[Security] many improvements, and fixes

Author: schmittjoh

src/Symfony/Bundle/DoctrineBundle/Security/EntityUserProvider.php

@@ -65,6 +65,14 @@ public function loadUserByAccount(AccountInterface $account)
             throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account)));
         }
 
-        return $this->loadUserByUsername((string) $account);
+        return $this->loadUserByUsername($account->getUsername());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function supportsClass($class)
+    {
+        return $class === $this->class;
     }
 }

src/Symfony/Bundle/DoctrineMongoDBBundle/Command/LoadDataFixturesDoctrineODMCommand.php

@@ -72,8 +72,6 @@ protected function execute(InputInterface $input, OutputInterface $output)
             }
         }
 
-        $paths = array_filter($paths, 'is_dir');
-
         $loader = new \Doctrine\Common\DataFixtures\Loader();
         foreach ($paths as $path) {
             $loader->loadFromDirectory($path);

src/Symfony/Bundle/DoctrineMongoDBBundle/Security/DocumentUserProvider.php

@@ -65,6 +65,14 @@ public function loadUserByAccount(AccountInterface $account)
             throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account)));
         }
 
-        return $this->loadUserByUsername((string) $account);
+        return $this->loadUserByUsername($account->getUsername());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function supportsClass($class)
+    {
+        return $class === $this->class;
     }
 }

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/AddAuthenticationProvidersPass.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler;
+
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Reference;
+
+class AddAuthenticationProvidersPass implements CompilerPassInterface
+{
+    public function process(ContainerBuilder $container)
+    {
+        if (!$container->hasDefinition('security.authentication.manager')) {
+            return;
+        }
+
+        $providers = array();
+        foreach ($container->findTaggedServiceIds('security.authentication_provider') as $id => $attributes) {
+            $providers[] = new Reference($id);
+        }
+
+        $container
+            ->getDefinition('security.authentication.manager')
+            ->setArguments(array($providers))
+        ;
+    }
+}

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Security/Factory/FormLoginFactory.php

@@ -26,17 +26,28 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
         $provider = 'security.authentication.provider.dao.'.$id;
         $container
             ->register($provider, '%security.authentication.provider.dao.class%')
-            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker'), new Reference('security.encoder_factory')))
+            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker'), $id, new Reference('security.encoder_factory')))
             ->setPublic(false)
+            ->addTag('security.authentication_provider')
         ;
 
         // listener
         $listenerId = 'security.authentication.listener.form.'.$id;
         $listener = $container->setDefinition($listenerId, clone $container->getDefinition('security.authentication.listener.form'));
-        $arguments = $listener->getArguments();
-        $arguments[1] = new Reference($provider);
-        $listener->setArguments($arguments);
+        $listener->setArgument(3, $id);
 
+        // add remember-me tag
+        $rememberMe = true;
+        if (isset($config['remember-me']) && false === $config['remember-me']) {
+            $rememberMe = false;
+        } else if (isset($config['remember_me']) && false === $config['remember_me']) {
+            $rememberMe = false;
+        }
+        if ($rememberMe) {
+            $listener->addTag('security.remember_me_aware', array('id' => $id, 'provider' => $userProvider));
+        }
+
+        // generate options
         $options = array(
             'check_path'                     => '/login_check',
             'login_path'                     => '/login',
@@ -53,11 +64,29 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
                 $options[$key] = $config[$key];
             }
         }
-        $container->setParameter('security.authentication.form.options', $options);
-        $container->setParameter('security.authentication.form.login_path', $options['login_path']);
-        $container->setParameter('security.authentication.form.use_forward', $options['use_forward']);
+        $listener->setArgument(4, $options);
+
+        // success handler
+        if (isset($config['success_handler'])) {
+            $config['success-handler'] = $config['success_handler'];
+        }
+        if (isset($config['success-handler'])) {
+            $listener->setArgument(5, new Reference($config['success-handler']));
+        }
+
+        // failure handler
+        if (isset($config['failure_handler'])) {
+            $config['failure-handler'] = $config['failure_handler'];
+        }
+        if (isset($config['failure-handler'])) {
+            $listener->setArgument(6, new Reference($config['failure-handler']));
+        }
+
+        // form entry point
+        $entryPoint = $container->setDefinition($entryPointId = 'security.authentication.form_entry_point.'.$id, clone $container->getDefinition('security.authentication.form_entry_point'));
+        $entryPoint->setArguments(array($options['login_path'], $options['use_forward']));
 
-        return array($provider, $listenerId, 'security.authentication.form_entry_point');
+        return array($provider, $listenerId, $entryPointId);
     }
 
     public function getPosition()

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php

@@ -26,16 +26,15 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
         $provider = 'security.authentication.provider.dao.'.$id;
         $container
             ->register($provider, '%security.authentication.provider.dao.class%')
-            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker'), new Reference('security.encoder_factory')))
+            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker'), $id, new Reference('security.encoder_factory')))
             ->setPublic(false)
+            ->addTag('security.authentication_provider')
         ;
 
         // listener
         $listenerId = 'security.authentication.listener.basic.'.$id;
         $listener = $container->setDefinition($listenerId, clone $container->getDefinition('security.authentication.listener.basic'));
-        $arguments = $listener->getArguments();
-        $arguments[1] = new Reference($provider);
-        $listener->setArguments($arguments);
+        $listener->setArgument(2, $id);
 
         if (isset($config['path'])) {
             $container->setParameter('security.authentication.form.path', $config['path']);

