feature #18510 Added a SecurityUserValueResolver for controllers (iltar)

fabpot · fabpot · commit 473263a00b7c · 2016-07-01T10:03:07.000+02:00
This PR was merged into the 3.2-dev branch. Discussion ---------- Added a SecurityUserValueResolver for controllers | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | ~ | License | MIT | Doc PR | ~ This PR uses the new `ArgumentResolver` to inject a security user when the signature implies so. This is based on the [docs code example](symfony/symfony-docs#6438 (comment)) and [existing pr on the SFEB](sensiolabs/SensioFrameworkExtraBundle#327). With the new example you can do the following: ```php // when a User is mandatory, e.g. behind firewall public function fooAction(UserInterface $user) // when a User is optional, e.g. where it can be anonymous public function barAction(UserInterface $user = null) ``` This deprecates the `Controller::getUser()` method. I have added it on a priority of 40 so it falls just under the `RequestValueResolver`. This is because it's already used and the initial performance is less of an impact. There was a comment asking if the `controller_argument.value_resolver` tag name wasn't too long. If decided this tag should change before 3.1 is released, I will update it in here. *`RequestValueResolver` contains a small codestyle consistency fix.* Commits ------- d341889 Added a SecurityUserValueResolver for controllers
diff --git a/UPGRADE-3.2.md b/UPGRADE-3.2.md
@@ -1,6 +1,12 @@
 UPGRADE FROM 3.1 to 3.2
 =======================
 
+FrameworkBundle
+---------------
+
+ * The `Controller::getUser()` method has been deprecated and will be removed in
+   Symfony 4.0; typehint the security user object in the action instead.
+
 DependencyInjection
 -------------------
 
diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
@@ -117,6 +117,9 @@ FrameworkBundle
  * The `framework.serializer.cache` option and the services
    `serializer.mapping.cache.apc` and `serializer.mapping.cache.doctrine.apc`
    have been removed. APCu should now be automatically used when available.
+   
+ * The `Controller::getUser()` method has been removed in favor of the ability
+   to typehint the security user object in the action.
 
 HttpKernel
 ----------
diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+3.2.0
+-----
+
+ * The `Controller::getUser()` method has been deprecated and will be removed in
+   Symfony 4.0; typehint the security user object in the action instead.
+
 3.1.0
 -----
 
diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php b/src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
@@ -22,6 +22,7 @@
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Form\Extension\Core\Type\FormType;
 use Symfony\Component\Form\Form;
@@ -362,12 +363,16 @@ protected function getDoctrine()
      *
      * @return mixed
      *
+     * @deprecated as of 3.2 and will be removed in 4.0. You can typehint your method argument with Symfony\Component\Security\Core\User\UserInterface instead.
+     *
      * @throws \LogicException If SecurityBundle is not available
      *
      * @see TokenInterface::getUser()
      */
     protected function getUser()
     {
+        @trigger_error(sprintf('%s() is deprecated as of 3.2 and will be removed in 4.0. You can typehint your method argument with %s instead.', __METHOD__, UserInterface::class), E_USER_DEPRECATED);
+
         if (!$this->container->has('security.token_storage')) {
             throw new \LogicException('The SecurityBundle is not registered in your application.');
         }
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
@@ -56,6 +56,9 @@ public function testForward()
         $this->assertEquals('xml--fr', $response->getContent());
     }
 
+    /**
+     * @group legacy
+     */
     public function testGetUser()
     {
         $user = new User('user', 'pass');
@@ -67,6 +70,9 @@ public function testGetUser()
         $this->assertSame($controller->getUser(), $user);
     }
 
+    /**
+     * @group legacy
+     */
     public function testGetUserAnonymousUserConvertedToNull()
     {
         $token = new AnonymousToken('default', 'anon.');
@@ -77,6 +83,9 @@ public function testGetUserAnonymousUserConvertedToNull()
         $this->assertNull($controller->getUser());
     }
 
+    /**
+     * @group legacy
+     */
     public function testGetUserWithEmptyTokenStorage()
     {
         $controller = new TestController();
@@ -86,6 +95,7 @@ public function testGetUserWithEmptyTokenStorage()
     }
 
