8000 [Worflow] Fixed GuardListener when using the new Security system · symfony/symfony@fc30d99 · GitHub
[go: up one dir, main page]
Skip to content

Commit fc30d99

Browse files
lyrixxlyrixx
committed
[Worflow] Fixed GuardListener when using the new Security system
1 parent b604fd7 commit fc30d99

File tree

6 files changed

+42
-15
lines changed

6 files changed

+42
-15
lines changed

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/WorkflowGuardListenerPass.php

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,11 +26,13 @@ class WorkflowGuardListenerPass implements CompilerPassInterface
2626
*/
2727
public function process(ContainerBuilder $container)
2828
{
29-
if (!$container->hasParameter('workflow.has_guard_listeners')) {
29+
if (!$container->hasParameter('workflow.guard_definition_ids')) {
3030
return;
3131
}
3232

33-
$container->getParameterBag()->remove('workflow.has_guard_listeners');
33+
$guardDefinitionIds = $container->getParameter('workflow.guard_definition_ids');
34+
35+
$container->getParameterBag()->remove('workflow.guard_definition_ids');
3436

3537
$servicesNeeded = [
3638
'security.token_storage',
@@ -44,5 +46,14 @@ public function process(ContainerBuilder $container)
4446
throw new LogicException(sprintf('The "%s" service is needed to be able to use the workflow guard listener.', $service));
4547
}
4648
}
49+
50+
if ($container->hasParameter('security.enable_authenticator_manager') && $container->getParameter('security.enable_authenticator_manager')) {
51+
foreach ($guardDefinitionIds as $guardDefinitionId) {
52+
$container
53+
->getDefinition($guardDefinitionId)
54+
->replaceArgument(7, true)
55+
;
56+
}
57+
}
4758
}
4859
}

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -704,6 +704,7 @@ private function registerWorkflowConfiguration(array $config, ContainerBuilder $
704704
$loader->load('workflow.php');
705705

706706
$registryDefinition = $container->getDefinition('workflow.registry');
707+
$guardDefinitionIds = [];
707708

708709
foreach ($config['workflows'] as $name => $workflow) {
709710
$type = $workflow['type'];
@@ -874,15 +875,19 @@ private function registerWorkflowConfiguration(array $config, ContainerBuilder $
874875
new Reference('security.authentication.trust_resolver'),
875876
new Reference('security.role_hierarchy'),
876877
new Reference('validator', ContainerInterface::NULL_ON_INVALID_REFERENCE),
878+
false,
877879
]);
878880
foreach ($guardsConfiguration as $eventName => $config) {
879881
$guard->addTag('kernel.event_listener', ['event' => $eventName, 'method' => 'onTransition']);
880882
}
881883

882-
$container->setDefinition(sprintf('.%s.listener.guard', $workflowId), $guard);
883-
$container->setParameter('workflow.has_guard_listeners', true);
884+
$container->setDefinition($guardDefinitionIds[] = sprintf('.%s.listener.guard', $workflowId), $guard);
884885
}
885886
}
887+
888+
if ($guardDefinitionIds) {
889+
$container->setParameter('workflow.guard_definition_ids', $guardDefinitionIds);
890+
}
886891
}
887892

888893
private function registerDebugConfiguration(array $config, ContainerBuilder $container, PhpFileLoader $loader)

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/WorkflowGuardListenerPassTest.php

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -35,12 +35,12 @@ public function testNoExeptionIfParameterIsNotSet()
3535
{
3636
$this->compilerPass->process($this->container);
3737

38-
$this->assertFalse($this->container->hasParameter('workflow.has_guard_listeners'));
38+
$this->assertFalse($this->container->hasParameter('workflow.guard_definition_ids'));
3939
}
4040

4141
public function testNoExeptionIfAllDependenciesArePresent()
4242
{
43-
$this->container->setParameter('workflow.has_guard_listeners', true);
43+
$this->container->setParameter('workflow.guard_definition_ids', []);
4444
$this->container->register('security.token_storage', TokenStorageInterface::class);
4545
$this->container->register('security.authorization_checker', AuthorizationCheckerInterface::class);
4646
$this->container->register('security.authentication.trust_resolver', AuthenticationTrustResolverInterface::class);
@@ -49,14 +49,14 @@ public function testNoExeptionIfAllDependenciesArePresent()
4949

5050
$this->compilerPass->process($this->container);
5151

52-
$this->assertFalse($this->container->hasParameter('workflow.has_guard_listeners'));
52+
$this->assertFalse($this->container->hasParameter('workflow.guard_definition_ids'));
5353
}
5454

