The start of something beautiful
This commit is contained in:
@@ -0,0 +1,55 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Security;
|
||||
|
||||
use Psr\Container\ContainerInterface;
|
||||
use Symfony\Component\HttpFoundation\RequestStack;
|
||||
|
||||
/**
|
||||
* Provides basic functionality for services mapped by the firewall name
|
||||
* in a container locator.
|
||||
*
|
||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
trait FirewallAwareTrait
|
||||
{
|
||||
private ContainerInterface $locator;
|
||||
private RequestStack $requestStack;
|
||||
private FirewallMap $firewallMap;
|
||||
|
||||
private function getForFirewall(): object
|
||||
{
|
||||
$serviceIdentifier = str_replace('FirewallAware', '', static::class);
|
||||
if (null === $request = $this->requestStack->getCurrentRequest()) {
|
||||
throw new \LogicException('Cannot determine the correct '.$serviceIdentifier.' to use: there is no active Request and so, the firewall cannot be determined. Try using a specific '.$serviceIdentifier.' service.');
|
||||
}
|
||||
|
||||
$firewall = $this->firewallMap->getFirewallConfig($request);
|
||||
if (!$firewall) {
|
||||
throw new \LogicException('No '.$serviceIdentifier.' found as the current route is not covered by a firewall.');
|
||||
}
|
||||
|
||||
$firewallName = $firewall->getName();
|
||||
if (!$this->locator->has($firewallName)) {
|
||||
$message = 'No '.$serviceIdentifier.' found for this firewall.';
|
||||
if (\defined(static::class.'::FIREWALL_OPTION')) {
|
||||
$message .= sprintf(' Did you forget to add a "'.static::FIREWALL_OPTION.'" key under your "%s" firewall?', $firewallName);
|
||||
}
|
||||
|
||||
throw new \LogicException($message);
|
||||
}
|
||||
|
||||
return $this->locator->get($firewallName);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,107 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Security;
|
||||
|
||||
/**
|
||||
* @author Robin Chalas <robin.chalas@gmail.com>
|
||||
*/
|
||||
final class FirewallConfig
|
||||
{
|
||||
public function __construct(
|
||||
private readonly string $name,
|
||||
private readonly string $userChecker,
|
||||
private readonly ?string $requestMatcher = null,
|
||||
private readonly bool $securityEnabled = true,
|
||||
private readonly bool $stateless = false,
|
||||
private readonly ?string $provider = null,
|
||||
private readonly ?string $context = null,
|
||||
private readonly ?string $entryPoint = null,
|
||||
private readonly ?string $accessDeniedHandler = null,
|
||||
private readonly ?string $accessDeniedUrl = null,
|
||||
private readonly array $authenticators = [],
|
||||
private readonly ?array $switchUser = null,
|
||||
private readonly ?array $logout = null,
|
||||
) {
|
||||
}
|
||||
|
||||
public function getName(): string
|
||||
{
|
||||
return $this->name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string|null The request matcher service id or null if neither the request matcher, pattern or host
|
||||
* options were provided
|
||||
*/
|
||||
public function getRequestMatcher(): ?string
|
||||
{
|
||||
return $this->requestMatcher;
|
||||
}
|
||||
|
||||
public function isSecurityEnabled(): bool
|
||||
{
|
||||
return $this->securityEnabled;
|
||||
}
|
||||
|
||||
public function isStateless(): bool
|
||||
{
|
||||
return $this->stateless;
|
||||
}
|
||||
|
||||
public function getProvider(): ?string
|
||||
{
|
||||
return $this->provider;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string|null The context key (will be null if the firewall is stateless)
|
||||
*/
|
||||
public function getContext(): ?string
|
||||
{
|
||||
return $this->context;
|
||||
}
|
||||
|
||||
public function getEntryPoint(): ?string
|
||||
{
|
||||
return $this->entryPoint;
|
||||
}
|
||||
|
||||
public function getUserChecker(): string
|
||||
{
|
||||
return $this->userChecker;
|
||||
}
|
||||
|
||||
public function getAccessDeniedHandler(): ?string
|
||||
{
|
||||
return $this->accessDeniedHandler;
|
||||
}
|
||||
|
||||
public function getAccessDeniedUrl(): ?string
|
||||
{
|
||||
return $this->accessDeniedUrl;
|
||||
}
|
||||
|
||||
public function getAuthenticators(): array
|
||||
{
|
||||
return $this->authenticators;
|
||||
}
|
||||
|
||||
public function getSwitchUser(): ?array
|
||||
{
|
||||
return $this->switchUser;
|
||||
}
|
||||
|
||||
public function getLogout(): ?array
|
||||
{
|
||||
return $this->logout;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,63 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Security;
|
||||
|
||||
use Symfony\Component\Security\Http\Firewall\ExceptionListener;
|
||||
use Symfony\Component\Security\Http\Firewall\LogoutListener;
|
||||
|
||||
/**
|
||||
* This is a wrapper around the actual firewall configuration which allows us
|
||||
* to lazy load the context for one specific firewall only when we need it.
