feature #23295 [Security] Lazy load user providers (chalasr)

nicolas-grekas · nicolas-grekas · commit 050d686096b8 · 2017-07-11T15:48:06.000+02:00
This PR was merged into the 3.4 branch. Discussion ---------- [Security] Lazy load user providers | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Commits ------- d7914a6 [Security] Lazy load user providers
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -245,7 +245,7 @@ private function createFirewalls($config, ContainerBuilder $container)
         foreach ($providerIds as $userProviderId) {
             $userProviders[] = new Reference($userProviderId);
         }
-        $arguments[1] = $userProviders;
+        $arguments[1] = new IteratorArgument($userProviders);
         $definition->setArguments($arguments);
 
         $customUserChecker = false;
@@ -613,7 +613,7 @@ private function createUserDaoProvider($name, $provider, ContainerBuilder $conta
 
             $container
                 ->setDefinition($name, new ChildDefinition('security.user.provider.chain'))
-                ->addArgument($providers);
+                ->addArgument(new IteratorArgument($providers));
 
             return $name;
         }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -12,6 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Bundle\SecurityBundle\SecurityBundle;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
@@ -57,10 +58,10 @@ public function testUserProviders()
         $this->assertEquals(array(), array_diff($providers, $expectedProviders));
 
         // chain provider
-        $this->assertEquals(array(array(
+        $this->assertEquals(array(new IteratorArgument(array(
             new Reference('security.user.provider.concrete.service'),
             new Reference('security.user.provider.concrete.basic'),
-        )), $container->getDefinition('security.user.provider.concrete.chain')->getArguments());
+        ))), $container->getDefinition('security.user.provider.concrete.chain')->getArguments());
     }
 
     public function testFirewalls()
diff --git a/src/Symfony/Component/Security/Core/Tests/User/ChainUserProviderTest.php b/src/Symfony/Component/Security/Core/Tests/User/ChainUserProviderTest.php
@@ -172,6 +172,26 @@ public function testSupportsClassWhenNotSupported()
         $this->assertFalse($provider->supportsClass('foo'));
     }
 
+    public function testAcceptsTraversable()
+    {
+        $provider1 = $this->getProvider();
+        $provider1
+            ->expects($this->once())
+            ->method('refreshUser')
+            ->will($this->throwException(new UnsupportedUserException('unsupported')))
+        ;
+
+        $provider2 = $this->getProvider();
+        $provider2
+            ->expects($this->once())
+            ->method('refreshUser')
+            ->will($this->returnValue($account = $this->getAccount()))
+        ;
+
+        $provider = new ChainUserProvider(new \ArrayObject(array($provider1, $provider2)));
+        $this->assertSame($account, $provider->refreshUser($this->getAccount()));
+    }
+
     protected function getAccount()
     {
         return $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
diff --git a/src/Symfony/Component/Security/Core/User/ChainUserProvider.php b/src/Symfony/Component/Security/Core/User/ChainUserProvider.php
@@ -26,7 +26,10 @@ class ChainUserProvider implements UserProviderInterface
 {
     private $providers;
 
-    public function __construct(array $providers)
+    /**
+     * @param iterable|UserProviderInterface[] $providers
+     */
+    public function __construct($providers)
     {
         $this->providers = $providers;
     }
@@ -36,6 +39,10 @@ public function __construct(array $providers)
      */
     public function getProviders()
     {
+        if ($this->providers instanceof \Traversable) {
+            return iterator_to_array($this->providers);
+        }
+
         return $this->providers;
     }
 
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -44,18 +44,20 @@ class ContextListener implements ListenerInterface
     private $registered;
     private $trustResolver;
 
-    public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
+    /**
+     * @param TokenStorageInterface                     $tokenStorage
+     * @param iterable|UserProviderInterface[]          $userProviders
+     * @param string                                    $contextKey
+     * @param LoggerInterface|null                      $logger
+     * @param EventDispatcherInterface|null             $dispatcher
+     * @param AuthenticationTrustResolverInterface|null $trustResolver
+     */
+    public function __construct(TokenStorageInterface $tokenStorage, $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
     {
         if (empty($contextKey)) {
             throw new \InvalidArgumentException('$contextKey must not be empty.');
         }
 
-        foreach ($userProviders as $userProvider) {
-            if (!$userProvider instanceof UserProviderInterface) {
-                throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "Symfony\Component\Security\Core\User\UserProviderInterface".', get_class($userProvider)));
-            }
-        }
-
         $this->tokenStorage = $tokenStorage;
         $this->userProviders = $userProviders;
         $this->contextKey = $contextKey;
@@ -158,6 +160,10 @@ protected function refreshUser(TokenInterface $token)
         $userNotFoundByProvider = false;
 
         foreach ($this->userProviders as $provider) {
+            if (!$provider instanceof UserProviderInterface) {
+                throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "%s".', get_class($provider), UserProviderInterface::class));
+            }
+
             try {
                 $refreshedUser = $provider->refreshUser($user);
                 $token->setUser($refreshedUser);
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
@@ -53,11 +53,7 @@ public function testItRequiresContextKey()
      */
     public function testUserProvidersNeedToImplementAnInterface()
     {
-        new ContextListener(
-            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(),
-            array(new \stdClass()),
-            'key123'
-        );
+        $this->handleEventWithPreviousSession(new TokenStorage(), array(new \stdClass()));
     }
 
     public function testOnKernelResponseWillAddSession()
@@ -287,6 +283,15 @@ public function testRuntimeExceptionIsThrownIfNoSupportingUserProviderWasRegiste
         $this->handleEventWithPreviousSession(new TokenStorage(), array(new NotSupportingUserProvider(), new NotSupportingUserProvider()));
     }
 