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php

@@ -26,16 +26,15 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
         $provider = 'security.authentication.provider.dao.'.$id;
         $container
             ->register($provider, '%security.authentication.provider.dao.class%')
-            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker'), new Reference('security.encoder_factory')))
+            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker'), $id, new Reference('security.encoder_factory')))
             ->setPublic(false)
+            ->addTag('security.authentication_provider')
         ;
 
         // listener
         $listenerId = 'security.authentication.listener.digest.'.$id;
         $listener = $container->setDefinition($listenerId, clone $container->getDefinition('security.authentication.listener.digest'));
-        $arguments = $listener->getArguments();
-        $arguments[1] = new Reference($userProvider);
-        $listener->setArguments($arguments);
+        $listener->setArgument(2, $id);
 
         if (null === $defaultEntryPoint) {
             $defaultEntryPoint = 'security.authentication.digest_entry_point';

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Security/Factory/RememberMeFactory.php

@@ -0,0 +1,110 @@
+<?php
+
+namespace Symfony\Bundle\FrameworkBundle\DependencyInjection\Security\Factory;
+
+use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\DependencyInjection\Parameter;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+
+class RememberMeFactory implements SecurityFactoryInterface
+{
+    public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
+    {
+        if (!isset($config['key']) || empty($config['key'])) {
+            throw new \RuntimeException('A "key" must be defined for each remember-me section.');
+        }
+
+        if (isset($config['provider'])) {
+            throw new \RuntimeException('You must not set a user provider for remember-me.');
+        }
+
+        // authentication provider
+        $authenticationProviderId = 'security.authentication.provider.rememberme.'.$id;
+        $container
+            ->register($authenticationProviderId, '%security.authentication.provider.rememberme.class%')
+            ->setArguments(array(new Reference('security.account_checker'), $config['key'], $id))
+            ->setPublic(false)
+            ->addTag('security.authentication_provider')
+        ;
+
+        // remember me services
+        if (isset($config['token_provider'])) {
+            $config['token-provider'] = $config['token_provider'];
+        }
+        if (isset($config['token-provider'])) {
+            $templateId = 'security.authentication.rememberme.services.persistent';
+            $rememberMeServicesId = $templateId.'.'.$id;
+        } else {
+            $templateId = 'security.authentication.rememberme.services.simplehash';
+            $rememberMeServicesId = $templateId.'.'.$id;
+        }
+
+        if ($container->hasDefinition('security.logout_listener.'.$id)) {
+            $container
+                ->getDefinition('security.logout_listener.'.$id)
+                ->addMethodCall('addHandler', array(new Reference($rememberMeServicesId)))
+            ;
+        }
+
+        $rememberMeServices = $container->setDefinition($rememberMeServicesId, clone $container->getDefinition($templateId));
+        $arguments = $rememberMeServices->getArguments();
+        $arguments[1] = $config['key'];
+        $arguments[2] = $id;
+
+        if (isset($config['token-provider'])) {
+            // FIXME: make the naming assumption more flexible
+            $rememberMeServices->addMethodCall('setTokenProvider', array(
+                new Reference('security.rememberme.token.provider.'.$config['token-provider'])
+            ));
+        }
+
+        // remember-me options
+        foreach ($arguments[3] as $name => $option) {
+            if (array_key_exists($name, $config)) {
+                $arguments[3][$name] = $config[$name];
+            }
+        }
+        $rememberMeServices->setArguments($arguments);
+
+        // attach to remember-me aware listeners
+        $userProviders = array();
+        foreach ($container->findTaggedServiceIds('security.remember_me_aware') as $serviceId => $attributes) {
+            foreach ($attributes as $attribute) {
+                if (!isset($attribute['id']) || $attribute['id'] !== $id) {
+                    continue;
+                }
+
+                if (!isset($attribute['provider'])) {
+                    throw new \RuntimeException('Each "security.remember_me_aware" tag must have a provider attribute.');
+                }
+
+                $userProviders[] = new Reference($attribute['provider']);
+                $container
+                    ->getDefinition($serviceId)
+                    ->addMethodCall('setRememberMeServices', array(new Reference($rememberMeServicesId)))
+                ;
+            }
+        }
+        if (count($userProviders) === 0) {
+            throw new \RuntimeException('You must configure at least one remember-me aware listener (such as form-login) for each firewall that has remember-me enabled.');
+        }
+        $rememberMeServices->setArgument(0, $userProviders);
+
+        // remember-me listener
+        $listenerId = 'security.authentication.listener.rememberme.'.$id;
+        $listener = $container->setDefinition($listenerId, clone $container->getDefinition('security.authentication.listener.rememberme'));
+        $listener->setArgument(1, new Reference($rememberMeServicesId));
+
+        return array($authenticationProviderId, $listenerId, $defaultEntryPoint);
+    }
+
+    public function getPosition()
+    {
+        return 'remember_me';
+    }
+
+    public function getKey()
+    {
+        return 'remember-me';
+    }
+}

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Security/Factory/X509Factory.php

@@ -26,15 +26,16 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
         $provider = 'security.authentication.provider.pre_authenticated.'.$id;
         $container
             ->register($provider, '%security.authentication.provider.pre_authenticated.class%')
-            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker')))
+            ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker'), $id))
             ->setPublic(false)
+            ->addTag('security.authentication_provider')
         ;
 
         // listener
         $listenerId = 'security.authentication.listener.x509.'.$id;
         $listener = $container->setDefinition($listenerId, clone $container->getDefinition('security.authentication.listener.x509'));
         $arguments = $listener->getArguments();
-        $arguments[1] = new Reference($provider);
+        $arguments[2] = $id;
         $listener->setArguments($arguments);
 
         return array($provider, $listenerId, $defaultEntryPoint);