diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AbstractWebTestCase.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AbstractWebTestCase.php index 643cb1c40d2e..f9363e8290dc 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AbstractWebTestCase.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AbstractWebTestCase.php @@ -33,6 +33,12 @@ public static function tearDownAfterClass(): void static::deleteTmpDir(); } + public function provideSecuritySystems() + { + yield [['enable_authenticator_manager' => true]]; + yield [['enable_authenticator_manager' => false]]; + } + protected static function deleteTmpDir() { if (!file_exists($dir = sys_get_temp_dir().'/'.static::getVarDir())) { @@ -61,9 +67,10 @@ protected static function createKernel(array $options = []): KernelInterface return new $class( static::getVarDir(), $options['test_case'], - isset($options['root_config']) ? $options['root_config'] : 'config.yml', - isset($options['environment']) ? $options['environment'] : strtolower(static::getVarDir().$options['test_case']), - isset($options['debug']) ? $options['debug'] : false + $options['root_config'] ?? 'config.yml', + $options['environment'] ?? strtolower(static::getVarDir().$options['test_case']), + $options['debug'] ?? false, + $options['enable_authenticator_manager'] ?? false ); } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php index dcfd6f29e8fe..0e636a4e2f9c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php @@ -13,11 +13,20 @@ class AuthenticationCommencingTest extends AbstractWebTestCase { - public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped() + /** + * @dataProvider provideClientOptions + */ + public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml']); + $client = $this->createClient($options); $client->request('GET', '/secure-but-not-covered-by-access-control'); $this->assertRedirect($client->getResponse(), '/login'); } + + public function provideClientOptions() + { + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/ClearRememberMeTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/ClearRememberMeTest.php index 51f56c220d33..a917e66c572c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/ClearRememberMeTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/ClearRememberMeTest.php @@ -19,9 +19,12 @@ class ClearRememberMeTest extends AbstractWebTestCase { - public function testUserChangeClearsCookie() + /** + * @dataProvider provideClientOptions + */ + public function testUserChangeClearsCookie(array $options) { - $client = $this->createClient(['test_case' => 'ClearRememberMe', 'root_config' => 'config.yml']); + $client = $this->createClient($options); $client->request('POST', '/login', [ '_username' => 'johannes', @@ -36,6 +39,12 @@ public function testUserChangeClearsCookie() $this->assertRedirect($client->getResponse(), '/login'); $this->assertNull($cookieJar->get('REMEMBERME')); } + + public function provideClientOptions() + { + yield [['test_case' => 'ClearRememberMe', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'ClearRememberMe', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + } } class RememberMeFooController diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php index 5b2999fed0d2..f252314b0c4c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php @@ -14,11 +14,11 @@ class CsrfFormLoginTest extends AbstractWebTestCase { /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLoginAndLogoutWithCsrfTokens($config) + public function testFormLoginAndLogoutWithCsrfTokens($options) { - $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $form = $client->request('GET', '/login')->selectButton('login')->form(); $form['user_login[username]'] = 'johannes'; @@ -44,13 +44,17 @@ public function testFormLoginAndLogoutWithCsrfTokens($config) } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLoginWithInvalidCsrfToken($config) + public function testFormLoginWithInvalidCsrfToken($options) { - $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $form = $client->request('GET', '/login')->selectButton('login')->form(); + if ($options['enable_authenticator_manager'] ?? false) { + $form['user_login[username]'] = 'johannes'; + $form['user_login[password]'] = 'test'; + } $form['user_login[_token]'] = ''; $client->submit($form); @@ -61,11 +65,11 @@ public function testFormLoginWithInvalidCsrfToken($config) } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLoginWithCustomTargetPath($config) + public function testFormLoginWithCustomTargetPath($options) { - $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $form = $client->request('GET', '/login')->selectButton('login')->form(); $form['user_login[username]'] = 'johannes'; @@ -81,11 +85,11 @@ public function testFormLoginWithCustomTargetPath($config) } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLoginRedirectsToProtectedResourceAfterLogin($config) + public function testFormLoginRedirectsToProtectedResourceAfterLogin($options) { - $client = $this->createClient(['test_case' => 'CsrfFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $client->request('GET', '/protected-resource'); $this->assertRedirect($client->getResponse(), '/login'); @@ -101,11 +105,11 @@ public function testFormLoginRedirectsToProtectedResourceAfterLogin($config) $this->assertStringContainsString('You\'re browsing to path "/protected-resource".', $text); } - public function getConfigs() + public function provideClientOptions() { - return [ - ['config.yml'], - ['routes_as_path.yml'], - ]; + yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]]; } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php index 77011409cfaa..91cccd1c46ea 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php @@ -31,9 +31,12 @@ public