+    public function testAcceptsProvidersAsTraversable()
+    {
+        $tokenStorage = new TokenStorage();
+        $refreshedUser = new User('foobar', 'baz');
+        $this->handleEventWithPreviousSession($tokenStorage, new \ArrayObject(array(new NotSupportingUserProvider(), new SupportingUserProvider($refreshedUser))));
+
+        $this->assertSame($refreshedUser, $tokenStorage->getToken()->getUser());
+    }
+
     protected function runSessionOnKernelResponse($newToken, $original = null)
     {
         $session = new Session(new MockArraySessionStorage());
@@ -315,7 +320,7 @@ protected function runSessionOnKernelResponse($newToken, $original = null)
         return $session;
     }
 
-    private function handleEventWithPreviousSession(TokenStorageInterface $tokenStorage, array $userProviders)
+    private function handleEventWithPreviousSession(TokenStorageInterface $tokenStorage, $userProviders)
     {
         $session = new Session(new MockArraySessionStorage());
         $session->set('_security_context_key', serialize(new UsernamePasswordToken(new User('foo', 'bar'), '', 'context_key')));

Original file line number	Diff line number	Diff line change
`@@ -245,7 +245,7 @@ private function createFirewalls($config, ContainerBuilder $container)`
`245`	`245`	`foreach ($providerIds as $userProviderId) {`
`246`	`246`	`$userProviders[] = new Reference($userProviderId);`
`247`	`247`	`}`
`248`		`- $arguments[1] = $userProviders;`
	`248`	`+ $arguments[1] = new IteratorArgument($userProviders);`
`249`	`249`	`$definition->setArguments($arguments);`
`250`	`250`
`251`	`251`	`$customUserChecker = false;`
`@@ -613,7 +613,7 @@ private function createUserDaoProvider($name, $provider, ContainerBuilder $conta`
`613`	`613`
`614`	`614`	`$container`
`615`	`615`	`->setDefinition($name, new ChildDefinition('security.user.provider.chain'))`
`616`		`- ->addArgument($providers);`
	`616`	`+ ->addArgument(new IteratorArgument($providers));`
`617`	`617`
`618`	`618`	`return $name;`
`619`	`619`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,10 @@ class ChainUserProvider implements UserProviderInterface`
`26`	`26`	`{`
`27`	`27`	`private $providers;`
`28`	`28`
`29`		`- public function __construct(array $providers)`
	`29`	`+ /**`
	`30`	`+ * @param iterable\|UserProviderInterface[] $providers`
	`31`	`+ */`
	`32`	`+ public function __construct($providers)`
`30`	`33`	`{`
`31`	`34`	`$this->providers = $providers;`
`32`	`35`	`}`
`@@ -36,6 +39,10 @@ public function __construct(array $providers)`
`36`	`39`	`*/`
`37`	`40`	`public function getProviders()`
`38`	`41`	`{`
	`42`	`+ if ($this->providers instanceof \Traversable) {`
	`43`	`+ return iterator_to_array($this->providers);`
	`44`	`+ }`
	`45`	`+`
`39`	`46`	`return $this->providers;`
`40`	`47`	`}`
`41`	`48`
Original file line number	Diff line number	Diff line change
`@@ -53,11 +53,7 @@ public function testItRequiresContextKey()`
`53`	`53`	`*/`
`54`	`54`	`public function testUserProvidersNeedToImplementAnInterface()`
`55`	`55`	`{`
`56`		`- new ContextListener(`
`57`		`- $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(),`
`58`		`- array(new \stdClass()),`
`59`		`- 'key123'`
`60`		`- );`
	`56`	`+ $this->handleEventWithPreviousSession(new TokenStorage(), array(new \stdClass()));`
`61`	`57`	`}`
`62`	`58`
`63`	`59`	`public function testOnKernelResponseWillAddSession()`
`@@ -287,6 +283,15 @@ public function testRuntimeExceptionIsThrownIfNoSupportingUserProviderWasRegiste`
`287`	`283`	`$this->handleEventWithPreviousSession(new TokenStorage(), array(new NotSupportingUserProvider(), new NotSupportingUserProvider()));`
`288`	`284`	`}`
`289`	`285`
	`286`	`+ public function testAcceptsProvidersAsTraversable()`
	`287`	`+ {`
	`288`	`+ $tokenStorage = new TokenStorage();`
	`289`	`+ $refreshedUser = new User('foobar', 'baz');`
	`290`	`+ $this->handleEventWithPreviousSession($tokenStorage, new \ArrayObject(array(new NotSupportingUserProvider(), new SupportingUserProvider($refreshedUser))));`
	`291`	`+`
	`292`	`+ $this->assertSame($refreshedUser, $tokenStorage->getToken()->getUser());`
	`293`	`+ }`
	`294`	`+`
`290`	`295`	`protected function runSessionOnKernelResponse($newToken, $original = null)`
`291`	`296`	`{`
`292`	`297`	`$session = new Session(new MockArraySessionStorage());`
`@@ -315,7 +320,7 @@ protected function runSessionOnKernelResponse($newToken, $original = null)`
`315`	`320`	`return $session;`
`316`	`321`	`}`
`317`	`322`
`318`		`- private function handleEventWithPreviousSession(TokenStorageInterface $tokenStorage, array $userProviders)`
	`323`	`+ private function handleEventWithPreviousSession(TokenStorageInterface $tokenStorage, $userProviders)`
`319`	`324`	`{`
`320`	`325`	`$session = new Session(new MockArraySessionStorage());`
`321`	`326`	`$session->set('_security_context_key', serialize(new UsernamePasswordToken(new User('foo', 'bar'), '', 'context_key')));`