Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
merged branch Seldaek/simplesecurity (PR #6069)
This PR was merged into the master branch. Discussion ---------- [Security] Add simpler customization options The goal of this is to provide a simpler extension point for people that don't have the time to dive into the whole security factory + authentication provider + user provider + authentication listener + token mess. As it stands, it gives you a way to just create one class that is handling all the security stuff in one (by implementing SimpleFormAuthenticatorInterface and UserProviderInterface) + one or more token classes. I would like feedback on whether people think this makes sense or not before continuing and doing a SimpleHttpAuthenticatorInterface for non-form based stuff. Just FYI that's how it would look in security.yml: ```yaml security: providers: simple: id: simple_authenticator firewalls: foo: pattern: ^/ simple_form: provider: simple authenticator: simple_authenticator ``` /cc @atrauzzi (who posted a long rant on the ML about how hard this all is, and I can't agree more - I hope it's the right account on github?) Commits ------- 74cfc84 marked some classes as being experimental in 2.3 471e5bc [Security] allowed simple pre-auth to be optional if another auth mechanism already authenticated the user 01c913b moved the simple HTTP authenticator to a pre-auth one 887d9b8 fixed wrong Logger interface 65335ea [Security] Renamed simple_token to simple_http, added support for failure and success handler to both simple firewalls f7a11a1 [Security] Add simple_token auth method 1fe2ed6 [Security] Add SimpleForm authentication
- Loading branch information
Showing
12 changed files
with
685 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory; | ||
|
||
use Symfony\Component\Config\Definition\Builder\NodeDefinition; | ||
use Symfony\Component\DependencyInjection\DefinitionDecorator; | ||
use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
use Symfony\Component\DependencyInjection\Reference; | ||
|
||
/** | ||
* @author Jordi Boggiano <j.boggiano@seld.be> | ||
* | ||
* @experimental This feature is experimental in 2.3 and might change in future versions | ||
*/ | ||
class SimpleFormFactory extends FormLoginFactory | ||
{ | ||
public function __construct() | ||
{ | ||
parent::__construct(); | ||
|
||
$this->addOption('authenticator', null); | ||
} | ||
|
||
public function getKey() | ||
{ | ||
return 'simple-form'; | ||
} | ||
|
||
public function addConfiguration(NodeDefinition $node) | ||
{ | ||
parent::addConfiguration($node); | ||
|
||
$node->children() | ||
->scalarNode('authenticator')->cannotBeEmpty()->end() | ||
->end(); | ||
} | ||
|
||
protected function getListenerId() | ||
{ | ||
return 'security.authentication.listener.simple_form'; | ||
} | ||
|
||
protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId) | ||
{ | ||
$provider = 'security.authentication.provider.simple_form.'.$id; | ||
$container | ||
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.simple')) | ||
->replaceArgument(0, new Reference($config['authenticator'])) | ||
->replaceArgument(1, new Reference($userProviderId)) | ||
->replaceArgument(2, $id) | ||
; | ||
|
||
return $provider; | ||
} | ||
|
||
protected function createListener($container, $id, $config, $userProvider) | ||
{ | ||
$listenerId = parent::createListener($container, $id, $config, $userProvider); | ||
$listener = $container->getDefinition($listenerId); | ||
|
||
if (!isset($config['csrf_provider'])) { | ||
$listener->addArgument(null); | ||
} | ||
|
||
$simpleAuthHandlerId = 'security.authentication.simple_success_failure_handler.'.$id; | ||
$simpleAuthHandler = $container->setDefinition($simpleAuthHandlerId, new DefinitionDecorator('security.authentication.simple_success_failure_handler')); | ||
$simpleAuthHandler->replaceArgument(0, new Reference($config['authenticator'])); | ||
$simpleAuthHandler->replaceArgument(1, new Reference($this->getSuccessHandlerId($id))); | ||
$simpleAuthHandler->replaceArgument(2, new Reference($this->getFailureHandlerId($id))); | ||
|
||
$listener->replaceArgument(5, new Reference($simpleAuthHandlerId)); | ||
$listener->replaceArgument(6, new Reference($simpleAuthHandlerId)); | ||
$listener->addArgument(new Reference($config['authenticator'])); | ||
|
||
return $listenerId; | ||
} | ||
|
||
protected function createEntryPoint($container, $id, $config, $defaultEntryPoint) | ||
{ | ||
$entryPointId = 'security.authentication.form_entry_point.'.$id; | ||
$container | ||
->setDefinition($entryPointId, new DefinitionDecorator('security.authentication.form_entry_point')) | ||
->addArgument(new Reference('security.http_utils')) | ||
->addArgument($config['login_path']) | ||
->addArgument($config['use_forward']) | ||
; | ||
|
||
return $entryPointId; | ||
} | ||
} |
64 changes: 64 additions & 0 deletions
64