     /**
+     * @group legacy
      * @expectedException \LogicException
      * @expectedExceptionMessage The SecurityBundle is not registered in your application.
      */
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+3.2.0
+-----
+
+ * Added the `SecurityUserValueResolver` to inject the security users in actions via
+   `Symfony\Component\Security\Core\User\UserInterface` in the method signature.
+
 3.0.0
 -----
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -20,6 +20,11 @@
 
         <service id="security.token_storage" class="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage" />
 
+        <service id="security.user_value_resolver" class="Symfony\Bundle\SecurityBundle\SecurityUserValueResolver" public="false">
+            <argument type="service" id="security.token_storage" />
+            <tag name="controller.argument_value_resolver" priority="40" />
+        </service>
+
         <!-- Authentication related services -->
         <service id="security.authentication.manager" class="Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager" public="false">
             <argument type="collection" />
diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityUserValueResolver.php b/src/Symfony/Bundle/SecurityBundle/SecurityUserValueResolver.php
@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Controller\ArgumentValueResolverInterface;
+use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * Supports the argument type of {@see UserInterface}.
+ *
+ * @author Iltar van der Berg <kjarli@gmail.com>
+ */
+final class SecurityUserValueResolver implements ArgumentValueResolverInterface
+{
+    private $tokenStorage;
+
+    public function __construct(TokenStorageInterface $tokenStorage)
+    {
+        $this->tokenStorage = $tokenStorage;
+    }
+
+    public function supports(Request $request, ArgumentMetadata $argument)
+    {
+        // only security user implementations are supported
+        if (UserInterface::class !== $argument->getType()) {
+            return false;
+        }
+
+        $token = $this->tokenStorage->getToken();
+        if (!$token instanceof TokenInterface) {
+            return false;
+        }
+
+        $user = $token->getUser();
+
+        // in case it's not an object we cannot do anything with it; E.g. "anon."
+        return $user instanceof UserInterface;
+    }
+
+    public function resolve(Request $request, ArgumentMetadata $argument)
+    {
+        yield $this->tokenStorage->getToken()->getUser();
+    }
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Controller/LoginController.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Controller/LoginController.php
@@ -17,12 +17,13 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 class LoginController implements ContainerAwareInterface
 {
     use ContainerAwareTrait;
 
-    public function loginAction(Request $request)
+    public function loginAction(Request $request, UserInterface $user = null)
     {
         // get the login error if there is one
         if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
@@ -38,9 +39,9 @@ public function loginAction(Request $request)
         ));
     }
 
-    public function afterLoginAction()
+    public function afterLoginAction(UserInterface $user)
     {
-        return $this->container->get('templating')->renderResponse('FormLoginBundle:Login:after_login.html.twig');
+        return $this->container->get('templating')->renderResponse('FormLoginBundle:Login:after_login.html.twig', array('user' => $user));
     }
 
     public function loginCheckAction()
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/views/Login/after_login.html.twig b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/views/Login/after_login.html.twig
@@ -1,7 +1,7 @@
 {% extends "::base.html.twig" %}
 
 {% block body %}
-    Hello {{ app.user.username }}!<br /><br />
+    Hello {{ user.username }}!<br /><br />
     You're browsing to path "{{ app.request.pathInfo }}".
 
