Added a SecurityUserValueResolver for controllers
This commit is contained in:
parent
2e811cb930
commit
d341889b95
@ -1,6 +1,12 @@
|
|||||||
UPGRADE FROM 3.1 to 3.2
|
UPGRADE FROM 3.1 to 3.2
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
|
FrameworkBundle
|
||||||
|
---------------
|
||||||
|
|
||||||
|
* The `Controller::getUser()` method has been deprecated and will be removed in
|
||||||
|
Symfony 4.0; typehint the security user object in the action instead.
|
||||||
|
|
||||||
DependencyInjection
|
DependencyInjection
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
|
@ -117,6 +117,9 @@ FrameworkBundle
|
|||||||
* The `framework.serializer.cache` option and the services
|
* The `framework.serializer.cache` option and the services
|
||||||
`serializer.mapping.cache.apc` and `serializer.mapping.cache.doctrine.apc`
|
`serializer.mapping.cache.apc` and `serializer.mapping.cache.doctrine.apc`
|
||||||
have been removed. APCu should now be automatically used when available.
|
have been removed. APCu should now be automatically used when available.
|
||||||
|
|
||||||
|
* The `Controller::getUser()` method has been removed in favor of the ability
|
||||||
|
to typehint the security user object in the action.
|
||||||
|
|
||||||
HttpKernel
|
HttpKernel
|
||||||
----------
|
----------
|
||||||
|
@ -1,6 +1,12 @@
|
|||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
3.2.0
|
||||||
|
-----
|
||||||
|
|
||||||
|
* The `Controller::getUser()` method has been deprecated and will be removed in
|
||||||
|
Symfony 4.0; typehint the security user object in the action instead.
|
||||||
|
|
||||||
3.1.0
|
3.1.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
@ -22,6 +22,7 @@ use Symfony\Component\HttpFoundation\StreamedResponse;
|
|||||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||||
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\Security\Csrf\CsrfToken;
|
use Symfony\Component\Security\Csrf\CsrfToken;
|
||||||
use Symfony\Component\Form\Extension\Core\Type\FormType;
|
use Symfony\Component\Form\Extension\Core\Type\FormType;
|
||||||
use Symfony\Component\Form\Form;
|
use Symfony\Component\Form\Form;
|
||||||
@ -362,12 +363,16 @@ abstract class Controller implements ContainerAwareInterface
|
|||||||
*
|
*
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*
|
*
|
||||||
|
* @deprecated as of 3.2 and will be removed in 4.0. You can typehint your method argument with Symfony\Component\Security\Core\User\UserInterface instead.
|
||||||
|
*
|
||||||
* @throws \LogicException If SecurityBundle is not available
|
* @throws \LogicException If SecurityBundle is not available
|
||||||
*
|
*
|
||||||
* @see TokenInterface::getUser()
|
* @see TokenInterface::getUser()
|
||||||
*/
|
*/
|
||||||
protected function getUser()
|
protected function getUser()
|
||||||
{
|
{
|
||||||
|
@trigger_error(sprintf('%s() is deprecated as of 3.2 and will be removed in 4.0. You can typehint your method argument with %s instead.', __METHOD__, UserInterface::class), E_USER_DEPRECATED);
|
||||||
|
|
||||||
if (!$this->container->has('security.token_storage')) {
|
if (!$this->container->has('security.token_storage')) {
|
||||||
throw new \LogicException('The SecurityBundle is not registered in your application.');
|
throw new \LogicException('The SecurityBundle is not registered in your application.');
|
||||||
}
|
}
|
||||||
|
@ -56,6 +56,9 @@ class ControllerTest extends TestCase
|
|||||||
$this->assertEquals('xml--fr', $response->getContent());
|
$this->assertEquals('xml--fr', $response->getContent());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
*/
|
||||||
public function testGetUser()
|
public function testGetUser()
|
||||||
{
|
{
|
||||||
$user = new User('user', 'pass');
|
$user = new User('user', 'pass');
|
||||||
@ -67,6 +70,9 @@ class ControllerTest extends TestCase
|
|||||||
