feature #41247 [Security] Deprecate the old authentication mechanisms (chalasr)
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Deprecate the old authentication mechanisms
| Q | A
| ------------- | ---
| Branch? | 5.3
| Bug fix? | no
| New feature? | no
| Deprecations? | yes/
| Tickets | #39308
| License | MIT
| Doc PR | todo
Now that the authenticator system proven working well and is considered stable, we can deprecate the old authentication listeners as well as the Guard component (+ integrations).
Commits
-------
0bb3964a2d
[Security] Deprecate the old authentication mechanisms
This commit is contained in:
commit
fef06f21a1
@ -205,6 +205,15 @@ Security
|
||||
* Deprecate all classes in the `Core\Encoder\` sub-namespace, use the `PasswordHasher` component instead
|
||||
* Deprecated voters that do not return a valid decision when calling the `vote` method
|
||||
* [BC break] Add optional array argument `$badges` to `UserAuthenticatorInterface::authenticateUser()`
|
||||
* Deprecate `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
|
||||
`AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
|
||||
`PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
|
||||
`AuthenticationFailureEvent` from security-core, use the new authenticator system instead
|
||||
* Deprecate `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
|
||||
`BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
|
||||
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
|
||||
from security-http, use the new authenticator system instead
|
||||
* Deprecate the Guard component, use the new authenticator system instead
|
||||
|
||||
SecurityBundle
|
||||
--------------
|
||||
@ -218,6 +227,10 @@ SecurityBundle
|
||||
* Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
|
||||
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
|
||||
* Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
|
||||
* Not setting the `enable_authenticator_manager` config option to `true` is deprecated
|
||||
* Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead
|
||||
* Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead
|
||||
* Deprecate the Guard component integration, use the new authenticator system instead
|
||||
|
||||
Serializer
|
||||
----------
|
||||
|
@ -293,6 +293,15 @@ Security
|
||||
`DefaultAuthenticationSuccessHandler`.
|
||||
* Removed the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName`
|
||||
* `AccessDecisionManager` now throw an exception when a voter does not return a valid decision.
|
||||
* Remove `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
|
||||
`AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
|
||||
`PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
|
||||
`AuthenticationFailureEvent` from security-core, use the new authenticator system instead
|
||||
* Remove `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
|
||||
`BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
|
||||
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
|
||||
from security-http, use the new authenticator system instead
|
||||
* Remove the Guard component, use the new authenticator system instead
|
||||
|
||||
SecurityBundle
|
||||
--------------
|
||||
@ -304,6 +313,10 @@ SecurityBundle
|
||||
* Remove the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
|
||||
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
|
||||
* The `security.authorization_checker` and `security.token_storage` services are now private
|
||||
* Not setting the `enable_authenticator_manager` option to `true` now throws an exception
|
||||
* Remove the `security.authentication.provider.*` services, use the new authenticator system instead
|
||||
* Remove the `security.authentication.listener.*` services, use the new authenticator system instead
|
||||
* Remove the Guard component integration, use the new authenticator system instead
|
||||
|
||||
Serializer
|
||||
----------
|
||||
|
@ -8,6 +8,8 @@ services:
|
||||
- container.service_subscriber
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
|
||||
providers:
|
||||
main:
|
||||
memory:
|
||||
@ -30,3 +32,6 @@ security:
|
||||
form_login:
|
||||
check_path: /custom/login/check
|
||||
provider: custom
|
||||
|
||||
access_control:
|
||||
- { path: '^/main/user_profile$', roles: IS_AUTHENTICATED_FULLY }
|
||||
|
@ -17,6 +17,10 @@ CHANGELOG
|
||||
* Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
|
||||
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
|
||||
* Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
|
||||
* Not setting the `enable_authenticator_manager` config option to `true` is deprecated
|
||||
* Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead
|
||||
* Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead
|
||||
* Deprecate the Guard component integration, use the new authenticator system instead
|
||||
|
||||
5.2.0
|
||||
-----
|
||||
|
@ -21,6 +21,8 @@ use Symfony\Component\DependencyInjection\Parameter;
|
||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||
*
|
||||
* @internal
|
||||
*
|
||||
* @deprecated since Symfony 5.3, use the new authenticator system instead
|
||||
*/
|
||||
class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
|
||||
{
|
||||
|
@ -130,6 +130,8 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
||||
$container->getDefinition('security.authorization_checker')->setArgument(4, false);
|
||||
$container->getDefinition('security.authorization_checker')->setArgument(5, false);
|
||||
} else {
|
||||
trigger_deprecation('symfony/security-bundle', '5.3', 'Not setting the "security.enable_authenticator_manager" config option to true is deprecated.');
|
||||
|
||||
$loader->load('security_legacy.php');
|
||||
}
|
||||
|
||||
|
@ -24,8 +24,10 @@ return static function (ContainerConfigurator $container) {
|
||||
abstract_arg('stateless firewall keys'),
|
||||
])
|
||||
->call('setSessionAuthenticationStrategy', [service('security.authentication.session_strategy')])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->alias(GuardAuthenticatorHandler::class, 'security.authentication.guard_handler')
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.provider.guard', GuardAuthenticationProvider::class)
|
||||
->abstract()
|
||||
@ -36,6 +38,7 @@ return static function (ContainerConfigurator $container) {
|
||||
abstract_arg('User Checker'),
|
||||
service('security.password_hasher'),
|
||||
])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.listener.guard', GuardAuthenticationListener::class)
|
||||
->abstract()
|
||||
@ -48,5 +51,6 @@ return static function (ContainerConfigurator $container) {
|
||||
param('security.authentication.hide_user_not_found'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
;
|
||||
};
|
||||
|
@ -62,6 +62,7 @@ return static function (ContainerConfigurator $container) {
|
||||
|
||||
->set('security.authentication.manager', NoopAuthenticationManager::class)
|
||||
->alias(AuthenticationManagerInterface::class, 'security.authentication.manager')
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.firewall.authenticator', AuthenticatorManagerListener::class)
|
||||
->abstract()
|
||||
|
@ -73,6 +73,6 @@ return static function (ContainerConfigurator $container) {
|
||||
service('doctrine'),
|
||||
abstract_arg('user entity class name'),
|
||||
])
|
||||
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
;
|
||||
};
|
||||
|
@ -49,9 +49,11 @@ return static function (ContainerConfigurator $container) {
|
||||
service('security.authentication.manager'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.provider.anonymous', AnonymousAuthenticationProvider::class)
|
||||
->args([abstract_arg('Key')])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.retry_entry_point', RetryAuthenticationEntryPoint::class)
|
||||
->args([
|
||||
@ -161,6 +163,7 @@ return static function (ContainerConfigurator $container) {
|
||||
->set('security.authentication.listener.form', UsernamePasswordFormAuthenticationListener::class)
|
||||
->parent('security.authentication.listener.abstract')
|
||||
->abstract()
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.listener.x509', X509AuthenticationListener::class)
|
||||
->abstract()
|
||||
@ -174,6 +177,7 @@ return static function (ContainerConfigurator $container) {
|
||||
service('event_dispatcher')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.listener.json', UsernamePasswordJsonAuthenticationListener::class)
|
||||
->abstract()
|
||||
@ -191,6 +195,7 @@ return static function (ContainerConfigurator $container) {
|
||||
])
|
||||
->call('setTranslator', [service('translator')->ignoreOnInvalid()])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.listener.remote_user', RemoteUserAuthenticationListener::class)
|
||||
->abstract()
|
||||
@ -203,6 +208,7 @@ return static function (ContainerConfigurator $container) {
|
||||
service('event_dispatcher')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.listener.basic', BasicAuthenticationListener::class)
|
||||
->abstract()
|
||||
@ -214,6 +220,7 @@ return static function (ContainerConfigurator $container) {
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.provider.dao', DaoAuthenticationProvider::class)
|
||||
->abstract()
|
||||
@ -224,6 +231,7 @@ return static function (ContainerConfigurator $container) {
|
||||
service('security.password_hasher_factory'),
|
||||
param('security.authentication.hide_user_not_found'),
|
||||
])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.provider.ldap_bind', LdapBindAuthenticationProvider::class)
|
||||
->abstract()
|
||||
@ -237,6 +245,7 @@ return static function (ContainerConfigurator $container) {
|
||||
abstract_arg('search dn'),
|
||||
abstract_arg('search password'),
|
||||
])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.provider.pre_authenticated', PreAuthenticatedAuthenticationProvider::class)
|
||||
->abstract()
|
||||
@ -244,6 +253,7 @@ return static function (ContainerConfigurator $container) {
|
||||
abstract_arg('User Provider'),
|
||||
abstract_arg('UserChecker'),
|
||||
])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.exception_listener', ExceptionListener::class)
|
||||
->abstract()
|
||||
|
@ -32,10 +32,12 @@ return static function (ContainerConfigurator $container) {
|
||||
service('security.authentication.session_strategy'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.authentication.provider.rememberme', RememberMeAuthenticationProvider::class)
|
||||
->abstract()
|
||||
->args([abstract_arg('User Checker')])
|
||||
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
|
||||
|
||||
->set('security.rememberme.token.provider.in_memory', InMemoryTokenProvider::class)
|
||||
|
||||
|
@ -139,6 +139,7 @@ class AddSessionDomainConstraintPassTest extends TestCase
|
||||
|
||||
$config = [
|
||||
'security' => [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => ['some_provider' => ['id' => 'foo']],
|
||||
'firewalls' => ['some_firewall' => ['security' => false]],
|
||||
],
|
||||
|
@ -127,6 +127,127 @@ abstract class CompleteConfigurationTest extends TestCase
|
||||
$configs[0][2] = strtolower($configs[0][2]);
|
||||
$configs[2][2] = strtolower($configs[2][2]);
|
||||
|
||||
$this->assertEquals([
|
||||
[
|
||||
'simple',
|
||||
'security.user_checker',
|
||||
'.security.request_matcher.xmi9dcw',
|
||||
false,
|
||||
false,
|
||||
'',
|
||||
'',
|
||||
'',
|
||||
'',
|
||||
'',
|
||||
[],
|
||||
null,
|
||||
],
|
||||
[
|
||||
'secure',
|
||||
'security.user_checker',
|
||||
null,
|
||||
true,
|
||||
true,
|
||||
'security.user.provider.concrete.default',
|
||||
null,
|
||||
'security.authenticator.form_login.secure',
|
||||
null,
|
||||
null,
|
||||
[
|
||||
'switch_user',
|
||||
'x509',
|
||||
'remote_user',
|
||||
'form_login',
|
||||
'http_basic',
|
||||
'remember_me',
|
||||
],
|
||||
[
|
||||
'parameter' => '_switch_user',
|
||||
'role' => 'ROLE_ALLOWED_TO_SWITCH',
|
||||
],
|
||||
],
|
||||
[
|
||||
'host',
|
||||
'security.user_checker',
|
||||
'.security.request_matcher.iw4hyjb',
|
||||
true,
|
||||
false,
|
||||
'security.user.provider.concrete.default',
|
||||
'host',
|
||||
'security.authenticator.http_basic.host',
|
||||
null,
|
||||
null,
|
||||
[
|
||||
'http_basic',
|
||||
],
|
||||
null,
|
||||
],
|
||||
[
|
||||
'with_user_checker',
|
||||
'app.user_checker',
|
||||
null,
|
||||
true,
|
||||
false,
|
||||
'security.user.provider.concrete.default',
|
||||
'with_user_checker',
|
||||
'security.authenticator.http_basic.with_user_checker',
|
||||
null,
|
||||
null,
|
||||
[
|
||||
'http_basic',
|
||||
],
|
||||
null,
|
||||
],
|
||||
], $configs);
|
||||
|
||||
$this->assertEquals([
|
||||
[],
|
||||
[
|
||||
'security.channel_listener',
|
||||
'security.firewall.authenticator.secure',
|
||||
'security.authentication.switchuser_listener.secure',
|
||||
'security.access_listener',
|
||||
],
|
||||
[
|
||||
'security.channel_listener',
|
||||
'security.context_listener.0',
|
||||
'security.firewall.authenticator.host',
|
||||
'security.access_listener',
|
||||
],
|
||||
[
|
||||
'security.channel_listener',
|
||||
'security.context_listener.1',
|
||||
'security.firewall.authenticator.with_user_checker',
|
||||
'security.access_listener',
|
||||
],
|
||||
], $listeners);
|
||||
|
||||
$this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyFirewalls()
|
||||
{
|
||||
$container = $this->getContainer('legacy_container1');
|
||||
$arguments = $container->getDefinition('security.firewall.map')->getArguments();
|
||||
$listeners = [];
|
||||
$configs = [];
|
||||
foreach (array_keys($arguments[1]->getValues()) as $contextId) {
|
||||
$contextDef = $container->getDefinition($contextId);
|
||||
$arguments = $contextDef->getArguments();
|
||||
$listeners[] = array_map('strval', $arguments[0]->getValues());
|
||||
|
||||
$configDef = $container->getDefinition((string) $arguments[3]);
|
||||
$configs[] = array_values($configDef->getArguments());
|
||||
}
|
||||
|
||||
// the IDs of the services are case sensitive or insensitive depending on
|
||||
// the Symfony version. Transform them to lowercase to simplify tests.
