IBX-8356: Removed `Ibexa\Core\MVC\Symfony\Security\Authentication\Aut…

…henticatorInterface` to be replaced with Symfony-based authentication

#375

src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php

@@ -78,9 +78,5 @@ public function process(ContainerBuilder $container): void
             'setEventDispatcher',
             [new Reference('event_dispatcher')]
         );
-        $successHandlerDef->addMethodCall(
-            'setPermissionResolver',
-            [$permissionResolverRef]
-        );
     }
 }

src/bundle/Core/Resources/config/security.yml

@@ -47,3 +47,7 @@ services:
     Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber\AccessDeniedSubscriber:
         autowire: true
         autoconfigure: true
+
+    Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber\OnAuthenticationTokenCreatedRepositoryUserSubscriber:
+        autowire: true
+        autoconfigure: true

src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php

@@ -8,13 +8,9 @@
 
 namespace Ibexa\Core\MVC\Symfony\Security\Authentication;
 
-use Ibexa\Contracts\Core\Repository\PermissionResolver;
 use Ibexa\Contracts\Core\SiteAccess\ConfigResolverInterface;
-use Ibexa\Core\MVC\Symfony\Security\UserInterface;
 use Psr\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler as BaseSuccessHandler;
 
 final class DefaultAuthenticationSuccessHandler extends BaseSuccessHandler
@@ -23,8 +19,6 @@ final class DefaultAuthenticationSuccessHandler extends BaseSuccessHandler
 
     private ConfigResolverInterface $configResolver;
 
-    private PermissionResolver $permissionResolver;
-
     public function setConfigResolver(ConfigResolverInterface $configResolver): void
     {
         $this->configResolver = $configResolver;
@@ -35,21 +29,6 @@ public function setEventDispatcher(EventDispatcherInterface $eventDispatcher): v
         $this->eventDispatcher = $eventDispatcher;
     }
 
-    public function setPermissionResolver(PermissionResolver $permissionResolver): void
-    {
-        $this->permissionResolver = $permissionResolver;
-    }
-
-    public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response
-    {
-        $user = $token->getUser();
-        if ($user instanceof UserInterface && isset($this->permissionResolver)) {
-            $this->permissionResolver->setCurrentUserReference($user->getAPIUser());
-        }
-
-        return parent::onAuthenticationSuccess($request, $token);
-    }
-
     protected function determineTargetUrl(Request $request): string
     {
         if (isset($this->configResolver)) {

src/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriber.php

@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber;
+
+use Ibexa\Contracts\Core\Repository\PermissionResolver;
+use Ibexa\Core\MVC\Symfony\Security\UserInterface as IbexaUser;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Security\Http\Event\AuthenticationTokenCreatedEvent;
+
+final readonly class OnAuthenticationTokenCreatedRepositoryUserSubscriber implements EventSubscriberInterface
+{
+    public function __construct(
+        private PermissionResolver $permissionResolver,
+    ) {
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            AuthenticationTokenCreatedEvent::class => ['onAuthenticationTokenCreated', 10],
+        ];
+    }
+
+    public function onAuthenticationTokenCreated(AuthenticationTokenCreatedEvent $event): void
+    {
+        $user = $event->getAuthenticatedToken()->getUser();
+        if (!$user instanceof IbexaUser) {
+            return;
+        }
+
+        $this->permissionResolver->setCurrentUserReference($user->getAPIUser());
+    }
+}

tests/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriberTest.php

@@ -0,0 +1,85 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\Tests\Core\MVC\Symfony\Security\Authentication\EventSubscriber;
+
+use Ibexa\Contracts\Core\Repository\PermissionResolver;
+use Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber\OnAuthenticationTokenCreatedRepositoryUserSubscriber;
+use Ibexa\Core\MVC\Symfony\Security\User;
+use Ibexa\Core\Repository\Values\User\User as ApiUser;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Event\AuthenticationTokenCreatedEvent;
+
+final class OnAuthenticationTokenCreatedRepositoryUserSubscriberTest extends TestCase
+{
+    public function testGetSubscribedEvents(): void
+    {
+        $subscriber = new OnAuthenticationTokenCreatedRepositoryUserSubscriber(
+            $this->createMock(PermissionResolver::class)
+        );
+
+        self::assertEquals(
+            [
+                AuthenticationTokenCreatedEvent::class => ['onAuthenticationTokenCreated', 10],
+            ],
+            $subscriber->getSubscribedEvents()
+        );
+    }
+
+    /**
+     * @dataProvider dataProviderForTestSettingCurrentUserReference
+     */
+    public function testSettingCurrentUserReference(
+        UserInterface $user,
+        bool $isPermissionResolverInvoked
+    ): void {
+        $permissionResolver = $this->createMock(PermissionResolver::class);
+        $permissionResolver
+            ->expects($isPermissionResolverInvoked === true ? self::once() : self::never())
+            ->method('setCurrentUserReference');
+
+        $subscriber = new OnAuthenticationTokenCreatedRepositoryUserSubscriber($permissionResolver);
+
+        $subscriber->onAuthenticationTokenCreated(
+            $this->getAuthenticationTokenCreatedEvent($user)
+        );
+    }
+
+    /**
+     * @return iterable<string, array{\Symfony\Component\Security\Core\User\UserInterface, bool}>
+     */
+    public function dataProviderForTestSettingCurrentUserReference(): iterable
+    {
+        yield 'authorizing Ibexa user' => [
+            new User($this->createMock(ApiUser::class)),
+            true,
+        ];
+
+        yield 'authorizing non-Ibexa user' => [
+            new InMemoryUser('foo', 'bar'),
+            false,
+        ];
+    }
+
+    private function getAuthenticationTokenCreatedEvent(UserInterface $user): AuthenticationTokenCreatedEvent
+    {
+        return new AuthenticationTokenCreatedEvent(
+            new UsernamePasswordToken($user, 'test_firewall'),
+            new Passport(
+                new UserBadge('foo'),
+                new PasswordCredentials('bar')
+            )
+        );
+    }
+}