$this->assertSame($controller->getUser(), $user);
|
$this->assertSame($controller->getUser(), $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
*/
|
||||||
public function testGetUserAnonymousUserConvertedToNull()
|
public function testGetUserAnonymousUserConvertedToNull()
|
||||||
{
|
{
|
||||||
$token = new AnonymousToken('default', 'anon.');
|
$token = new AnonymousToken('default', 'anon.');
|
||||||
@ -77,6 +83,9 @@ class ControllerTest extends TestCase
|
|||||||
$this->assertNull($controller->getUser());
|
$this->assertNull($controller->getUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
*/
|
||||||
public function testGetUserWithEmptyTokenStorage()
|
public function testGetUserWithEmptyTokenStorage()
|
||||||
{
|
{
|
||||||
$controller = new TestController();
|
$controller = new TestController();
|
||||||
@ -86,6 +95,7 @@ class ControllerTest extends TestCase
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* @group legacy
|
||||||
* @expectedException \LogicException
|
* @expectedException \LogicException
|
||||||
* @expectedExceptionMessage The SecurityBundle is not registered in your application.
|
* @expectedExceptionMessage The SecurityBundle is not registered in your application.
|
||||||
*/
|
*/
|
||||||
|
@ -1,6 +1,12 @@
|
|||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
3.2.0
|
||||||
|
-----
|
||||||
|
|
||||||
|
* Added the `SecurityUserValueResolver` to inject the security users in actions via
|
||||||
|
`Symfony\Component\Security\Core\User\UserInterface` in the method signature.
|
||||||
|
|
||||||
3.0.0
|
3.0.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
@ -20,6 +20,11 @@
|
|||||||
|
|
||||||
<service id="security.token_storage" class="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage" />
|
<service id="security.token_storage" class="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage" />
|
||||||
|
|
||||||
|
<service id="security.user_value_resolver" class="Symfony\Bundle\SecurityBundle\SecurityUserValueResolver" public="false">
|
||||||
|
<argument type="service" id="security.token_storage" />
|
||||||
|
<tag name="controller.argument_value_resolver" priority="40" />
|
||||||
|
</service>
|
||||||
|
|
||||||
<!-- Authentication related services -->
|
<!-- Authentication related services -->
|
||||||
<service id="security.authentication.manager" class="Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager" public="false">
|
<service id="security.authentication.manager" class="Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager" public="false">
|
||||||
<argument type="collection" />
|
<argument type="collection" />
|
||||||
|
@ -0,0 +1,57 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Bundle\SecurityBundle;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\HttpKernel\Controller\ArgumentValueResolverInterface;
|
||||||
|
use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Supports the argument type of {@see UserInterface}.
|
||||||
|
*
|
||||||
|
* @author Iltar van der Berg <kjarli@gmail.com>
|
||||||
|
*/
|
||||||
|
final class SecurityUserValueResolver implements ArgumentValueResolverInterface
|
||||||
|
{
|
||||||
|
private $tokenStorage;
|
||||||
|
|
||||||
|
public function __construct(TokenStorageInterface $tokenStorage)
|
||||||
|
{
|
||||||
|
$this->tokenStorage = $tokenStorage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function supports(Request $request, ArgumentMetadata $argument)
|
||||||
|
{
|
||||||
|
// only security user implementations are supported
|
||||||
|
if (UserInterface::class !== $argument->getType()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$token = $this->tokenStorage->getToken();
|
||||||
|
if (!$token instanceof TokenInterface) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = $token->getUser();
|
||||||
|
|
||||||
|
// in case it's not an object we cannot do anything with it; E.g. "anon."
