From 94d648b75cd959d75dd9d17ae93284b8ec43245e Mon Sep 17 00:00:00 2001 From: Peter Kruithof Date: Sun, 1 Sep 2013 11:49:21 +0200 Subject: [PATCH] Added 'host' option to firewall configuration --- .../Bundle/SecurityBundle/CHANGELOG.md | 5 +++ .../DependencyInjection/MainConfiguration.php | 1 + .../DependencyInjection/SecurityExtension.php | 6 ++-- .../CompleteConfigurationTest.php | 32 +++++++++++++++++++ .../Fixtures/php/container1.php | 6 ++++ .../Fixtures/xml/container1.xml | 5 +++ .../Fixtures/yml/container1.yml | 5 +++ 7 files changed, 58 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index 724254de78..06d56b3361 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -1,6 +1,11 @@ CHANGELOG ========= +2.4.0 +----- + + * Added 'host' option to firewall configuration + 2.3.0 ----- diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php index 2e1be8c694..5041479704 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php @@ -199,6 +199,7 @@ class MainConfiguration implements ConfigurationInterface $firewallNodeBuilder ->scalarNode('pattern')->end() + ->scalarNode('host')->end() ->booleanNode('security')->defaultTrue()->end() ->scalarNode('request_matcher')->end() ->scalarNode('access_denied_url')->end() diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index ad75ac14a3..d87a890f5e 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -244,8 +244,10 @@ class SecurityExtension extends Extension $matcher = null; if (isset($firewall['request_matcher'])) { $matcher = new Reference($firewall['request_matcher']); - } elseif (isset($firewall['pattern'])) { - $matcher = $this->createRequestMatcher($container, $firewall['pattern']); + } elseif (isset($firewall['pattern']) || isset($firewall['host'])) { + $pattern = isset($firewall['pattern']) ? $firewall['pattern'] : null; + $host = isset($firewall['host']) ? $firewall['host'] : null; + $matcher = $this->createRequestMatcher($container, $pattern, $host); } // Security disabled? diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index 2e55643c70..d5af681b33 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -85,9 +85,41 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase 'security.access_listener', 'security.authentication.switchuser_listener.secure', ), + array( + 'security.channel_listener', + 'security.context_listener.0', + 'security.authentication.listener.basic.host', + 'security.authentication.listener.anonymous.host', + 'security.access_listener', + ), ), $listeners); } + public function testFirewallRequestMatchers() + { + $container = $this->getContainer('container1'); + + $arguments = $container->getDefinition('security.firewall.map')->getArguments(); + $matchers = array(); + + foreach ($arguments[1] as $reference) { + if ($reference instanceof Reference) { + $definition = $container->getDefinition((string) $reference); + $matchers[] = $definition->getArguments(); + } + } + + $this->assertEquals(array( + array( + '/login', + ), + array( + '/test', + 'foo\\.example\\.org', + ), + ), $matchers); + } + public function testAccess() { $container = $this->getContainer('container1'); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index bb79da3fb0..d91d604a6a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -71,6 +71,12 @@ $container->loadFromExtension('security', array( 'x509' => true, 'logout' => true, ), + 'host' => array( + 'pattern' => '/test', + 'host' => 'foo\\.example\\.org', + 'anonymous' => true, + 'http_basic' => true, + ), ), 'access_control' => array( diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index cb452e9316..9da4ad937f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -57,6 +57,11 @@ + + + + + ROLE_USER ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH ROLE_USER,ROLE_ADMIN diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index 169f7fa431..7b5bd0e373 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -53,6 +53,11 @@ security: switch_user: true x509: true logout: true + host: + pattern: /test + host: foo\.example\.org + anonymous: true + http_basic: true role_hierarchy: ROLE_ADMIN: ROLE_USER