5555
public function testExceptionIfTheTokenStorageServiceIsNotPresent()
5656
{
5757
$this->expectException('Symfony\Component\DependencyInjection\Exception\LogicException');
5858
$this->expectExceptionMessage('The "security.token_storage" service is needed to be able to use the workflow guard listener.');
59-
$this->container->setParameter('workflow.has_guard_listeners', true);
59+
$this->container->setParameter('workflow.guard_definition_ids', []);
6060
$this->container->register('security.authorization_checker', AuthorizationCheckerInterface::class);
6161
$this->container->register('security.authentication.trust_resolver', AuthenticationTrustResolverInterface::class);
6262
$this->container->register('security.role_hierarchy', RoleHierarchy::class);
@@ -68,7 +68,7 @@ public function testExceptionIfTheAuthorizationCheckerServiceIsNotPresent()
6868
{
6969
$this->expectException('Symfony\Component\DependencyInjection\Exception\LogicException');
7070
$this->expectExceptionMessage('The "security.authorization_checker" service is needed to be able to use the workflow guard listener.');
71-
$this->container->setParameter('workflow.has_guard_listeners', true);
71+
$this->container->setParameter('workflow.guard_definition_ids', []);
7272
$this->container->register('security.token_storage', TokenStorageInterface::class);
7373
$this->container->register('security.authentication.trust_resolver', AuthenticationTrustResolverInterface::class);
7474
$this->container->register('security.role_hierarchy', RoleHierarchy::class);
@@ -80,7 +80,7 @@ public function testExceptionIfTheAuthenticationTrustResolverServiceIsNotPresent
8080
{
8181
$this->expectException('Symfony\Component\DependencyInjection\Exception\LogicException');
8282
$this->expectExceptionMessage('The "security.authentication.trust_resolver" service is needed to be able to use the workflow guard listener.');
83-
$this->container->setParameter('workflow.has_guard_listeners', true);
83+
$this->container->setParameter('workflow.guard_definition_ids', []);
8484
$this->container->register('security.token_storage', TokenStorageInterface::class);
8585
$this->container->register('security.authorization_checker', AuthorizationCheckerInterface::class);
8686
$this->container->register('security.role_hierarchy', RoleHierarchy::class);
@@ -92,7 +92,7 @@ public function testExceptionIfTheRoleHierarchyServiceIsNotPresent()
9292
{
9393
$this->expectException('Symfony\Component\DependencyInjection\Exception\LogicException');
9494
$this->expectExceptionMessage('The "security.role_hierarchy" service is needed to be able to use the workflow guard listener.');
95-
$this->container->setParameter('workflow.has_guard_listeners', true);
95+
$this->container->setParameter('workflow.guard_definition_ids', []);
9696
$this->container->register('security.token_storage', TokenStorageInterface::class);
9797
$this->container->register('security.authorization_checker', AuthorizationCheckerInterface::class);
9898
$this->container->register('security.authentication.trust_resolver', AuthenticationTrustResolverInterface::class);

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -411,8 +411,8 @@ public function testWorkflowGuardExpressions()
411411
$container = $this->createContainerFromFile('workflow_with_guard_expression');
412412

413413
$this->assertTrue($container->hasDefinition('.workflow.article.listener.guard'), 'Workflow guard listener is registered as a service');
414-
$this->assertTrue($container->hasParameter('workflow.has_guard_listeners'), 'Workflow guard listeners parameter exists');
415-
$this->assertTrue(true === $container->getParameter('workflow.has_guard_listeners'), 'Workflow guard listeners parameter is enabled');
414+
$this->assertTrue($container->hasParameter('workflow.guard_definition_ids'), 'Workflow guard listeners parameter exists');
415+
$this->assertSame(['.workflow.article.listener.guard'], $container->getParameter('workflow.guard_definition_ids'));
416416
$guardDefinition = $container->getDefinition('.workflow.article.listener.guard');
417417
$this->assertSame([
418418
[

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,8 @@ public function load(array $configs, ContainerBuilder $container)
111111
$loader->load('security_rememberme.php');
112112

113113
if ($this->authenticatorManagerEnabled = $config['enable_authenticator_manager']) {
114+
$container->setParameter('security.enable_authenticator_manager', true);
115+
114116
if ($config['always_authenticate_before_granting']) {
115117
throw new InvalidConfigurationException('The security option "always_authenticate_before_granting" cannot be used when "enable_authenticator_manager" is set to true. If you rely on this behavior, set it to false.');
116118
}

src/Symfony/Component/Workflow/EventListener/GuardListener.php

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\Workflow\EventListener;
1313

1414
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
15+
use Symfony\Component\Security\Core\Authentication\Token\NullToken;
1516
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
1617
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
1718
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
@@ -32,8 +33,9 @@ class GuardListener
3233
private $trustResolver;
3334
private $roleHierarchy;
3435
private $validator;
36+
private $useAuthenticatorManager;
3537

36-
public function __construct(array $configuration, ExpressionLanguage $expressionLanguage, TokenStorageInterface $tokenStorage, AuthorizationCheckerInterface $authorizationChecker, AuthenticationTrustResolverInterface $trustResolver, RoleHierarchyInterface $roleHierarchy = null, ValidatorInterface $validator = null)
38+
public function __construct(array $configuration, ExpressionLanguage $expressionLanguage, TokenStorageInterface $tokenStorage, AuthorizationCheckerInterface $authorizationChecker, AuthenticationTrustResolverInterface $trustResolver, RoleHierarchyInterface $roleHierarchy = null, ValidatorInterface $validator = null, bool $useAuthenticatorManager = false)
3739
{
3840
$this->configuration = $configuration;
3941
$this->expressionLanguage = $expressionLanguage;
@@ -42,6 +44,7 @@ public function __construct(array $configuration, ExpressionLanguage $expression
4244
$this->trustResolver = $trustResolver;
4345
$this->roleHierarchy = $roleHierarchy;
4446
$this->validator = $validator;
47+
$this->useAuthenticatorManager = $useAuthenticatorManager;
4548
}
4649

4750
public function onTransition(GuardEvent $event, string $eventName)
@@ -77,7 +80,13 @@ private function getVariables(GuardEvent $event): array
7780
$token = $this->tokenStorage->getToken();
7881

7982
if (null === $token) {
80-
throw new InvalidTokenConfigurationException(sprintf('There are no tokens available for workflow "%s".', $event->getWorkflowName()));
83+
if (!$this->useAuthenticatorManager) {
84+
throw new InvalidTokenConfigurationException(sprintf('There are no tokens available for workflow "%s".', $event->getWorkflowName()));
85+
}
86+
if (!class_exists(NullToken::class)) {
87+
throw new \LogicException('The workflow guard feature is not compatible when "security.enable_authenticator_manager" is set to true with until 5.2.1.');
88+
}
89+
$token = new NullToken();
8190
}
8291

8392
$variables = [

0 commit comments

Comments
 (0)
0