[Security] Move default authentication success handling strategy to seperate class
[Security] Update configuration for changes regarding default success handler [Security] Fix + add AbstractFactory test
This commit is contained in:
parent
b34bdd4639
commit
c6aa392df7
|
@ -30,12 +30,15 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||
'check_path' => '/login_check',
|
||||
'login_path' => '/login',
|
||||
'use_forward' => false,
|
||||
'failure_path' => null,
|
||||
'failure_forward' => false,
|
||||
);
|
||||
|
||||
protected $defaultSuccessHandlerOptions = array(
|
||||
'always_use_default_target_path' => false,
|
||||
'default_target_path' => '/',
|
||||
'target_path_parameter' => '_target_path',
|
||||
'use_referer' => false,
|
||||
'failure_path' => null,
|
||||
'failure_forward' => false,
|
||||
);
|
||||
|
||||
public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId)
|
||||
|
@ -71,7 +74,7 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||
->scalarNode('failure_handler')->end()
|
||||
;
|
||||
|
||||
foreach ($this->options as $name => $default) {
|
||||
foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions) as $name => $default) {
|
||||
if (is_bool($default)) {
|
||||
$builder->booleanNode($name)->defaultValue($default);
|
||||
} else {
|
||||
|
@ -149,12 +152,8 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||
$listenerId = $this->getListenerId();
|
||||
$listener = new DefinitionDecorator($listenerId);
|
||||
$listener->replaceArgument(4, $id);
|
||||
$listener->replaceArgument(5, array_intersect_key($config, $this->options));
|
||||
|
||||
// success handler
|
||||
if (isset($config['success_handler'])) {
|
||||
$listener->replaceArgument(6, new Reference($config['success_handler']));
|
||||
}
|
||||
$listener->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)));
|
||||
$listener->replaceArgument(6, array_intersect_key($config, $this->options));
|
||||
|
||||
// failure handler
|
||||
if (isset($config['failure_handler'])) {
|
||||
|
@ -166,4 +165,20 @@ abstract class AbstractFactory implements SecurityFactoryInterface
|
|||
|
||||
return $listenerId;
|
||||
}
|
||||
|
||||
protected function createAuthenticationSuccessHandler($container, $id, $config)
|
||||
{
|
||||
// success handler
|
||||
if (isset($config['success_handler'])) {
|
||||
|
||||
return $config['success_handler'];
|
||||
}
|
||||
|
||||
$id = 'security.authentication.success_handler.'.$id;
|
||||
|
||||
$successHandler = $container->setDefinition($id, new DefinitionDecorator('security.authentication.success_handler'));
|
||||
$successHandler->replaceArgument(1, array_intersect_key($config, $this->defaultSuccessHandlerOptions));
|
||||
|
||||
return $id;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -37,6 +37,8 @@
|
|||
<parameter key="security.authentication.provider.pre_authenticated.class">Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider</parameter>
|
||||
|
||||
<parameter key="security.authentication.provider.anonymous.class">Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider</parameter>
|
||||
|
||||
<parameter key="security.authentication.success_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler</parameter>
|
||||
</parameters>
|
||||
|
||||
<services>
|
||||
|
@ -98,13 +100,18 @@
|
|||
<argument type="service" id="security.authentication.session_strategy" />
|
||||
<argument type="service" id="security.http_utils" />
|
||||
<argument />
|
||||
<argument type="service" id="security.authentication.success_handler" />
|
||||
<argument type="collection"></argument>
|
||||
<argument type="service" id="security.authentication.success_handler" on-invalid="null" />
|
||||
<argument type="service" id="security.authentication.failure_handler" on-invalid="null" />
|
||||
<argument type="service" id="logger" on-invalid="null" />
|
||||
<argument type="service" id="event_dispatcher" on-invalid="null" />
|
||||
</service>
|
||||
|
||||
<service id="security.authentication.success_handler" class="%security.authentication.success_handler.class%" abstract="true" public="false">
|
||||
<argument type="service" id="security.http_utils" />
|
||||
<argument />
|
||||
</service>
|
||||
|
||||
<service id="security.authentication.listener.form"
