Add a ChainUserChecker to allow calling multiple user checkers for a firewall

mbabker · mbabker · commit b79f4f8035a6 · 2022-04-15T11:33:20.000-05:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -22,6 +22,7 @@
 use Symfony\Component\DependencyInjection\Alias;
 use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
 use Symfony\Component\DependencyInjection\Argument\ServiceClosureArgument;
+use Symfony\Component\DependencyInjection\Attribute\TaggedIterator;
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\Compiler\ServiceLocatorTagPass;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
@@ -44,6 +45,7 @@
 use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\UnanimousStrategy;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Security\Core\User\ChainUserChecker;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -363,6 +365,12 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         $container->register($firewallEventDispatcherId, EventDispatcher::class)
             ->addTag('event_dispatcher.dispatcher', ['name' => $firewallEventDispatcherId]);
 
+        // Register Firewall-specific chained user checker
+        if (class_exists(ChainUserChecker::class)) {
+            $container->register('security.user_checker.chain.'.$id, ChainUserChecker::class)
+                ->addArgument(new TaggedIterator('security.user_checker.'.$id));
+        }
+
         // Register listeners
         $listeners = [];
         $listenerKeys = [];
diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+6.1
+---
+
+* Add a `ChainUserChecker` to allow calling multiple user checkers for a firewall
+
 6.0
 ---
 
diff --git a/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php b/src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php
@@ -0,0 +1,64 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\User;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\User\ChainUserChecker;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+final class ChainUserCheckerTest extends TestCase
+{
+    public function testForwardsPreAuthToAllUserCheckers()
+    {
+        $user = $this->createMock(UserInterface::class);
+
+        $checker1 = $this->createMock(UserCheckerInterface::class);
+        $checker1->expects($this->once())
+            ->method('checkPreAuth')
+            ->with($user);
+
+        $checker2 = $this->createMock(UserCheckerInterface::class);
+        $checker2->expects($this->once())
+            ->method('checkPreAuth')
+            ->with($user);
+
+        $checker3 = $this->createMock(UserCheckerInterface::class);
+        $checker3->expects($this->once())
+            ->method('checkPreAuth')
+            ->with($user);
+
+        (new ChainUserChecker([$checker1, $checker2, $checker3]))->checkPreAuth($user);
+    }
+
+    public function testForwardsPostAuthToAllUserCheckers()
+    {
+        $user = $this->createMock(UserInterface::class);
+
+        $checker1 = $this->createMock(UserCheckerInterface::class);
+        $checker1->expects($this->once())
+            ->method('checkPostAuth')
+            ->with($user);
+
+        $checker2 = $this->createMock(UserCheckerInterface::class);
+        $checker2->expects($this->once())
+            ->method('checkPostAuth')
+            ->with($user);
+
+        $checker3 = $this->createMock(UserCheckerInterface::class);
+        $checker3->expects($this->once())
+            ->method('checkPostAuth')
+            ->with($user);
+
+        (new ChainUserChecker([$checker1, $checker2, $checker3]))->checkPostAuth($user);
+    }
+}
diff --git a/src/Symfony/Component/Security/Core/User/ChainUserChecker.php b/src/Symfony/Component/Security/Core/User/ChainUserChecker.php
@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\User;
+
+final class ChainUserChecker implements UserCheckerInterface
+{
+    /**
+     * @param iterable<UserCheckerInterface> $checkers
+     */
+    public function __construct(private readonly iterable $checkers)
+    {
+    }
+
+    public function checkPreAuth(UserInterface $user): void
+    {
+        foreach ($this->checkers as $checker) {
+            $checker->checkPreAuth($user);
+        }
+    }
+
+    public function checkPostAuth(UserInterface $user): void
+    {
+        foreach ($this->checkers as $checker) {
+            $checker->checkPostAuth($user);
+        }
+    }
+}