|
||||||
|
return $user instanceof UserInterface;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function resolve(Request $request, ArgumentMetadata $argument)
|
||||||
|
{
|
||||||
|
yield $this->tokenStorage->getToken()->getUser();
|
||||||
|
}
|
||||||
|
}
|
@ -17,12 +17,13 @@ use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
|||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\Security\Core\Security;
|
use Symfony\Component\Security\Core\Security;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
|
||||||
class LoginController implements ContainerAwareInterface
|
class LoginController implements ContainerAwareInterface
|
||||||
{
|
{
|
||||||
use ContainerAwareTrait;
|
use ContainerAwareTrait;
|
||||||
|
|
||||||
public function loginAction(Request $request)
|
public function loginAction(Request $request, UserInterface $user = null)
|
||||||
{
|
{
|
||||||
// get the login error if there is one
|
// get the login error if there is one
|
||||||
if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
|
if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
|
||||||
@ -38,9 +39,9 @@ class LoginController implements ContainerAwareInterface
|
|||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function afterLoginAction()
|
public function afterLoginAction(UserInterface $user)
|
||||||
{
|
{
|
||||||
return $this->container->get('templating')->renderResponse('FormLoginBundle:Login:after_login.html.twig');
|
return $this->container->get('templating')->renderResponse('FormLoginBundle:Login:after_login.html.twig', array('user' => $user));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function loginCheckAction()
|
public function loginCheckAction()
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{% extends "::base.html.twig" %}
|
{% extends "::base.html.twig" %}
|
||||||
|
|
||||||
{% block body %}
|
{% block body %}
|
||||||
Hello {{ app.user.username }}!<br /><br />
|
Hello {{ user.username }}!<br /><br />
|
||||||
You're browsing to path "{{ app.request.pathInfo }}".
|
You're browsing to path "{{ app.request.pathInfo }}".
|
||||||
|
|
||||||
<a href="{{ logout_path('default') }}">Log out</a>.
|
<a href="{{ logout_path('default') }}">Log out</a>.
|
||||||
|
@ -0,0 +1,100 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Bundle\SecurityBundle\Tests;
|
||||||
|
|
||||||
|
use Symfony\Bundle\SecurityBundle\SecurityUserValueResolver;
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\HttpKernel\Controller\ArgumentResolver;
|
||||||
|
use Symfony\Component\HttpKernel\Controller\ArgumentResolver\DefaultValueResolver;
|
||||||
|
use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
|
||||||
|
class SecurityUserValueResolverTest extends \PHPUnit_Framework_TestCase
|
||||||
|
{
|
||||||
|
public function testResolveNoToken()
|
||||||
|
{
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$resolver = new SecurityUserValueResolver($tokenStorage);
|
||||||
|
$metadata = new ArgumentMetadata('foo', UserInterface::class, false, false, null);
|
||||||
|
|
||||||
|
$this->assertFalse($resolver->supports(Request::create('/'), $metadata));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testResolveNoUser()
|
||||||
|
{
|
||||||
|
$mock = $this->getMock(UserInterface::class);
|
||||||
|
$token = $this->getMock(TokenInterface::class);
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$tokenStorage->setToken($token);
|
||||||
|
|
||||||
|
$resolver = new SecurityUserValueResolver($tokenStorage);
|
||||||
|
$metadata = new ArgumentMetadata('foo', get_class($mock), false, false, null);
|
||||||
|
|
||||||
|
$this->assertFalse($resolver->supports(Request::create('/'), $metadata));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testResolveWrongType()
|
||||||
|
{
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$resolver = new SecurityUserValueResolver($tokenStorage);
|
