Skip to content

Commit

Permalink
Require entry_point to be configured with multiple authenticators
Browse files Browse the repository at this point in the history 
Entry_point can now also be set to an authenticator name (instead of only
service IDs), to ease configuration.
  • Loading branch information
@wouterj
wouterj committed Apr 27, 2020
1 parent b7e2cce commit 98b949b
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 18 deletions.
4 changes: 2 additions & 2 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public function create(ContainerBuilder $container, string $id, array $config, s
}

// create entry point if applicable (optional)
$entryPointId = $this->createEntryPoint($container, $id, $config, $defaultEntryPointId);
$entryPointId = $this->createDefaultEntryPoint($container, $id, $config, $defaultEntryPointId);

return [$authProviderId, $listenerId, $entryPointId];
}
Expand Down Expand Up @@ -128,7 +128,7 @@ abstract protected function getListenerId();
*
* @return string|null the entry point id
*/
protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId)
protected function createDefaultEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId)
{
return $defaultEntryPointId;
}
Expand Down
2 changes: 1 addition & 1 deletion ...Bundle/SecurityBundle/DependencyInjection/Security/Factory/EntryPointFactoryInterface.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,5 @@ interface EntryPointFactoryInterface
/**
* Creates the entry point and returns the service ID.
*/
public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId): string;
public function createEntryPoint(ContainerBuilder $container, string $id, array $config): string;
}
7 changes: 6 additions & 1 deletion src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,12 @@ protected function createListener(ContainerBuilder $container, string $id, array
return $listenerId;
}

public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint): string
protected function createDefaultEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId)
{
return $this->createEntryPoint($container, $id, $config);
}

public function createEntryPoint(ContainerBuilder $container, string $id, array $config): string
{
$entryPointId = 'security.authentication.form_entry_point.'.$id;
$container
Expand Down
7 changes: 1 addition & 6 deletions ...Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
*
* @final
*/
class GuardAuthenticationFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface, EntryPointFactoryInterface
class GuardAuthenticationFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
{
public function getPosition()
{
Expand Down Expand Up @@ -113,11 +113,6 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
return $authenticatorIds;
}

public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId): string
{
return $this->determineEntryPoint($defaultEntryPointId, $config);
}

private function determineEntryPoint(?string $defaultEntryPointId, array $config): string
{
if ($defaultEntryPointId) {
Expand Down
13 changes: 6 additions & 7 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
*
* @final
*/
class HttpBasicFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
class HttpBasicFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface, EntryPointFactoryInterface
{
public function create(ContainerBuilder $container, string $id, array $config, string $userProvider, ?string $defaultEntryPoint)
{
Expand All @@ -36,7 +36,10 @@ public function create(ContainerBuilder $container, string $id, array $config, s
;

// entry point
$entryPointId = $this->createEntryPoint($container, $id, $config, $defaultEntryPoint);
$entryPointId = $defaultEntryPoint;
if (null === $entryPointId) {
$entryPointId = $this->createEntryPoint($container, $id, $config);
}

// listener
$listenerId = 'security.authentication.listener.basic.'.$id;
Expand Down Expand Up @@ -79,12 +82,8 @@ public function addConfiguration(NodeDefinition $node)
;
}

protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint)
public function createEntryPoint(ContainerBuilder $container, string $id, array $config): string
{
if (null !== $defaultEntryPoint) {
return $defaultEntryPoint;
}

$entryPointId = 'security.authentication.basic_entry_point.'.$id;
$container
->setDefinition($entryPointId, new ChildDefinition('security.authentication.basic_entry_point'))
Expand Down
17 changes: 16 additions & 1 deletion src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
use Symfony\Component\Security\Core\User\ChainUserProvider;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Controller\UserValueResolver;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
use Twig\Extension\AbstractExtension;

/**
Expand Down Expand Up @@ -519,6 +520,7 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
{
$listeners = [];
$hasListeners = false;
$entryPoints = [];

foreach ($this->listenerPositions as $position) {
foreach ($this->factories[$position] as $factory) {
Expand All @@ -542,7 +544,7 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
}

if ($factory instanceof EntryPointFactoryInterface) {
$defaultEntryPoint = $factory->createEntryPoint($container, $id, $firewall[$key], $defaultEntryPoint);
$entryPoints[$key] = $factory->createEntryPoint($container, $id, $firewall[$key], null);
}
} else {
list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint);
Expand All @@ -555,6 +557,19 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
}
}

if ($entryPoints) {
// we can be sure the authenticator system is enabled
if (null !== $defaultEntryPoint) {
return $entryPoints[$defaultEntryPoint] ?? $defaultEntryPoint;
}

if (1 === \count($entryPoints)) {
return current($entryPoints);
}

throw new InvalidConfigurationException(sprintf('Because you have multiple authenticators in firewall "%s", you need to set the "entry_point" key to one of your authenticators (%s) or a service ID implementing "%s". The "entry_point" determines what should happen (e.g. redirect to "/login") when an anonymous user tries to access a protected page.', $id, implode(', ', $entryPoints), AuthenticationEntryPointInterface::class));
}

if (false === $hasListeners) {
throw new InvalidConfigurationException(sprintf('No authentication listener registered for firewall "%s".', $id));
}
Expand Down

0 comments on commit 98b949b

Please sign in to comment.