|
||||
$configs[0][2] = strtolower($configs[0][2]);
|
||||
$configs[2][2] = strtolower($configs[2][2]);
|
||||
|
||||
$this->assertEquals([
|
||||
[
|
||||
'simple',
|
||||
@ -881,15 +1002,21 @@ abstract class CompleteConfigurationTest extends TestCase
|
||||
]], $container->getDefinition('security.password_hasher_factory')->getArguments());
|
||||
}
|
||||
|
||||
public function testRememberMeThrowExceptionsDefault()
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyRememberMeThrowExceptionsDefault()
|
||||
{
|
||||
$container = $this->getContainer('container1');
|
||||
$container = $this->getContainer('legacy_container1');
|
||||
$this->assertTrue($container->getDefinition('security.authentication.listener.rememberme.secure')->getArgument(5));
|
||||
}
|
||||
|
||||
public function testRememberMeThrowExceptions()
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyRememberMeThrowExceptions()
|
||||
{
|
||||
$container = $this->getContainer('remember_me_options');
|
||||
$container = $this->getContainer('legacy_remember_me_options');
|
||||
$service = $container->getDefinition('security.authentication.listener.rememberme.main');
|
||||
$this->assertEquals('security.authentication.rememberme.services.persistent.main', $service->getArgument(1));
|
||||
$this->assertFalse($service->getArgument(5));
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'access_decision_manager' => [
|
||||
'allow_if_all_abstain' => true,
|
||||
'allow_if_equal_granted_denied' => false,
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => [
|
||||
'memory' => [
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'access_decision_manager' => [
|
||||
'service' => 'app.access_decision_manager',
|
||||
],
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'access_decision_manager' => [
|
||||
'service' => 'app.access_decision_manager',
|
||||
'strategy' => 'affirmative',
|
||||
|
@ -3,6 +3,7 @@
|
||||
$this->load('container1.php');
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'password_hashers' => [
|
||||
'JMS\FooBundle\Entity\User7' => [
|
||||
'algorithm' => 'argon2i',
|
||||
|
@ -3,6 +3,7 @@
|
||||
$this->load('container1.php');
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'password_hashers' => [
|
||||
'JMS\FooBundle\Entity\User7' => [
|
||||
'algorithm' => 'bcrypt',
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'password_hashers' => [
|
||||
'JMS\FooBundle\Entity\User1' => 'plaintext',
|
||||
'JMS\FooBundle\Entity\User2' => [
|
||||
@ -70,26 +71,24 @@ $container->loadFromExtension('security', [
|
||||
'provider' => 'default',
|
||||
'http_basic' => true,
|
||||
'form_login' => true,
|
||||
'anonymous' => true,
|
||||
'switch_user' => true,
|
||||
'x509' => true,
|
||||
'remote_user' => true,
|
||||
'logout' => true,
|
||||
'remember_me' => ['secret' => 'TheSecret'],
|
||||
'user_checker' => null,
|
||||
'entry_point' => 'form_login'
|
||||
],
|
||||
'host' => [
|
||||
'provider' => 'default',
|
||||
'pattern' => '/test',
|
||||
'host' => 'foo\\.example\\.org',
|
||||
'methods' => ['GET', 'POST'],
|
||||
'anonymous' => true,
|
||||
'http_basic' => true,
|
||||
],
|
||||
'with_user_checker' => [
|
||||
'provider' => 'default',
|
||||
'user_checker' => 'app.user_checker',
|
||||
'anonymous' => true,
|
||||
'http_basic' => true,
|
||||
],
|
||||
],
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => [
|
||||
'memory' => $memory = [
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => [
|
||||
'memory' => [
|
||||
|
@ -0,0 +1,108 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'password_hashers' => [
|
||||
'JMS\FooBundle\Entity\User1' => 'plaintext',
|
||||
'JMS\FooBundle\Entity\User2' => [
|
||||
'algorithm' => 'sha1',
|
||||
'encode_as_base64' => false,
|
||||
'iterations' => 5,
|
||||
],
|
||||
'JMS\FooBundle\Entity\User3' => [
|
||||
'algorithm' => 'md5',
|
||||
],
|
||||
'JMS\FooBundle\Entity\User4' => [
|
||||
'id' => 'security.hasher.foo',
|
||||
],
|
||||
'JMS\FooBundle\Entity\User5' => [
|
||||
'algorithm' => 'pbkdf2',
|
||||
'hash_algorithm' => 'sha1',
|
||||
'encode_as_base64' => false,
|
||||
'iterations' => 5,
|
||||
'key_length' => 30,
|
||||
],
|
||||
'JMS\FooBundle\Entity\User6' => [
|
||||
'algorithm' => 'native',
|
||||
'time_cost' => 8,
|
||||
'memory_cost' => 100,
|
||||
'cost' => 15,
|
||||
],
|
||||
'JMS\FooBundle\Entity\User7' => [
|
||||
'algorithm' => 'auto',
|
||||
],
|
||||
],
|
||||
'providers' => [
|
||||
'default' => [
|
||||
'memory' => [
|
||||
'users' => [
|
||||
'foo' => ['password' => 'foo', 'roles' => 'ROLE_USER'],
|
||||
],
|
||||
],
|
||||
],
|
||||
'digest' => [
|
||||
'memory' => [
|
||||
'users' => [
|
||||
'foo' => ['password' => 'foo', 'roles' => 'ROLE_USER, ROLE_ADMIN'],
|
||||
],
|
||||
],
|
||||
],
|
||||
'basic' => [
|
||||
'memory' => [
|
||||
'users' => [
|
||||
'foo' => ['password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => 'ROLE_SUPER_ADMIN'],
|
||||
'bar' => ['password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => ['ROLE_USER', 'ROLE_ADMIN']],
|
||||
],
|
||||
],
|
||||
],
|
||||
'service' => [
|
||||
'id' => 'user.manager',
|
||||
],
|
||||
'chain' => [
|
||||
'chain' => [
|
||||
'providers' => ['service', 'basic'],
|
||||
],
|
||||
],
|
||||
],
|
||||
|
||||
'firewalls' => [
|
||||
'simple' => ['provider' => 'default', 'pattern' => '/login', 'security' => false],
|
||||
'secure' => ['stateless' => true,
|
||||
'provider' => 'default',
|
||||
'http_basic' => true,
|
||||
'form_login' => true,
|
||||
'anonymous' => true,
|
||||
'switch_user' => true,
|
||||
'x509' => true,
|
||||
'remote_user' => true,
|
||||
'logout' => true,
|
||||
'remember_me' => ['secret' => 'TheSecret'],
|
||||
'user_checker' => null,
|
||||
],
|
||||
'host' => [
|
||||
'provider' => 'default',
|
||||
'pattern' => '/test',
|
||||
'host' => 'foo\\.example\\.org',
|
||||
'methods' => ['GET', 'POST'],
|
||||
'anonymous' => true,
|
||||
'http_basic' => true,
|
||||
],
|
||||
'with_user_checker' => [
|
||||
'provider' => 'default',
|
||||
'user_checker' => 'app.user_checker',
|
||||
'anonymous' => true,
|
||||
'http_basic' => true,
|
||||
],
|
||||
],
|
||||
|
||||
'access_control' => [
|
||||
['path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https', 'methods' => ['get', 'POST'], 'port' => 8000],
|
||||
['path' => '/blog/.*', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'],
|
||||
['path' => '/blog/524', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'allow_if' => "token.getUserIdentifier() matches '/^admin/'"],
|
||||
],
|
||||
|
||||
'role_hierarchy' => [
|
||||
'ROLE_ADMIN' => 'ROLE_USER',
|
||||
'ROLE_SUPER_ADMIN' => ['ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'],
|
||||
'ROLE_REMOTE' => 'ROLE_USER,ROLE_ADMIN',
|
||||
],
|
||||
]);
|
@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
|
||||
'firewalls' => [
|
||||
'main' => [
|
||||
'form_login' => true,
|
||||
'remember_me' => [
|
||||
'secret' => 'TheSecret',
|
||||
'catch_exceptions' => false,
|
||||
'token_provider' => 'token_provider_id',
|
||||
],
|
||||
],
|
||||
],
|
||||
]);
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => [
|
||||
'memory' => [
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => [
|
||||
'memory' => [
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
|
@ -3,6 +3,7 @@
|
||||
$this->load('merge_import.php');
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'firewalls' => [
|
||||
'main' => [
|
||||
'form_login' => [
|
||||
|
@ -3,6 +3,7 @@
|
||||
$this->load('container1.php');
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'password_hashers' => [
|
||||
'JMS\FooBundle\Entity\User7' => [
|
||||
'algorithm' => 'argon2i',
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => [
|
||||
'memory' => [
|
||||
@ -16,13 +17,13 @@ $container->loadFromExtension('security', [
|
||||
'stateless' => true,
|
||||
'http_basic' => true,
|
||||
'form_login' => true,
|
||||
'anonymous' => true,
|
||||
'switch_user' => true,
|
||||
'x509' => true,
|
||||
'remote_user' => true,
|
||||
'logout' => true,
|
||||
'remember_me' => ['secret' => 'TheSecret'],
|
||||
'user_checker' => null,
|
||||
'entry_point' => 'form_login'
|
||||
],
|
||||
],
|
||||
]);
|
||||
|
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
|
@ -3,6 +3,7 @@
|
||||
$this->load('container1.php');
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'password_hashers' => [
|
||||
'JMS\FooBundle\Entity\User7' => [
|
||||
'algorithm' => 'sodium',
|
||||
|
@ -7,7 +7,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<config enable-authenticator-manager="true">
|
||||
<access-decision-manager allow-if-all-abstain="true" allow-if-equal-granted-denied="false" />
|
||||
|
||||
<provider name="default">
|
||||
|
@ -7,7 +7,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<config enable-authenticator-manager="true">
|
||||
<provider name="default">
|
||||
<memory>
|
||||
<user identifier="foo" password="foo" roles="ROLE_USER" />
|
||||
|
@ -7,7 +7,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<config enable-authenticator-manager="true">
|
||||
<access-decision-manager service="app.access_decision_manager" />
|
||||
|
||||
<provider name="default">
|
||||
|
@ -7,7 +7,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<config enable-authenticator-manager="true">
|
||||
<access-decision-manager service="app.access_decision_manager" strategy="affirmative" />
|
||||
|
||||
<provider name="default">
|
||||
|
@ -12,7 +12,7 @@
|
||||
<import resource="container1.xml"/>
|
||||
</imports>
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="argon2i" memory-cost="256" time-cost="1" />
