Skip to content

[Security] Lazy load user providers #23295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 11, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ private function createFirewalls($config, ContainerBuilder $container)
foreach ($providerIds as $userProviderId) {
$userProviders[] = new Reference($userProviderId);
}
$arguments[1] = $userProviders;
$arguments[1] = new IteratorArgument($userProviders);
$definition->setArguments($arguments);

$customUserChecker = false;
Expand Down Expand Up @@ -613,7 +613,7 @@ private function createUserDaoProvider($name, $provider, ContainerBuilder $conta

$container
->setDefinition($name, new ChildDefinition('security.user.provider.chain'))
->addArgument($providers);
->addArgument(new IteratorArgument($providers));

return $name;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;

use PHPUnit\Framework\TestCase;
use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
use Symfony\Component\DependencyInjection\Reference;
use Symfony\Bundle\SecurityBundle\SecurityBundle;
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
Expand Down Expand Up @@ -57,10 +58,10 @@ public function testUserProviders()
$this->assertEquals(array(), array_diff($providers, $expectedProviders));

// chain provider
$this->assertEquals(array(array(
$this->assertEquals(array(new IteratorArgument(array(
new Reference('security.user.provider.concrete.service'),
new Reference('security.user.provider.concrete.basic'),
)), $container->getDefinition('security.user.provider.concrete.chain')->getArguments());
))), $container->getDefinition('security.user.provider.concrete.chain')->getArguments());
}

public function testFirewalls()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,26 @@ public function testSupportsClassWhenNotSupported()
$this->assertFalse($provider->supportsClass('foo'));
}

public function testAcceptsTraversable()
{
$provider1 = $this->getProvider();
$provider1
->expects($this->once())
->method('refreshUser')
->will($this->throwException(new UnsupportedUserException('unsupported')))
;

$provider2 = $this->getProvider();
$provider2
->expects($this->once())
->method('refreshUser')
->will($this->returnValue($account = $this->getAccount()))
;

$provider = new ChainUserProvider(new \ArrayObject(array($provider1, $provider2)));
$this->assertSame($account, $provider->refreshUser($this->getAccount()));
}

protected function getAccount()
{
return $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,10 @@ class ChainUserProvider implements UserProviderInterface
{
private $providers;

public function __construct(array $providers)
/**
* @param iterable|UserProviderInterface[] $providers
*/
public function __construct($providers)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same, docblock to typehint when merging into master

{
$this->providers = $providers;
}
Expand All @@ -36,6 +39,10 @@ public function __construct(array $providers)
*/
public function getProviders()
{
if ($this->providers instanceof \Traversable) {
return iterator_to_array($this->providers);
}

return $this->providers;
}

Expand Down
20 changes: 13 additions & 7 deletions src/Symfony/Component/Security/Http/Firewall/ContextListener.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,18 +44,20 @@ class ContextListener implements ListenerInterface
private $registered;
private $trustResolver;

public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
/**
* @param TokenStorageInterface $tokenStorage
* @param iterable|UserProviderInterface[] $userProviders
* @param string $contextKey
* @param LoggerInterface|null $logger
* @param EventDispatcherInterface|null $dispatcher
* @param AuthenticationTrustResolverInterface|null $trustResolver
*/
public function __construct(TokenStorageInterface $tokenStorage, $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

full docblock to be removed + iterable typehint to be added to the $userProviders arg when merging into master.

{
if (empty($contextKey)) {
throw new \InvalidArgumentException('$contextKey must not be empty.');
}

foreach ($userProviders as $userProvider) {
if (!$userProvider instanceof UserProviderInterface) {
throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "Symfony\Component\Security\Core\User\UserProviderInterface".', get_class($userProvider)));
}
}

$this->tokenStorage = $tokenStorage;
$this->userProviders = $userProviders;
$this->contextKey = $contextKey;
Expand Down Expand Up @@ -158,6 +160,10 @@ protected function refreshUser(TokenInterface $token)
$userNotFoundByProvider = false;

foreach ($this->userProviders as $provider) {
if (!$provider instanceof UserProviderInterface) {
throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "%s".', get_class($provider), UserProviderInterface::class));
}

try {
$refreshedUser = $provider->refreshUser($user);
$token->setUser($refreshedUser);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,7 @@ public function testItRequiresContextKey()
*/
public function testUserProvidersNeedToImplementAnInterface()
{
new ContextListener(
$this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(),
array(new \stdClass()),
'key123'
);
$this->handleEventWithPreviousSession(new TokenStorage(), array(new \stdClass()));
}

public function testOnKernelResponseWillAddSession()
Expand Down Expand Up @@ -287,6 +283,15 @@ public function testRuntimeExceptionIsThrownIfNoSupportingUserProviderWasRegiste
$this->handleEventWithPreviousSession(new TokenStorage(), array(new NotSupportingUserProvider(), new NotSupportingUserProvider()));
}

public function testAcceptsProvidersAsTraversable()
{
$tokenStorage = new TokenStorage();
$refreshedUser = new User('foobar', 'baz');
$this->handleEventWithPreviousSession($tokenStorage, new \ArrayObject(array(new NotSupportingUserProvider(), new SupportingUserProvider($refreshedUser))));

$this->assertSame($refreshedUser, $tokenStorage->getToken()->getUser());
}

protected function runSessionOnKernelResponse($newToken, $original = null)
{
$session = new Session(new MockArraySessionStorage());
Expand Down Expand Up @@ -315,7 +320,7 @@ protected function runSessionOnKernelResponse($newToken, $original = null)
return $session;
}

private function handleEventWithPreviousSession(TokenStorageInterface $tokenStorage, array $userProviders)
private function handleEventWithPreviousSession(TokenStorageInterface $tokenStorage, $userProviders)
{
$session = new Session(new MockArraySessionStorage());
$session->set('_security_context_key', serialize(new UsernamePasswordToken(new User('foo', 'bar'), '', 'context_key')));
Expand Down