10000 [Security] Automatically provide entry points from the custom_authenticator by wouterj · Pull Request #37075 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security] Automatically provide entry points from the custom_authenticator #37075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

[Security] Automatically provide entry points from the custom_authenticator #37075

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 43 additions & 13 deletions ...Bundle/SecurityBundle/DependencyInjection/Security/Factory/CustomAuthenticatorFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,17 @@

use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
use Symfony\Component\Config\Definition\Builder\NodeDefinition;
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;

/**
* @author Wouter de Jong <wouter@wouterj.nl>
*
* @internal
* @experimental in Symfony 5.1
*/
class CustomAuthenticatorFactory implements AuthenticatorFactoryInterface, SecurityFactoryInterface
class CustomAuthenticatorFactory implements AuthenticatorFactoryInterface, SecurityFactoryInterface, EntryPointFactoryInterface
{
public function create(ContainerBuilder $container, string $id, array $config, string $userProvider, ?string $defaultEntryPoint)
{
Expand All @@ -44,27 +46,55 @@ public function getKey(): string
public function addConfiguration(NodeDefinition $builder)
{
$builder
->info('An array of service ids for all of your "authenticators"')
->requiresAtLeastOneElement()
->prototype('scalar')->end();
->fixXmlConfig('service')
->beforeNormalization()
->ifTrue(function ($v) { return is_string($v) || (is_array($v) && !isset($v['services']) && !isset($v['entry_point'])); })
->then(function ($v) {
return ['services' => (array) $v];
})
->end()
->children()
->arrayNode('services')
->info('An array of service ids for all of your "authenticators"')
->requiresAtLeastOneElement()
->prototype('scalar')->end()
->end()
->scalarNode('entry_point')->defaultNull()->end()
->end();

// get the parent array node builder ("firewalls") from inside the children builder
$factoryRootNode = $builder->end()->end();
$factoryRootNode
->fixXmlConfig('custom_authenticator')
->validate()
->ifTrue(function ($v) { return isset($v['custom_authenticators']) && empty($v['custom_authenticators']); })
->then(function ($v) {
unset($v['custom_authenticators']);

return $v;
})
->end()
;
}

public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): array
{
return $config;
return $config['services'];
}

public function registerEntryPoint(ContainerBuilder $container, string $id, array $config): ?string
{
if (isset($config['entry_point'])) {
return $config['entry_point'];
}

$entryPoints = [];
foreach ($config['services'] as $authenticatorId) {
if (class_exists($authenticatorId) && is_subclass_of($authenticatorId, AuthenticationEntryPointInterface::class)) {
Copy link
Member Author
@wouterj wouterj Jun 2, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sadly, we can't do $container->findDefinition($authenticatorId)->getClass() here, as the ContainerBuilder is scoped for this extension.

Is there some magic trick we can do here to also check for non-FQCN service IDs?

$entryPoints[] = $authenticatorId;
}
}

if (!$entryPoints) {
return null;
}

if (1 === \count($entryPoints)) {
return current($entryPoints);
}

throw new InvalidConfigurationException(sprintf('Because you have multiple custom authenticators, you need to set the "custom_authenticators.entry_point" key to one of your authenticators (%s).', implode(', ', $config['services'])));
}
}
16 changes: 15 additions & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;

Expand Down Expand Up @@ -527,9 +528,13 @@ public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticati
/**
* @dataProvider provideConfigureCustomAuthenticatorData
*/
public function testConfigureCustomAuthenticator(array $firewall, array $expectedAuthenticators)
public function testConfigureCustomAuthenticator(array $firewall, array $expectedAuthenticators, string $expectedEntryPoint)
{
$container = $this->getRawContainer();
$container->register(TestAuthenticator::class);
$container->register(HttpBasicAuthenticator::class);
$container->register(FormLoginAuthenticator::class);

$container->loadFromExtension('security', [
'enable_authenticator_manager' => true,
'providers' => [
Expand All @@ -544,18 +549,27 @@ public function testConfigureCustomAuthenticator(array $firewall, array $expecte
$container->compile();

$this->assertEquals($expectedAuthenticators, array_map('strval', $container->getDefinition('security.authenticator.manager.main')->getArgument(0)));
$this->assertEquals($expectedEntryPoint, (string) $container->getDefinition('security.firewall.map.config.main')->getArgument(7));
}

public function provideConfigureCustomAuthenticatorData()
{
yield [
['custom_authenticator' => TestAuthenticator::class],
[TestAuthenticator::class],
'',
];

yield [
['custom_authenticators' => [TestAuthenticator::class, HttpBasicAuthenticator::class]],
[TestAuthenticator::class, HttpBasicAuthenticator::class],
HttpBasicAuthenticator::class,
];

yield [
['custom_authenticators' => ['services' => [FormLoginAuthenticator::class, HttpBasicAuthenticator::class], 'entry_point' => HttpBasicAuthenticator::class]],
[FormLoginAuthenticator::class, HttpBasicAuthenticator::class],
HttpBasicAuthenticator::class,
];
}

Expand Down
0