|
||||
</sec:config>
|
||||
|
||||
|
@ -12,7 +12,7 @@
|
||||
<import resource="container1.xml"/>
|
||||
</imports>
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="bcrypt" cost="15" />
|
||||
</sec:config>
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<config enable-authenticator-manager="true">
|
||||
<password_hasher class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />
|
||||
|
||||
<password_hasher class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
|
||||
@ -50,10 +50,9 @@
|
||||
|
||||
<firewall name="simple" pattern="/login" security="false" provider="default" />
|
||||
|
||||
<firewall name="secure" stateless="true" provider="default">
|
||||
<firewall name="secure" stateless="true" provider="default" entry-point="form_login">
|
||||
<http-basic />
|
||||
<form-login />
|
||||
<anonymous />
|
||||
<switch-user />
|
||||
<x509 />
|
||||
<remote-user />
|
||||
@ -62,12 +61,10 @@
|
||||
</firewall>
|
||||
|
||||
<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" provider="default">
|
||||
<anonymous />
|
||||
<http-basic />
|
||||
</firewall>
|
||||
|
||||
<firewall name="with_user_checker" provider="default">
|
||||
<anonymous />
|
||||
<http-basic />
|
||||
<user-checker>app.user_checker</user-checker>
|
||||
</firewall>
|
||||
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:providers>
|
||||
<sec:provider name="with-dash" id="foo" />
|
||||
</sec:providers>
|
||||
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:providers>
|
||||
<sec:provider name="default" id="foo" />
|
||||
</sec:providers>
|
||||
|
@ -0,0 +1,83 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<srv:container xmlns="http://symfony.com/schema/dic/security"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:srv="http://symfony.com/schema/dic/services"
|
||||
xsi:schemaLocation="http://symfony.com/schema/dic/services
|
||||
https://symfony.com/schema/dic/services/services-1.0.xsd
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<password_hasher class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />
|
||||
|
||||
<password_hasher class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
|
||||
|
||||
<password_hasher class="JMS\FooBundle\Entity\User3" algorithm="md5" />
|
||||
|
||||
<password_hasher class="JMS\FooBundle\Entity\User4" id="security.hasher.foo" />
|
||||
|
||||
<password_hasher class="JMS\FooBundle\Entity\User5" algorithm="pbkdf2" hash-algorithm="sha1" encode-as-base64="false" iterations="5" key-length="30" />
|
||||
|
||||
<password_hasher class="JMS\FooBundle\Entity\User6" algorithm="native" time-cost="8" memory-cost="100" cost="15" />
|
||||
|
||||
<password_hasher class="JMS\FooBundle\Entity\User7" algorithm="auto" />
|
||||
|
||||
<provider name="default">
|
||||
<memory>
|
||||
<user identifier="foo" password="foo" roles="ROLE_USER" />
|
||||
</memory>
|
||||
</provider>
|
||||
|
||||
<provider name="digest">
|
||||
<memory>
|
||||
<user identifier="foo" password="foo" roles="ROLE_USER, ROLE_ADMIN" />
|
||||
</memory>
|
||||
</provider>
|
||||
|
||||
<provider name="basic">
|
||||
<memory>
|
||||
<user identifier="foo" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="ROLE_SUPER_ADMIN" />
|
||||
<user identifier="bar" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="ROLE_USER, ROLE_ADMIN" />
|
||||
</memory>
|
||||
</provider>
|
||||
|
||||
<provider name="service" id="user.manager" />
|
||||
|
||||
<provider name="chain">
|
||||
<chain providers="service, basic" />
|
||||
</provider>
|
||||
|
||||
<firewall name="simple" pattern="/login" security="false" provider="default" />
|
||||
|
||||
<firewall name="secure" stateless="true" provider="default">
|
||||
<http-basic />
|
||||
<form-login />
|
||||
<anonymous />
|
||||
<switch-user />
|
||||
<x509 />
|
||||
<remote-user />
|
||||
<logout />
|
||||
<remember-me secret="TheSecret"/>
|
||||
</firewall>
|
||||
|
||||
<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" provider="default">
|
||||
<anonymous />
|
||||
<http-basic />
|
||||
</firewall>
|
||||
|
||||
<firewall name="with_user_checker" provider="default">
|
||||
<anonymous />
|
||||
<http-basic />
|
||||
<user-checker>app.user_checker</user-checker>
|
||||
</firewall>
|
||||
|
||||
<role id="ROLE_ADMIN">ROLE_USER</role>
|
||||
<role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
|
||||
<role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
|
||||
|
||||
<rule path="/blog/524" role="ROLE_USER" requires-channel="https" methods="get,POST" port="8000" />
|
||||
<rule role='IS_AUTHENTICATED_ANONYMOUSLY' path="/blog/.*" />
|
||||
<rule role='IS_AUTHENTICATED_ANONYMOUSLY' allow-if="token.getUserIdentifier() matches '/^admin/'" path="/blog/524" />
|
||||
</config>
|
||||
</srv:container>
|
@ -0,0 +1,21 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<container xmlns="http://symfony.com/schema/dic/services"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:sec="http://symfony.com/schema/dic/security"
|
||||
xsi:schemaLocation="http://symfony.com/schema/dic/services
|
||||
https://symfony.com/schema/dic/services/services-1.0.xsd
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<sec:config>
|
||||
<sec:providers>
|
||||
<sec:provider name="default" id="foo"/>
|
||||
</sec:providers>
|
||||
<sec:firewall name="main">
|
||||
<sec:form-login/>
|
||||
<sec:remember-me secret="TheSecret" catch-exceptions="false" token-provider="token_provider_id" />
|
||||
</sec:firewall>
|
||||
</sec:config>
|
||||
|
||||
</container>
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:providers>
|
||||
<sec:provider name="default" id="foo" />
|
||||
</sec:providers>
|
||||
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:providers>
|
||||
<sec:provider name="default" id="foo" />
|
||||
</sec:providers>
|
||||
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<provider name="default" id="foo" />
|
||||
|
||||
<firewall name="main" provider="default">
|
||||
|
@ -12,7 +12,7 @@
|
||||
<import resource="merge_import.xml"/>
|
||||
</imports>
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:provider name="default" id="foo" />
|
||||
|
||||
<sec:firewall name="main" form-login="false">
|
||||
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<config enable-authenticator-manager="true">
|
||||
<firewall name="main">
|
||||
<form-login login-path="/login" />
|
||||
</firewall>
|
||||
|
@ -12,7 +12,7 @@
|
||||
<import resource="container1.xml"/>
|
||||
</imports>
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="argon2i" memory-cost="256" time-cost="1">
|
||||
<sec:migrate-from>bcrypt</sec:migrate-from>
|
||||
</sec:password_hasher>
|
||||
|
@ -7,7 +7,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<config>
|
||||
<config enable-authenticator-manager="true">
|
||||
<provider name="default">
|
||||
<memory>
|
||||
<user identifier="foo" password="foo" roles="ROLE_USER" />
|
||||
@ -16,10 +16,9 @@
|
||||
|
||||
<firewall name="simple" pattern="/login" security="false" />
|
||||
|
||||
<firewall name="secure" stateless="true">
|
||||
<firewall name="secure" stateless="true" entry-point="form-login">
|
||||
<http-basic />
|
||||
<form-login />
|
||||
<anonymous />
|
||||
<switch-user />
|
||||
<x509 />
|
||||
<remote-user />
|
||||
|
@ -8,7 +8,7 @@
|
||||
http://symfony.com/schema/dic/security
|
||||
https://symfony.com/schema/dic/security/security-1.0.xsd">
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:providers>
|
||||
<sec:provider name="default" id="foo"/>
|
||||
</sec:providers>
|
||||
|
@ -12,7 +12,7 @@
|
||||
<import resource="container1.xml"/>
|
||||
</imports>
|
||||
|
||||
<sec:config>
|
||||
<sec:config enable-authenticator-manager="true">
|
||||
<sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="sodium" time-cost="8" memory-cost="131072" />
|
||||
</sec:config>
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
access_decision_manager:
|
||||
allow_if_all_abstain: true
|
||||
allow_if_equal_granted_denied: false
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
access_decision_manager:
|
||||
service: app.access_decision_manager
|
||||
providers:
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
access_decision_manager:
|
||||
service: app.access_decision_manager
|
||||
strategy: affirmative
|
||||
|
@ -2,6 +2,7 @@ imports:
|
||||
- { resource: container1.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
password_hashers:
|
||||
JMS\FooBundle\Entity\User7:
|
||||
algorithm: argon2i
|
||||
|
@ -2,6 +2,7 @@ imports:
|
||||
- { resource: container1.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
password_hashers:
|
||||
JMS\FooBundle\Entity\User7:
|
||||
algorithm: bcrypt
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
password_hashers:
|
||||
JMS\FooBundle\Entity\User1: plaintext
|
||||
JMS\FooBundle\Entity\User2:
|
||||
@ -51,7 +52,6 @@ security:
|
||||
stateless: true
|
||||
http_basic: true
|
||||
form_login: true
|
||||
anonymous: true
|
||||
switch_user:
|
||||
x509: true
|
||||
remote_user: true
|
||||
@ -59,18 +59,17 @@ security:
|
||||
remember_me:
|
||||
secret: TheSecret
|
||||
user_checker: ~
|
||||
entry_point: form_login
|
||||
|
||||
host:
|
||||
provider: default
|
||||
pattern: /test
|
||||
host: foo\.example\.org
|
||||
methods: [GET,POST]
|
||||
anonymous: true
|
||||
http_basic: true
|
||||
|
||||
with_user_checker:
|
||||
provider: default
|
||||
anonymous: ~
|
||||
http_basic: ~
|
||||
user_checker: app.user_checker
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
|
@ -0,0 +1,87 @@
|
||||
security:
|
||||
password_hashers:
|
||||
JMS\FooBundle\Entity\User1: plaintext
