Make user lazy loading working without user provider

tyx · tyx · commit df9e8486f582 · 2020-10-07T10:42:01.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -249,10 +249,13 @@ private function createFirewalls(array $config, ContainerBuilder $container)
         }
         $arguments[1] = $userProviderIteratorsArgument = new IteratorArgument($userProviders);
         $contextListenerDefinition->setArguments($arguments);
+        $nbUserProviders = \count($userProviders);
 
-        if (\count($userProviders) > 1) {
+        if ($nbUserProviders > 1) {
             $container->setDefinition('security.user_providers', new Definition(ChainUserProvider::class, [$userProviderIteratorsArgument]))
                 ->setPublic(false);
+        } elseif (0 === $nbUserProviders) {
+            $container->removeDefinition('security.listener.user_provider');
         } else {
             $container->setAlias('security.user_providers', new Alias(current($providerIds)))->setPublic(false);
         }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
@@ -44,6 +44,20 @@ public function testFirewallUserProvider($email, $withinFirewall)
         }
     }
 
+    /**
+     * @dataProvider provideEmails
+     */
+    public function testWithoutUserProvider($email)
+    {
+        $client = $this->createClient(['test_case' => 'Authenticator', 'root_config' => 'no_user_provider.yml']);
+
+        $client->request('GET', '/profile', [], [], [
+            'HTTP_X-USER-EMAIL' => $email,
+        ]);
+
+        $this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());
+    }
+
     public function provideEmails()
     {
         yield ['jane@example.org', true];
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/AuthenticatorBundle/ApiAuthenticator.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/AuthenticatorBundle/ApiAuthenticator.php
@@ -17,13 +17,21 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Core\User\User;
 use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
 
 class ApiAuthenticator extends AbstractAuthenticator
 {
+    private $selfLoadingUser = false;
+
+    public function __construct(bool $selfLoadingUser = false)
+    {
+        $this->selfLoadingUser = $selfLoadingUser;
+    }
+
     public function supports(Request $request): ?bool
     {
         return $request->headers->has('X-USER-EMAIL');
@@ -36,7 +44,12 @@ public function authenticate(Request $request): PassportInterface
             throw new BadCredentialsException('Email is not a valid email address.');
         }
 
-        return new SelfValidatingPassport(new UserBadge($email));
+        $userLoader = null;
+        if ($this->selfLoadingUser) {
+            $userLoader = function ($username) { return new User($username, 'test', ['ROLE_USER']); };
+        }
+
+        return new SelfValidatingPassport(new UserBadge($email, $userLoader));
     }
 
     public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/config.yml
@@ -15,19 +15,3 @@ services:
             - ['setContainer', ['@Psr\Container\ContainerInterface']]
         tags: [container.service_subscriber]
     Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator: ~
-
-security:
-    enable_authenticator_manager: true
-
-    encoders:
-        Symfony\Component\Security\Core\User\User: plaintext
-
-    providers:
-        in_memory:
-            memory:
-                users:
-                    'jane@example.org': { password: test, roles: [ROLE_USER] }
-        in_memory2:
-            memory:
-                users:
-                    'john@example.org': { password: test, roles: [ROLE_USER] }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml
@@ -1,10 +1,10 @@
 imports:
 - { resource: ./config.yml }
+- { resource: ./security.yml }
 
 security:
     firewalls:
         api:
             pattern: /
             provider: in_memory
             custom_authenticator: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator
-
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml
@@ -1,9 +1,9 @@
 imports:
 - { resource: ./config.yml }
+- { resource: ./security.yml }
 
 security:
     firewalls:
         api:
             pattern: /
             custom_authenticator: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator
-
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/no_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/no_user_provider.yml
@@ -0,0 +1,14 @@
+imports:
+- { resource: ./config.yml }
+
+services:
+    Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator:
+        - true
+
+security:
+    enable_authenticator_manager: true
+
+    firewalls:
+        api:
+            pattern: /
+            custom_authenticator: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/security.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/security.yml
@@ -0,0 +1,15 @@
+security:
+    enable_authenticator_manager: true
+
+    encoders:
+        Symfony\Component\Security\Core\User\User: plaintext
+
+    providers:
+        in_memory:
+            memory:
+                users:
+                    'jane@example.org': { password: test, roles: [ROLE_USER] }
+        in_memory2:
+            memory:
+                users:
+                    'john@example.org': { password: test, roles: [ROLE_USER] }

Original file line number	Diff line number	Diff line change
`@@ -249,10 +249,13 @@ private function createFirewalls(array $config, ContainerBuilder $container)`
`249`	`249`	`}`
`250`	`250`	`$arguments[1] = $userProviderIteratorsArgument = new IteratorArgument($userProviders);`
`251`	`251`	`$contextListenerDefinition->setArguments($arguments);`
	`252`	`+ $nbUserProviders = \count($userProviders);`
`252`	`253`
`253`		`- if (\count($userProviders) > 1) {`
	`254`	`+ if ($nbUserProviders > 1) {`
`254`	`255`	`$container->setDefinition('security.user_providers', new Definition(ChainUserProvider::class, [$userProviderIteratorsArgument]))`
`255`	`256`	`->setPublic(false);`
	`257`	`+ } elseif (0 === $nbUserProviders) {`
	`258`	`+ $container->removeDefinition('security.listener.user_provider');`
`256`	`259`	`} else {`
`257`	`260`	`$container->setAlias('security.user_providers', new Alias(current($providerIds)))->setPublic(false);`
`258`	`261`	`}`