||||||
|
$metadata = new ArgumentMetadata('foo', null, false, false, null);
|
||||||
|
|
||||||
|
$this->assertFalse($resolver->supports(Request::create('/'), $metadata));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testResolve()
|
||||||
|
{
|
||||||
|
$user = $this->getMock(UserInterface::class);
|
||||||
|
$token = $this->getMock(TokenInterface::class);
|
||||||
|
$token->expects($this->any())->method('getUser')->willReturn($user);
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$tokenStorage->setToken($token);
|
||||||
|
|
||||||
|
$resolver = new SecurityUserValueResolver($tokenStorage);
|
||||||
|
$metadata = new ArgumentMetadata('foo', UserInterface::class, false, false, null);
|
||||||
|
|
||||||
|
$this->assertTrue($resolver->supports(Request::create('/'), $metadata));
|
||||||
|
$this->assertSame(array($user), iterator_to_array($resolver->resolve(Request::create('/'), $metadata)));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIntegration()
|
||||||
|
{
|
||||||
|
$user = $this->getMock(UserInterface::class);
|
||||||
|
$token = $this->getMock(TokenInterface::class);
|
||||||
|
$token->expects($this->any())->method('getUser')->willReturn($user);
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$tokenStorage->setToken($token);
|
||||||
|
|
||||||
|
$argumentResolver = new ArgumentResolver(null, array(new SecurityUserValueResolver($tokenStorage)));
|
||||||
|
$this->assertSame(array($user), $argumentResolver->getArguments(Request::create('/'), function (UserInterface $user) {}));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIntegrationNoUser()
|
||||||
|
{
|
||||||
|
$token = $this->getMock(TokenInterface::class);
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$tokenStorage->setToken($token);
|
||||||
|
|
||||||
|
$argumentResolver = new ArgumentResolver(null, array(new SecurityUserValueResolver($tokenStorage), new DefaultValueResolver()));
|
||||||
|
$this->assertSame(array(null), $argumentResolver->getArguments(Request::create('/'), function (UserInterface $user = null) {}));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
abstract class DummyUser implements UserInterface
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
abstract class DummySubUser extends DummyUser
|
||||||
|
{
|
||||||
|
}
|
@ -18,7 +18,7 @@
|
|||||||
"require": {
|
"require": {
|
||||||
"php": ">=5.5.9",
|
"php": ">=5.5.9",
|
||||||
"symfony/security": "~3.1,>=3.1.2",
|
"symfony/security": "~3.1,>=3.1.2",
|
||||||
"symfony/http-kernel": "~2.8|~3.0",
|
"symfony/http-kernel": "~3.1",
|
||||||
"symfony/polyfill-php70": "~1.0"
|
"symfony/polyfill-php70": "~1.0"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
@ -27,7 +27,7 @@
|
|||||||
"symfony/css-selector": "~2.8|~3.0",
|
"symfony/css-selector": "~2.8|~3.0",
|
||||||
"symfony/dom-crawler": "~2.8|~3.0",
|
"symfony/dom-crawler": "~2.8|~3.0",
|
||||||
"symfony/form": "~2.8|~3.0",
|
"symfony/form": "~2.8|~3.0",
|
||||||
"symfony/framework-bundle": "~2.8|~3.0",
|
"symfony/framework-bundle": "~3.1",
|
||||||
"symfony/http-foundation": "~2.8|~3.0",
|
"symfony/http-foundation": "~2.8|~3.0",
|
||||||
"symfony/security-acl": "~2.8|~3.0",
|
"symfony/security-acl": "~2.8|~3.0",
|
||||||
"symfony/twig-bundle": "~2.8|~3.0",
|
"symfony/twig-bundle": "~2.8|~3.0",
|
||||||
|
@ -27,7 +27,7 @@ final class RequestValueResolver implements ArgumentValueResolverInterface
|
|||||||
*/
|
*/
|
||||||
public function supports(Request $request, ArgumentMetadata $argument)
|
public function supports(Request $request, ArgumentMetadata $argument)
|
||||||
{
|
{
|
||||||
return $argument->getType() === Request::class || is_subclass_of($argument->getType(), Request::class);
|
return Request::class === $argument->getType() || is_subclass_of($argument->getType(), Request::class);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Reference in New Issue
Block a user