Skip to content

Adding a shortcuts for the main security functionality #24337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Adding a shortcuts for the main security functionality #24337

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7f1abe5
Adding a shortcut for the main security functionality
weaverryan Sep 26, 2017
f101f2d
Minor typo
javiereguiluz Sep 28, 2017
466a928
fixes
weaverryan Sep 28, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ CHANGELOG
3.4.0
-----

* Added new `security.helper` service that is an instance of `Symfony\Component\Security\Core\Security`
and provides shortcuts for common security tasks.
* Tagging voters with the `security.voter` tag without implementing the
`VoterInterface` on the class is now deprecated and will be removed in 4.0.
* [BC BREAK] `FirewallContext::getListeners()` now returns `\Traversable|array`
Expand Down
13 changes: 13 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,19 @@
</service>
<service id="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface" alias="security.token_storage" />

<service id="security.helper" class="Symfony\Component\Security\Core\Security">
<argument type="service">
<service class="Symfony\Component\DependencyInjection\ServiceLocator">
<tag name="container.service_locator" />
<argument type="collection">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should make the Security class implement ServiceSubscriberInterface instead. But maybe you prefer no dep on the DI component?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea... that was the basic idea: it felt better to keep the Security class from the component coupled only to psr/container. And actually, that wasn't listed as a dep in composer.json. I'm going to add that now... tests must've passed because another dep of symfony/security already required it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haha, or because I don't have a test for that class... fixing that now :)

<argument key="security.token_storage" type="service" id="security.token_storage" />
<argument key="security.authorization_checker" type="service" id="security.authorization_checker" />
</argument>
</service>
</argument>
</service>
<service id="Symfony\Component\Security\Core\Security" alias="security.helper" />

<service id="security.user_value_resolver" class="Symfony\Bundle\SecurityBundle\SecurityUserValueResolver">
<argument type="service" id="security.token_storage" />
<tag name="controller.argument_value_resolver" priority="40" />
Expand Down
34 changes: 34 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\SecurityBundle\Tests\Functional;

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\User\User;

class SecurityTest extends WebTestCase
{
public function testServiceIsFunctional()
{
$kernel = self::createKernel(array('test_case' => 'SecurityHelper', 'root_config' => 'config.yml'));
$kernel->boot();
$container = $kernel->getContainer();

// put a token into the storage so the final calls can function
$user = new User('foo', 'pass');
$token = new UsernamePasswordToken($user, '', 'provider', array('ROLE_USER'));
$container->get('security.token_storage')->setToken($token);

$security = $container->get('functional_test.security.helper');
$this->assertTrue($security->isGranted('ROLE_USER'));
$this->assertSame($token, $security->getToken());
}
}
20 changes: 20 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/bundles.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

use Symfony\Bundle\TwigBundle\TwigBundle;
use Symfony\Bundle\SecurityBundle\SecurityBundle;
use Symfony\Bundle\FrameworkBundle\FrameworkBundle;

return array(
new FrameworkBundle(),
new SecurityBundle(),
new TwigBundle(),
);
18 changes: 18 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
imports:
- { resource: ./../config/default.yml }

services:
# alias the service so we can access it in the tests
functional_test.security.helper:
alias: security.helper
public: true

security:
providers:
in_memory:
memory:
users: []

firewalls:
default:
anonymous: ~
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ CHANGELOG
3.4.0
-----

* Added `getUser`, `getToken` and `isGranted` methods to `Security`.
* added a `setToken()` method to the `SwitchUserEvent` class to allow to replace the created token while switching users
when custom token generation is required by application.
* Using voters that do not implement the `VoterInterface`is now deprecated in
Expand Down
54 changes: 51 additions & 3 deletions src/Symfony/Component/Security/Core/Security.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,63 @@

namespace Symfony\Component\Security\Core;

use Psr\Container\ContainerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\User\UserInterface;

/**
* This class holds security information.
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
* Helper class for commonly-needed security tasks.
*/
final class Security
{
const ACCESS_DENIED_ERROR = '_security.403_error';
const AUTHENTICATION_ERROR = '_security.last_error';
const LAST_USERNAME = '_security.last_username';
const MAX_USERNAME_LENGTH = 4096;

private $container;

public function __construct(ContainerInterface $container)
{
$this->container = $container;
}

/**
* @return UserInterface|null
*/
public function getUser()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Return type instead of phpdoc?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this targets 3.4 which supports PHP 5.6.

