df7099cb2d
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[Security] Automatically register custom authenticator as entry_point (if supported)
| Q | A
| ------------- | ---
| Branch? | 5.2 (hopefully?)
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix #37068
| License | MIT
| Doc PR | -
@weaverryan came up with exactly the same issue as proposed by a contributor before (see referenced ticket). Back then, it was decided impossible to fix: see https://github.com/symfony/symfony/pull/37075. However, after some thinking we came up with a way to fix the issue and improve the DX for custom authenticators.
The new authenticators are no longer required to implement `AuthenticationEntryPointInterface` (required for internal authenticators like the `RememberMeAuthenticator` and pre authenticated ones). This PR uses a compiler pass to check if a custom authenticator is supported:
```yaml
security:
firewalls:
main:
# in any case, if an entry_point is already configured it'll not be overriden
# (http_basic remains the entry point here)
http_basic: ~
custom_authenticator: App\Security\CustomAuthenticator
entry_point: http_basic
# if only one custom authenticator implements AuthenticationEntryPointInterface,
# it's automatically configured as the entry point
custom_authenticator: App\Security\CustomAuthenticator
custom_authenticators: [App\Security\CustomAuthenticator, App\Security\NoEntryPointAuthenticator]
# if no custom authenticator implements AuthenticationEntryPointInterface,
# an error is thrown
custom_authenticator: App\Security\NoEntryPointAuthenticator
# if more than one authenticator implements AuthenticationEntryPointInterface,
# the entry point must be configured explicitly (or an error is thrown)
custom_authenticators: [App\Security\CustomAuthenticator, App\Security\AnotherCustomAuthenticator]
entry_point: App\Security\CustomAuthenticator
```
---
I know this is very late for Symfony 5.2. It would be good to decide whether this can be included in the release, in order to smooth out the biggest struggle for people using custom authenticators for the first time.
Commits
-------
|
||
---|---|---|
.. | ||
Asset | ||
BrowserKit | ||
Cache | ||
Config | ||
Console | ||
CssSelector | ||
DependencyInjection | ||
DomCrawler | ||
Dotenv | ||
ErrorHandler | ||
EventDispatcher | ||
ExpressionLanguage | ||
Filesystem | ||
Finder | ||
Form | ||
HttpClient | ||
HttpFoundation | ||
HttpKernel | ||
Inflector | ||
Intl | ||
Ldap | ||
Lock | ||
Mailer | ||
Messenger | ||
Mime | ||
Notifier | ||
OptionsResolver | ||
Process | ||
PropertyAccess | ||
PropertyInfo | ||
RateLimiter | ||
Routing | ||
Security | ||
Semaphore | ||
Serializer | ||
Stopwatch | ||
String | ||
Templating | ||
Translation | ||
Uid | ||
Validator | ||
VarDumper | ||
VarExporter | ||
WebLink | ||
Workflow | ||
Yaml |