Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bug #34627 [Security/Http] call auth listeners/guards eagerly when th…
…ey "support" the request (nicolas-grekas) This PR was merged into the 4.4 branch. Discussion ---------- [Security/Http] call auth listeners/guards eagerly when they "support" the request | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #34614, Fix #34679 | License | MIT | Doc PR | - This fixes the form authenticator linked to #34614. Since laziness is here to provide compatibility with HTTP caching, it should be disabled when the request cannot be cached. Tests don't pass yet, but I'm on the path to something here. The PR now introduces a new `AbstractListener` that splits the handling logic in two: - `supports(Request): ?bool` is always called eagerly and tells whether the listener matches the request for an earger call or a lazy call - `authenticate(RequestEvent)` does the rest of the job when `supports()` allows so - lazily or not depending on the return value of `supports()`. Of course, this remains compatible with non-lazy logics, see `AbstractListener::__invoke()`. Commits ------- b20ebe6 [Security/Http] call auth listeners/guards eagerly when they "support" the request
- Loading branch information
Showing
32 changed files
with
462 additions
and
243 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
...ny/Bundle/SecurityBundle/Tests/Functional/Bundle/GuardedBundle/AppCustomAuthenticator.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle; | ||
|
||
use Symfony\Component\HttpFoundation\Request; | ||
use Symfony\Component\HttpFoundation\Response; | ||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
use Symfony\Component\Security\Core\User\UserInterface; | ||
use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; | ||
|
||
class AppCustomAuthenticator extends AbstractGuardAuthenticator | ||
{ | ||
public function supports(Request $request) | ||
{ | ||
return true; | ||
} | ||
|
||
public function getCredentials(Request $request) | ||
{ | ||
throw new AuthenticationException('This should be hit'); | ||
} | ||
|
||
public function getUser($credentials, UserProviderInterface $userProvider) | ||
{ | ||
} | ||
|
||
public function checkCredentials($credentials, UserInterface $user) | ||
{ | ||
} | ||
|
||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) | ||
{ | ||
return new Response('', 418); | ||
} | ||
|
||
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) | ||
{ | ||
} | ||
|
||
public function start(Request $request, AuthenticationException $authException = null) | ||
{ | ||
return new Response($authException->getMessage(), Response::HTTP_UNAUTHORIZED); | ||
} | ||
|
||
public function supportsRememberMe() | ||
{ | ||
} | ||
} |
24 changes: 24 additions & 0 deletions
24
src/Symfony/Bundle/SecurityBundle/Tests/Functional/GuardedTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\SecurityBundle\Tests\Functional; | ||
|
||
class GuardedTest extends AbstractWebTestCase | ||
{ | ||
public function testGuarded() | ||
{ | ||
$client = $this->createClient(['test_case' => 'Guarded', 'root_config' => 'config.yml']); | ||
|
||
$client->request('GET', '/'); | ||
|
||
$this->assertSame(418, $client->getResponse()->getStatusCode()); | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Guarded/bundles.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
return [ | ||
new Symfony\Bundle\FrameworkBundle\FrameworkBundle(), | ||
new Symfony\Bundle\SecurityBundle\SecurityBundle(), | ||
]; |
22 changes: 22 additions & 0 deletions
22
src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Guarded/config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
framework: | ||
secret: test | ||
router: { resource: "%kernel.project_dir%/%kernel.test_case%/routing.yml" } | ||
test: ~ | ||
default_locale: en | ||
profiler: false | ||
session: | ||
storage_id: session.storage.mock_file | ||
|
||
services: | ||
logger: { class: Psr\Log\NullLogger } | ||
Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle\AppCustomAuthenticator: ~ | ||
|
||
security: | ||
firewalls: | ||
secure: | ||
pattern: ^/ | ||
anonymous: lazy | ||
stateless: false | ||
guard: | ||
authenticators: | ||
- Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle\AppCustomAuthenticator |
5 changes: 5 additions & 0 deletions
5
src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Guarded/routing.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
main: | ||
path: / | ||
defaults: | ||
_controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction | ||
path: /app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.