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
*/
|
||||
class FirewallContext
|
||||
{
|
||||
private iterable $listeners;
|
||||
private ?ExceptionListener $exceptionListener;
|
||||
private ?LogoutListener $logoutListener;
|
||||
private ?FirewallConfig $config;
|
||||
|
||||
/**
|
||||
* @param iterable<mixed, callable> $listeners
|
||||
*/
|
||||
public function __construct(iterable $listeners, ?ExceptionListener $exceptionListener = null, ?LogoutListener $logoutListener = null, ?FirewallConfig $config = null)
|
||||
{
|
||||
$this->listeners = $listeners;
|
||||
$this->exceptionListener = $exceptionListener;
|
||||
$this->logoutListener = $logoutListener;
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
public function getConfig(): ?FirewallConfig
|
||||
{
|
||||
return $this->config;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return iterable<mixed, callable>
|
||||
*/
|
||||
public function getListeners(): iterable
|
||||
{
|
||||
return $this->listeners;
|
||||
}
|
||||
|
||||
public function getExceptionListener(): ?ExceptionListener
|
||||
{
|
||||
return $this->exceptionListener;
|
||||
}
|
||||
|
||||
public function getLogoutListener(): ?LogoutListener
|
||||
{
|
||||
return $this->logoutListener;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Security;
|
||||
|
||||
use Psr\Container\ContainerInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Security\Http\FirewallMapInterface;
|
||||
|
||||
/**
|
||||
* This is a lazy-loading firewall map implementation.
|
||||
*
|
||||
* Listeners will only be initialized if we really need them.
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
*/
|
||||
class FirewallMap implements FirewallMapInterface
|
||||
{
|
||||
private ContainerInterface $container;
|
||||
private iterable $map;
|
||||
|
||||
public function __construct(ContainerInterface $container, iterable $map)
|
||||
{
|
||||
$this->container = $container;
|
||||
$this->map = $map;
|
||||
}
|
||||
|
||||
public function getListeners(Request $request): array
|
||||
{
|
||||
$context = $this->getFirewallContext($request);
|
||||
|
||||
if (null === $context) {
|
||||
return [[], null, null];
|
||||
}
|
||||
|
||||
return [$context->getListeners(), $context->getExceptionListener(), $context->getLogoutListener()];
|
||||
}
|
||||
|
||||
public function getFirewallConfig(Request $request): ?FirewallConfig
|
||||
{
|
||||
return $this->getFirewallContext($request)?->getConfig();
|
||||
}
|
||||
|
||||
private function getFirewallContext(Request $request): ?FirewallContext
|
||||
{
|
||||
if ($request->attributes->has('_firewall_context')) {
|
||||
$storedContextId = $request->attributes->get('_firewall_context');
|
||||
foreach ($this->map as $contextId => $requestMatcher) {
|
||||
if ($contextId === $storedContextId) {
|
||||
return $this->container->get($contextId);
|
||||
}
|
||||
}
|
||||
|
||||
$request->attributes->remove('_firewall_context');
|
||||
}
|
||||
|
||||
foreach ($this->map as $contextId => $requestMatcher) {
|
||||
if (null === $requestMatcher || $requestMatcher->matches($request)) {
|
||||
$request->attributes->set('_firewall_context', $contextId);
|
||||
|
||||
return $this->container->get($contextId);
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,77 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Security;
|
||||
|
||||
use Symfony\Component\HttpKernel\Event\RequestEvent;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
|
||||
use Symfony\Component\Security\Http\Event\LazyResponseEvent;
|
||||
use Symfony\Component\Security\Http\Firewall\ExceptionListener;
|
||||
use Symfony\Component\Security\Http\Firewall\FirewallListenerInterface;
|
||||
use Symfony\Component\Security\Http\Firewall\LogoutListener;
|
||||
|
||||
/**
|
||||
* Lazily calls authentication listeners when actually required by the access listener.