|
||||
JMS\FooBundle\Entity\User2:
|
||||
algorithm: sha1
|
||||
encode_as_base64: false
|
||||
iterations: 5
|
||||
JMS\FooBundle\Entity\User3:
|
||||
algorithm: md5
|
||||
JMS\FooBundle\Entity\User4:
|
||||
id: security.hasher.foo
|
||||
JMS\FooBundle\Entity\User5:
|
||||
algorithm: pbkdf2
|
||||
hash_algorithm: sha1
|
||||
encode_as_base64: false
|
||||
iterations: 5
|
||||
key_length: 30
|
||||
JMS\FooBundle\Entity\User6:
|
||||
algorithm: native
|
||||
time_cost: 8
|
||||
memory_cost: 100
|
||||
cost: 15
|
||||
JMS\FooBundle\Entity\User7:
|
||||
algorithm: auto
|
||||
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
users:
|
||||
foo: { password: foo, roles: ROLE_USER }
|
||||
digest:
|
||||
memory:
|
||||
users:
|
||||
foo: { password: foo, roles: 'ROLE_USER, ROLE_ADMIN' }
|
||||
basic:
|
||||
memory:
|
||||
users:
|
||||
foo: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: ROLE_SUPER_ADMIN }
|
||||
bar: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: [ROLE_USER, ROLE_ADMIN] }
|
||||
service:
|
||||
id: user.manager
|
||||
chain:
|
||||
chain:
|
||||
providers: [service, basic]
|
||||
|
||||
|
||||
firewalls:
|
||||
simple: { pattern: /login, security: false }
|
||||
secure:
|
||||
provider: default
|
||||
stateless: true
|
||||
http_basic: true
|
||||
form_login: true
|
||||
anonymous: true
|
||||
switch_user:
|
||||
x509: true
|
||||
remote_user: true
|
||||
logout: true
|
||||
remember_me:
|
||||
secret: TheSecret
|
||||
user_checker: ~
|
||||
|
||||
host:
|
||||
provider: default
|
||||
pattern: /test
|
||||
host: foo\.example\.org
|
||||
methods: [GET,POST]
|
||||
anonymous: true
|
||||
http_basic: true
|
||||
|
||||
with_user_checker:
|
||||
provider: default
|
||||
anonymous: ~
|
||||
http_basic: ~
|
||||
user_checker: app.user_checker
|
||||
|
||||
role_hierarchy:
|
||||
ROLE_ADMIN: ROLE_USER
|
||||
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
|
||||
ROLE_REMOTE: ROLE_USER,ROLE_ADMIN
|
||||
|
||||
access_control:
|
||||
- { path: /blog/524, role: ROLE_USER, requires_channel: https, methods: [get, POST], port: 8000}
|
||||
-
|
||||
path: /blog/.*
|
||||
role: IS_AUTHENTICATED_ANONYMOUSLY
|
||||
- { path: /blog/524, role: IS_AUTHENTICATED_ANONYMOUSLY, allow_if: "token.getUserIdentifier() matches '/^admin/'" }
|
@ -0,0 +1,12 @@
|
||||
security:
|
||||
providers:
|
||||
default:
|
||||
id: foo
|
||||
|
||||
firewalls:
|
||||
main:
|
||||
form_login: true
|
||||
remember_me:
|
||||
secret: TheSecret
|
||||
catch_exceptions: false
|
||||
token_provider: token_provider_id
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
default:
|
||||
id: foo
|
||||
|
@ -2,6 +2,7 @@ imports:
|
||||
- { resource: merge_import.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
default: { id: foo }
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
firewalls:
|
||||
main:
|
||||
form_login:
|
||||
|
@ -2,6 +2,7 @@ imports:
|
||||
- { resource: container1.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
password_hashers:
|
||||
JMS\FooBundle\Entity\User7:
|
||||
algorithm: argon2i
|
||||
|
@ -1,4 +1,6 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
@ -11,7 +13,6 @@ security:
|
||||
stateless: true
|
||||
http_basic: true
|
||||
form_login: true
|
||||
anonymous: true
|
||||
switch_user: true
|
||||
x509: true
|
||||
remote_user: true
|
||||
@ -19,3 +20,4 @@ security:
|
||||
remember_me:
|
||||
secret: TheSecret
|
||||
user_checker: ~
|
||||
entry_point: form_login
|
||||
|
@ -1,4 +1,6 @@
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
|
||||
providers:
|
||||
default:
|
||||
id: foo
|
||||
|
@ -2,6 +2,7 @@ imports:
|
||||
- { resource: container1.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
password_hashers:
|
||||
JMS\FooBundle\Entity\User7:
|
||||
algorithm: sodium
|
||||
|
@ -49,6 +49,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -66,6 +67,9 @@ class SecurityExtensionTest extends TestCase
|
||||
$container->compile();
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testFirewallWithoutAuthenticationListener()
|
||||
{
|
||||
$this->expectException(InvalidConfigurationException::class);
|
||||
@ -97,6 +101,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$extension->addUserProviderFactory(new DummyProvider());
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'my_foo' => ['foo' => []],
|
||||
],
|
||||
@ -117,6 +122,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -136,6 +142,9 @@ class SecurityExtensionTest extends TestCase
|
||||
$this->assertFalse($container->hasDefinition('security.access.role_hierarchy_voter'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testGuardHandlerIsPassedStatelessFirewalls()
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
@ -168,6 +177,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -190,6 +200,7 @@ class SecurityExtensionTest extends TestCase
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'first' => ['id' => 'foo'],
|
||||
'second' => ['id' => 'bar'],
|
||||
@ -212,6 +223,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" listener on "ambiguous" firewall is ambiguous as there is more than one registered provider.');
|
||||
$container = $this->getRawContainer();
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'first' => ['id' => 'foo'],
|
||||
'second' => ['id' => 'bar'],
|
||||
@ -232,6 +244,7 @@ class SecurityExtensionTest extends TestCase
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'first' => ['id' => 'foo'],
|
||||
'second' => ['id' => 'bar'],
|
||||
@ -241,7 +254,6 @@ class SecurityExtensionTest extends TestCase
|
||||
'default' => [
|
||||
'form_login' => ['provider' => 'second'],
|
||||
'remember_me' => ['secret' => 'baz'],
|
||||
'anonymous' => true,
|
||||
],
|
||||
],
|
||||
]);
|
||||
@ -257,6 +269,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$rawExpression = "'foo' == 'bar' or 1 in [1, 3, 3]";
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -295,6 +308,7 @@ class SecurityExtensionTest extends TestCase
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -315,6 +329,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -337,6 +352,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'first' => ['id' => 'foo'],
|
||||
'second' => ['id' => 'bar'],
|
||||
@ -357,6 +373,7 @@ class SecurityExtensionTest extends TestCase
|
||||
|
||||
/**
|
||||
* @dataProvider sessionConfigurationProvider
|
||||
* @group legacy
|
||||
*/
|
||||
public function testRememberMeCookieInheritFrameworkSessionCookie($config, $samesite, $secure)
|
||||
{
|
||||
@ -396,6 +413,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -471,6 +489,7 @@ class SecurityExtensionTest extends TestCase
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'first' => ['id' => 'foo'],
|
||||
'second' => ['id' => 'bar'],
|
||||
@ -481,7 +500,6 @@ class SecurityExtensionTest extends TestCase
|
||||
'switch_user' => [
|
||||
'provider' => 'second',
|
||||
],
|
||||
'anonymous' => true,
|
||||
],
|
||||
],
|
||||
]);
|
||||
@ -496,6 +514,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -521,6 +540,7 @@ class SecurityExtensionTest extends TestCase
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'enable_authenticator_manager' => true,
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
@ -542,6 +562,7 @@ class SecurityExtensionTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideEntryPointFirewalls
|
||||
*/
|
||||
public function testAuthenticatorManagerEnabledEntryPoint(array $firewall, $entryPointId)
|
||||
@ -738,6 +759,9 @@ class SecurityExtensionTest extends TestCase
|
||||
yield [['user_checker' => TestUserChecker::class], TestUserChecker::class];
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testConfigureCustomFirewallListener()
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
|
@ -11,6 +11,9 @@
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
class AnonymousTest extends AbstractWebTestCase
|
||||
{
|
||||
public function testAnonymous()
|
||||
|
@ -13,20 +13,22 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
|
||||
|
||||
class AuthenticationCommencingTest extends AbstractWebTestCase
|
||||
{
|
||||
/**
|
||||
* @dataProvider provideClientOptions
|
||||
*/
|
||||
public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped(array $options)
|
||||
public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped()
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml']);
|
||||
|
||||
$client->request('GET', '/secure-but-not-covered-by-access-control');
|
||||
$this->assertRedirect($client->getResponse(), '/login');
|
||||
}
|
||||
|
||||
public function provideClientOptions()
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped()
|
||||
{
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml']);
|
||||
|
||||
$client->request('GET', '/secure-but-not-covered-by-access-control');
|
||||
$this->assertRedirect($client->getResponse(), '/login');
|
||||
}
|
||||
}
|
||||
|
@ -30,6 +30,22 @@ class AutowiringTypesTest extends AbstractWebTestCase
|
||||
$this->assertInstanceOf(TraceableAccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The debug.security.access.decision_manager service should be injected in non-debug mode');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyAccessDecisionManagerAutowiring()
|
||||
{
|
||||
static::bootKernel(['debug' => false, 'root_config' => 'legacy_config.yml']);
|
||||
|
||||
$autowiredServices = static::getContainer()->get('test.autowiring_types.autowired_services');
|
||||
$this->assertInstanceOf(AccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The security.access.decision_manager service should be injected in debug mode');
