[Security] [DataCollector] Remove allows anonymous information in datacollector

2021-05-09 14:47:38 +01:00 · 2021-05-09 14:47:38 +01:00 · 92cd096763
parent 2e047c9cfa
commit 92cd096763
4 changed files with 18 additions and 2 deletions
--- a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
+++ b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@ -44,8 +44,9 @@ class SecurityDataCollector extends DataCollector implements LateDataCollectorIn
    private $firewallMap;
    private $firewall;
    private $hasVarDumper;
+    private $authenticatorManagerEnabled;

-    public function __construct(TokenStorageInterface $tokenStorage = null, RoleHierarchyInterface $roleHierarchy = null, LogoutUrlGenerator $logoutUrlGenerator = null, AccessDecisionManagerInterface $accessDecisionManager = null, FirewallMapInterface $firewallMap = null, TraceableFirewallListener $firewall = null)
+    public function __construct(TokenStorageInterface $tokenStorage = null, RoleHierarchyInterface $roleHierarchy = null, LogoutUrlGenerator $logoutUrlGenerator = null, AccessDecisionManagerInterface $accessDecisionManager = null, FirewallMapInterface $firewallMap = null, TraceableFirewallListener $firewall = null, $authenticatorManagerEnabled = false)
    {
        $this->tokenStorage = $tokenStorage;
        $this->roleHierarchy = $roleHierarchy;
@ -54,6 +55,7 @@ class SecurityDataCollector extends DataCollector implements LateDataCollectorIn
        $this->firewallMap = $firewallMap;
        $this->firewall = $firewall;
        $this->hasVarDumper = class_exists(ClassStub::class);
+        $this->authenticatorManagerEnabled = $authenticatorManagerEnabled;
    }

    /**
@ -204,6 +206,8 @@ class SecurityDataCollector extends DataCollector implements LateDataCollectorIn
        if ($this->firewall) {
            $this->data['listeners'] = $this->firewall->getWrappedListeners();
        }
+
+        $this->data['authenticator_manager_enabled'] = $this->authenticatorManagerEnabled;
    }

    /**
@ -389,4 +393,9 @@ class SecurityDataCollector extends DataCollector implements LateDataCollectorIn
    {
        return 'security';
    }
+
+    public function isAuthenticatorManagerEnabled(): bool
+    {
+        return $this->data['authenticator_manager_enabled'];
+    }
 }
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@ -132,6 +132,8 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
        $loader->load('collectors.php');
        $loader->load('guard.php');

+        $container->getDefinition('data_collector.security')->addArgument($this->authenticatorManagerEnabled);
+
        if ($container->hasParameter('kernel.debug') && $container->getParameter('kernel.debug')) {
            $loader->load('security_debug.php');
        }
--- a/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
@ -159,10 +159,12 @@
                    <span class="value">{{ include('@WebProfiler/Icon/' ~ (collector.firewall.stateless ? 'yes' : 'no') ~ '.svg') }}</span>
                    <span class="label">Stateless</span>
                </div>
+                {% if collector.authenticatorManagerEnabled == false %}
                <div class="metric">
                    <span class="value">{{ include('@WebProfiler/Icon/' ~ (collector.firewall.allows_anonymous ? 'yes' : 'no') ~ '.svg') }}</span>
                    <span class="label">Allows anonymous</span>
                </div>
+                {% endif %}
            </div>

            {% if collector.firewall.security_enabled %}
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
@ -71,6 +71,7 @@ class SecurityDataCollectorTest extends TestCase
        $this->assertCount(0, $collector->getInheritedRoles());
        $this->assertEmpty($collector->getUser());
        $this->assertNull($collector->getFirewall());
+        $this->assertFalse($collector->isAuthenticatorManagerEnabled());
    }

    /** @dataProvider provideRoles */
@ -93,6 +94,7 @@ class SecurityDataCollectorTest extends TestCase
        $this->assertSame($normalizedRoles, $collector->getRoles()->getValue(true));
        $this->assertSame($inheritedRoles, $collector->getInheritedRoles()->getValue(true));
        $this->assertSame('hhamon', $collector->getUser());
+        $this->assertFalse($collector->isAuthenticatorManagerEnabled());
    }

    public function testCollectSwitchUserToken()
@ -132,7 +134,7 @@ class SecurityDataCollectorTest extends TestCase
            ->with($request)
            ->willReturn($firewallConfig);

-        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()));
+        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()), true);
        $collector->collect($request, new Response());
        $collector->lateCollect();
        $collected = $collector->getFirewall();
@ -149,6 +151,7 @@ class SecurityDataCollectorTest extends TestCase
        $this->assertSame($firewallConfig->getAccessDeniedUrl(), $collected['access_denied_url']);
        $this->assertSame($firewallConfig->getUserChecker(), $collected['user_checker']);
        $this->assertSame($firewallConfig->getListeners(), $collected['listeners']->getValue());
+        $this->assertTrue($collector->isAuthenticatorManagerEnabled());
    }

    public function testGetFirewallReturnsNull()