...le/SecurityBundle/DependencyInjection/Security/Factory/SimplePreAuthenticationFactory.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory; | ||
|
||
use Symfony\Component\Config\Definition\Builder\NodeDefinition; | ||
use Symfony\Component\DependencyInjection\DefinitionDecorator; | ||
use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
use Symfony\Component\DependencyInjection\Reference; | ||
|
||
/** | ||
* @author Jordi Boggiano <j.boggiano@seld.be> | ||
* | ||
* @experimental This feature is experimental in 2.3 and might change in future versions | ||
*/ | ||
class SimplePreAuthenticationFactory implements SecurityFactoryInterface | ||
{ | ||
public function getPosition() | ||
{ | ||
return 'pre_auth'; | ||
} | ||
|
||
public function getKey() | ||
{ | ||
return 'simple-preauth'; | ||
} | ||
|
||
public function addConfiguration(NodeDefinition $node) | ||
{ | ||
$node | ||
->children() | ||
->scalarNode('provider')->end() | ||
->scalarNode('authenticator')->cannotBeEmpty()->end() | ||
->end() | ||
; | ||
} | ||
|
||
public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint) | ||
{ | ||
$provider = 'security.authentication.provider.simple_preauth.'.$id; | ||
$container | ||
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.simple')) | ||
->replaceArgument(0, new Reference($config['authenticator'])) | ||
->replaceArgument(1, new Reference($userProvider)) | ||
->replaceArgument(2, $id) | ||
; | ||
|
||
// listener | ||
$listenerId = 'security.authentication.listener.simple_preauth.'.$id; | ||
$listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.simple_preauth')); | ||
$listener->replaceArgument(2, $id); | ||
$listener->replaceArgument(3, new Reference($config['authenticator'])); | ||
|
||
return array($provider, $listenerId, null); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Security\Core\Authentication\Provider; | ||
|
||
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; | ||
use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
use Symfony\Component\Security\Core\User\UserCheckerInterface; | ||
use Symfony\Component\Security\Core\User\UserInterface; | ||
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; | ||
use Symfony\Component\Security\Core\Exception\AuthenticationServiceException; | ||
use Symfony\Component\Security\Core\Exception\BadCredentialsException; | ||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface; | ||
use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
|
||
/** | ||
* @author Jordi Boggiano <j.boggiano@seld.be> | ||
* | ||
* @experimental This feature is experimental in 2.3 and might change in future versions | ||
*/ | ||
class SimpleAuthenticationProvider implements AuthenticationProviderInterface | ||
{ | ||
private $simpleAuthenticator; | ||
private $userProvider; | ||
private $providerKey; | ||
|
||
public function __construct(SimpleAuthenticatorInterface $simpleAuthenticator, UserProviderInterface $userProvider, $providerKey) | ||
{ | ||
$this->simpleAuthenticator = $simpleAuthenticator; | ||
$this->userProvider = $userProvider; | ||
$this->providerKey = $providerKey; | ||
} | ||
|
||
public function authenticate(TokenInterface $token) | ||
{ | ||
$authToken = $this->simpleAuthenticator->authenticateToken($token, $this->userProvider, $this->providerKey); | ||
|
||
if ($authToken instanceof TokenInterface) { | ||
return $authToken; | ||
} | ||
|
||
throw new AuthenticationException('Simple authenticator failed to return an authenticated token.'); | ||
} | ||
|
||
public function supports(TokenInterface $token) | ||
{ | ||
return $this->simpleAuthenticator->supportsToken($token, $this->providerKey); | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
src/Symfony/Component/Security/Core/Authentication/SimpleAuthenticatorInterface.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Security\Core\Authentication; | ||
|
||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
|
||
/** | ||
* @author Jordi Boggiano <j.boggiano@seld.be> | ||
* | ||
* @experimental This feature is experimental in 2.3 and might change in future versions | ||
*/ | ||
interface SimpleAuthenticatorInterface | ||
{ | ||
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey); | ||
|
||
public function supportsToken(TokenInterface $token, $providerKey); | ||
} |
24 changes: 24 additions & 0 deletions
24
src/Symfony/Component/Security/Core/Authentication/SimpleFormAuthenticatorInterface.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Security\Core\Authentication; | ||
|
||
use Symfony\Component\HttpFoundation\Request; | ||
|
||
/** | ||
* @author Jordi Boggiano <j.boggiano@seld.be> | ||
* | ||
* @experimental This feature is experimental in 2.3 and might change in future versions | ||
*/ | ||
interface SimpleFormAuthenticatorInterface extends SimpleAuthenticatorInterface | ||
{ | ||
public function createToken(Request $request, $username, $password, $providerKey); | ||
} |
Oops, something went wrong.