|
||||
|
||||
static::bootKernel(['debug' => true, 'root_config' => 'legacy_config.yml']);
|
||||
|
||||
$autowiredServices = static::getContainer()->get('test.autowiring_types.autowired_services');
|
||||
$this->assertInstanceOf(TraceableAccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The debug.security.access.decision_manager service should be injected in non-debug mode');
|
||||
}
|
||||
|
||||
protected static function createKernel(array $options = []): KernelInterface
|
||||
{
|
||||
return parent::createKernel(['test_case' => 'AutowiringTypes'] + $options);
|
||||
|
@ -100,11 +100,106 @@ class CsrfFormLoginTest extends AbstractWebTestCase
|
||||
$this->assertStringContainsString('You\'re browsing to path "/protected-resource".', $text);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
*/
|
||||
public function testLegacyFormLoginAndLogoutWithCsrfTokens($options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['user_login[username]'] = 'johannes';
|
||||
$form['user_login[password]'] = 'test';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/profile');
|
||||
|
||||
$crawler = $client->followRedirect();
|
||||
|
||||
$text = $crawler->text(null, true);
|
||||
$this->assertStringContainsString('Hello johannes!', $text);
|
||||
$this->assertStringContainsString('You\'re browsing to path "/profile".', $text);
|
||||
|
||||
$logoutLinks = $crawler->selectLink('Log out')->links();
|
||||
$this->assertCount(2, $logoutLinks);
|
||||
$this->assertStringContainsString('_csrf_token=', $logoutLinks[0]->getUri());
|
||||
|
||||
$client->click($logoutLinks[0]);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
*/
|
||||
public function testLegacyFormLoginWithInvalidCsrfToken($options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['user_login[_token]'] = '';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/login');
|
||||
|
||||
$text = $client->followRedirect()->text(null, true);
|
||||
$this->assertStringContainsString('Invalid CSRF token.', $text);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
*/
|
||||
public function testFormLegacyLoginWithCustomTargetPath($options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['user_login[username]'] = 'johannes';
|
||||
$form['user_login[password]'] = 'test';
|
||||
$form['user_login[_target_path]'] = '/foo';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/foo');
|
||||
|
||||
$text = $client->followRedirect()->text(null, true);
|
||||
$this->assertStringContainsString('Hello johannes!', $text);
|
||||
$this->assertStringContainsString('You\'re browsing to path "/foo".', $text);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
*/
|
||||
public function testLegacyFormLoginRedirectsToProtectedResourceAfterLogin($options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$client->request('GET', '/protected-resource');
|
||||
$this->assertRedirect($client->getResponse(), '/login');
|
||||
|
||||
$form = $client->followRedirect()->selectButton('login')->form();
|
||||
$form['user_login[username]'] = 'johannes';
|
||||
$form['user_login[password]'] = 'test';
|
||||
$client->submit($form);
|
||||
$this->assertRedirect($client->getResponse(), '/protected-resource');
|
||||
|
||||
$text = $client->followRedirect()->text(null, true);
|
||||
$this->assertStringContainsString('Hello johannes!', $text);
|
||||
$this->assertStringContainsString('You\'re browsing to path "/protected-resource".', $text);
|
||||
}
|
||||
|
||||
public function provideClientOptions()
|
||||
{
|
||||
yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
|
||||
yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]];
|
||||
}
|
||||
|
||||
public function provideLegacyClientOptions()
|
||||
{
|
||||
yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
|
||||
yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]];
|
||||
}
|
||||
}
|
||||
|
@ -15,9 +15,25 @@ use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\FirewallEntryPointBund
|
||||
|
||||
class FirewallEntryPointTest extends AbstractWebTestCase
|
||||
{
|
||||
public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']);
|
||||
|
||||
$client->request('GET', '/secure/resource');
|
||||
|
||||
$this->assertEquals(
|
||||
EntryPointStub::RESPONSE_TEXT,
|
||||
$client->getResponse()->getContent(),
|
||||
"Custom entry point wasn't started"
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testItUsesTheConfiguredEntryPointWhenUsingUnknownCredentials()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'FirewallEntryPoint']);
|
||||
$client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'legacy_config.yml']);
|
||||
|
||||
$client->request('GET', '/secure/resource', [], [], [
|
||||
'PHP_AUTH_USER' => 'unknown',
|
||||
@ -32,11 +48,11 @@ class FirewallEntryPointTest extends AbstractWebTestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
* @group legacy
|
||||
*/
|
||||
public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials(array $options)
|
||||
public function testLegacyItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']);
|
||||
$client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'legacy_config_form_login.yml']);
|
||||
|
||||
$client->request('GET', '/secure/resource');
|
||||
|
||||
|
@ -153,11 +153,158 @@ class FormLoginTest extends AbstractWebTestCase
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyFormLogin(array $options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'test';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/profile');
|
||||
|
||||
$text = $client->followRedirect()->text(null, true);
|
||||
$this->assertStringContainsString('Hello johannes!', $text);
|
||||
$this->assertStringContainsString('You\'re browsing to path "/profile".', $text);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyFormLogout(array $options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'test';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/profile');
|
||||
|
||||
$crawler = $client->followRedirect();
|
||||
$text = $crawler->text(null, true);
|
||||
|
||||
$this->assertStringContainsString('Hello johannes!', $text);
|
||||
$this->assertStringContainsString('You\'re browsing to path "/profile".', $text);
|
||||
|
||||
$logoutLinks = $crawler->selectLink('Log out')->links();
|
||||
$this->assertCount(6, $logoutLinks);
|
||||
$this->assertSame($logoutLinks[0]->getUri(), $logoutLinks[1]->getUri());
|
||||
$this->assertSame($logoutLinks[2]->getUri(), $logoutLinks[3]->getUri());
|
||||
$this->assertSame($logoutLinks[4]->getUri(), $logoutLinks[5]->getUri());
|
||||
|
||||
$this->assertNotSame($logoutLinks[0]->getUri(), $logoutLinks[2]->getUri());
|
||||
$this->assertNotSame($logoutLinks[1]->getUri(), $logoutLinks[3]->getUri());
|
||||
|
||||
$this->assertSame($logoutLinks[0]->getUri(), $logoutLinks[4]->getUri());
|
||||
$this->assertSame($logoutLinks[1]->getUri(), $logoutLinks[5]->getUri());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyFormLoginWithCustomTargetPath(array $options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'test';
|
||||
$form['_target_path'] = '/foo';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/foo');
|
||||
|
||||
$text = $client->followRedirect()->text(null, true);
|
||||
$this->assertStringContainsString('Hello johannes!', $text);
|
||||
$this->assertStringContainsString('You\'re browsing to path "/foo".', $text);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyFormLoginRedirectsToProtectedResourceAfterLogin(array $options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$client->request('GET', '/protected_resource');
|
||||
$this->assertRedirect($client->getResponse(), '/login');
|
||||
|
||||
$form = $client->followRedirect()->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'test';
|
||||
$client->submit($form);
|
||||
$this->assertRedirect($client->getResponse(), '/protected_resource');
|
||||
|
||||
$text = $client->followRedirect()->text(null, true);
|
||||
$this->assertStringContainsString('Hello johannes!', $text);
|
||||
$this->assertStringContainsString('You\'re browsing to path "/protected_resource".', $text);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group time-sensitive
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyLoginThrottling()
|
||||
{
|
||||
if (!class_exists(LoginThrottlingListener::class)) {
|
||||
$this->markTestSkipped('Login throttling requires symfony/security-http:^5.2');
|
||||
}
|
||||
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_login_throttling.yml', 'enable_authenticator_manager' => true]);
|
||||
|
||||
$attempts = [
|
||||
['johannes', 'wrong'],
|
||||
['johannes', 'also_wrong'],
|
||||
['wrong', 'wrong'],
|
||||
['johannes', 'wrong_again'],
|
||||
];
|
||||
foreach ($attempts as $i => $attempt) {
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['_username'] = $attempt[0];
|
||||
$form['_password'] = $attempt[1];
|
||||
$client->submit($form);
|
||||
|
||||
$text = $client->followRedirect()->text(null, true);
|
||||
switch ($i) {
|
||||
case 0: // First attempt : Invalid credentials (OK)
|
||||
$this->assertStringContainsString('Invalid credentials', $text, 'Invalid response on 1st attempt');
|
||||
|
||||
break;
|
||||
case 1: // Second attempt : login throttling !
|
||||
$this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 2nd attempt');
|
||||
|
||||
break;
|
||||
case 2: // Third attempt with unexisting username
|
||||
$this->assertStringContainsString('Invalid credentials.', $text, 'Invalid response on 3rd attempt');
|
||||
|
||||
break;
|
||||
case 3: // Fourth attempt : still login throttling !
