8000 [Security] Add user impersonation support for stateless authentication · symfony/symfony@0f57086 · GitHub
[go: up one dir, main page]
Skip to content

Commit 0f57086

Browse files
author
Robin Chalas
committed
[Security] Add user impersonation support for stateless authentication
1 parent bd3bc69 commit 0f57086

24 files changed

+120
-20
lines changed

UPGRADE-3.4.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -302,6 +302,9 @@ SecurityBundle
302302

303303
* Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0.
304304
Use another authentication system like `http_basic` instead.
305+
306+
* Deprecated setting the `switch_user.stateless` option to false when the firewall is `stateless`.
307+
Setting it to false will have no effect in 4.0.
305308

306309
Translation
307310
-----------

UPGRADE-4.0.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -677,6 +677,8 @@ SecurityBundle
677677

678678
* Removed the HTTP digest authentication system. The `HttpDigestFactory` class
679679
has been removed. Use another authentication system like `http_basic` instead.
680+
681+
* The `switch_user.stateless` option is now always true if the firewall is stateless.
680682

681683
Serializer
682684
----------

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ CHANGELOG
1414
* deprecated HTTP digest authentication
1515
* deprecated command `acl:set` along with `SetAclCommand` class
1616
* deprecated command `init:acl` along with `InitAclCommand` class
17+
* added `stateless` option to the `switch_user` listener
1718

1819
3.3.0
1920
-----

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -304,6 +304,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
304304
->scalarNode('provider')->end()
305305
->scalarNode('parameter')->defaultValue('_switch_user')->end()
306306
->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()
307+
->booleanNode('stateless')->defaultValue(false)->end()
307308
->end()
308309
->end()
309310
;

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -455,7 +455,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
455455
// Switch user listener
456456
if (isset($firewall['switch_user'])) {
457457
$listenerKeys[] = 'switch_user';
458-
$listeners[] = new Reference($this->createSwitchUserListener($container, $id, $firewall['switch_user'], $defaultProvider));
458+
$listeners[] = new Reference($this->createSwitchUserListener($container, $id, $firewall['switch_user'], $defaultProvider, $firewall['stateless']));
459459
}
460460

461461
// Access listener
@@ -686,17 +686,23 @@ private function createExceptionListener($container, $config, $id, $defaultEntry
686686
return $exceptionListenerId;
687687
}
688688

689-
private function createSwitchUserListener($container, $id, $config, $defaultProvider)
689+
private function createSwitchUserListener($container, $id, $config, $defaultProvider, $stateless)
690690
{
691691
$userProvider = isset($config['provider']) ? $this->getUserProviderId($config['provider']) : $defaultProvider;
692692

693+
// in 4.0, ignore the `switch_user.stateless` key if $stateless is `true`
694+
if ($stateless && false === $config['stateless']) {
695+
@trigger_error(sprintf('Firewall "%s" is configured as "stateless" but the "switch_user.stateless" key is set to false. Both should have the same value, the firewall\'s "stateless" value will be used as default value for the "switch_user.stateless" key in 4.0.', $id), E_USER_DEPRECATED);
696+
}
697+
693698
$switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
694699
$listener = $container->setDefinition($switchUserListenerId, new ChildDefinition('security.authentication.switchuser_listener'));
695700
$listener->replaceArgument(1, new Reference($userProvider));
696701
$listener->replaceArgument(2, new Reference('security.user_checker.'.$id));
697702
$listener->replaceArgument(3, $id);
698703
$listener->replaceArgument(6, $config['parameter']);
699704
$listener->replaceArgument(7, $config['role']);
705+
$listener->replaceArgument(9, $config['stateless']);
700706

701707
return $switchUserListenerId;
702708
}

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -241,6 +241,7 @@
241241
<argument>_switch_user</argument>
242242
<argument>ROLE_ALLOWED_TO_SWITCH</argument>
243243
<argument type="service" id="event_dispatcher" on-invalid="null"/>
244+
<argument>false</argument> <!-- Stateless -->
244245
</service>
245246

246247
<service id="security.access_listener" class="Symfony\Component\Security\Http\Firewall\AccessListener">

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,7 @@ public function testFirewalls()
129129
array(
130130
'parameter' => '_switch_user',
131131
'role' => 'ROLE_ALLOWED_TO_SWITCH',
132+
'stateless' => true,
132133
),
133134
),
134135
array(
@@ -255,6 +256,7 @@ public function testFirewallsWithDigest()
255256
array(
256257
'parameter' => '_switch_user',
257258
'role' => 'ROLE_ALLOWED_TO_SWITCH',
259+
'stateless' => true,
258260
),
259261
),
260262
array(

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@
6565
'http_basic' => true,
6666
'form_login' => true,
6767
'anonymous' => true,
68-
'switch_user' => true,
68+
'switch_user' => array('stateless' => true),
6969
'x509' => true,
7070
'remote_user' => true,
7171
'logout' => true,

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@
6767
'http_digest' => array('secret' => 'TheSecret'),
6868
'form_login' => true,
6969
'anonymous' => true,
70-
'switch_user' => true,
70+
'switch_user' => array('stateless' => true),
7171
'x509' => true,
7272
'remote_user' => true,
7373
'logout' => true,

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@
6767
'http_digest' => array('secret' => 'TheSecret'),
6868
'form_login' => true,
6969
'anonymous' => true,
70-
'switch_user' => true,
70+
'switch_user' => array('stateless' => true),
7171
'x509' => true,
7272
'remote_user' => true,
7373
'logout' => true,

0 commit comments

Comments
 (0)
0