8000 Fixed entry point resolving and guard entry point configuration · symfony/symfony@6c8ab3f · GitHub
[go: up one dir, main page]

Skip to content

Commit 6c8ab3f

Browse files
committed
Fixed entry point resolving and guard entry point configuration
1 parent c30d6f9 commit 6c8ab3f

File tree

3 files changed

+140
-4
lines changed

3 files changed

+140
-4
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
1313

1414
use Symfony\Component\Config\Definition\Builder\NodeDefinition;
15+
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
1516
use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
1617
use Symfony\Component\DependencyInjection\ChildDefinition;
1718
use Symfony\Component\DependencyInjection\ContainerBuilder;
@@ -118,10 +119,8 @@ public function createEntryPoint(ContainerBuilder $container, string $id, array
118119
try {
119120
return $this->determineEntryPoint(null, $config);
120121
} catch (\LogicException $e) {
121-
// ignore the exception, the new system prefers setting "entry_point" over "guard.entry_point"
122+
throw new InvalidConfigurationException(sprintf('Because you have multiple guard authenticators, you need to set the "entry_point" key to one of your authenticators (%s).', implode(', ', $config['authenticators'])));
122123
}
123-
124-
return null;
125124
}
126125

127126
private function determineEntryPoint(?string $defaultEntryPointId, array $config): string

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
use Symfony\Component\DependencyInjection\Reference;
3434
use Symfony\Component\EventDispatcher\EventDispatcher;
3535
use Symfony\Component\HttpKernel\DependencyInjection\Extension;
36+
use Symfony\Component\Ldap\Entry;
3637
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
3738
use Symfony\Component\Security\Core\Encoder\NativePasswordEncoder;
3839
use Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
@@ -443,6 +444,9 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
443444
if (!$this->authenticatorManagerEnabled) {
444445
$authenticationProviders = array_merge($authenticationProviders, $firewallAuthenticationProviders);
445446
} else {
447+
// $configuredEntryPoint is resolved into a service ID and stored in $defaultEntryPoint
448+
$configuredEntryPoint = $defaultEntryPoint;
449+
446450
// authenticator manager
447451
$authenticators = array_map(function ($id) {
448452
return new Reference($id);
@@ -543,7 +547,7 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
543547
$authenticationProviders[] = $authenticators;
544548
}
545549

546-
if ($factory instanceof EntryPointFactoryInterface && ($entryPoint = $factory->createEntryPoint($container, $id, $firewall[$key], null))) {
550+
if ($factory instanceof EntryPointFactoryInterface && ($entryPoint = $factory->createEntryPoint($container, $id, $firewall[$key]))) {
547551
$entryPoints[$key] = $entryPoint;
548552
}
549553
} else {

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Lines changed: 133 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,21 @@
1616
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
1717
use Symfony\Bundle\SecurityBundle\SecurityBundle;
1818
use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\UserProvider\DummyProvider;
19+
use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\FirewallEntryPointBundle\Security\EntryPointStub;
20+
use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle\AppCustomAuthenticator;
21+
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
1922
use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
2023
use Symfony\Component\DependencyInjection\ContainerBuilder;
2124
use Symfony\Component\DependencyInjection\Reference;
2225
use Symfony\Component\ExpressionLanguage\Expression;
26+
use Symfony\Component\HttpFoundation\Request;
27+
use Symfony\Component\HttpFoundation\Response;
28+
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
29+
use Symfony\Component\Security\C 57AE ore\Exception\AuthenticationException;
30+
use Symfony\Component\Security\Core\User\UserInterface;
2331
use Symfony\Component\Security\Core\User\UserProviderInterface;
32+
use Symfony\Component\Security\Guard\AuthenticatorInterface;
33+
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
2434

2535
class SecurityExtensionTest extends TestCase
2636
{
@@ -413,6 +423,90 @@ public function testSwitchUserWithSeveralDefinedProvidersButNoFirewallRootProvid
413423
$this->assertEquals(new Reference('security.user.provider.concrete.second'), $container->getDefinition('security.authentication.switchuser_listener.foobar')->getArgument(1));
414424
}
415425