function testItUsesTheConfiguredEntryPointWhenUsingUnknownCredentials() ); } - public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials() + /** + * @dataProvider provideSecuritySystems + */ + public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials(array $options) { - $client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']); + $client = $this->createClient($options + ['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']); $client->request('GET', '/secure/resource'); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php index 641ef0e519a1..45d74fc72261 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php @@ -14,11 +14,11 @@ class FormLoginTest extends AbstractWebTestCase { /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLogin($config) + public function testFormLogin(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $form = $client->request('GET', '/login')->selectButton('login')->form(); $form['_username'] = 'johannes'; @@ -33,11 +33,11 @@ public function testFormLogin($config) } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLogout($config) + public function testFormLogout(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $form = $client->request('GET', '/login')->selectButton('login')->form(); $form['_username'] = 'johannes'; @@ -66,11 +66,11 @@ public function testFormLogout($config) } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLoginWithCustomTargetPath($config) + public function testFormLoginWithCustomTargetPath(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $form = $client->request('GET', '/login')->selectButton('login')->form(); $form['_username'] = 'johannes'; @@ -86,11 +86,11 @@ public function testFormLoginWithCustomTargetPath($config) } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testFormLoginRedirectsToProtectedResourceAfterLogin($config) + public function testFormLoginRedirectsToProtectedResourceAfterLogin(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $client->request('GET', '/protected_resource'); $this->assertRedirect($client->getResponse(), '/login'); @@ -106,11 +106,11 @@ public function testFormLoginRedirectsToProtectedResourceAfterLogin($config) $this->assertStringContainsString('You\'re browsing to path "/protected_resource".', $text); } - public function getConfigs() + public function provideClientOptions() { - return [ - ['config.yml'], - ['routes_as_path.yml'], - ]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]]; } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php index a69f5e591d1f..20010349efe8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php @@ -18,9 +18,12 @@ */ class JsonLoginTest extends AbstractWebTestCase { - public function testDefaultJsonLoginSuccess() + /** + * @dataProvider provideSecuritySystems + */ + public function testDefaultJsonLoginSuccess(array $options) { - $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); + $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}'); $response = $client->getResponse(); @@ -29,9 +32,12 @@ public function testDefaultJsonLoginSuccess() $this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true)); } - public function testDefaultJsonLoginFailure() + /** + * @dataProvider provideSecuritySystems + */ + public function testDefaultJsonLoginFailure(array $options) { - $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); + $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}'); $response = $client->getResponse(); @@ -40,9 +46,12 @@ public function testDefaultJsonLoginFailure() $this->assertSame(['error' => 'Invalid credentials.'], json_decode($response->getContent(), true)); } - public function testCustomJsonLoginSuccess() + /** + * @dataProvider provideSecuritySystems + */ + public function testCustomJsonLoginSuccess(array $options) { - $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); + $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}'); $response = $client->getResponse(); @@ -51,9 +60,12 @@ public function testCustomJsonLoginSuccess() $this->assertSame(['message' => 'Good game @dunglas!'], json_decode($response->getContent(), true)); } - public function testCustomJsonLoginFailure() + /** + * @dataProvider provideSecuritySystems + */ + public function testCustomJsonLoginFailure(array $options) { - $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); + $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}'); $response = $client->getResponse(); @@ -62,9 +74,12 @@ public function testCustomJsonLoginFailure() $this->assertSame(['message' => 'Something went wrong'], json_decode($response->getContent(), true)); } - public function testDefaultJsonLoginBadRequest() + /** + * @dataProvider provideSecuritySystems + */ + public function testDefaultJsonLoginBadRequest(array $options) { - $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); + $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], 'Not a json content'); $response = $client->getResponse(); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php index b6d68fdd26b5..334c526580ba 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php @@ -14,11 +14,11 @@ class LocalizedRoutesAsPathTest extends AbstractWebTestCase { /** - * @dataProvider getLocales + * @dataProvider getLocalesAndClientConfig */ - public function testLoginLogoutProcedure($locale) + public function testLoginLogoutProcedure($locale, array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes.yml']); + $client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options); $crawler = $client->request('GET', '/'.$locale.'