|
||||
class="%security.authentication.listener.form.class%"
|
||||
parent="security.authentication.listener.abstract"
|
||||
|
|
|
@ -18,7 +18,46 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
|
|||
{
|
||||
public function testCreate()
|
||||
{
|
||||
$factory = $this->getFactory();
|
||||
list($container,
|
||||
$authProviderId,
|
||||
$listenerId,
|
||||
$entryPointId) = $this->callFactory('foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'foo', 'remember_me' => true), 'user_provider', 'entry_point');
|
||||
|
||||
// auth provider
|
||||
$this->assertEquals('auth_provider', $authProviderId);
|
||||
|
||||
// listener
|
||||
$this->assertEquals('abstract_listener.foo', $listenerId);
|
||||
$this->assertTrue($container->hasDefinition('abstract_listener.foo'));
|
||||
$definition = $container->getDefinition('abstract_listener.foo');
|
||||
$this->assertEquals(array(
|
||||
'index_4' => 'foo',
|
||||
'index_5' => new Reference('foo'),
|
||||
'index_6' => array(
|
||||
'use_forward' => true,
|
||||
'failure_path' => '/foo',
|
||||
),
|
||||
), $definition->getArguments());
|
||||
|
||||
// entry point
|
||||
$this->assertEquals('entry_point', $entryPointId, '->create() does not change the default entry point.');
|
||||
}
|
||||
|
||||
public function testDefaultSuccessHandler()
|
||||
{
|
||||
list($container,
|
||||
$authProviderId,
|
||||
$listenerId,
|
||||
$entryPointId) = $this->callFactory('foo', array('remember_me' => true), 'user_provider', 'entry_point');
|
||||
|
||||
$definition = $container->getDefinition('abstract_listener.foo');
|
||||
$arguments = $definition->getArguments();
|
||||
$this->assertEquals(new Reference('security.authentication.success_handler.foo'), $arguments['index_5']);
|
||||
}
|
||||
|
||||
protected function callFactory($id, $config, $userProviderId, $defaultEntryPointId)
|
||||
{
|
||||
$factory = $this->getMockForAbstractClass('Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory', array());
|
||||
|
||||
$factory
|
||||
->expects($this->once())
|
||||
|
@ -37,30 +76,8 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
|
|||
list($authProviderId,
|
||||
$listenerId,
|
||||
$entryPointId
|
||||
) = $factory->create($container, 'foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'foo', 'remember_me' => true), 'user_provider', 'entry_point');
|
||||
) = $factory->create($container, $id, $config, $userProviderId, $defaultEntryPointId);
|
||||
|
||||
// auth provider
|
||||
$this->assertEquals('auth_provider', $authProviderId);
|
||||
|
||||
// listener
|
||||
$this->assertEquals('abstract_listener.foo', $listenerId);
|
||||
$this->assertTrue($container->hasDefinition('abstract_listener.foo'));
|
||||
$definition = $container->getDefinition('abstract_listener.foo');
|
||||
$this->assertEquals(array(
|
||||
'index_4' => 'foo',
|
||||
'index_5' => array(
|
||||
'use_forward' => true,
|
||||
'failure_path' => '/foo',
|
||||
),
|
||||
'index_6' => new Reference('foo'),
|
||||
), $definition->getArguments());
|
||||
|
||||
// entry point
|
||||
$this->assertEquals('entry_point', $entryPointId, '->create() does not change the default entry point.');
|
||||
}
|
||||
|
||||
protected function getFactory()
|
||||
{
|
||||
return $this->getMockForAbstractClass('Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory', array());
|
||||
return array($container, $authProviderId, $listenerId, $entryPointId);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ interface AuthenticationSuccessHandlerInterface
|
|||
* @param Request $request
|
||||
* @param TokenInterface $token
|
||||
*
|
||||
* @return Response|null the response to return
|
||||
* @return Response never null
|
||||
*/
|
||||
function onAuthenticationSuccess(Request $request, TokenInterface $token);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,84 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Security\Http\Authentication;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Security\Http\HttpUtils;
|
||||
|
||||
/**
|
||||
* Class with the default authentication success handling logic.
|
||||
*
|
||||
* Can be optionally be extended from by the developer to alter the behaviour
|
||||
* while keeping the default behaviour.