|
||||
$this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 4th attempt');
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function provideClientOptions()
|
||||
{
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]];
|
||||
}
|
||||
|
||||
public function provideLegacyClientOptions()
|
||||
{
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]];
|
||||
}
|
||||
}
|
||||
|
@ -11,6 +11,9 @@
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
class GuardedTest extends AbstractWebTestCase
|
||||
{
|
||||
public function testGuarded()
|
||||
|
@ -18,12 +18,9 @@ use Symfony\Component\HttpFoundation\JsonResponse;
|
||||
*/
|
||||
class JsonLoginTest extends AbstractWebTestCase
|
||||
{
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
*/
|
||||
public function testDefaultJsonLoginSuccess(array $options)
|
||||
public function testDefaultJsonLoginSuccess()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
@ -32,12 +29,9 @@ class JsonLoginTest extends AbstractWebTestCase
|
||||
$this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
*/
|
||||
public function testDefaultJsonLoginFailure(array $options)
|
||||
public function testDefaultJsonLoginFailure()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
@ -46,12 +40,9 @@ class JsonLoginTest extends AbstractWebTestCase
|
||||
$this->assertSame(['error' => 'Invalid credentials.'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
*/
|
||||
public function testCustomJsonLoginSuccess(array $options)
|
||||
public function testCustomJsonLoginSuccess()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
@ -60,12 +51,9 @@ class JsonLoginTest extends AbstractWebTestCase
|
||||
$this->assertSame(['message' => 'Good game @dunglas!'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
*/
|
||||
public function testCustomJsonLoginFailure(array $options)
|
||||
public function testCustomJsonLoginFailure()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
@ -75,11 +63,81 @@ class JsonLoginTest extends AbstractWebTestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
* @group legacy
|
||||
*/
|
||||
public function testDefaultJsonLoginBadRequest(array $options)
|
||||
public function testDefaultJsonLoginBadRequest()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']);
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], 'Not a json content');
|
||||
$response = $client->getResponse();
|
||||
|
||||
$this->assertSame(400, $response->getStatusCode());
|
||||
$this->assertSame('application/json', $response->headers->get('Content-Type'));
|
||||
$this->assertSame(['type' => 'https://tools.ietf.org/html/rfc2616#section-10', 'title' => 'An error occurred', 'status' => 400, 'detail' => 'Bad Request'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyDefaultJsonLoginSuccess()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
$this->assertInstanceOf(JsonResponse::class, $response);
|
||||
$this->assertSame(200, $response->getStatusCode());
|
||||
$this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyDefaultJsonLoginFailure()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
$this->assertInstanceOf(JsonResponse::class, $response);
|
||||
$this->assertSame(401, $response->getStatusCode());
|
||||
$this->assertSame(['error' => 'Invalid credentials.'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyCustomJsonLoginSuccess()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_custom_handlers.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
$this->assertInstanceOf(JsonResponse::class, $response);
|
||||
$this->assertSame(200, $response->getStatusCode());
|
||||
$this->assertSame(['message' => 'Good game @dunglas!'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyCustomJsonLoginFailure()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_custom_handlers.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}');
|
||||
$response = $client->getResponse();
|
||||
|
||||
$this->assertInstanceOf(JsonResponse::class, $response);
|
||||
$this->assertSame(500, $response->getStatusCode());
|
||||
$this->assertSame(['message' => 'Something went wrong'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyDefaultJsonLoginBadRequest()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']);
|
||||
$client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], 'Not a json content');
|
||||
$response = $client->getResponse();
|
||||
|
||||
|
@ -40,7 +40,7 @@ class LocalizedRoutesAsPathTest extends AbstractWebTestCase
|
||||
*/
|
||||
public function testLoginFailureWithLocalizedFailurePath($locale, array $options)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => ($options['enable_authenticator_manager'] ? '' : 'legacy_').'localized_form_failure_handler.yml'] + $options);
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_form_failure_handler.yml'] + $options);
|
||||
|
||||
$crawler = $client->request('GET', '/'.$locale.'/login');
|
||||
$form = $crawler->selectButton('login')->form();
|
||||
@ -73,11 +73,79 @@ class LocalizedRoutesAsPathTest extends AbstractWebTestCase
|
||||
$this->assertCount(1, $crawler->selectButton('login'), (string) $client->getResponse());
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider getLegacyLocalesAndClientConfig
|
||||
*/
|
||||
public function testLegacyLoginLogoutProcedure($locale, array $options)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options);
|
||||
|
||||
$crawler = $client->request('GET', '/'.$locale.'/login');
|
||||
$form = $crawler->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'test';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/'.$locale.'/profile');
|
||||
$this->assertEquals('Profile', $client->followRedirect()->text());
|
||||
|
||||
$client->request('GET', '/'.$locale.'/logout');
|
||||
$this->assertRedirect($client->getResponse(), '/'.$locale.'/');
|
||||
$this->assertEquals('Homepage', $client->followRedirect()->text());
|
||||
}
|
||||
|
||||
/**
|
||||
* @group issue-32995
|
||||
* @group legacy
|
||||
* @dataProvider getLegacyLocalesAndClientConfig
|
||||
*/
|
||||
public function testLegacyLoginFailureWithLocalizedFailurePath($locale, array $options)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_localized_form_failure_handler.yml'] + $options);
|
||||
|
||||
$crawler = $client->request('GET', '/'.$locale.'/login');
|
||||
$form = $crawler->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'foobar';
|
||||
$client->submit($form);
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/'.$locale.'/login');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider getLegacyLocalesAndClientConfig
|
||||
*/
|
||||
public function testLegacyAccessRestrictedResource($locale, array $options)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options);
|
||||
|
||||
$client->request('GET', '/'.$locale.'/secure/');
|
||||
$this->assertRedirect($client->getResponse(), '/'.$locale.'/login');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider getLegacyLocalesAndClientConfig
|
||||
*/
|
||||
public function testLegacyAccessRestrictedResourceWithForward($locale, array $options)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_localized_routes_with_forward.yml'] + $options);
|
||||
|
||||
$crawler = $client->request('GET', '/'.$locale.'/secure/');
|
||||
$this->assertCount(1, $crawler->selectButton('login'), (string) $client->getResponse());
|
||||
}
|
||||
|
||||
public function getLocalesAndClientConfig()
|
||||
{
|
||||
yield ['en', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']];
|
||||
yield ['en', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']];
|
||||
yield ['de', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']];
|
||||
yield ['de', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']];
|
||||
yield ['en', ['root_config' => 'localized_routes.yml']];
|
||||
yield ['de', ['root_config' => 'localized_routes.yml']];
|
||||
}
|
||||
|
||||
public function getLegacyLocalesAndClientConfig()
|
||||
{
|
||||
yield ['en', ['root_config' => 'legacy_localized_routes.yml']];
|
||||
yield ['de', ['root_config' => 'legacy_localized_routes.yml']];
|
||||
}
|
||||
}
|
||||
|
@ -20,12 +20,9 @@ use Symfony\Component\HttpKernel\KernelEvents;
|
||||
|
||||
class LogoutTest extends AbstractWebTestCase
|
||||
{
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
*/
|
||||
public function testCsrfTokensAreClearedOnLogout(array $options)
|
||||
public function testCsrfTokensAreClearedOnLogout()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']);
|
||||
$client = $this->createClient(['enable_authenticator_manager' => true, 'test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']);
|
||||
$client->disableReboot();
|
||||
$this->callInRequestContext($client, function () {
|
||||
static::getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar');
|
||||
@ -49,11 +46,49 @@ class LogoutTest extends AbstractWebTestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
* @group legacy
|
||||
*/
|
||||
public function testAccessControlDoesNotApplyOnLogout(array $options)
|
||||
public function testLegacyCsrfTokensAreClearedOnLogout()
|
||||
{
|
||||
$client = $this->createClient($options + ['test_case' => 'Logout', 'root_config' => 'config_access.yml']);
|
||||
$client = $this->createClient(['enable_authenticator_manager' => false, 'test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']);
|
||||
$client->disableReboot();
|
||||
$this->callInRequestContext($client, function () {
|
||||
static::getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar');
|
||||
});
|
||||
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'johannes',
|
||||
'_password' => 'test',
|
||||
]);
|
||||
|
||||
$this->callInRequestContext($client, function () {
|
||||
$this->assertTrue(static::getContainer()->get('security.csrf.token_storage')->hasToken('foo'));
|
||||
$this->assertSame('bar', static::getContainer()->get('security.csrf.token_storage')->getToken('foo'));
|
||||
});
|
||||
|
||||
$client->request('GET', '/logout');
|
||||
|
||||
$this->callInRequestContext($client, function () {
|
||||
$this->assertFalse(static::getContainer()->get('security.csrf.token_storage')->hasToken('foo'));
|
||||
});
|
||||
}
|
||||
|
||||
public function testAccessControlDoesNotApplyOnLogout()
|
||||
{
|
||||
$client = $this->createClient(['enable_authenticator_manager' => true, 'test_case' => 'Logout', 'root_config' => 'config_access.yml']);
|
||||
|
||||
$client->request('POST', '/login', ['_username' => 'johannes', '_password' => 'test']);
|
||||
$client->request('GET', '/logout');
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyAccessControlDoesNotApplyOnLogout()
|
||||
{
|
||||
$client = $this->createClient(['enable_authenticator_manager' => false, 'test_case' => 'Logout', 'root_config' => 'config_access.yml']);
|
||||
|
||||
$client->request('POST', '/login', ['_username' => 'johannes', '_password' => 'test']);
|
||||
$client->request('GET', '/logout');
|
||||
|
@ -11,9 +11,24 @@
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
|
||||
|
||||
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
|
||||
|
||||
class MissingUserProviderTest extends AbstractWebTestCase
|
||||
{
|
||||
public function testUserProviderIsNeeded()
|
||||
{
|
||||
$client = $this->createClient(['enable_authenticator_manager' => true, 'test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]);
|
||||
|
||||
$this->expectException(InvalidConfigurationException::class);
|
||||
$this->expectExceptionMessage('"default" firewall requires a user provider but none was defined');
|
||||
|
||||
$client->request('GET', '/', [], [], [
|
||||
'PHP_AUTH_USER' => 'username',
|
||||
'PHP_AUTH_PW' => 'pa$$word',
|
||||
]);
|
||||
}
|
||||
|
||||
public function testLegacyUserProviderIsNeeded()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]);
|
||||
|
||||
