Skip to content

S
Silex
Commit 8b776dfb authored by Fabien Potencier's avatar Fabien Potencier
Browse files
Options

fixed authentication providers registration

parent 9022e420
Hide whitespace changes
Inline Side-by-side
Showing with 139 additions and 113 deletions
src/Silex/Provider/SecurityServiceProvider.php
View file @ 8b776dfb
...@@ -129,13 +129,23 @@ class SecurityServiceProvider implements ServiceProviderInterface ...@@ -129,13 +129,23 @@ class SecurityServiceProvider implements ServiceProviderInterface
$app['security.authentication.'.$name.'.'.$type] = $app['security.authentication.'.$type.'._proto']($name, $options); $app['security.authentication.'.$name.'.'.$type] = $app['security.authentication.'.$type.'._proto']($name, $options);
} }
return array($app['security.authentication.'.$name.'.'.$type], $app['security.entry_point.'.$name.'.'.$entryPoint], $type); if (!isset($app['security.authentication_provider.'.$name])) {
$app['security.authentication_provider.'.$name] = $app['security.authentication_provider.'.('anonymous' == $name ? 'anonymous' : 'dao').'._proto']($name);
}
return array(
'security.authentication_provider.'.$name,
'security.authentication.'.$name.'.'.$type,
'security.entry_point.'.$name.'.'.$entryPoint,
$type
);
}); });
} }
$app['security.firewall_map'] = $app->share(function () use ($app) { $app['security.firewall_map'] = $app->share(function () use ($app) {
$map = new FirewallMap();
$positions = array('logout', 'pre_auth', 'form', 'http', 'remember_me', 'anonymous'); $positions = array('logout', 'pre_auth', 'form', 'http', 'remember_me', 'anonymous');
$providers = array();
$configs = array();
foreach ($app['security.firewalls'] as $name => $firewall) { foreach ($app['security.firewalls'] as $name => $firewall) {
$entryPoint = 'form'; $entryPoint = 'form';
$pattern = isset($firewall['pattern']) ? $firewall['pattern'] : null; $pattern = isset($firewall['pattern']) ? $firewall['pattern'] : null;
...@@ -144,7 +154,7 @@ class SecurityServiceProvider implements ServiceProviderInterface ...@@ -144,7 +154,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
$protected = count($firewall); $protected = count($firewall);
$listeners = array($app['security.channel_listener']); $listeners = array('security.channel_listener');
if ($protected) { if ($protected) {
if (!isset($app['security.context_listener.'.$name])) { if (!isset($app['security.context_listener.'.$name])) {
...@@ -152,13 +162,10 @@ class SecurityServiceProvider implements ServiceProviderInterface ...@@ -152,13 +162,10 @@ class SecurityServiceProvider implements ServiceProviderInterface
$app['security.user_provider.'.$name] = is_array($users) ? $app['security.user_provider.inmemory._proto']($users) : $users; $app['security.user_provider.'.$name] = is_array($users) ? $app['security.user_provider.inmemory._proto']($users) : $users;
} }
$app['security.context_listener.'.$name] = $app['security.context_listener._proto']( $app['security.context_listener.'.$name] = $app['security.context_listener._proto']($name, array($app['security.user_provider.'.$name]));
$name,
array($app['security.user_provider.'.$name])
);
} }
$listeners[] = $app['security.context_listener.'.$name]; $listeners[] = 'security.context_listener.'.$name;
$factories = array(); $factories = array();
foreach ($positions as $position) { foreach ($positions as $position) {
...@@ -179,9 +186,14 @@ class SecurityServiceProvider implements ServiceProviderInterface ...@@ -179,9 +186,14 @@ class SecurityServiceProvider implements ServiceProviderInterface
throw new \LogicException(sprintf('The "%s" authentication entry is not registered.', $type)); throw new \LogicException(sprintf('The "%s" authentication entry is not registered.', $type));
} }
list($listener, $entryPoint, $position) = $app['security.authentication.factory.'.$type]($name, $options); list($providerId, $listenerId, $entryPointId, $position) = $app['security.authentication.factory.'.$type]($name, $options);