|
||||
*
|
||||
* @author Alexander <iam.asm89@gmail.com>
|
||||
*/
|
||||
class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface
|
||||
{
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param HttpUtils $httpUtils HttpUtils
|
||||
* @param array $options Options for processing a successful authentication attempt.
|
||||
*/
|
||||
public function __construct(HttpUtils $httpUtils, array $options)
|
||||
{
|
||||
$this->httpUtils = $httpUtils;
|
||||
|
||||
$this->options = array_merge(array(
|
||||
'always_use_default_target_path' => false,
|
||||
'default_target_path' => '/',
|
||||
'target_path_parameter' => '_target_path',
|
||||
'use_referer' => false,
|
||||
), $options);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
|
||||
{
|
||||
return $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request));
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds the target URL according to the defined options.
|
||||
*
|
||||
* @param Request $request
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function determineTargetUrl(Request $request)
|
||||
{
|
||||
if ($this->options['always_use_default_target_path']) {
|
||||
return $this->options['default_target_path'];
|
||||
}
|
||||
|
||||
if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
$session = $request->getSession();
|
||||
if ($targetUrl = $session->get('_security.target_path')) {
|
||||
$session->remove('_security.target_path');
|
||||
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $request->getUriForPath($this->options['login_path'])) {
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
return $this->options['default_target_path'];
|
||||
}
|
||||
}
|
|
@ -77,7 +77,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||
* @param LoggerInterface $logger A LoggerInterface instance
|
||||
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
||||
*/
|
||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, array $options = array(), AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
||||
{
|
||||
if (empty($providerKey)) {
|
||||
throw new \InvalidArgumentException('$providerKey must not be empty.');
|
||||
|
@ -92,10 +92,6 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||
$this->options = array_merge(array(
|
||||
'check_path' => '/login_check',
|
||||
'login_path' => '/login',
|
||||
'always_use_default_target_path' => false,
|
||||
'default_target_path' => '/',
|
||||
'target_path_parameter' => '_target_path',
|
||||
'use_referer' => false,
|
||||
'failure_path' => null,
|
||||
'failure_forward' => false,
|
||||
), $options);
|
||||
|
@ -238,13 +234,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||
$this->dispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent);
|
||||
}
|
||||
|
||||
$response = null;
|
||||
if (null !== $this->successHandler) {
|
||||
$response = $this->successHandler->onAuthenticationSuccess($request, $token);
|
||||
}
|
||||
if (null === $response) {
|
||||
$response = $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request));
|
||||
}
|
||||
$response = $this->successHandler->onAuthenticationSuccess($request, $token);
|
||||
|
||||
if (null !== $this->rememberMeServices) {
|
||||
$this->rememberMeServices->loginSuccess($request, $response, $token);
|
||||
|
@ -252,35 +242,4 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds the target URL according to the defined options.
|
||||
*
|
||||
* @param Request $request
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
private function determineTargetUrl(Request $request)
|
||||
{
|
||||
if ($this->options['always_use_default_target_path']) {
|
||||
return $this->options['default_target_path'];
|
||||
}
|
||||
|
||||
if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
$session = $request->getSession();
|
||||
if ($targetUrl = $session->get('_security.' . $this->providerKey . '.target_path')) {
|
||||
$session->remove('_security.' . $this->providerKey . '.target_path');
|
||||
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $request->getUriForPath($this->options['login_path'])) {
|
||||
return $targetUrl;
|
||||
}
|
||||
|
||||
return $this->options['default_target_path'];
|
||||
}
|
||||
}
|
||||
|
|
|
@ -37,15 +37,15 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
|
||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler = null, array $options = array(), AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
|
||||
{
|
||||
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, array_merge(array(
|
||||
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, array_merge(array(
|
||||
'username_parameter' => '_username',
|
||||
'password_parameter' => '_password',
|
||||
'csrf_parameter' => '_csrf_token',
|
||||
'intention' => 'authenticate',
|
||||
'post_only' => true,
|
||||
), $options), $successHandler, $failureHandler, $logger, $dispatcher);
|
||||
), $options), $failureHandler, $logger, $dispatcher);
|
||||
|
||||
$this->csrfProvider = $csrfProvider;
|
||||
}
|
||||
|
|
Reference in New Issue