|
@ -22,8 +22,11 @@ class RememberMeCookieTest extends AbstractWebTestCase
|
||||
$this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
|
||||
}
|
||||
|
||||
/** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */
|
||||
public function testOldSessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag)
|
||||
/**
|
||||
* @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacySessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'legacy_config.yml']);
|
||||
|
||||
|
@ -13,18 +13,76 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
|
||||
|
||||
class RememberMeTest extends AbstractWebTestCase
|
||||
{
|
||||
public function provideRememberMeSystems()
|
||||
/**
|
||||
* @dataProvider provideConfigs
|
||||
*/
|
||||
public function testRememberMe(array $options)
|
||||
{
|
||||
foreach ($this->provideSecuritySystems() as $securitySystem) {
|
||||
yield [$securitySystem[0] + ['root_config' => 'config_session.yml']];
|
||||
yield [$securitySystem[0] + ['root_config' => 'config_persistent.yml']];
|
||||
$client = $this->createClient(array_merge_recursive(['root_config' => 'config.yml', 'test_case' => 'RememberMe'], $options));
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'johannes',
|
||||
'_password' => 'test',
|
||||
]);
|
||||
$this->assertSame(302, $client->getResponse()->getStatusCode());
|
||||
|
||||
$client->request('GET', '/profile');
|
||||
$this->assertSame('johannes', $client->getResponse()->getContent());
|
||||
|
||||
// clear session, this should trigger remember me on the next request
|
||||
$client->getCookieJar()->expire('MOCKSESSID');
|
||||
|
||||
$client->request('GET', '/profile');
|
||||
$this->assertSame('johannes', $client->getResponse()->getContent(), 'Not logged in after resetting session.');
|
||||
|
||||
// logout, this should clear the remember-me cookie
|
||||
$client->request('GET', '/logout');
|
||||
$this->assertSame(302, $client->getResponse()->getStatusCode(), 'Logout unsuccessful.');
|
||||
$this->assertNull($client->getCookieJar()->get('REMEMBERME'));
|
||||
}
|
||||
|
||||
public function testUserChangeClearsCookie()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'clear_on_change_config.yml']);
|
||||
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'johannes',
|
||||
'_password' => 'test',
|
||||
]);
|
||||
|
||||
$this->assertSame(302, $client->getResponse()->getStatusCode());
|
||||
$cookieJar = $client->getCookieJar();
|
||||
$this->assertNotNull($cookieJar->get('REMEMBERME'));
|
||||
|
||||
$client->request('GET', '/profile');
|
||||
$this->assertRedirect($client->getResponse(), '/login');
|
||||
$this->assertNull($cookieJar->get('REMEMBERME'));
|
||||
}
|
||||
|
||||
public function testSessionLessRememberMeLogout()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'stateless_config.yml']);
|
||||
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'johannes',
|
||||
'_password' => 'test',
|
||||
]);
|
||||
|
||||
$cookieJar = $client->getCookieJar();
|
||||
$cookieJar->expire(session_name());
|
||||
|
||||
$this->assertNotNull($cookieJar->get('REMEMBERME'));
|
||||
$this->assertSame('lax', $cookieJar->get('REMEMBERME')->getSameSite());
|
||||
|
||||
$client->request('GET', '/logout');
|
||||
$this->assertSame(302, $client->getResponse()->getStatusCode(), 'Logout unsuccessful.');
|
||||
$this->assertNull($cookieJar->get('REMEMBERME'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideRememberMeSystems
|
||||
* @dataProvider provideLegacyConfigs
|
||||
* @group legacy
|
||||
*/
|
||||
public function testRememberMe(array $options)
|
||||
public function testLegacyRememberMe(array $options)
|
||||
{
|
||||
$client = $this->createClient(array_merge_recursive(['root_config' => 'config.yml', 'test_case' => 'RememberMe'], $options));
|
||||
|
||||
@ -50,11 +108,11 @@ class RememberMeTest extends AbstractWebTestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
* @group legacy
|
||||
*/
|
||||
public function testUserChangeClearsCookie(array $options)
|
||||
public function testLegacyUserChangeClearsCookie()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'clear_on_change_config.yml'] + $options);
|
||||
$client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'clear_on_change_config.yml']);
|
||||
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'johannes',
|
||||
@ -71,11 +129,11 @@ class RememberMeTest extends AbstractWebTestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
* @group legacy
|
||||
*/
|
||||
public function testSessionLessRememberMeLogout(array $options)
|
||||
public function testLegacySessionLessRememberMeLogout()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'stateless_config.yml'] + $options);
|
||||
$client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'stateless_config.yml']);
|
||||
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'johannes',
|
||||
@ -92,4 +150,16 @@ class RememberMeTest extends AbstractWebTestCase
|
||||
$this->assertSame(302, $client->getResponse()->getStatusCode(), 'Logout unsuccessful.');
|
||||
$this->assertNull($cookieJar->get('REMEMBERME'));
|
||||
}
|
||||
|
||||
public function provideConfigs()
|
||||
{
|
||||
yield [['root_config' => 'config_session.yml']];
|
||||
yield [['root_config' => 'config_persistent.yml']];
|
||||
}
|
||||
|
||||
public function provideLegacyConfigs()
|
||||
{
|
||||
yield [['root_config' => 'legacy_config_session.yml']];
|
||||
yield [['root_config' => 'legacy_config_persistent.yml']];
|
||||
}
|
||||
}
|
||||
|
@ -120,24 +120,155 @@ class SecurityRoutingIntegrationTest extends AbstractWebTestCase
|
||||
$this->assertAllowed($allowedClient, '/protected-via-expression');
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
*/
|
||||
public function testInvalidIpsInAccessControl(array $options)
|
||||
public function testInvalidIpsInAccessControl()
|
||||
{
|
||||
$this->expectException(\LogicException::class);
|
||||
$this->expectExceptionMessage('The given value "256.357.458.559" in the "security.access_control" config option is not a valid IP address.');
|
||||
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml'] + $options);
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml']);
|
||||
$client->request('GET', '/unprotected_resource');
|
||||
}
|
||||
|
||||
public function testPublicHomepage()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml']);
|
||||
$client->request('GET', '/en/');
|
||||
|
||||
$this->assertEquals(200, $client->getResponse()->getStatusCode(), (string) $client->getResponse());
|
||||
$this->assertTrue($client->getResponse()->headers->getCacheControlDirective('public'));
|
||||
$this->assertSame(0, self::getContainer()->get('session')->getUsageIndex());
|
||||
}
|
||||
/**
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyRoutingErrorIsNotExposedForProtectedResourceWhenAnonymous(array $options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
$client->request('GET', '/protected_resource');
|
||||
|
||||
$this->assertRedirect($client->getResponse(), '/login');
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyRoutingErrorIsExposedWhenNotProtected(array $options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
$client->request('GET', '/unprotected_resource');
|
||||
|
||||
$this->assertEquals(404, $client->getResponse()->getStatusCode(), (string) $client->getResponse());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyRoutingErrorIsNotExposedForProtectedResourceWhenLoggedInWithInsufficientRights(array $options)
|
||||
{
|
||||
$client = $this->createClient($options);
|
||||
|
||||
$form = $client->request('GET', '/login')->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'test';
|
||||
$client->submit($form);
|
||||
|
||||
$client->request('GET', '/highly_protected_resource');
|
||||
|
||||
$this->assertNotEquals(404, $client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
*/
|
||||
public function testLegacySecurityConfigurationForSingleIPAddress(array $options)
|
||||
{
|
||||
$allowedClient = $this->createClient($options, ['REMOTE_ADDR' => '10.10.10.10']);
|
||||
|
||||
$this->ensureKernelShutdown();
|
||||
|
||||
$barredClient = $this->createClient($options, ['REMOTE_ADDR' => '10.10.20.10']);
|
||||
|
||||
$this->assertAllowed($allowedClient, '/secured-by-one-ip');
|
||||
$this->assertRestricted($barredClient, '/secured-by-one-ip');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideLegacyClientOptions
|
||||
*/
|
||||
public function testLegacySecurityConfigurationForMultipleIPAddresses(array $options)
|
||||
{
|
||||
$allowedClientA = $this->createClient($options, ['REMOTE_ADDR' => '1.1.1.1']);
|
||||
|
||||
$this->ensureKernelShutdown();
|
||||
|
||||
$allowedClientB = $this->createClient($options, ['REMOTE_ADDR' => '2.2.2.2']);
|
||||
|
||||
$this->ensureKernelShutdown();
|
||||
|
||||
$allowedClientC = $this->createClient($options, ['REMOTE_ADDR' => '203.0.113.0']);
|
||||
|
||||
$this->ensureKernelShutdown();
|
||||
|
||||
$barredClient = $this->createClient($options, ['REMOTE_ADDR' => '192.168.1.1']);
|
||||
|
||||
$this->assertAllowed($allowedClientA, '/secured-by-two-ips');
|
||||
$this->assertAllowed($allowedClientB, '/secured-by-two-ips');
|
||||
|
||||
$this->assertRestricted($allowedClientA, '/secured-by-one-real-ip');
|
||||
$this->assertRestricted($allowedClientA, '/secured-by-one-real-ipv6');
|
||||
$this->assertAllowed($allowedClientC, '/secured-by-one-real-ip-with-mask');
|
||||
|
||||
$this->assertRestricted($barredClient, '/secured-by-two-ips');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider provideLegacyConfigs
|
||||
*/
|
||||
public function testLegacySecurityConfigurationForExpression(array $options)
|
||||
{
|
||||
$allowedClient = $this->createClient($options, ['HTTP_USER_AGENT' => 'Firefox 1.0']);
|
||||
$this->assertAllowed($allowedClient, '/protected-via-expression');
|
||||
$this->ensureKernelShutdown();
|
||||
|
||||
$barredClient = $this->createClient($options, []);
|
||||
$this->assertRestricted($barredClient, '/protected-via-expression');
|
||||
$this->ensureKernelShutdown();
|
||||
|
||||
$allowedClient = $this->createClient($options, []);
|
||||
|
||||
$allowedClient->request('GET', '/protected-via-expression');
|
||||
$form = $allowedClient->followRedirect()->selectButton('login')->form();
|
||||
$form['_username'] = 'johannes';
|
||||
$form['_password'] = 'test';
|
||||
$allowedClient->submit($form);
|
||||
$this->assertRedirect($allowedClient->getResponse(), '/protected-via-expression');
|
||||
$this->assertAllowed($allowedClient, '/protected-via-expression');
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyInvalidIpsInAccessControl()
|
||||
{
|
||||
$this->expectException(\LogicException::class);
|
||||
$this->expectExceptionMessage('The given value "256.357.458.559" in the "security.access_control" config option is not a valid IP address.');
|
||||
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml', 'enable_authenticator_manager' => false]);
|
||||
$client->request('GET', '/unprotected_resource');
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideSecuritySystems
|
||||
* @group legacy
|
||||
*/
|
||||
public function testPublicHomepage(array $options)
|
||||
public function testLegacyPublicHomepage()
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml'] + $options);
|
||||
$client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml']);
|
||||
$client->request('GET', '/en/');
|
||||
|
||||
$this->assertEquals(200, $client->getResponse()->getStatusCode(), (string) $client->getResponse());
|
||||
@ -159,13 +290,23 @@ class SecurityRoutingIntegrationTest extends AbstractWebTestCase
|
||||
|
||||
public function provideClientOptions()
|
||||
{
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]];
|
||||
}
|
||||
|
||||
public function provideLegacyClientOptions()