if (null !== $entryPointId) {
$entryPoint = $entryPointId;
}
$factories[$position][] = $listener; $factories[$position][] = $listenerId;
$providers[] = $providerId;
} }
foreach ($positions as $position) { foreach ($positions as $position) {
...@@ -190,10 +202,12 @@ class SecurityServiceProvider implements ServiceProviderInterface ...@@ -190,10 +202,12 @@ class SecurityServiceProvider implements ServiceProviderInterface
} }
} }
$listeners[] = $app['security.access_listener']; $listeners[] = 'security.access_listener';
if (isset($firewall['switch_user'])) { if (isset($firewall['switch_user'])) {
$listeners[] = $app['security.authentication.switch_user._proto']($name, $firewall['switch_user']); $app['security.switch_user.'.$name] = $app['security.authentication.switch_user._proto']($name, $firewall['switch_user']);
$listeners[] = 'security.switch_user.'.$name;
} }
if (!isset($app['security.exception_listener.'.$name])) { if (!isset($app['security.exception_listener.'.$name])) {
...@@ -201,33 +215,21 @@ class SecurityServiceProvider implements ServiceProviderInterface ...@@ -201,33 +215,21 @@ class SecurityServiceProvider implements ServiceProviderInterface
} }
} }
$map->add( $configs[] = array($pattern, $listeners, $protected);
is_string($pattern) ? new RequestMatcher($pattern) : $pattern,
$listeners,
$protected ? $app['security.exception_listener.'.$name] : null
);
} }
return $map; $app['security.authentication_providers'] = array_map(function ($provider) use ($app) { return $app[$provider]; }, $providers);
});
$app['security.authentication_providers'] = $app->share(function () use ($app) { $map = new FirewallMap();
$providers = array(); foreach ($configs as $config) {
foreach ($app['security.firewalls'] as $name => $firewall) { $map->add(
unset($firewall['pattern'], $firewall['users']); is_string($config[0]) ? new RequestMatcher($config[0]) : $config[0],
array_map(function ($listener) use ($app) { return $app[$listener]; }, $config[1]),
if (!count($firewall)) { $config[2] ? $app['security.exception_listener.'.$name] : null
continue; );
}
if (!isset($app['security.authentication_provider.'.$name])) {
$a = 'anonymous' == $name ? 'anonymous' : 'dao';
$app['security.authentication_provider.'.$name] = $app['security.authentication_provider.'.$a.'._proto']($name);
}
$providers[] = $app['security.authentication_provider.'.$name];
} }
return $providers; return $map;
}); });
$app['security.access_listener'] = $app->share(function () use ($app) { $app['security.access_listener'] = $app->share(function () use ($app) {
...@@ -283,121 +285,145 @@ class SecurityServiceProvider implements ServiceProviderInterface ...@@ -283,121 +285,145 @@ class SecurityServiceProvider implements ServiceProviderInterface
// prototypes (used by the Firewall Map) // prototypes (used by the Firewall Map)
$app['security.context_listener._proto'] = $app->protect(function ($providerKey, $userProviders) use ($app) { $app['security.context_listener._proto'] = $app->protect(function ($providerKey, $userProviders) use ($app) {
return new ContextListener( return $app->share(function () use ($app, $userProviders, $providerKey) {
$app['security'], return new ContextListener(
$userProviders, $app['security'],
$providerKey, $userProviders,
$app['logger'], $providerKey,
$app['dispatcher'] $app['logger'],
); $app['dispatcher']
);
});
}); });
$app['security.user_provider.inmemory._proto'] = $app->protect(function ($params) use ($app) { $app['security.user_provider.inmemory._proto'] = $app->protect(function ($params) use ($app) {
$users = array(); return $app->share(function () use ($app, $params) {
foreach ($params as $name => $user) { $users = array();
$users[$name] = array('roles' => (array) $user[0], 'password' => $user[1]); foreach ($params as $name => $user) {
