fix(security): user login programmatically with dedicated user checker on a firewall

94noni · 94noni · commit d5db9d8f81b3 · 2024-03-15T15:10:47.000+01:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -424,6 +424,14 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         $container->register('security.user_checker.chain.'.$id, ChainUserChecker::class)
             ->addArgument(new TaggedIteratorArgument('security.user_checker.'.$id));
 
+        // Register Firewall-specific user checker for 'security.helper' login()
+        $securityUserCheckerLocator = $container->getDefinition('security.user_checker_locator');
+        $securityUserCheckerLocator
+            ->replaceArgument(0, array_merge($securityUserCheckerLocator->getArgument(0), [
+                'security.user_checker.'.$id => new ServiceClosureArgument(new Reference('security.user_checker.'.$id)),
+            ]))
+        ;
+
         // Register listeners
         $listeners = [];
         $listenerKeys = [];
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -19,6 +19,7 @@
 use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
 use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
 use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
+use Symfony\Component\DependencyInjection\ServiceLocator;
 use Symfony\Component\ExpressionLanguage\ExpressionLanguage as BaseExpressionLanguage;
 use Symfony\Component\Ldap\Security\LdapUserProvider;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
@@ -80,6 +81,9 @@
 
         ->set('security.untracked_token_storage', TokenStorage::class)
 
+        ->set('security.user_checker_locator', ServiceLocator::class)
+            ->args([[]])
+
         ->set('security.helper', Security::class)
             ->args([
                 service_locator([
@@ -89,6 +93,7 @@
                     'request_stack' => service('request_stack'),
                     'security.firewall.map' => service('security.firewall.map'),
                     'security.user_checker' => service('security.user_checker'),
+                    'security.user_checker_locator' => service('security.user_checker_locator'),
                     'security.firewall.event_dispatcher_locator' => service('security.firewall.event_dispatcher_locator'),
                     'security.csrf.token_manager' => service('security.csrf.token_manager')->ignoreOnInvalid(),
                 ]),
diff --git a/src/Symfony/Bundle/SecurityBundle/Security.php b/src/Symfony/Bundle/SecurityBundle/Security.php
@@ -127,7 +127,11 @@ public function login(UserInterface $user, ?string $authenticatorName = null, ?s
 
         $authenticator = $this->getAuthenticator($authenticatorName, $firewallName);
 
-        $this->container->get('security.user_checker')->checkPreAuth($user);
+        if ($this->container->get('security.user_checker_locator')->has('security.user_checker.'.$firewallName)) {
+            $this->container->get('security.user_checker_locator')->get('security.user_checker.'.$firewallName)->checkPreAuth($user);
+        } else {
+            $this->container->get('security.user_checker')->checkPreAuth($user);
+        }
 
         return $this->container->get('security.authenticator.managers_locator')->get($firewallName)->authenticateUser($user, $authenticator, $request, $badges);
     }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/SecurityTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/SecurityTest.php
@@ -143,6 +143,7 @@ public function testLogin()
                 ['security.firewall.map', $firewallMap],
                 ['security.authenticator.managers_locator', $this->createContainer('main', $userAuthenticator)],
                 ['security.user_checker', $userChecker],
+                ['security.user_checker_locator', $this->createContainer('security.user_checker.main', $userChecker)],
             ])
         ;
 
@@ -189,6 +190,7 @@ public function testLoginReturnsAuthenticatorResponse()
                 ['security.firewall.map', $firewallMap],
                 ['security.authenticator.managers_locator', $this->createContainer('main', $userAuthenticator)],
                 ['security.user_checker', $userChecker],
+                ['security.user_checker_locator', $this->createContainer('security.user_checker.main', $userChecker)],
             ])
         ;
 
@@ -238,6 +240,7 @@ public function testLoginWithoutAuthenticatorThrows()
                 ['request_stack', $requestStack],
                 ['security.firewall.map', $firewallMap],
                 ['security.user_checker', $userChecker],
+                ['security.user_checker_locator', $this->createContainer('security.user_checker.main', $userChecker)],
             ])
         ;
 

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,7 @@ public function testLogin()`
`143`	`143`	`['security.firewall.map', $firewallMap],`
`144`	`144`	`['security.authenticator.managers_locator', $this->createContainer('main', $userAuthenticator)],`
`145`	`145`	`['security.user_checker', $userChecker],`
	`146`	`+ ['security.user_checker_locator', $this->createContainer('security.user_checker.main', $userChecker)],`
`146`	`147`	`])`
`147`	`148`	`;`
`148`	`149`
`@@ -189,6 +190,7 @@ public function testLoginReturnsAuthenticatorResponse()`
`189`	`190`	`['security.firewall.map', $firewallMap],`
`190`	`191`	`['security.authenticator.managers_locator', $this->createContainer('main', $userAuthenticator)],`
`191`	`192`	`['security.user_checker', $userChecker],`
	`193`	`+ ['security.user_checker_locator', $this->createContainer('security.user_checker.main', $userChecker)],`
`192`	`194`	`])`
`193`	`195`	`;`
`194`	`196`
`@@ -238,6 +240,7 @@ public function testLoginWithoutAuthenticatorThrows()`
`238`	`240`	`['request_stack', $requestStack],`
`239`	`241`	`['security.firewall.map', $firewallMap],`
`240`	`242`	`['security.user_checker', $userChecker],`
	`243`	`+ ['security.user_checker_locator', $this->createContainer('security.user_checker.main', $userChecker)],`
`241`	`244`	`])`
`242`	`245`	`;`
`243`	`246`