|
||||
{
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]];
|
||||
}
|
||||
|
||||
public function provideConfigs()
|
||||
{
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml']];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml']];
|
||||
}
|
||||
|
||||
public function provideLegacyConfigs()
|
||||
{
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml']];
|
||||
yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml']];
|
||||
|
@ -35,20 +35,6 @@ class SecurityTest extends AbstractWebTestCase
|
||||
$this->assertSame($token, $security->getToken());
|
||||
}
|
||||
|
||||
public function userWillBeMarkedAsChangedIfRolesHasChangedProvider()
|
||||
{
|
||||
return [
|
||||
[
|
||||
new InMemoryUser('user1', 'test', ['ROLE_ADMIN']),
|
||||
new InMemoryUser('user1', 'test', ['ROLE_USER']),
|
||||
],
|
||||
[
|
||||
new UserWithoutEquatable('user1', 'test', ['ROLE_ADMIN']),
|
||||
new UserWithoutEquatable('user1', 'test', ['ROLE_USER']),
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider userWillBeMarkedAsChangedIfRolesHasChangedProvider
|
||||
*/
|
||||
@ -77,6 +63,69 @@ class SecurityTest extends AbstractWebTestCase
|
||||
$client->request('GET', '/admin');
|
||||
$this->assertEquals(302, $client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider userWillBeMarkedAsChangedIfRolesHasChangedProvider
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyUserWillBeMarkedAsChangedIfRolesHasChanged(UserInterface $userWithAdminRole, UserInterface $userWithoutAdminRole)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'AbstractTokenCompareRoles', 'root_config' => 'legacy_config.yml']);
|
||||
$client->disableReboot();
|
||||
|
||||
/** @var ArrayUserProvider $userProvider */
|
||||
$userProvider = static::$kernel->getContainer()->get('security.user.provider.array');
|
||||
$userProvider->addUser($userWithAdminRole);
|
||||
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'user1',
|
||||
'_password' => 'test',
|
||||
]);
|
||||
|
||||
// user1 has ROLE_ADMIN and can visit secure page
|
||||
$client->request('GET', '/admin');
|
||||
$this->assertEquals(200, $client->getResponse()->getStatusCode());
|
||||
|
||||
// updating user provider with same user but revoked ROLE_ADMIN from user1
|
||||
$userProvider->setUser('user1', $userWithoutAdminRole);
|
||||
|
||||
// user1 has lost ROLE_ADMIN and MUST be redirected away from secure page
|
||||
$client->request('GET', '/admin');
|
||||
$this->assertEquals(302, $client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyServiceIsFunctional()
|
||||
{
|
||||
$kernel = self::createKernel(['test_case' => 'SecurityHelper', 'root_config' => 'legacy_config.yml']);
|
||||
$kernel->boot();
|
||||
$container = $kernel->getContainer();
|
||||
|
||||
// put a token into the storage so the final calls can function
|
||||
$user = new InMemoryUser('foo', 'pass');
|
||||
$token = new UsernamePasswordToken($user, '', 'provider', ['ROLE_USER']);
|
||||
$container->get('functional.test.security.token_storage')->setToken($token);
|
||||
|
||||
$security = $container->get('functional_test.security.helper');
|
||||
$this->assertTrue($security->isGranted('ROLE_USER'));
|
||||
$this->assertSame($token, $security->getToken());
|
||||
}
|
||||
|
||||
public function userWillBeMarkedAsChangedIfRolesHasChangedProvider()
|
||||
{
|
||||
return [
|
||||
[
|
||||
new InMemoryUser('user1', 'test', ['ROLE_ADMIN']),
|
||||
new InMemoryUser('user1', 'test', ['ROLE_USER']),
|
||||
],
|
||||
[
|
||||
new UserWithoutEquatable('user1', 'test', ['ROLE_ADMIN']),
|
||||
new UserWithoutEquatable('user1', 'test', ['ROLE_USER']),
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
final class UserWithoutEquatable implements UserInterface, PasswordAuthenticatedUserInterface
|
||||
|
@ -19,9 +19,22 @@ class SwitchUserTest extends AbstractWebTestCase
|
||||
/**
|
||||
* @dataProvider getTestParameters
|
||||
*/
|
||||
public function testSwitchUser($originalUser, $authenticatorManagerEnabled, $targetUser, $expectedUser, $expectedStatus)
|
||||
public function testSwitchUser($originalUser, $targetUser, $expectedUser, $expectedStatus)
|
||||
{
|
||||
$client = $this->createAuthenticatedClient($originalUser, ['enable_authenticator_manager' => $authenticatorManagerEnabled]);
|
||||
$client = $this->createAuthenticatedClient($originalUser, ['root_config' => 'switchuser.yml']);
|
||||
|
||||
$client->request('GET', '/profile?_switch_user='.$targetUser);
|
||||
|
||||
$this->assertEquals($expectedStatus, $client->getResponse()->getStatusCode());
|
||||
$this->assertEquals($expectedUser, $client->getProfile()->getCollector('security')->getUser());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider getLegacyTestParameters
|
||||
*/
|
||||
public function testLegacySwitchUser($originalUser, $targetUser, $expectedUser, $expectedStatus)
|
||||
{
|
||||
$client = $this->createAuthenticatedClient($originalUser, ['root_config' => 'legacy_switchuser.yml']);
|
||||
|
||||
$client->request('GET', '/profile?_switch_user='.$targetUser);
|
||||
|
||||
@ -75,14 +88,20 @@ class SwitchUserTest extends AbstractWebTestCase
|
||||
public function getTestParameters()
|
||||
{
|
||||
return [
|
||||
'unauthorized_user_cannot_switch' => ['user_cannot_switch_1', true, 'user_cannot_switch_1', 'user_cannot_switch_1', 403],
|
||||
'legacy_unauthorized_user_cannot_switch' => ['user_cannot_switch_1', false, 'user_cannot_switch_1', 'user_cannot_switch_1', 403],
|
||||
'authorized_user_can_switch' => ['user_can_switch', true, 'user_cannot_switch_1', 'user_cannot_switch_1', 200],
|
||||
'legacy_authorized_user_can_switch' => ['user_can_switch', false, 'user_cannot_switch_1', 'user_cannot_switch_1', 200],
|
||||
'authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', true, 'user_does_not_exist', 'user_can_switch', 403],
|
||||
'legacy_authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', false, 'user_does_not_exist', 'user_can_switch', 403],
|
||||
'authorized_user_can_switch_to_himself' => ['user_can_switch', true, 'user_can_switch', 'user_can_switch', 200],
|
||||
'legacy_authorized_user_can_switch_to_himself' => ['user_can_switch', false, 'user_can_switch', 'user_can_switch', 200],
|
||||
'unauthorized_user_cannot_switch' => ['user_cannot_switch_1', 'user_cannot_switch_1', 'user_cannot_switch_1', 403],
|
||||
'authorized_user_can_switch' => ['user_can_switch', 'user_cannot_switch_1', 'user_cannot_switch_1', 200],
|
||||
'authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', 'user_does_not_exist', 'user_can_switch', 403],
|
||||
'authorized_user_can_switch_to_himself' => ['user_can_switch', 'user_can_switch', 'user_can_switch', 200],
|
||||
];
|
||||
}
|
||||
|
||||
public function getLegacyTestParameters()
|
||||
{
|
||||
return [
|
||||
'legacy_unauthorized_user_cannot_switch' => ['user_cannot_switch_1', 'user_cannot_switch_1', 'user_cannot_switch_1', 403],
|
||||
'legacy_authorized_user_can_switch' => ['user_can_switch', 'user_cannot_switch_1', 'user_cannot_switch_1', 200],
|
||||
'legacy_authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', 'user_does_not_exist', 'user_can_switch', 403],
|
||||
'legacy_authorized_user_can_switch_to_himself' => ['user_can_switch', 'user_can_switch', 'user_can_switch', 200],
|
||||
];
|
||||
}
|
||||
|
||||
|
@ -8,6 +8,7 @@ services:
|
||||
class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\ArrayUserProvider
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
|
||||
password_hashers:
|
||||
\Symfony\Component\Security\Core\User\UserInterface: plaintext
|
||||
@ -23,7 +24,6 @@ security:
|
||||
remember_me: true
|
||||
require_previous_session: false
|
||||
logout: ~
|
||||
anonymous: ~
|
||||
stateless: false
|
||||
|
||||
access_control:
|
||||
|
@ -0,0 +1,30 @@
|
||||
imports:
|
||||
- { resource: ./../config/framework.yml }
|
||||
|
||||
services:
|
||||
_defaults: { public: true }
|
||||
|
||||
security.user.provider.array:
|
||||
class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\ArrayUserProvider
|
||||
|
||||
security:
|
||||
password_hashers:
|
||||
\Symfony\Component\Security\Core\User\UserInterface: plaintext
|
||||
|
||||
providers:
|
||||
array:
|
||||
id: security.user.provider.array
|
||||
|
||||
firewalls:
|
||||
default:
|
||||
form_login:
|
||||
check_path: login
|
||||
remember_me: true
|
||||
require_previous_session: false
|
||||
logout: ~
|
||||
stateless: false
|
||||
|
||||
access_control:
|
||||
- { path: ^/admin$, roles: ROLE_ADMIN }
|
||||
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
||||
- { path: .*, roles: IS_AUTHENTICATED_FULLY }
|
@ -3,6 +3,7 @@ imports:
|
||||
- { resource: ./security.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
firewalls:
|
||||
api:
|
||||
pattern: /
|
||||
|
@ -3,6 +3,7 @@ imports:
|
||||
- { resource: ./security.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
firewalls:
|
||||
api:
|
||||
pattern: /
|
||||
|
@ -7,6 +7,7 @@ services:
|
||||
class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AutowiringBundle\AutowiredServices
|
||||
autowire: true
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
providers:
|
||||
dummy:
|
||||
memory: ~
|
||||
|
@ -0,0 +1,15 @@
|
||||
imports:
|
||||
- { resource: ../config/framework.yml }
|
||||
|
||||
services:
|
||||
_defaults: { public: true }
|
||||
test.autowiring_types.autowired_services:
|
||||
class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AutowiringBundle\AutowiredServices
|
||||
autowire: true
|
||||
security:
|
||||
providers:
|
||||
dummy:
|
||||
memory: ~
|
||||
firewalls:
|
||||
dummy:
|
||||
security: false
|
@ -15,6 +15,7 @@ services:
|
||||
- { name: container.service_subscriber }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
password_hashers:
|
||||
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
|
||||
|
||||
|
@ -2,6 +2,7 @@ imports:
|
||||
- { resource: ./base_config.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
firewalls:
|
||||
default:
|
||||
form_login:
|
||||
|
@ -0,0 +1,49 @@
|
||||
imports:
|
||||
- { resource: ./../config/default.yml }
|
||||
|
||||
services:
|
||||
csrf_form_login.form.type:
|
||||
class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\CsrfFormLoginBundle\Form\UserLoginType
|
||||
arguments:
|
||||
- '@request_stack'
|
||||
tags:
|
||||
- { name: form.type }
|
||||
|
||||
Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\CsrfFormLoginBundle\Controller\LoginController:
|
||||
public: true
|
||||
tags:
|
||||
- { name: container.service_subscriber }
|
||||
|
||||
security:
|
||||
password_hashers:
|
||||
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
|
||||
|
||||
providers:
|
||||
in_memory:
|
||||
memory:
|
||||
users:
|
||||
johannes: { password: test, roles: [ROLE_USER] }
|
||||
|
||||
firewalls:
|
||||
# This firewall doesn't make sense in combination with the rest of the
|
||||
# configuration file, but it's here for testing purposes (do not use
|
||||
# this file in a real world scenario though)
|
||||
login_form:
|
||||
pattern: ^/login$
|
||||
security: false
|
||||
|
||||
default:
|
||||
form_login:
|
||||
check_path: /login_check
|
||||
default_target_path: /profile
|
||||
target_path_parameter: "user_login[_target_path]"
|
||||
failure_path_parameter: "user_login[_failure_path]"
|
||||
username_parameter: "user_login[username]"
|
||||
password_parameter: "user_login[password]"
|
||||
logout:
|
||||
path: /logout_path
|
||||
target: /
|
||||
csrf_token_generator: security.csrf.token_manager
|
||||
|
||||
access_control:
|
||||
- { path: .*, roles: IS_AUTHENTICATED_FULLY }
|
@ -1,5 +1,5 @@
|
||||
imports:
|
||||
- { resource: ./base_config.yml }
|
||||
- { resource: ./legacy_base_config.yml }
|
||||
|
||||
security:
|
||||
firewalls:
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user