Skip to content

Commit a4a8f3b

Browse files
MatTheCatMatTheCat
committed
[SecurityBundle] Do not pass traceable authenticators to security.helper 
1 parent 89cd804 commit a4a8f3b

File tree

2 files changed

+11
-8
lines changed

2 files changed

+11
-8
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -312,11 +312,10 @@ private function createFirewalls(array $config, ContainerBuilder $container): vo
312312
if (!$firewallAuthenticators) {
313313
$authenticators[$name] = null;
314314
} else {
315-
$firewallAuthenticatorRefs = [];
316-
foreach ($firewallAuthenticators as $authenticatorId) {
317-
$firewallAuthenticatorRefs[$authenticatorId] = new Reference($authenticatorId);
318-
}
319-
$authenticators[$name] = ServiceLocatorTagPass::register($container, $firewallAuthenticatorRefs);
315+
$authenticators[$name] = ServiceLocatorTagPass::register($container, array_map(
316+
static fn (string $authenticatorId) => new Reference($authenticatorId),
317+
array_keys($firewallAuthenticators)
318+
));
320319
}
321320
$contextId = 'security.firewall.map.context.'.$name;
322321
$isLazy = !$firewall['stateless'] && (!empty($firewall['anonymous']['lazy']) || $firewall['lazy']);
@@ -501,7 +500,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
501500
$configuredEntryPoint = $defaultEntryPoint;
502501

503502
// authenticator manager
504-
$authenticators = array_map(fn ($id) => new Reference($id), $firewallAuthenticationProviders);
503+
$authenticators = array_map(fn ($id) => new Reference($id), $firewallAuthenticationProviders, []);
505504
$container
506505
->setDefinition($managerId = 'security.authenticator.manager.'.$id, new ChildDefinition('security.authenticator.manager'))
507506
->replaceArgument(0, $authenticators)
@@ -625,11 +624,11 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
625624
$authenticators = $factory->createAuthenticator($container, $id, $firewall[$key], $userProvider);
626625
if (\is_array($authenticators)) {
627626
foreach ($authenticators as $authenticator) {
628-
$authenticationProviders[] = $authenticator;
627+
$authenticationProviders[$authenticator] = $authenticator;
629628
$entryPoints[] = $authenticator;
630629
}
631630
} else {
632-
$authenticationProviders[] = $authenticators;
631+
$authenticationProviders[$authenticators] = $authenticators;
633632
$entryPoints[$key] = $authenticators;
634633
}
635634

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -924,6 +924,10 @@ public function testAuthenticatorsDecoration()
924924
$this->assertSame('debug.'.TestAuthenticator::class, (string) reset($managerAuthenticators), 'AuthenticatorManager must be injected traceable authenticators in debug mode.');
925925

926926
$this->assertTrue($container->hasDefinition(TestAuthenticator::class), 'Original authenticator must still exist in the container so it can be used outside of the AuthenticatorManager’s context.');
927+
928+
$securityHelperAuthenticatorLocator = $container->getDefinition($container->getDefinition('security.helper')->getArgument(1)['main']);
929+
$this->assertArrayHasKey(TestAuthenticator::class, $authenticatorMap = $securityHelperAuthenticatorLocator->getArgument(0), 'When programmatically authenticating a user, authenticators’ name must be their original ID.');
930+
$this->assertSame(TestAuthenticator::class, (string) $authenticatorMap[TestAuthenticator::class]->getValues()[0], 'When programmatically authenticating a user, original authenticators must be used.');
927931
}
928932

929933
protected function getRawContainer()

0 commit comments

Comments
 (0)