} $users[$name] = array('roles' => (array) $user[0], 'password' => $user[1]);
}
return new InMemoryUserProvider($users); return new InMemoryUserProvider($users);
});
}); });
$app['security.exception_listener._proto'] = $app->protect(function ($entryPoint, $name) use ($app) { $app['security.exception_listener._proto'] = $app->protect(function ($entryPoint, $name) use ($app) {
return new ExceptionListener( return $app->share(function () use ($app, $entryPoint, $name) {
$app['security'], return new ExceptionListener(
$app['security.trust_resolver'], $app['security'],
$app['security.http_utils'], $app['security.trust_resolver'],
$entryPoint, $app['security.http_utils'],
null, // errorPage $app[$entryPoint],
null, // AccessDeniedHandlerInterface null, // errorPage
$app['logger'] null, // AccessDeniedHandlerInterface
); $app['logger']
);
});
}); });
$app['security.authentication.form._proto'] = $app->protect(function ($providerKey, $options) use ($app, $that) { $app['security.authentication.form._proto'] = $app->protect(function ($providerKey, $options) use ($app, $that) {
$that->addFakeRoute(array('post', $tmp = isset($options['check_path']) ? $options['check_path'] : '/login_check', str_replace('/', '_', ltrim($tmp, '/')))); return $app->share(function () use ($app, $providerKey, $options, $that) {
$that->addFakeRoute(array('post', $tmp = isset($options['check_path']) ? $options['check_path'] : '/login_check', str_replace('/', '_', ltrim($tmp, '/'))));
return new UsernamePasswordFormAuthenticationListener(
$app['security'], return new UsernamePasswordFormAuthenticationListener(
$app['security.authentication_manager'], $app['security'],
$app['security.session_strategy'], $app['security.authentication_manager'],
$app['security.http_utils'], $app['security.session_strategy'],
$providerKey, $app['security.http_utils'],
$options, $providerKey,
null, // AuthenticationSuccessHandlerInterface $options,
null, // AuthenticationFailureHandlerInterface null, // AuthenticationSuccessHandlerInterface
$app['logger'], null, // AuthenticationFailureHandlerInterface
$app['dispatcher'], $app['logger'],
isset($options['with_csrf']) && $options['with_csrf'] && isset($app['form.csrf_provider']) ? $app['form.csrf_provider'] : null $app['dispatcher'],
); isset($options['with_csrf']) && $options['with_csrf'] && isset($app['form.csrf_provider']) ? $app['form.csrf_provider'] : null
);
});
}); });
$app['security.authentication.http._proto'] = $app->protect(function ($providerKey, $options) use ($app) { $app['security.authentication.http._proto'] = $app->protect(function ($providerKey, $options) use ($app) {
return new BasicAuthenticationListener( return $app->share(function () use ($app, $providerKey, $options) {
$app['security'], return new BasicAuthenticationListener(
$app['security.authentication_manager'], $app['security'],
$providerKey, $app['security.authentication_manager'],
$app['security.entry_point.'.$providerKey.'.http'], $providerKey,
$app['logger'] $app['security.entry_point.'.$providerKey.'.http'],
); $app['logger']
);
});
}); });
$app['security.authentication.anonymous._proto'] = $app->protect(function ($providerKey, $options) use ($app) { $app['security.authentication.anonymous._proto'] = $app->protect(function ($providerKey, $options) use ($app) {
return new AnonymousAuthenticationListener( return $app->share(function () use ($app, $providerKey, $options) {
$app['security'], return new AnonymousAuthenticationListener(
$providerKey, $app['security'],
$app['logger'] $providerKey,
); $app['logger']
);
});
}); });
$app['security.authentication.logout._proto'] = $app->protect(function ($providerKey, $options) use ($app, $that) { $app['security.authentication.logout._proto'] = $app->protect(function ($providerKey, $options) use ($app, $that) {
