10000 feature #18211 [Security] Use auth trust resolver to determine anonym… · symfony/symfony@434a2f5 · GitHub
[go: up one dir, main page]
Skip to content

Commit 434a2f5

Browse files
fabpotfabpot
committed
feature #18211 [Security] Use auth trust resolver to determine anonymous in ContextListener (WouterJ)
This PR was squashed before being merged into the 3.1-dev branch (closes #18211). Discussion ---------- [Security] Use auth trust resolver to determine anonymous in ContextListener | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | not done yet There is a nice class in Symfony that is used to check whether a token is anonymously: `AuthenticationTrustResolver`. However, its logic was still hard coded in the `ContextListener`, making it impossible to customize it (e.g. using another anonymous token class). I think it makes lots of sense to use the dedicated class. Commits ------- ab5578e [Security] Use auth trust resolver to determine anonymous in ContextListener
2 parents 1b21647 + ab5578e commit 434a2f5

File tree

3 files changed

+16
-4
lines changed

3 files changed

+16
-4
lines changed

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,8 @@
4141
<argument type="collection" />
4242
<argument /> <!-- Provider Key -->
4343
<argument type="service" id="logger" on-invalid="null" />
44-
<argument type="service" id="event_dispatcher" on-invalid="null"/>
44+
<argument type="service" id="event_dispatcher" on-invalid="null" />
45+
<argument type="service" id="security.authentication.trust_resolver" />
4546
</service>
4647

4748
<service id="security.logout_listener" class="Symfony\Component\Security\Http\Firewall\LogoutListener" public="false" abstract="true">

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@
1515
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
1616
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1717
use Symfony\Component\HttpKernel\KernelEvents;
18-
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
18+
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
19+
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
1920
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2021
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
2122
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
@@ -39,8 +40,9 @@ class ContextListener implements ListenerInterface
3940
private $userProviders;
4041
private $dispatcher;
4142
private $registered;
43+
private $trustResolver;
4244

43-
public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
45+
public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
4446
{
4547
if (empty($contextKey)) {
4648
throw new \InvalidArgumentException('$contextKey must not be empty.');
@@ -58,6 +60,7 @@ public function __construct(TokenStorageInterface $tokenStorage, array $userProv
5860
$this->sessionKey = '_security_'.$contextKey;
5961
$this->logger = $logger;
6062
$this->dispatcher = $dispatcher;
63+
$this->trustResolver = $trustResolver ?: new AuthenticationTrustResolver('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken', 'Symfony\Component\Security\Core\Authentication\Token\RememberMeToken');
6164
}
6265

6366
/**
@@ -121,7 +124,7 @@ public function onKernelResponse(FilterResponseEvent $event)
121124
$request = $event->getRequest();
122125
$session = $request->getSession();
123126

124-
if ((null === $token = $this->tokenStorage->getToken()) || ($token instanceof AnonymousToken)) {
127+
if ((null === $token = $this->tokenStorage->getToken()) || $this->trustResolver->isAnonymous($token)) {
125128
if ($request->hasPreviousSession()) {
126129
$session->remove($this->sessionKey);
127130
}

src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1919
use Symfony\Component\HttpKernel\HttpKernelInterface;
2020
use Symfony\Component\HttpKernel\KernelEvents;
21+
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
2122
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
2223
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
2324
use Symfony\Component\Security\Http\Firewall\ContextListener;
@@ -85,6 +86,13 @@ public function testOnKernelResponseWillRemoveSession()
8586
$this->assertFalse($session->has('_security_session'));
8687
}
8788

89+
public function testOnKernelResponseWillRemoveSessionOnAnonymousToken()
90+
{
91+
$session = $this->runSessionOnKernelResponse(new AnonymousToken('secret', 'anon.'), 'C:10:"serialized"');
92+
93+
$this->assertFalse($session->has('_security_session'));
94+
}
95+
8896
public function testOnKernelResponseWithoutSession()
8997
{
9098
$tokenStorage = new TokenStorage();

0 commit comments

Comments
 (0)
0