Disable session usage tracking from Security helper when there is no request

chalasr · chalasr · commit 152024e24111 · 2021-09-28T15:10:40.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -90,6 +90,7 @@
             ->args([service_locator([
                 'security.token_storage' => service('security.token_storage'),
                 'security.authorization_checker' => service('security.authorization_checker'),
+                'request_stack' => service('request_stack'),
             ])])
         ->alias(Security::class, 'security.helper')
 
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php
@@ -70,6 +70,11 @@ public function disableUsageTracking(): void
         $this->enableUsageTracking = false;
     }
 
+    public function isUsageTrackingEnabled(): bool
+    {
+        return $this->enableUsageTracking;
+    }
+
     public static function getSubscribedServices(): array
     {
         return [
diff --git a/src/Symfony/Component/Security/Core/Security.php b/src/Symfony/Component/Security/Core/Security.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core;
 
 use Psr\Container\ContainerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -67,6 +68,20 @@ public function isGranted($attributes, $subject = null): bool
 
     public function getToken(): ?TokenInterface
     {
-        return $this->container->get('security.token_storage')->getToken();
+        $tokenStorage = $this->container->get('security.token_storage');
+
+        if (!$tokenStorage instanceof UsageTrackingTokenStorage) {
+            return $tokenStorage->getToken();
+        }
+
+        if (!$this->container->get('request_stack')->getMainRequest() && $tokenStorage->isUsageTrackingEnabled()) {
+            $tokenStorage->disableUsageTracking();
+            $token = $tokenStorage->getToken();
+            $tokenStorage->enableUsageTracking();
+
+            return $token;
+        }
+
+        return $tokenStorage->getToken();
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Tests/SecurityTest.php b/src/Symfony/Component/Security/Core/Tests/SecurityTest.php
@@ -13,7 +13,10 @@
 
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
+use Symfony\Component\DependencyInjection\ServiceLocator;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
@@ -37,6 +40,33 @@ public function testGetToken()
         $this->assertSame($token, $security->getToken());
     }
 
+    public function testGetTokenDisablesUsageTrackingWhenThereIsNoRequest()
+    {
+        $token = new UsernamePasswordToken('foo', 'bar', 'provider');
+        $tokenStorage = $this->createMock(TokenStorageInterface::class);
+        $requestStackFactory = function (): RequestStack { return new RequestStack(); };
+
+        $usageTrackingTokenStorage = new UsageTrackingTokenStorage($tokenStorage, new ServiceLocator([
+            'request_stack' => $requestStackFactory,
+        ]));
+        $usageTrackingTokenStorage->enableUsageTracking();
+
+        $tokenStorage->expects($this->once())
+            ->method('getToken')
+            ->willReturn($token);
+
+        $container = new ServiceLocator([
+            'security.token_storage' => function () use ($usageTrackingTokenStorage): TokenStorageInterface {
+                return $usageTrackingTokenStorage;
+            },
+            'request_stack' => $requestStackFactory,
+        ]);
+
+        $security = new Security($container);
+        $this->assertSame($token, $security->getToken());
+        $this->assertTrue($usageTrackingTokenStorage->isUsageTrackingEnabled());
+    }
+
     /**
      * @dataProvider getUserTests
      */

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,11 @@ public function disableUsageTracking(): void`
`70`	`70`	`$this->enableUsageTracking = false;`
`71`	`71`	`}`
`72`	`72`
	`73`	`+ public function isUsageTrackingEnabled(): bool`
	`74`	`+ {`
	`75`	`+ return $this->enableUsageTracking;`
	`76`	`+ }`
	`77`	`+`
`73`	`78`	`public static function getSubscribedServices(): array`
`74`	`79`	`{`
`75`	`80`	`return [`