$that->addFakeRoute(array('get', $tmp = isset($options['logout_path']) ? $options['logout_path'] : '/logout', str_replace('/', '_', ltrim($tmp, '/')))); return $app->share(function () use ($app, $providerKey, $options, $that) {
$that->addFakeRoute(array('get', $tmp = isset($options['logout_path']) ? $options['logout_path'] : '/logout', str_replace('/', '_', ltrim($tmp, '/'))));
$listener = new LogoutListener(
$app['security'], $listener = new LogoutListener(
$app['security.http_utils'], $app['security'],
$options, $app['security.http_utils'],
null, // LogoutSuccessHandlerInterface $options,
isset($options['with_csrf']) && $options['with_csrf'] && isset($app['form.csrf_provider']) ? $app['form.csrf_provider'] : null null, // LogoutSuccessHandlerInterface
); isset($options['with_csrf']) && $options['with_csrf'] && isset($app['form.csrf_provider']) ? $app['form.csrf_provider'] : null
);
$listener->addHandler(new SessionLogoutHandler()); $listener->addHandler(new SessionLogoutHandler());
return $listener; return $listener;
});
}); });
$app['security.authentication.switch_user._proto'] = $app->protect(function ($name, $options) use ($app, $that) { $app['security.authentication.switch_user._proto'] = $app->protect(function ($name, $options) use ($app, $that) {
return new SwitchUserListener( return $app->share(function () use ($app, $name, $options, $that) {
$app['security'], return new SwitchUserListener(
$app['security.user_provider.'.$name], $app['security'],
$app['security.user_checker'], $app['security.user_provider.'.$name],
$name, $app['security.user_checker'],
$app['security.access_manager'], $name,
$app['logger'], $app['security.access_manager'],
isset($options['parameter']) ? $options['parameter'] : '_switch_user', $app['logger'],
isset($options['role']) ? $options['role'] : 'ROLE_ALLOWED_TO_SWITCH', isset($options['parameter']) ? $options['parameter'] : '_switch_user',
$app['dispatcher'] isset($options['role']) ? $options['role'] : 'ROLE_ALLOWED_TO_SWITCH',
); $app['dispatcher']
);
});
}); });
$app['security.entry_point.form._proto'] = $app->protect(function ($name, $loginPath = '/login', $useForward = false) use ($app) { $app['security.entry_point.form._proto'] = $app->protect(function ($name, $loginPath = '/login', $useForward = false) use ($app) {
return new FormAuthenticationEntryPoint($app, $app['security.http_utils'], $loginPath, $useForward); return $app->share(function () use ($app, $loginPath, $useForward) {
return new FormAuthenticationEntryPoint($app, $app['security.http_utils'], $loginPath, $useForward);
});
}); });
$app['security.entry_point.http._proto'] = $app->protect(function ($name, $realName = 'Secured') use ($app) { $app['security.entry_point.http._proto'] = $app->protect(function ($name, $realName = 'Secured') use ($app) {
return new BasicAuthenticationEntryPoint($realName); return $app->share(function () use ($app, $name, $realName) {
return new BasicAuthenticationEntryPoint($realName);
});
}); });
$app['security.authentication_provider.dao._proto'] = $app->protect(function ($name) use ($app) { $app['security.authentication_provider.dao._proto'] = $app->protect(function ($name) use ($app) {
return new DaoAuthenticationProvider( return $app->share(function () use ($app, $name) {
$app['security.user_provider.'.$name], return new DaoAuthenticationProvider(
$app['security.user_checker'], $app['security.user_provider.'.$name],
$name, $app['security.user_checker'],
$app['security.encoder_factory'] $name,
); $app['security.encoder_factory']
);
});
}); });
$app['security.authentication_provider.anonymous._proto'] = $app->protect(function ($name) use ($app) { $app['security.authentication_provider.anonymous._proto'] = $app->protect(function ($name) use ($app) {
return new AnonymousAuthenticationProvider($name); return $app->share(function () use ($app, $name) {
return new AnonymousAuthenticationProvider($name);
});
}); });
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment