Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Use auth trust resolver to determine anonymous in ContextListener #18211

Closed

Conversation

Projects
None yet
7 participants
@wouterj
Copy link
Member

commented Mar 17, 2016

Q A
Branch? master
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets -
License MIT
Doc PR not done yet

There is a nice class in Symfony that is used to check whether a token is anonymously: AuthenticationTrustResolver. However, its logic was still hard coded in the ContextListener, making it impossible to customize it (e.g. using another anonymous token class). I think it makes lots of sense to use the dedicated class.

@@ -15,6 +15,8 @@
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;

This comment has been minimized.

Copy link
@xabbuh

xabbuh Mar 17, 2016

Member

This class is no longer used.

This comment has been minimized.

Copy link
@wouterj

wouterj Mar 17, 2016

Author Member

thanks, fixed

@wouterj wouterj force-pushed the wouterj:security-remember_me_trust_resolver branch from c2e4d54 to a695652 Mar 17, 2016

@@ -121,7 +124,7 @@ public function onKernelResponse(FilterResponseEvent $event)
$request = $event->getRequest();
$session = $request->getSession();
if ((null === $token = $this->tokenStorage->getToken()) || ($token instanceof AnonymousToken)) {
if ((null === $token = $this->tokenStorage->getToken()) || ($this->trustResolver->isAnonymous($token))) {

This comment has been minimized.

Copy link
@xabbuh

xabbuh Mar 17, 2016

Member

We can remove one pair of parentheses here.

This comment has been minimized.

Copy link
@wouterj

wouterj Mar 17, 2016

Author Member

done

@@ -58,6 +60,7 @@ public function __construct(TokenStorageInterface $tokenStorage, array $userProv
$this->sessionKey = '_security_'.$contextKey;
$this->logger = $logger;
$this->dispatcher = $dispatcher;
$this->trustResolver = $trustResolver ?: new AuthenticationTrustResolver('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken', 'Symfony\Component\Security\Core\Authentication\Token\RememberMeToken');

This comment has been minimized.

Copy link
@stof

stof Mar 17, 2016

Member

You could use ::class constants here

This comment has been minimized.

Copy link
@Tobion

Tobion Mar 17, 2016

Member

agree

@fabpot

This comment has been minimized.

Copy link
Member

commented Mar 18, 2016

👍

1 similar comment
@xabbuh

This comment has been minimized.

Copy link
Member

commented Mar 22, 2016

👍

@fabpot

This comment has been minimized.

Copy link
Member

commented Mar 23, 2016

Thanks @wouterj

@fabpot fabpot closed this Mar 23, 2016

fabpot added a commit that referenced this pull request Mar 23, 2016

feature #18211 [Security] Use auth trust resolver to determine anonym…
…ous in ContextListener (WouterJ)

This PR was squashed before being merged into the 3.1-dev branch (closes #18211).

Discussion
----------

[Security] Use auth trust resolver to determine anonymous in ContextListener

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | not done yet

There is a nice class in Symfony that is used to check whether a token is anonymously: `AuthenticationTrustResolver`. However, its logic was still hard coded in the `ContextListener`, making it impossible to customize it (e.g. using another anonymous token class). I think it makes lots of sense to use the dedicated class.

Commits
-------

ab5578e [Security] Use auth trust resolver to determine anonymous in ContextListener

nicolas-grekas added a commit that referenced this pull request Mar 23, 2016

minor #18278 use class constants instead of FQCN strings (xabbuh)
This PR was merged into the 3.1-dev branch.

Discussion
----------

use class constants instead of FQCN strings

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #18211 (comment)
| License       | MIT
| Doc PR        |

Commits
-------

d4ec7dd use class constants instead of FQCN strings

@wouterj wouterj deleted the wouterj:security-remember_me_trust_resolver branch Mar 23, 2016

@fabpot fabpot referenced this pull request May 13, 2016

Merged

Release v3.1.0-BETA1 #18776

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.