|
||||
*
|
||||
* @author Nicolas Grekas <p@tchwork.com>
|
||||
*/
|
||||
class LazyFirewallContext extends FirewallContext
|
||||
{
|
||||
private TokenStorage $tokenStorage;
|
||||
|
||||
public function __construct(iterable $listeners, ?ExceptionListener $exceptionListener, ?LogoutListener $logoutListener, ?FirewallConfig $config, TokenStorage $tokenStorage)
|
||||
{
|
||||
parent::__construct($listeners, $exceptionListener, $logoutListener, $config);
|
||||
|
||||
$this->tokenStorage = $tokenStorage;
|
||||
}
|
||||
|
||||
public function getListeners(): iterable
|
||||
{
|
||||
return [$this];
|
||||
}
|
||||
|
||||
public function __invoke(RequestEvent $event): void
|
||||
{
|
||||
$listeners = [];
|
||||
$request = $event->getRequest();
|
||||
$lazy = $request->isMethodCacheable();
|
||||
|
||||
foreach (parent::getListeners() as $listener) {
|
||||
if (!$lazy || !$listener instanceof FirewallListenerInterface) {
|
||||
$listeners[] = $listener;
|
||||
$lazy = $lazy && $listener instanceof FirewallListenerInterface;
|
||||
} elseif (false !== $supports = $listener->supports($request)) {
|
||||
$listeners[] = [$listener, 'authenticate'];
|
||||
$lazy = null === $supports;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$lazy) {
|
||||
foreach ($listeners as $listener) {
|
||||
$listener($event);
|
||||
|
||||
if ($event->hasResponse()) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$this->tokenStorage->setInitializer(function () use ($event, $listeners) {
|
||||
$event = new LazyResponseEvent($event);
|
||||
foreach ($listeners as $listener) {
|
||||
$listener($event);
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Bundle\SecurityBundle\Security;
|
||||
|
||||
use Psr\Container\ContainerInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\RequestStack;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
|
||||
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
|
||||
|
||||
/**
|
||||
* A decorator that delegates all method calls to the authenticator
|
||||
* manager of the current firewall.
|
||||
*
|
||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class UserAuthenticator implements UserAuthenticatorInterface
|
||||
{
|
||||
use FirewallAwareTrait;
|
||||
|
||||
public function __construct(FirewallMap $firewallMap, ContainerInterface $userAuthenticators, RequestStack $requestStack)
|
||||
{
|
||||
$this->firewallMap = $firewallMap;
|
||||
$this->locator = $userAuthenticators;
|
||||
$this->requestStack = $requestStack;
|
||||
}
|
||||
|
||||
public function authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request, array $badges = []): ?Response
|
||||
{
|
||||
return $this->getForFirewall()->authenticateUser($user, $authenticator, $request, $badges);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user