Bugfix | Split functional security configuration to be per Symfony ve…

…rsion
hwi · Dec 6, 2021 · 4b4c25a · 4b4c25a
1 parent ca06652
commit 4b4c25a
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 50 deletions.
diff --git a/HWIOAuthBundle.php b/HWIOAuthBundle.php
@@ -39,7 +39,7 @@ public function build(ContainerBuilder $container)
 
         // Symfony < 5.4 BC layer
         if (interface_exists(AuthenticationProviderInterface::class)) {
-            $extension->addSecurityListenerFactory(new OAuthFactory());
+            $extension->addSecurityListenerFactory(new OAuthFactory()); // @phpstan-ignore-this-line Symfony < 5.4 BC layer
         } else {
             $extension->addAuthenticatorFactory(new OAuthAuthenticatorFactory());
         }

diff --git a/Tests/App/AppKernel.php b/Tests/App/AppKernel.php
@@ -42,6 +42,12 @@ public function registerBundles(): array
     public function registerContainerConfiguration(LoaderInterface $loader): void
     {
         $loader->load(__DIR__.'/config.yml');
+
+        if (Kernel::VERSION_ID >= 60000) {
+            $loader->load(__DIR__.'/security_v6.yaml');
+        } else {
+            $loader->load(__DIR__.'/security_v4.yaml');
+        }
     }
 
     public function prepareContainer(ContainerBuilder $container): void
@@ -65,50 +71,18 @@ public function prepareContainer(ContainerBuilder $container): void
             ]);
         }
 
-        $security = [
-            'encoders' => [
-                \HWI\Bundle\OAuthBundle\Tests\Fixtures\User::class => 'plaintext',
-            ],
-            'firewalls' => [
-                'login_area' => [
-                    'pattern' => '^/(login$|connect|login_hwi)',
-                    'context' => 'hwi_context',
-                    'anonymous' => true,
-                ],
-                'main' => [
-                    'pattern' => '^/',
-                    'oauth' => [
-                        'resource_owners' => [
-                            'google' => '/check-login/google',
-                        ],
-                        'login_path' => '/login',
-                        'use_forward' => false,
-                        'failure_path' => '/login',
-                        'oauth_user_provider' => [
-                            'service' => UserProvider::class,
-                        ],
-                        'provider' => UserProvider::class,
+        if (method_exists(Security::class, 'getUser') && !class_exists(UserValueResolver::class)) {
+            $container->loadFromExtension('security', [
+                'firewalls' => [
+                    'login_area' => [
+                        'logout_on_user_change' => true,
+                    ],
+                    'main' => [
+                        'logout_on_user_change' => true,
                     ],
-                    'context' => 'hwi_context',
                 ],
-            ],
-        ];
-
-        if (!class_exists(User::class)) {
-            unset($security['firewalls']['login_area']['anonymous']);
-
-            $security['password_hashers'] = $security['encoders'];
-            unset($security['encoders']);
-
-            $security['enable_authenticator_manager'] = true;
-        }
-
-        if (method_exists(Security::class, 'getUser') && !class_exists(UserValueResolver::class)) {
-            $security['firewalls']['login_area'] = ['logout_on_user_change' => true];
-            $security['firewalls']['main'] = ['logout_on_user_change' => true];
+            ]);
         }
-
-        $container->prependExtensionConfig('security', $security);
     }
 
     public function getCacheDir(): string

diff --git a/Tests/App/config.yml b/Tests/App/config.yml
@@ -16,14 +16,6 @@ monolog:
             path:  "%kernel.logs_dir%/%kernel.environment%.log"
             level: debug
 
-security:
-    providers:
-        HWI\Bundle\OAuthBundle\Tests\App\UserProvider:
-            id: HWI\Bundle\OAuthBundle\Tests\App\UserProvider
-
-    access_control:
-        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-
 services:
     _defaults:
         autowire: true

diff --git a/Tests/App/security_v4.yaml b/Tests/App/security_v4.yaml
@@ -0,0 +1,28 @@
+security:
+  encoders:
+    HWI\Bundle\OAuthBundle\Tests\Fixtures\User: sha512
+
+  providers:
+    HWI\Bundle\OAuthBundle\Tests\App\UserProvider:
+      id: HWI\Bundle\OAuthBundle\Tests\App\UserProvider
+
+  firewalls:
+    login_area:
+      pattern: ^/(login$|connect|login_hwi)
+      anonymous: true
+      context: hwi_context
+    main:
+      pattern: ^/
+      oauth:
+        resource_owners:
+          google: "/check-login/google"
+        login_path: /login
+        use_forward: false
+        failure_path: /login
+        oauth_user_provider:
+          service: HWI\Bundle\OAuthBundle\Tests\App\UserProvider
+        provider: HWI\Bundle\OAuthBundle\Tests\App\UserProvider
+      context: hwi_context
+
+  access_control:
+    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
diff --git a/Tests/App/security_v6.yaml b/Tests/App/security_v6.yaml
@@ -0,0 +1,27 @@
+security:
+  password_hashers:
+    HWI\Bundle\OAuthBundle\Tests\Fixtures\User: sha512
+
+  providers:
+    HWI\Bundle\OAuthBundle\Tests\App\UserProvider:
+      id: HWI\Bundle\OAuthBundle\Tests\App\UserProvider
+
+  enable_authenticator_manager: true
+
+  firewalls:
+    main:
+      pattern: ^/
+      oauth:
+        resource_owners:
+          google: "/check-login/google"
+        login_path: /login
+        use_forward: false
+        failure_path: /login
+        oauth_user_provider:
+          service: HWI\Bundle\OAuthBundle\Tests\App\UserProvider
+        provider: HWI\Bundle\OAuthBundle\Tests\App\UserProvider
+      context: hwi_context
+
+  access_control:
+    - { path: '^/(login$|connect|login_hwi)', roles: PUBLIC_ACCESS }
+    - { path: ^/, roles: ROLE_USER }