Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Fix bad method call with guard authentication + session migration #27581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,6 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.guard'));
$listener->replaceArgument(2, $id);
$listener->replaceArgument(3, $authenticatorReferences);
$listener->addMethodCall('setSessionAuthenticationStrategy', array(new Reference('security.authentication.session_strategy.'.$id)));

// determine the entryPointId to use
$entryPointId = $this->determineEntryPoint($defaultEntryPoint, $config);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ class SecurityExtension extends Extension
private $factories = array();
private $userProviderFactories = array();
private $expressionLanguage;
private $statelessFirewallKeys = array();

public function __construct()
{
Expand Down Expand Up @@ -89,6 +90,9 @@ public function load(array $configs, ContainerBuilder $container)
$this->createAuthorization($config, $container);
$this->createRoleHierarchy($config, $container);

$container->getDefinition('security.authentication.guard_handler')
->replaceArgument(2, $this->statelessFirewallKeys);

if ($config['encoders']) {
$this->createEncoders($config['encoders'], $container);
}
Expand Down Expand Up @@ -287,6 +291,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
$listeners[] = new Reference($this->createContextListener($container, $contextKey));
$sessionStrategyId = 'security.authentication.session_strategy';
} else {
$this->statelessFirewallKeys[] = $id;
$sessionStrategyId = 'security.authentication.session_strategy_noop';
}
$container->setAlias(new Alias('security.authentication.session_strategy.'.$id, false), $sessionStrategyId);
Expand Down
4 changes: 4 additions & 0 deletions 4 src/Symfony/Bundle/SecurityBundle/Resources/config/guard.xml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@
>
<argument type="service" id="security.token_storage" />
<argument type="service" id="event_dispatcher" on-invalid="null" />
<argument /> <!-- stateless firewall keys -->
<call method="setSessionAuthenticationStrategy">
<argument type="service" id="security.authentication.session_strategy" />
</call>
</service>

<!-- See GuardAuthenticationFactory -->
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,33 @@ public function testDisableRoleHierarchyVoter()
$this->assertFalse($container->hasDefinition('security.access.role_hierarchy_voter'));
}

public function testGuardHandlerIsPassedStatelessFirewalls()
{
$container = $this->getRawContainer();

$container->loadFromExtension('security', array(
'providers' => array(
'default' => array('id' => 'foo'),
),

'firewalls' => array(
'some_firewall' => array(
'pattern' => '^/admin',
'http_basic' => null,
),
'stateless_firewall' => array(
'pattern' => '/.*',
'stateless' => true,
'http_basic' => null,
),
),
));

$container->compile();
$definition = $container->getDefinition('security.authentication.guard_handler');
$this->assertSame(array('stateless_firewall'), $definition->getArgument(2));
}

protected function getRawContainer()
{
$container = new ContainerBuilder();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ private function executeGuardAuthenticator($uniqueGuardKey, GuardAuthenticatorIn
}

// sets the token on the token storage, etc
$this->guardHandler->authenticateWithToken($token, $request);
$this->guardHandler->authenticateWithToken($token, $request, $this->providerKey);
} catch (AuthenticationException $e) {
// oh no! Authentication failed!

Expand Down
21 changes: 15 additions & 6 deletions 21 src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,19 +35,28 @@ class GuardAuthenticatorHandler
private $tokenStorage;
private $dispatcher;
private $sessionStrategy;
private $statelessProviderKeys;

public function __construct(TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher = null)
/**
* @param array $statelessProviderKeys An array of provider/firewall keys that are "stateless" and so do not need the session migrated on success
*/
public function __construct(TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher = null, array $statelessProviderKeys = array())
{
$this->tokenStorage = $tokenStorage;
$this->dispatcher = $eventDispatcher;
$this->statelessProviderKeys = $statelessProviderKeys;
}

/**
* Authenticates the given token in the system.
*
* @param string $providerKey The name of the provider/firewall being used for authentication
*/
public function authenticateWithToken(TokenInterface $token, Request $request)
public function authenticateWithToken(TokenInterface $token, Request $request/*, string $providerKey */)
{
$this->migrateSession($request, $token);
$providerKey = \func_num_args() > 2 ? func_get_arg(2) : null;

$this->migrateSession($request, $token, $providerKey);
$this->tokenStorage->setToken($token);

if (null !== $this->dispatcher) {
Expand Down Expand Up @@ -98,7 +107,7 @@ public function authenticateUserAndHandleSuccess(UserInterface $user, Request $r
// create an authenticated token for the User
$token = $authenticator->createAuthenticatedToken($user, $providerKey);
// authenticate this in the system
$this->authenticateWithToken($token, $request);
$this->authenticateWithToken($token, $request, $providerKey);

// return the success metric
return $this->handleAuthenticationSuccess($token, $request, $authenticator, $providerKey);
Expand Down Expand Up @@ -140,9 +149,9 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn
$this->sessionStrategy = $sessionStrategy;
}

private function migrateSession(Request $request, TokenInterface $token)
private function migrateSession(Request $request, TokenInterface $token, $providerKey)
{
if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession()) {
if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession() || \in_array($providerKey, $this->statelessProviderKeys, true)) {
return;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,18 @@ public function testSessionStrategyIsCalled()
$handler->authenticateWithToken($this->token, $this->request);
}

public function testSessionStrategyIsNotCalledWhenStateless()
{
$this->configurePreviousSession();

$this->sessionStrategy->expects($this->never())
->method('onAuthentication');

$handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher, array('some_provider_key'));
$handler->setSessionAuthenticationStrategy($this->sessionStrategy);
$handler->authenticateWithToken($this->token, $this->request, 'some_provider_key');
}

protected function setUp()
{
$this->tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
Expand Down
Morty Proxy This is a proxified and sanitized view of the page, visit original site.