     <a href="{{ logout_path('default') }}">Log out</a>.
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/SecurityUserValueResolverTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/SecurityUserValueResolverTest.php
@@ -0,0 +1,100 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests;
+
+use Symfony\Bundle\SecurityBundle\SecurityUserValueResolver;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Controller\ArgumentResolver;
+use Symfony\Component\HttpKernel\Controller\ArgumentResolver\DefaultValueResolver;
+use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class SecurityUserValueResolverTest extends \PHPUnit_Framework_TestCase
+{
+    public function testResolveNoToken()
+    {
+        $tokenStorage = new TokenStorage();
+        $resolver = new SecurityUserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', UserInterface::class, false, false, null);
+
+        $this->assertFalse($resolver->supports(Request::create('/'), $metadata));
+    }
+
+    public function testResolveNoUser()
+    {
+        $mock = $this->getMock(UserInterface::class);
+        $token = $this->getMock(TokenInterface::class);
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $resolver = new SecurityUserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', get_class($mock), false, false, null);
+
+        $this->assertFalse($resolver->supports(Request::create('/'), $metadata));
+    }
+
+    public function testResolveWrongType()
+    {
+        $tokenStorage = new TokenStorage();
+        $resolver = new SecurityUserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', null, false, false, null);
+
+        $this->assertFalse($resolver->supports(Request::create('/'), $metadata));
+    }
+
+    public function testResolve()
+    {
+        $user = $this->getMock(UserInterface::class);
+        $token = $this->getMock(TokenInterface::class);
+        $token->expects($this->any())->method('getUser')->willReturn($user);
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $resolver = new SecurityUserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', UserInterface::class, false, false, null);
+
+        $this->assertTrue($resolver->supports(Request::create('/'), $metadata));
+        $this->assertSame(array($user), iterator_to_array($resolver->resolve(Request::create('/'), $metadata)));
+    }
+
+    public function testIntegration()
+    {
+        $user = $this->getMock(UserInterface::class);
+        $token = $this->getMock(TokenInterface::class);
+        $token->expects($this->any())->method('getUser')->willReturn($user);
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $argumentResolver = new ArgumentResolver(null, array(new SecurityUserValueResolver($tokenStorage)));
+        $this->assertSame(array($user), $argumentResolver->getArguments(Request::create('/'), function (UserInterface $user) {}));
+    }
+
+    public function testIntegrationNoUser()
+    {
+        $token = $this->getMock(TokenInterface::class);
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $argumentResolver = new ArgumentResolver(null, array(new SecurityUserValueResolver($tokenStorage), new DefaultValueResolver()));
+        $this->assertSame(array(null), $argumentResolver->getArguments(Request::create('/'), function (UserInterface $user = null) {}));
+    }
+}
+
+abstract class DummyUser implements UserInterface
+{
+}
+
+abstract class DummySubUser extends DummyUser
+{
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json
@@ -18,7 +18,7 @@
     "require": {
         "php": ">=5.5.9",
         "symfony/security": "~3.1,>=3.1.2",
-        "symfony/http-kernel": "~2.8|~3.0",
+        "symfony/http-kernel": "~3.1",
         "symfony/polyfill-php70": "~1.0"
     },
     "require-dev": {
@@ -27,7 +27,7 @@
         "symfony/css-selector": "~2.8|~3.0",
         "symfony/dom-crawler": "~2.8|~3.0",
         "symfony/form": "~2.8|~3.0",
-        "symfony/framework-bundle": "~2.8|~3.0",
+        "symfony/framework-bundle": "~3.1",
         "symfony/http-foundation": "~2.8|~3.0",
         "symfony/security-acl": "~2.8|~3.0",
         "symfony/twig-bundle": "~2.8|~3.0",
diff --git a/src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/RequestValueResolver.php b/src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/RequestValueResolver.php
@@ -27,7 +27,7 @@ final class RequestValueResolver implements ArgumentValueResolverInterface
      */
     public function supports(Request $request, ArgumentMetadata $argument)
     {
-        return $argument->getType() === Request::class || is_subclass_of($argument->getType(), Request::class);
