Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 32fc7bb

Browse filesBrowse files
author
Robin Chalas
committed
[Security] Add user impersonation support for stateless authentication
1 parent bd3bc69 commit 32fc7bb
Copy full SHA for 32fc7bb
Expand file treeCollapse file tree

24 files changed

+120
-20
lines changed

‎UPGRADE-3.4.md

Copy file name to clipboardExpand all lines: UPGRADE-3.4.md
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -302,6 +302,9 @@ SecurityBundle
302302

303303
* Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0.
304304
Use another authentication system like `http_basic` instead.
305+
306+
* Deprecated setting the `switch_user.stateless` option to false when the firewall is `stateless`.
307+
Setting it to false will have no effect in 4.0.
305308

306309
Translation
307310
-----------

‎UPGRADE-4.0.md

Copy file name to clipboardExpand all lines: UPGRADE-4.0.md
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -677,6 +677,8 @@ SecurityBundle
677677

678678
* Removed the HTTP digest authentication system. The `HttpDigestFactory` class
679679
has been removed. Use another authentication system like `http_basic` instead.
680+
681+
* The `switch_user.stateless` option is now always true if the firewall is stateless.
680682

681683
Serializer
682684
----------

‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ CHANGELOG
1414
* deprecated HTTP digest authentication
1515
* deprecated command `acl:set` along with `SetAclCommand` class
1616
* deprecated command `init:acl` along with `InitAclCommand` class
17+
* added `stateless` option to the `switch_user` listener
1718

1819
3.3.0
1920
-----

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -304,6 +304,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
304304
->scalarNode('provider')->end()
305305
->scalarNode('parameter')->defaultValue('_switch_user')->end()
306306
->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()
307+
->booleanNode('stateless')->defaultValue(false)->end()
307308
->end()
308309
->end()
309310
;

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+8-2Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -455,7 +455,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
455455
// Switch user listener
456456
if (isset($firewall['switch_user'])) {
457457
$listenerKeys[] = 'switch_user';
458-
$listeners[] = new Reference($this->createSwitchUserListener($container, $id, $firewall['switch_user'], $defaultProvider));
458+
$listeners[] = new Reference($this->createSwitchUserListener($container, $id, $firewall['switch_user'], $defaultProvider, $firewall['stateless']));
459459
}
460460

461461
// Access listener
@@ -686,17 +686,23 @@ private function createExceptionListener($container, $config, $id, $defaultEntry
686686
return $exceptionListenerId;
687687
}
688688

689-
private function createSwitchUserListener($container, $id, $config, $defaultProvider)
689+
private function createSwitchUserListener($container, $id, $config, $defaultProvider, $stateless)
690690
{
691691
$userProvider = isset($config['provider']) ? $this->getUserProviderId($config['provider']) : $defaultProvider;
692692

693+
// in 4.0, deprecate and ignore the `switch_user.stateless` key, consider only "stateless" at firewall level and deprecate the `switch_user
694+
if ($stateless && false === $config['stateless']) {
695+
@trigger_error(sprintf('Firewall "%s" is configured as "stateless" but the "switch_user.stateless" key is set to false. Both should have the same value, the firewall\'s "stateless" value will be used as default value for the "switch_user.stateless" key in 4.0.', $id), E_USER_DEPRECATED);
696+
}
697+
693698
$switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
694699
$listener = $container->setDefinition($switchUserListenerId, new ChildDefinition('security.authentication.switchuser_listener'));
695700
$listener->replaceArgument(1, new Reference($userProvider));
696701
$listener->replaceArgument(2, new Reference('security.user_checker.'.$id));
697702
$listener->replaceArgument(3, $id);
698703
$listener->replaceArgument(6, $config['parameter']);
699704
$listener->replaceArgument(7, $config['role']);
705+
$listener->replaceArgument(9, $config['stateless']);
700706

701707
return $switchUserListenerId;
702708
}

‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -241,6 +241,7 @@
241241
<argument>_switch_user</argument>
242242
<argument>ROLE_ALLOWED_TO_SWITCH</argument>
243243
<argument type="service" id="event_dispatcher" on-invalid="null"/>
244+
<argument>false</argument> <!-- Stateless -->
244245
</service>
245246

246247
<service id="security.access_listener" class="Symfony\Component\Security\Http\Firewall\AccessListener">

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,7 @@ public function testFirewalls()
129129
array(
130130
'parameter' => '_switch_user',
131131
'role' => 'ROLE_ALLOWED_TO_SWITCH',
132+
'stateless' => true,
132133
),
133134
),
134135
array(
@@ -255,6 +256,7 @@ public function testFirewallsWithDigest()
255256
array(
256257
'parameter' => '_switch_user',
257258
'role' => 'ROLE_ALLOWED_TO_SWITCH',
259+
'stateless' => true,
258260
),
259261
),
260262
array(

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@
6565
'http_basic' => true,
6666
'form_login' => true,
6767
'anonymous' => true,
68-
'switch_user' => true,
68+
'switch_user' => array('stateless' => true),
6969
'x509' => true,
7070
'remote_user' => true,
7171
'logout' => true,

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@
6767
'http_digest' => array('secret' => 'TheSecret'),
6868
'form_login' => true,
6969
'anonymous' => true,
70-
'switch_user' => true,
70+
'switch_user' => array('stateless' => true),
7171
'x509' => true,
7272
'remote_user' => true,
7373
'logout' => true,

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@
6767
'http_digest' => array('secret' => 'TheSecret'),
6868
'form_login' => true,
6969
'anonymous' => true,
70-
'switch_user' => true,
70+
'switch_user' => array('stateless' => true),
7171
'x509' => true,
7272
'remote_user' => true,
7373
'logout' => true,

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.