bug #22470 [SecurityBundle] conditionally register user checker FQCN alias (xabbuh)
This PR was merged into the 3.3-dev branch.
Discussion
----------
[SecurityBundle] conditionally register user checker FQCN alias
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22466
| License | MIT
| Doc PR |
Commits
-------
eede70a8a2
conditionally register user checker FQCN alias
This commit is contained in:
commit
df155dd5b4
@ -245,10 +245,16 @@ class SecurityExtension extends Extension
|
|||||||
$arguments[1] = $userProviders;
|
$arguments[1] = $userProviders;
|
||||||
$definition->setArguments($arguments);
|
$definition->setArguments($arguments);
|
||||||
|
|
||||||
|
$customUserChecker = false;
|
||||||
|
|
||||||
// load firewall map
|
// load firewall map
|
||||||
$mapDef = $container->getDefinition('security.firewall.map');
|
$mapDef = $container->getDefinition('security.firewall.map');
|
||||||
$map = $authenticationProviders = $contextRefs = array();
|
$map = $authenticationProviders = $contextRefs = array();
|
||||||
foreach ($firewalls as $name => $firewall) {
|
foreach ($firewalls as $name => $firewall) {
|
||||||
|
if (isset($firewall['user_checker']) && 'security.user_checker' !== $firewall['user_checker']) {
|
||||||
|
$customUserChecker = true;
|
||||||
|
}
|
||||||
|
|
||||||
$configId = 'security.firewall.map.config.'.$name;
|
$configId = 'security.firewall.map.config.'.$name;
|
||||||
|
|
||||||
list($matcher, $listeners, $exceptionListener) = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
|
list($matcher, $listeners, $exceptionListener) = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
|
||||||
@ -275,6 +281,11 @@ class SecurityExtension extends Extension
|
|||||||
->getDefinition('security.authentication.manager')
|
->getDefinition('security.authentication.manager')
|
||||||
->replaceArgument(0, new IteratorArgument($authenticationProviders))
|
->replaceArgument(0, new IteratorArgument($authenticationProviders))
|
||||||
;
|
;
|
||||||
|
|
||||||
|
// register an autowire alias for the UserCheckerInterface if no custom user checker service is configured
|
||||||
|
if (!$customUserChecker) {
|
||||||
|
$container->setAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', new Alias('security.user_checker', false));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private function createFirewall(ContainerBuilder $container, $id, $firewall, &$authenticationProviders, $providerIds, $configId)
|
private function createFirewall(ContainerBuilder $container, $id, $firewall, &$authenticationProviders, $providerIds, $configId)
|
||||||
|
@ -172,6 +172,8 @@ abstract class CompleteConfigurationTest extends TestCase
|
|||||||
'security.access_listener',
|
'security.access_listener',
|
||||||
),
|
),
|
||||||
), $listeners);
|
), $listeners);
|
||||||
|
|
||||||
|
$this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testFirewallRequestMatchers()
|
public function testFirewallRequestMatchers()
|
||||||
@ -200,6 +202,14 @@ abstract class CompleteConfigurationTest extends TestCase
|
|||||||
), $matchers);
|
), $matchers);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testUserCheckerAliasIsRegistered()
|
||||||
|
{
|
||||||
|
$container = $this->getContainer('no_custom_user_checker');
|
||||||
|
|
||||||
|
$this->assertTrue($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'Alias for user checker is registered when no custom user checker service is registered'));
|
||||||
|
$this->assertFalse($container->getAlias('Symfony\Component\Security\Core\User\UserCheckerInterface')->isPublic());
|
||||||
|
}
|
||||||
|
|
||||||
public function testAccess()
|
public function testAccess()
|
||||||
{
|
{
|
||||||
$container = $this->getContainer('container1');
|
$container = $this->getContainer('container1');
|
||||||
|
@ -0,0 +1,28 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
$container->loadFromExtension('security', array(
|
||||||
|
'providers' => array(
|
||||||
|
'default' => array(
|
||||||
|
'memory' => array(
|
||||||
|
'users' => array(
|
||||||
|
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
'firewalls' => array(
|
||||||
|
'simple' => array('pattern' => '/login', 'security' => false),
|
||||||
|
'secure' => array('stateless' => true,
|
||||||
|
'http_basic' => true,
|
||||||
|
'http_digest' => array('secret' => 'TheSecret'),
|
||||||
|
'form_login' => true,
|
||||||
|
'anonymous' => true,
|
||||||
|
'switch_user' => true,
|
||||||
|
'x509' => true,
|
||||||
|
'remote_user' => true,
|
||||||
|
'logout' => true,
|
||||||
|
'remember_me' => array('secret' => 'TheSecret'),
|
||||||
|
'user_checker' => null,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
));
|
@ -0,0 +1,29 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<srv:container xmlns="http://symfony.com/schema/dic/security"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns:srv="http://symfony.com/schema/dic/services"
|
||||||
|
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
|
||||||
|
|
||||||
|
<config>
|
||||||
|
<provider name="default">
|
||||||
|
<memory>
|
||||||
|
<user name="foo" password="foo" roles="ROLE_USER" />
|
||||||
|
</memory>
|
||||||
|
</provider>
|
||||||
|
|
||||||
|
<firewall name="simple" pattern="/login" security="false" />
|
||||||
|
|
||||||
|
<firewall name="secure" stateless="true">
|
||||||
|
<http-basic />
|
||||||
|
<http-digest secret="TheSecret" />
|
||||||
|
<form-login />
|
||||||
|
<anonymous />
|
||||||
|
<switch-user />
|
||||||
|
<x509 />
|
||||||
|
<remote-user />
|
||||||
|
<user-checker />
|
||||||
|
<logout />
|
||||||
|
<remember-me secret="TheSecret"/>
|
||||||
|
</firewall>
|
||||||
|
</config>
|
||||||
|
</srv:container>
|
@ -0,0 +1,23 @@
|
|||||||
|
security:
|
||||||
|
providers:
|
||||||
|
default:
|
||||||
|
memory:
|
||||||
|
users:
|
||||||
|
foo: { password: foo, roles: ROLE_USER }
|
||||||
|
|
||||||
|
firewalls:
|
||||||
|
simple: { pattern: /login, security: false }
|
||||||
|
secure:
|
||||||
|
stateless: true
|
||||||
|
http_basic: true
|
||||||
|
http_digest:
|
||||||
|
secret: TheSecret
|
||||||
|
form_login: true
|
||||||
|
anonymous: true
|
||||||
|
switch_user: true
|
||||||
|
x509: true
|
||||||
|
remote_user: true
|
||||||
|
logout: true
|
||||||
|
remember_me:
|
||||||
|
secret: TheSecret
|
||||||
|
user_checker: ~
|
Reference in New Issue
Block a user