $event, ?string $eventName = null): object { return new \stdClass(); diff --git a/Tests/Debug/TraceableFirewallListenerTest.php b/Tests/Debug/TraceableFirewallListenerTest.php index 6dad1f3a..cdf53c20 100644 --- a/Tests/Debug/TraceableFirewallListenerTest.php +++ b/Tests/Debug/TraceableFirewallListenerTest.php @@ -22,6 +22,7 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Authentication\AuthenticatorManager; +use Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticator; use Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticatorManagerListener; use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; @@ -99,7 +100,7 @@ public function testOnKernelRequestRecordsAuthenticatorsInfo() $tokenStorage = $this->createMock(TokenStorageInterface::class); $dispatcher = new EventDispatcher(); $authenticatorManager = new AuthenticatorManager( - [$notSupportingAuthenticator, $supportingAuthenticator], + [new TraceableAuthenticator($notSupportingAuthenticator), new TraceableAuthenticator($supportingAuthenticator)], $tokenStorage, $dispatcher, 'main' diff --git a/Tests/DependencyInjection/Security/Factory/AccessTokenFactoryTest.php b/Tests/DependencyInjection/Security/Factory/AccessTokenFactoryTest.php index 65e54af3..ce105759 100644 --- a/Tests/DependencyInjection/Security/Factory/AccessTokenFactoryTest.php +++ b/Tests/DependencyInjection/Security/Factory/AccessTokenFactoryTest.php @@ -214,7 +214,7 @@ public function testOidcTokenHandlerConfigurationWithSingleAlgorithm() 'index_0' => (new ChildDefinition('security.access_token_handler.oidc.signature')) ->replaceArgument(0, ['RS256']), 'index_1' => (new ChildDefinition('security.access_token_handler.oidc.jwkset')) - ->replaceArgument(0, sprintf('{"keys":[%s]}', $jwk)), + ->replaceArgument(0, \sprintf('{"keys":[%s]}', $jwk)), 'index_2' => 'audience', 'index_3' => ['https://www.example.com'], 'index_4' => 'sub', diff --git a/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php b/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php index de3db233..e57cda13 100644 --- a/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php +++ b/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php @@ -14,7 +14,6 @@ use PHPUnit\Framework\TestCase; use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension; use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\Authenticator\CustomAuthenticator; -use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\UserProvider\CustomProvider; use Symfony\Component\Config\FileLocator; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\Loader\XmlFileLoader; diff --git a/Tests/Functional/AccessTokenTest.php b/Tests/Functional/AccessTokenTest.php index 00c11bf4..8e87cd54 100644 --- a/Tests/Functional/AccessTokenTest.php +++ b/Tests/Functional/AccessTokenTest.php @@ -378,7 +378,7 @@ public function testOidcSuccess() ); $client = $this->createClient(['test_case' => 'AccessToken', 'root_config' => 'config_oidc.yml']); - $client->request('GET', '/foo', [], [], ['HTTP_AUTHORIZATION' => sprintf('Bearer %s', $token)]); + $client->request('GET', '/foo', [], [], ['HTTP_AUTHORIZATION' => \sprintf('Bearer %s', $token)]); $response = $client->getResponse(); $this->assertInstanceOf(Response::class, $response); diff --git a/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php b/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php index 7bc8e735..034c1d41 100644 --- a/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php +++ b/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php @@ -18,6 +18,6 @@ class FooController { public function __invoke(UserInterface $user): JsonResponse { - return new JsonResponse(['message' => sprintf('Welcome @%s!', $user->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome @%s!', $user->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php b/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php index d6148158..2d5139ed 100644 --- a/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php +++ b/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php @@ -21,6 +21,6 @@ class JsonAuthenticationSuccessHandler implements AuthenticationSuccessHandlerIn { public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response { - return new JsonResponse(['message' => sprintf('Good game @%s!', $token->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Good game @%s!', $token->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php b/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php index 6bd571d1..33cec70a 100644 --- a/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php +++ b/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php @@ -21,6 +21,6 @@ class TestController { public