From 62e04b2fcc604ba89b4dbc37a7fc8fcc5d218c12 Mon Sep 17 00:00:00 2001 From: Konrad Oboza Date: Mon, 1 Jul 2024 13:05:54 +0200 Subject: [PATCH] IBX-8356: Removed `Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface` to be replaced with Symfony-based authentication https://github.com/ibexa/core/pull/375 --- .../Compiler/SecurityPass.php | 4 - src/bundle/Core/Resources/config/security.yml | 4 + .../Authentication/AuthenticatorInterface.php | 45 ---------- .../DefaultAuthenticationSuccessHandler.php | 21 ----- ...onTokenCreatedRepositoryUserSubscriber.php | 39 +++++++++ ...kenCreatedRepositoryUserSubscriberTest.php | 85 +++++++++++++++++++ 6 files changed, 128 insertions(+), 70 deletions(-) delete mode 100644 src/lib/MVC/Symfony/Security/Authentication/AuthenticatorInterface.php create mode 100644 src/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriber.php create mode 100644 tests/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriberTest.php diff --git a/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php b/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php index ffcbc8774c..d9520db0cd 100644 --- a/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php +++ b/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php @@ -78,9 +78,5 @@ public function process(ContainerBuilder $container): void 'setEventDispatcher', [new Reference('event_dispatcher')] ); - $successHandlerDef->addMethodCall( - 'setPermissionResolver', - [$permissionResolverRef] - ); } } diff --git a/src/bundle/Core/Resources/config/security.yml b/src/bundle/Core/Resources/config/security.yml index 5ca47846d9..fb74525faf 100644 --- a/src/bundle/Core/Resources/config/security.yml +++ b/src/bundle/Core/Resources/config/security.yml @@ -47,3 +47,7 @@ services: Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber\AccessDeniedSubscriber: autowire: true autoconfigure: true + + Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber\OnAuthenticationTokenCreatedRepositoryUserSubscriber: + autowire: true + autoconfigure: true diff --git a/src/lib/MVC/Symfony/Security/Authentication/AuthenticatorInterface.php b/src/lib/MVC/Symfony/Security/Authentication/AuthenticatorInterface.php deleted file mode 100644 index 37f4a1c20e..0000000000 --- a/src/lib/MVC/Symfony/Security/Authentication/AuthenticatorInterface.php +++ /dev/null @@ -1,45 +0,0 @@ -configResolver = $configResolver; @@ -35,21 +29,6 @@ public function setEventDispatcher(EventDispatcherInterface $eventDispatcher): v $this->eventDispatcher = $eventDispatcher; } - public function setPermissionResolver(PermissionResolver $permissionResolver): void - { - $this->permissionResolver = $permissionResolver; - } - - public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response - { - $user = $token->getUser(); - if ($user instanceof UserInterface && isset($this->permissionResolver)) { - $this->permissionResolver->setCurrentUserReference($user->getAPIUser()); - } - - return parent::onAuthenticationSuccess($request, $token); - } - protected function determineTargetUrl(Request $request): string { if (isset($this->configResolver)) { diff --git a/src/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriber.php b/src/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriber.php new file mode 100644 index 0000000000..59e6b4b1b0 --- /dev/null +++ b/src/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriber.php @@ -0,0 +1,39 @@ + ['onAuthenticationTokenCreated', 10], + ]; + } + + public function onAuthenticationTokenCreated(AuthenticationTokenCreatedEvent $event): void + { + $user = $event->getAuthenticatedToken()->getUser(); + if (!$user instanceof IbexaUser) { + return; + } + + $this->permissionResolver->setCurrentUserReference($user->getAPIUser()); + } +} diff --git a/tests/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriberTest.php b/tests/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriberTest.php new file mode 100644 index 0000000000..29c3d68685 --- /dev/null +++ b/tests/lib/MVC/Symfony/Security/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriberTest.php @@ -0,0 +1,85 @@ +createMock(PermissionResolver::class) + ); + + self::assertEquals( + [ + AuthenticationTokenCreatedEvent::class => ['onAuthenticationTokenCreated', 10], + ], + $subscriber->getSubscribedEvents() + ); + } + + /** + * @dataProvider dataProviderForTestSettingCurrentUserReference + */ + public function testSettingCurrentUserReference( + UserInterface $user, + bool $isPermissionResolverInvoked + ): void { + $permissionResolver = $this->createMock(PermissionResolver::class); + $permissionResolver + ->expects($isPermissionResolverInvoked === true ? self::once() : self::never()) + ->method('setCurrentUserReference'); + + $subscriber = new OnAuthenticationTokenCreatedRepositoryUserSubscriber($permissionResolver); + + $subscriber->onAuthenticationTokenCreated( + $this->getAuthenticationTokenCreatedEvent($user) + ); + } + + /** + * @return iterable + */ + public function dataProviderForTestSettingCurrentUserReference(): iterable + { + yield 'authorizing Ibexa user' => [ + new User($this->createMock(ApiUser::class)), + true, + ]; + + yield 'authorizing non-Ibexa user' => [ + new InMemoryUser('foo', 'bar'), + false, + ]; + } + + private function getAuthenticationTokenCreatedEvent(UserInterface $user): AuthenticationTokenCreatedEvent + { + return new AuthenticationTokenCreatedEvent( + new UsernamePasswordToken($user, 'test_firewall'), + new Passport( + new UserBadge('foo'), + new PasswordCredentials('bar') + ) + ); + } +}