426+
/**
427+
* @dataProvider provideEntryPointFirewalls
428+
*/
429+
public function testAuthenticatorManagerEnabledEntryPoint(array $firewall, $entryPointId)
430+
{
431+
$container = $this->getRawContainer();
432+
$container->loadFromExtension('security', [
433+
'enable_authenticator_manager' => true,
434+
'providers' => [
435+
'first' => ['id' => 'users'],
436+
],
437+
438+
'firewalls' => [
439+
'main' => $firewall,
440+
],
441+
]);
442+
443+
$container->compile();
444+
445+
$this->assertEquals($entryPointId, (string) $container->getDefinition('security.firewall.map.config.main')->getArgument(7));
446+
$this->assertEquals($entryPointId, (string) $container->getDefinition('security.exception_listener.main')->getArgument(4));
447+
}
448+
449+
public function provideEntryPointFirewalls()
450+
{
451+
// only one entry point available
452+
yield [['http_basic' => true], 'security.authentication.basic_entry_point.main'];
453+
// explicitly configured by authenticator key
454+
yield [['form_login' => true, 'http_basic' => true, 'entry_point' => 'form_login'], 'security.authentication.form_entry_point.main'];
455+
// explicitly configured another service
456+
yield [['form_login' => true, 'entry_point' => EntryPointStub::class], EntryPointStub::class];
457+
// no entry point required
458+
yield [['json_login' => true], null];
459+
460+
// only one guard authenticator entry point available
461+
yield [[
462+
'guard' => ['authenticators' => [AppCustomAuthenticator::class]]
463+
], AppCustomAuthenticator::class];
464+
// explicitly configured guard authenticator entry point
465+
yield [[
466+
'guard' => [
467+
'authenticators' => [AppCustomAuthenticator::class, NullAuthenticator::class],
468+
'entry_point' => NullAuthenticator::class,
469+
],
470+
], NullAuthenticator::class];
471+
}
472+
473+
/**
474+
* @dataProvider provideEntryPointRequiredData
475+
*/
476+
public function testEntryPointRequired(array $firewall, $messageRegex)
477+
{
478+
$this->expectException(InvalidConfigurationException::class);
479+
$this->expectExceptionMessageMatches($messageRegex);
480+
481+
$container = $this->getRawContainer();
482+
$container->loadFromExtension('security', [
483+
'enable_authenticator_manager' => true,
484+
'providers' => [
485+
'first' => ['id' => 'users'],
486+
],
487+
488+
'firewalls' => [
489+
'main' => $firewall,
490+
],
491+
]);
492+
493+
$container->compile();
494+
}
495+
496+
public function provideEntryPointRequiredData()
497+
{
498+
// more than one entry point available and not explicitly set
499+
yield [
500+
['http_basic' => true, 'form_login' => true],
501+
'/^Because you have multiple authenticators in firewall "main", you need to set the "entry_point" key to one of your authenticators/'
502+
];
503+
// more than one guard entry point available and not explicitly set
504+
yield [
505+
['guard' => ['authenticators' => [AppCustomAuthenticator::class, NullAuthenticator::class]]],
506+
'/^Because you have multiple guard authenticators, you need to set the "entry_point" key to one of your authenticators/'
507+
];
508+
}
509+
416510
protected function getRawContainer()
417511
{
418512
$container = new ContainerBuilder();
@@ -439,3 +533,42 @@ protected function getContainer()
439533
return $container;
440534
}
441535
}
536+
537+
class NullAuthenticator implements AuthenticatorInterface
538+
{
539+
public function start(Request $request, AuthenticationException $authException = null)
540+
{
541+
}
542+
543+
public function supports(Request $request)
544+
{
545+
}
546+
547+
public function getCredentials(Request $request)
548+
{
549+
}
550+
551+
public function getUser($credentials, UserProviderInterface $userProvider)
552+
{
553+
}
554+
555+
public function checkCredentials($credentials, UserInterface $user)
556+
{
557+
}
558+
559+
public function createAuthenticatedToken(UserInterface $user, string $providerKey)
560+
{
561+
}
562+
563+
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
564+
{
565+
}
566+
567+
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
568+
{
569+
}
570+
571+
public function supportsRememberMe()
572+
{
573+
}
574+
}

0 commit comments

Comments
 (0)
0