function loginCheckAction(UserInterface $user) { - return new JsonResponse(['message' => sprintf('Welcome @%s!', $user->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome @%s!', $user->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php b/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php index b7dd3fd3..d045636b 100644 --- a/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php +++ b/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php @@ -21,6 +21,6 @@ class JsonAuthenticationSuccessHandler implements AuthenticationSuccessHandlerIn { public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response { - return new JsonResponse(['message' => sprintf('Good game @%s!', $token->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Good game @%s!', $token->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php b/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php index 06997641..04caf251 100644 --- a/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php +++ b/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php @@ -21,6 +21,6 @@ class TestCustomLoginLinkSuccessHandler implements AuthenticationSuccessHandlerI { public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response { - return new JsonResponse(['message' => sprintf('Welcome %s!', $token->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome %s!', $token->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php b/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php index 55b411da..553cff38 100644 --- a/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php +++ b/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php @@ -12,7 +12,6 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User; use Symfony\Bundle\SecurityBundle\Tests\Functional\UserWithoutEquatable; -use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UserNotFoundException; use Symfony\Component\Security\Core\User\InMemoryUser; use Symfony\Component\Security\Core\User\UserInterface; @@ -48,7 +47,7 @@ public function loadUserByIdentifier(string $identifier): UserInterface $user = $this->getUser($identifier); if (null === $user) { - $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier)); + $e = new UserNotFoundException(\sprintf('User "%s" not found.', $identifier)); $e->setUsername($identifier); throw $e; @@ -59,10 +58,6 @@ public function loadUserByIdentifier(string $identifier): UserInterface public function refreshUser(UserInterface $user): UserInterface { - if (!$user instanceof UserInterface) { - throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user))); - } - $storedUser = $this->getUser($user->getUserIdentifier()); $class = $storedUser::class; diff --git a/Tests/Functional/CsrfFormLoginTest.php b/Tests/Functional/CsrfFormLoginTest.php index 6df9aa5f..ee8cc60a 100644 --- a/Tests/Functional/CsrfFormLoginTest.php +++ b/Tests/Functional/CsrfFormLoginTest.php @@ -142,7 +142,7 @@ private function callInRequestContext(KernelBrowser $client, callable $callable) $eventDispatcher->addListener(KernelEvents::REQUEST, $wrappedCallable); try { - $client->request('GET', '/'.uniqid('', true)); + $client->request('GET', '/not-existent'); } finally { $eventDispatcher->removeListener(KernelEvents::REQUEST, $wrappedCallable); } diff --git a/Tests/Functional/LogoutTest.php b/Tests/Functional/LogoutTest.php index 50473ed8..d11c535d 100644 --- a/Tests/Functional/LogoutTest.php +++ b/Tests/Functional/LogoutTest.php @@ -90,7 +90,7 @@ private function callInRequestContext(KernelBrowser $client, callable $callable) $eventDispatcher->addListener(KernelEvents::REQUEST, $wrappedCallable); try { - $client->request('GET', '/'.uniqid('', true)); + $client->request('GET', '/not-existent'); } finally { $eventDispatcher->removeListener(KernelEvents::REQUEST, $wrappedCallable); } diff --git a/Tests/Functional/RememberMeCookieTest.php b/Tests/Functional/RememberMeCookieTest.php index d91b321b..34fbca10 100644 --- a/Tests/Functional/RememberMeCookieTest.php +++ b/Tests/Functional/RememberMeCookieTest.php @@ -24,7 +24,7 @@ public function testSessionRememberMeSecureCookieFlagAuto($https, $expectedSecur '_username' => 'test', '_password' => 'test', ], [], [ - 'HTTPS' => (int) $https, + 'HTTPS' => (int) $https, ]); $cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY); diff --git a/Tests/Functional/SecurityTest.php b/Tests/Functional/SecurityTest.php index 201c2a53..dadd0d69 100644 --- a/Tests/Functional/SecurityTest.php +++ b/Tests/Functional/SecurityTest.php @@ -134,7 +134,7 @@ public function testLogoutWithCsrf() }; $eventDispatcher->addListener(KernelEvents::REQUEST, $setCsrfToken); try { - $client->request('GET', '/'.uniqid('', true)); + $client->request('GET', '/not-existent'); } finally { $eventDispatcher->removeListener(KernelEvents::REQUEST, $setCsrfToken); } @@ -250,7 +250,7 @@ public function welcome() $user = new InMemoryUser('chalasr', 'the-password', ['ROLE_FOO']); $this->security->login($user, $this->authenticator); - return new JsonResponse(['message' => sprintf('Welcome @%s!', $this->security->getUser()->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome @%s!', $this->security->getUser()->getUserIdentifier())]); } } @@ -274,6 +274,6 @@ class LoggedInController { public function __invoke(UserInterface $user) { - return new JsonResponse(['message' => sprintf('Welcome back @%s', $user->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome back @%s', $user->getUserIdentifier())]); } } diff --git a/Tests/Functional/app/AppKernel.php b/Tests/Functional/app/AppKernel.php index edac38dd..6fa8aedb 100644 --- a/Tests/Functional/app/AppKernel.php +++ b/Tests/Functional/app/AppKernel.php @@ -29,7 +29,7 @@ class AppKernel extends Kernel public function __construct($varDir, $testCase, $rootConfig, $environment, $debug) { if (!is_dir(__DIR__.'/'.$testCase)) { - throw new \InvalidArgumentException(sprintf('The test case "%s" does not exist.', $testCase)); + throw new \InvalidArgumentException(\sprintf('The test case "%s" does not exist.', $testCase)); } $this->varDir = $varDir; $this->testCase = $testCase; @@ -37,7 +37,7 @@ public function __construct($varDir, $testCase, $rootConfig, $environment, $debu $fs = new Filesystem(); foreach ((array) $rootConfig as $config) { if (!$fs->isAbsolutePath($config) && !is_file($config = __DIR__.'/'.$testCase.'/'.$config)) { - throw new \InvalidArgumentException(sprintf('The root config "%s" does not exist.', $config)); + throw new \InvalidArgumentException(\sprintf('The root config "%s" does not exist.', $config)); } $this->rootConfig[] = $config; @@ -54,7 +54,7 @@ public function getContainerClass(): string public function registerBundles(): iterable { if (!is_file($filename = $this->getProjectDir().'/'.$this->testCase.'/bundles.php')) { - throw new \RuntimeException(sprintf('The bundles file "%s" does not exist.', $filename)); + throw new \RuntimeException(\sprintf('The bundles file "%s" does not exist.', $filename)); } return include $filename; diff --git a/Tests/SecurityTest.php b/Tests/SecurityTest.php index b7df6e09..d4b336b4 100644 --- a/Tests/SecurityTest.php +++ b/Tests/SecurityTest.php @@ -33,6 +33,7 @@ use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; use Symfony\Component\Security\Http\Event\LogoutEvent; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; use Symfony\Contracts\Service\ServiceProviderInterface; @@ -135,6 +136,7 @@ public function testLogin() $userAuthenticator = $this->createMock(UserAuthenticatorInterface::class); $user = $this->createMock(UserInterface::class); $userChecker = $this->createMock(UserCheckerInterface::class); + $badge = new UserBadge('foo'); $container = new Container(); $container->set('request_stack', $requestStack); @@ -143,7 +145,7 @@ public function testLogin() $container->set('security.user_checker_locator', $this->createContainer('main', $userChecker)); $firewallMap->expects($this->once())->method('getFirewallConfig')->willReturn($firewall); - $userAuthenticator->expects($this->once())->method('authenticateUser')->with($user, $authenticator, $request); + $userAuthenticator->expects($this->once())->method('authenticateUser')->with($user, $authenticator, $request, [$badge], ['foo' => 'bar']); $userChecker->expects($this->once())->method('checkPreAuth')->with($user); $firewallAuthenticatorLocator = $this->createMock(ServiceProviderInterface::class); @@ -161,7 +163,7 @@ public function testLogin() $security = new Security($container, ['main' => $firewallAuthenticatorLocator]); - $security->login($user); + $security->login($user, badges: [$badge], attributes: ['foo' => 'bar']); } public function testLoginReturnsAuthenticatorResponse() diff --git a/composer.json b/composer.json index 5c9cd954..8660196a 100644 --- a/composer.json +++ b/composer.json @@ -26,9 +26,9 @@ "symfony/http-kernel": "^6.4|^7.0", "symfony/http-foundation": "^6.4|^7.0", "symfony/password-hasher": "^6.4|^7.0", - "symfony/security-core": "^6.4|^7.0", + "symfony/security-core": "^7.2", "symfony/security-csrf": "^6.4|^7.0", - "symfony/security-http": "^7.1", + "symfony/security-http": "^7.2", "symfony/service-contracts": "^2.5|^3" }, "require-dev": { @@ -50,7 +50,7 @@ "symfony/twig-bridge": "^6.4|^7.0", "symfony/validator": "^6.4|^7.0", "symfony/yaml": "^6.4|^7.0", - "twig/twig": "^3.0.4", + "twig/twig": "^3.12", "web-token/jwt-library": "^3.3.2|^4.0" }, "conflict": {