8000 bug #59342 [SecurityBundle] Do not pass traceable authenticators to `… · symfony/symfony@c9ad225 · GitHub
[go: up one dir, main page]
Skip to content

Commit c9ad225

Browse files
fabpotfabpot
committed
bug #59342 [SecurityBundle] Do not pass traceable authenticators to security.helper (MatTheCat)
This PR was merged into the 7.2 branch. Discussion ---------- [SecurityBundle] Do not pass traceable authenticators to `security.helper` | Q | A | ------------- | --- | Branch? | 7.2 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #59341 | License | MIT Since #59278 authenticators are no longer aliases for their traceable version, which means calling `Security::login` with an authenticator ID won’t match its traceable ID, and fail. Plus, `Security::login` using the traceable authenticators meant the profiler could show them as successful while not supporting the request: ![](https://github.com/user-attachments/assets/dc36ff28-93ba-4adf-ba16-9ed7742f3fd4) This PR fixes these issues by passing the original authenticators to `security.helper`, using their ID as name. Commits ------- c5a2360 [SecurityBundle] Do not pass traceable authenticators to `security.helper`
2 parents 89cd804 + c5a2360 commit c9ad225

File tree

2 files changed

+9
-5
lines changed

2 files changed

+9
-5
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -313,8 +313,8 @@ private function createFirewalls(array $config, ContainerBuilder $container): vo
313313
$authenticators[$name] = null;
314314
} else {
315315
$firewallAuthenticatorRefs = [];
316-
foreach ($firewallAuthenticators as $authenticatorId) {
317-
$firewallAuthenticatorRefs[$authenticatorId] = new Reference($authenticatorId);
316+
foreach ($firewallAuthenticators as $originalAuthenticatorId => $managerAuthenticatorId) {
317+
$firewallAuthenticatorRefs[$originalAuthenticatorId] = new Reference($originalAuthenticatorId);
318318
}
319319
$authenticators[$name] = ServiceLocatorTagPass::register($container, $firewallAuthenticatorRefs);
320320
}
@@ -501,7 +501,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
501501
$configuredEntryPoint = $defaultEntryPoint;
502502

503503
// authenticator manager
504-
$authenticators = array_map(fn ($id) => new Reference($id), $firewallAuthenticationProviders);
504+
$authenticators = array_map(fn ($id) => new Reference($id), $firewallAuthenticationProviders, []);
505505
$container
506506
->setDefinition($managerId = 'security.authenticator.manager.'.$id, new ChildDefinition('security.authenticator.manager'))
507507
->replaceArgument(0, $authenticators)
@@ -625,11 +625,11 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
625625
$authenticators = $factory->createAuthenticator($container, $id, $firewall[$key], $userProvider);
626626
if (\is_array($authenticators)) {
627627
foreach ($authenticators as $authenticator) {
628-
$authenticationProviders[] = $authenticator;
628+
$authenticationProviders[$authenticator] = $authenticator;
629629
$entryPoints[] = $authenticator;
630630
}
631631
} else {
632-
$authenticationProviders[] = $authenticators;
632+
$authenticationProviders[$authenticators] = $authenticators;
633633
$entryPoints[$key] = $authenticators;
634634
}
635635

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Lines changed: 4 additions & 0 deletions
Original file line 8877 numberDiff line numberDiff line change
@@ -924,6 +924,10 @@ public function testAuthenticatorsDecoration()
924924
$this->assertSame('debug.'.TestAuthenticator::class, (string) reset($managerAuthenticators), 'AuthenticatorManager must be injected traceable authenticators in debug mode.');
925925

926926
$this->assertTrue($container->hasDefinition(TestAuthenticator::class), 'Original authenticator must still exist in the container so it can be used outside of the AuthenticatorManager’s context.');
927+
928+
$securityHelperAuthenticatorLocator = $container->getDefinition($container->getDefinition('security.helper')->getArgument(1)['main']);
929+
$this->assertArrayHasKey(TestAuthenticator::class, $authenticatorMap = $securityHelperAuthenticatorLocator->getArgument(0), 'When programmatically authenticating a user, authenticators’ name must be their original ID.');
930+
$this->assertSame(TestAuthenticator::class, (string) $authenticatorMap[TestAuthenticator::class]->getValues()[0], 'When programmatically authenticating a user, original authenticators must be used.');
927931
}
928932

929933
protected function getRawContainer()

0 commit comments

Comments
 (0)
0