+        return Request::class === $argument->getType() || is_subclass_of($argument->getType(), Request::class);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@`
`22`	`22`	`use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;`
`23`	`23`	`use Symfony\Component\HttpKernel\HttpKernelInterface;`
`24`	`24`	`use Symfony\Component\Security\Core\Exception\AccessDeniedException;`
	`25`	`+use Symfony\Component\Security\Core\User\UserInterface;`
`25`	`26`	`use Symfony\Component\Security\Csrf\CsrfToken;`
`26`	`27`	`use Symfony\Component\Form\Extension\Core\Type\FormType;`
`27`	`28`	`use Symfony\Component\Form\Form;`
`@@ -362,12 +363,16 @@ protected function getDoctrine()`
`362`	`363`	`*`
`363`	`364`	`* @return mixed`
`364`	`365`	`*`
	`366`	`+ * @deprecated as of 3.2 and will be removed in 4.0. You can typehint your method argument with Symfony\Component\Security\Core\User\UserInterface instead.`
	`367`	`+ *`
`365`	`368`	`* @throws \LogicException If SecurityBundle is not available`
`366`	`369`	`*`
`367`	`370`	`* @see TokenInterface::getUser()`
`368`	`371`	`*/`
`369`	`372`	`protected function getUser()`
`370`	`373`	`{`
	`374`	`+ @trigger_error(sprintf('%s() is deprecated as of 3.2 and will be removed in 4.0. You can typehint your method argument with %s instead.', __METHOD__, UserInterface::class), E_USER_DEPRECATED);`
	`375`	`+`
`371`	`376`	`if (!$this->container->has('security.token_storage')) {`
`372`	`377`	`throw new \LogicException('The SecurityBundle is not registered in your application.');`
`373`	`378`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,9 @@ public function testForward()`
`56`	`56`	`$this->assertEquals('xml--fr', $response->getContent());`
`57`	`57`	`}`
`58`	`58`
	`59`	`+ /**`
	`60`	`+ * @group legacy`
	`61`	`+ */`
`59`	`62`	`public function testGetUser()`
`60`	`63`	`{`
`61`	`64`	`$user = new User('user', 'pass');`
`@@ -67,6 +70,9 @@ public function testGetUser()`
`67`	`70`	`$this->assertSame($controller->getUser(), $user);`
`68`	`71`	`}`
`69`	`72`
	`73`	`+ /**`
	`74`	`+ * @group legacy`
	`75`	`+ */`
`70`	`76`	`public function testGetUserAnonymousUserConvertedToNull()`
`71`	`77`	`{`
`72`	`78`	`$token = new AnonymousToken('default', 'anon.');`
`@@ -77,6 +83,9 @@ public function testGetUserAnonymousUserConvertedToNull()`
`77`	`83`	`$this->assertNull($controller->getUser());`
`78`	`84`	`}`
`79`	`85`
	`86`	`+ /**`
	`87`	`+ * @group legacy`
	`88`	`+ */`
`80`	`89`	`public function testGetUserWithEmptyTokenStorage()`
`81`	`90`	`{`
`82`	`91`	`$controller = new TestController();`
`@@ -86,6 +95,7 @@ public function testGetUserWithEmptyTokenStorage()`
`86`	`95`	`}`
`87`	`96`
`88`	`97`	`/**`
	`98`	`+ * @group legacy`
`89`	`99`	`* @expectedException \LogicException`
`90`	`100`	`* @expectedExceptionMessage The SecurityBundle is not registered in your application.`
`91`	`101`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -17,12 +17,13 @@`
`17`	`17`	`use Symfony\Component\HttpFoundation\Request;`
`18`	`18`	`use Symfony\Component\HttpFoundation\Response;`
`19`	`19`	`use Symfony\Component\Security\Core\Security;`
	`20`	`+use Symfony\Component\Security\Core\User\UserInterface;`
`20`	`21`
`21`	`22`	`class LoginController implements ContainerAwareInterface`
`22`	`23`	`{`
`23`	`24`	`use ContainerAwareTrait;`
`24`	`25`
`25`		`- public function loginAction(Request $request)`
	`26`	`+ public function loginAction(Request $request, UserInterface $user = null)`
`26`	`27`	`{`
`27`	`28`	`// get the login error if there is one`
`28`	`29`	`if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {`
`@@ -38,9 +39,9 @@ public function loginAction(Request $request)`
`38`	`39`	`));`
`39`	`40`	`}`
`40`	`41`
`41`		`- public function afterLoginAction()`
	`42`	`+ public function afterLoginAction(UserInterface $user)`
`42`	`43`	`{`
`43`		`- return $this->container->get('templating')->renderResponse('FormLoginBundle:Login:after_login.html.twig');`
	`44`	`+ return $this->container->get('templating')->renderResponse('FormLoginBundle:Login:after_login.html.twig', array('user' => $user));`
`44`	`45`	`}`
`45`	`46`
`46`	`47`	`public function loginCheckAction()`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ final class RequestValueResolver implements ArgumentValueResolverInterface`
`27`	`27`	`*/`
`28`	`28`	`public function supports(Request $request, ArgumentMetadata $argument)`
`29`	`29`	`{`
`30`		`- return $argument->getType() === Request::class \|\| is_subclass_of($argument->getType(), Request::class);`
	`30`	`+ return Request::class === $argument->getType() \|\| is_subclass_of($argument->getType(), Request::class);`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`/**`