added listener setting current repository user for all security-relat…

…ed processes
ibexa · Jun 25, 2024 · fe9da7e · fe9da7e
1 parent 6572a91
commit fe9da7e
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 25 deletions.
diff --git a/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php b/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php
@@ -78,9 +78,5 @@ public function process(ContainerBuilder $container): void
             'setEventDispatcher',
             [new Reference('event_dispatcher')]
         );
-        $successHandlerDef->addMethodCall(
-            'setPermissionResolver',
-            [$permissionResolverRef]
-        );
     }
 }
diff --git a/src/bundle/Core/Resources/config/security.yml b/src/bundle/Core/Resources/config/security.yml
@@ -47,3 +47,7 @@ services:
     Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber\AccessDeniedSubscriber:
         autowire: true
         autoconfigure: true
+
+    Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber\OnAuthenticationTokenCreatedRepositoryUserSubscriber:
+        autowire: true
+        autoconfigure: true
diff --git a/src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php b/src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php
@@ -8,13 +8,9 @@
 
 namespace Ibexa\Core\MVC\Symfony\Security\Authentication;
 
-use Ibexa\Contracts\Core\Repository\PermissionResolver;
 use Ibexa\Contracts\Core\SiteAccess\ConfigResolverInterface;
-use Ibexa\Core\MVC\Symfony\Security\UserInterface;
 use Psr\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler as BaseSuccessHandler;
 
 final class DefaultAuthenticationSuccessHandler extends BaseSuccessHandler
@@ -23,8 +19,6 @@ final class DefaultAuthenticationSuccessHandler extends BaseSuccessHandler
 
     private ConfigResolverInterface $configResolver;
 
-    private PermissionResolver $permissionResolver;
-
     public function setConfigResolver(ConfigResolverInterface $configResolver): void
     {
         $this->configResolver = $configResolver;
@@ -35,21 +29,6 @@ public function setEventDispatcher(EventDispatcherInterface $eventDispatcher): v
         $this->eventDispatcher = $eventDispatcher;
     }
 
-    public function setPermissionResolver(PermissionResolver $permissionResolver): void
-    {
-        $this->permissionResolver = $permissionResolver;
-    }
-
-    public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response
-    {
-        $user = $token->getUser();
-        if ($user instanceof UserInterface && isset($this->permissionResolver)) {
-            $this->permissionResolver->setCurrentUserReference($user->getAPIUser());
-        }
-
-        return parent::onAuthenticationSuccess($request, $token);
-    }
-
     protected function determineTargetUrl(Request $request): string
     {
         if (isset($this->configResolver)) {

diff --git a/...y/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriber.php b/...y/Authentication/EventSubscriber/OnAuthenticationTokenCreatedRepositoryUserSubscriber.php
@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\Core\MVC\Symfony\Security\Authentication\EventSubscriber;
+
+use Ibexa\Contracts\Core\Repository\PermissionResolver;
+use Ibexa\Core\MVC\Symfony\Security\UserInterface as IbexaUser;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Security\Http\Event\AuthenticationTokenCreatedEvent;
+
+final readonly class OnAuthenticationTokenCreatedRepositoryUserSubscriber implements EventSubscriberInterface
+{
+    public function __construct(
+        private PermissionResolver $permissionResolver,
+    ) {
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            AuthenticationTokenCreatedEvent::class => ['onAuthenticationTokenCreated', 10],
+        ];
+    }
+
+    public function onAuthenticationTokenCreated(AuthenticationTokenCreatedEvent $event): void
+    {
+        $user = $event->getAuthenticatedToken()->getUser();
+        if (!$user instanceof IbexaUser) {
+            return;
+        }
+
+        $this->permissionResolver->setCurrentUserReference($user->getAPIUser());
+    }
+}