{
if (!$token = $this->getToken()) {
return null;
}

$user = $token->getUser();
if (!is_object($user)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't the user be a simple string in some cases?
I mean, the TokenInterface says this:

/**
 * Returns a user representation.
 *
 * @return mixed Can be a UserInterface instance, an object implementing a __toString method,
 *               or the username as a regular string
 *
 * @see AbstractToken::setUser()
 */
public function getUser();

So instead, this should return mixed instead of UserInterface...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, but I'm purposely not allowing for people who use a string User to make use of this feature. We do that in other places. Allowing it to be a string makes everyone's user experience worse. So, you can do this, but you need to use the lower-level tools :)

return null;
}

return $user;
}

/**
* Checks if the attributes are granted against the current authentication token and optionally supplied subject.
*
* @param mixed $attributes
* @param mixed $subject
*
* @return bool
*/
public function isGranted($attributes, $subject = null)
{
return $this->container->get('security.authorization_checker')
->isGranted($attributes, $subject);
}

/**
* @return TokenInterface|null
*/
public function getToken()
{
return $this->container->get('security.token_storage')->getToken();
}
}
97 changes: 97 additions & 0 deletions src/Symfony/Component/Security/Core/Tests/SecurityTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Core\Tests;

use PHPUnit\Framework\TestCase;
use Psr\Container\ContainerInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\User;

class SecurityTest extends TestCase
{
public function testGetToken()
{
$token = new UsernamePasswordToken('foo', 'bar', 'provider');
$tokenStorage = $this->getMockBuilder(TokenStorageInterface::class)->getMock();

$tokenStorage->expects($this->once())
->method('getToken')
->will($this->returnValue($token));

$container = $this->createContainer('security.token_storage', $tokenStorage);

$security = new Security($container);
$this->assertSame($token, $security->getToken());
}

/**
* @dataProvider getUserTests
*/
public function testGetUser($userInToken, $expectedUser)
{
$token = $this->getMockBuilder(TokenInterface::class)->getMock();
$token->expects($this->any())
->method('getUser')
->will($this->returnValue($userInToken));
$tokenStorage = $this->getMockBuilder(TokenStorageInterface::class)->getMock();

$tokenStorage->expects($this->once())
->method('getToken')
->will($this->returnValue($token));

$container = $this->createContainer('security.token_storage', $tokenStorage);

$security = new Security($container);
$this->assertSame($expectedUser, $security->getUser());
}

public function getUserTests()
{
yield array(null, null);

yield array('string_username', null);

$user = new User('nice_user', 'foo');
yield array($user, $user);
}

public function testIsGranted()
{
$authorizationChecker = $this->getMockBuilder(AuthorizationCheckerInterface::class)->getMock();

$authorizationChecker->expects($this->once())
->method('isGranted')
->with('SOME_ATTRIBUTE', 'SOME_SUBJECT')
->will($this->returnValue(true));

$container = $this->createContainer('security.authorization_checker', $authorizationChecker);

$security = new Security($container);
$this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
}

private function createContainer($serviceId, $serviceObject)
{
$container = $this->getMockBuilder(ContainerInterface::class)->getMock();

$container->expects($this->atLeastOnce())
->method('get')
->with($serviceId)
->will($this->returnValue($serviceObject));

return $container;
}
}
2 changes: 2 additions & 0 deletions src/Symfony/Component/Security/Core/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
"symfony/polyfill-php56": "~1.0"
},
"require-dev": {
"psr/container": "^1.0",
"symfony/event-dispatcher": "~2.8|~3.0|~4.0",
"symfony/expression-language": "~2.8|~3.0|~4.0",
"symfony/http-foundation": "~2.8|~3.0|~4.0",
Expand All @@ -28,6 +29,7 @@
"psr/log": "~1.0"
},
"suggest": {
"psr/container": "To instantiate the Security class",
"symfony/event-dispatcher": "",
"symfony/http-foundation": "",
"symfony/validator": "For using the user password constraint",
Expand Down
2 changes: 2 additions & 0 deletions src/Symfony/Component/Security/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
"symfony/security-http": "self.version"
},
"require-dev": {
"psr/container": "^1.0",
"symfony/finder": "~2.8|~3.0|~4.0",
"symfony/polyfill-intl-icu": "~1.0",
"symfony/routing": "~2.8|~3.0|~4.0",
Expand All @@ -41,6 +42,7 @@
"psr/log": "~1.0"
},
"suggest": {
"psr/container": "To instantiate the Security class",
"symfony/form": "",
"symfony/validator": "For using the user password constraint",
"symfony/routing": "For using the HttpUtils class to create sub-requests, redirect the user, and match URLs",
Expand Down