/login'); $form = $crawler->selectButton('login')->form(); @@ -36,11 +36,11 @@ public function testLoginLogoutProcedure($locale) /** * @group issue-32995 - * @dataProvider getLocales + * @dataProvider getLocalesAndClientConfig */ - public function testLoginFailureWithLocalizedFailurePath($locale) + public function testLoginFailureWithLocalizedFailurePath($locale, array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_form_failure_handler.yml']); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => ($options['enable_authenticator_manager'] ? '' : 'legacy_').'localized_form_failure_handler.yml'] + $options); $crawler = $client->request('GET', '/'.$locale.'/login'); $form = $crawler->selectButton('login')->form(); @@ -52,29 +52,32 @@ public function testLoginFailureWithLocalizedFailurePath($locale) } /** - * @dataProvider getLocales + * @dataProvider getLocalesAndClientConfig */ - public function testAccessRestrictedResource($locale) + public function testAccessRestrictedResource($locale, array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes.yml']); + $client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options); $client->request('GET', '/'.$locale.'/secure/'); $this->assertRedirect($client->getResponse(), '/'.$locale.'/login'); } /** - * @dataProvider getLocales + * @dataProvider getLocalesAndClientConfig */ - public function testAccessRestrictedResourceWithForward($locale) + public function testAccessRestrictedResourceWithForward($locale, array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes_with_forward.yml']); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_routes_with_forward.yml'] + $options); $crawler = $client->request('GET', '/'.$locale.'/secure/'); $this->assertCount(1, $crawler->selectButton('login'), (string) $client->getResponse()); } - public function getLocales() + public function getLocalesAndClientConfig() { - return [['en'], ['de']]; + yield ['en', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']]; + yield ['en', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']]; + yield ['de', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']]; + yield ['de', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']]; } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index cb7868f3256e..626efd6a684f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -13,9 +13,12 @@ class LogoutTest extends AbstractWebTestCase { - public function testSessionLessRememberMeLogout() + /** + * @dataProvider provideSecuritySystems + */ + public function testSessionLessRememberMeLogout(array $options) { - $client = $this->createClient(['test_case' => 'RememberMeLogout', 'root_config' => 'config.yml']); + $client = $this->createClient($options + ['test_case' => 'RememberMeLogout', 'root_config' => 'config.yml']); $client->request('POST', '/login', [ '_username' => 'johannes', @@ -33,9 +36,12 @@ public function testSessionLessRememberMeLogout() $this->assertNull($cookieJar->get('REMEMBERME')); } - public function testCsrfTokensAreClearedOnLogout() + /** + * @dataProvider provideSecuritySystems + */ + public function testCsrfTokensAreClearedOnLogout(array $options) { - $client = $this->createClient(['test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']); + $client = $this->createClient($options + ['test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']); static::$container->get('security.csrf.token_storage')->setToken('foo', 'bar'); $client->request('POST', '/login', [ @@ -51,9 +57,12 @@ public function testCsrfTokensAreClearedOnLogout() $this->assertFalse(static::$container->get('security.csrf.token_storage')->hasToken('foo')); } - public function testAccessControlDoesNotApplyOnLogout() + /** + * @dataProvider provideSecuritySystems + */ + public function testAccessControlDoesNotApplyOnLogout(array $options) { - $client = $this->createClient(['test_case' => 'LogoutAccess', 'root_config' => 'config.yml']); + $client = $this->createClient($options + ['test_case' => 'LogoutAccess', 'root_config' => 'config.yml']); $client->request('POST', '/login', ['_username' => 'johannes', '_password' => 'test']); $client->request('GET', '/logout'); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php index 0303f1b4eeff..6bb05400b703 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php @@ -14,33 +14,33 @@ class SecurityRoutingIntegrationTest extends AbstractWebTestCase { /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testRoutingErrorIsNotExposedForProtectedResourceWhenAnonymous($config) + public function testRoutingErrorIsNotExposedForProtectedResourceWhenAnonymous(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $client->request('GET', '/protected_resource'); $this->assertRedirect($client->getResponse(), '/login'); } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testRoutingErrorIsExposedWhenNotProtected($config) + public function testRoutingErrorIsExposedWhenNotProtected(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $client->request('GET', '/unprotected_resource'); $this->assertEquals(404, $client->getResponse()->getStatusCode(), (string) $client->getResponse()); } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testRoutingErrorIsNotExposedForProtectedResourceWhenLoggedInWithInsufficientRights($config) + public function testRoutingErrorIsNotExposedForProtectedResourceWhenLoggedInWithInsufficientRights(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config]); + $client = $this->createClient($options); $form = $client->request('GET', '/login')->selectButton('login')->form(); $form['_username'] = 'johannes'; @@ -53,38 +53,38 @@ public function testRoutingErrorIsNotExposedForProtectedResourceWhenLoggedInWith } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testSecurityConfigurationForSingleIPAddress($config) + public function testSecurityConfigurationForSingleIPAddress(array $options) { - $allowedClient = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], ['REMOTE_ADDR' => '10.10.10.10']); + $allowedClient = $this->createClient($options, ['REMOTE_ADDR' => '10.10.10.10']); $this->ensureKernelShutdown(); - $barredClient = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], ['REMOTE_ADDR' => '10.10.20.10']); + $barredClient = $this->createClient($options, ['REMOTE_ADDR' => '10.10.20.10']); $this->assertAllowed($allowedClient, '/secured-by-one-ip'); $this->assertRestricted($barredClient, '/secured-by-one-ip'); } /** - * @dataProvider getConfigs + * @dataProvider provideClientOptions */ - public function testSecurityConfigurationForMultipleIPAddresses($config) + public function testSecurityConfigurationForMultipleIPAddresses(array $options) { - $allowedClientA = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], ['REMOTE_ADDR' => '1.1.1.1']); + $allowedClientA = $this->createClient($options, ['REMOTE_ADDR' => '1.1.1.1']); $this->ensureKernelShutdown(); - $allowedClientB = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], ['REMOTE_ADDR' => '2.2.2.2']); + $allowedClientB = $this->createClient($options, ['REMOTE_ADDR' => '2.2.2.2']); $this->ensureKernelShutdown(); - $allowedClientC = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], ['REMOTE_ADDR' => '203.0.113.0']); + $allowedClientC = $this->createClient($options, ['REMOTE_ADDR' => '203.0.113.0']); $this->ensureKernelShutdown(); - $barredClient = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], ['REMOTE_ADDR' => '192.168.1.1']); + $barredClient = $this->createClient($options, ['REMOTE_ADDR' => '192.168.1.1']); $this->assertAllowed($allowedClientA, '/secured-by-two-ips'); $this->assertAllowed($allowedClientB, '/secured-by-two-ips'); @@ -97,19 +97,19 @@ public function testSecurityConfigurationForMultipleIPAddresses($config) } /** - * @dataProvider getConfigs + * @dataProvider provideConfigs */ - public function testSecurityConfigurationForExpression($config) + public function testSecurityConfigurationForExpression(array $options) { - $allowedClient = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], ['HTTP_USER_AGENT' => 'Firefox 1.0']); + $allowedClient = $this->createClient($options, ['HTTP_USER_AGENT' => 'Firefox 1.0']); $this->assertAllowed($allowedClient, '/protected-via-expression'); $this->ensureKernelShutdown(); - $barredClient = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], []); + $barredClient = $this->createClient($options, []); $this->assertRestricted($barredClient, '/protected-via-expression'); $this->ensureKernelShutdown(); - $allowedClient = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => $config], []); + $allowedClient = $this->createClient($options, []); $allowedClient->request('GET', '/protected-via-expression'); $form = $allowedClient->followRedirect()->selectButton('login')->form(); @@ -120,18 +120,24 @@ public function testSecurityConfigurationForExpression($config) $this->assertAllowed($allowedClient, '/protected-via-expression'); } - public function testInvalidIpsInAccessControl() + /** + * @dataProvider provideSecuritySystems + */ + public function testInvalidIpsInAccessControl(array $options) { $this->expectException(\LogicException::class); $this->expectExceptionMessage('The given value "256.357.458.559" in the "security.access_control" config option is not a valid IP address.'); - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml']); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml'] + $options); $client->request('GET', '/unprotected_resource'); } - public function testPublicHomepage() + /** + * @dataProvider provideSecuritySystems + */ + public function testPublicHomepage(array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml']); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml'] + $options); $client->request('GET', '/en/'); $this->assertEquals(200, $client->getResponse()->getStatusCode(), (string) $client->getResponse()); @@ -151,8 +157,17 @@ private function assertRestricted($client, $path) $this->assertEquals(302, $client->getResponse()->getStatusCode()); } - public function getConfigs() + public function provideClientOptions() + { + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]]; + } + + public function provideConfigs() { - return [['config.yml'], ['routes_as_path.yml']]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml']]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml']]; } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php index 183b1ad8c4ef..194a1d7886dc 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php @@ -19,9 +19,9 @@ class SwitchUserTest extends AbstractWebTestCase /** * @dataProvider getTestParameters */ - public function testSwitchUser($originalUser, $targetUser, $expectedUser, $expectedStatus) + public function testSwitchUser($originalUser, $authenticatorManagerEnabled, $targetUser, $expectedUser, $expectedStatus) { - $client = $this->createAuthenticatedClient($originalUser); + $client = $this->createAuthenticatedClient($originalUser, ['enable_authenticator_manager' => $authenticatorManagerEnabled]); $client->request('GET', '/profile?_switch_user='.$targetUser); @@ -29,9 +29,12 @@ public function testSwitchUser($originalUser, $targetUser, $expectedUser, $expec $this->assertEquals($expectedUser, $client->getProfile()->getCollector('security')->getUser()); } - public function testSwitchedUserCanSwitchToOther() + /** + * @dataProvider provideSecuritySystems + */ + public function testSwitchedUserCanSwitchToOther(array $options) { - $client = $this->createAuthenticatedClient('user_can_switch'); + $client = $this->createAuthenticatedClient('user_can_switch', $options); $client->request('GET', '/profile?_switch_user=user_cannot_switch_1'); $client->request('GET', '/profile?_switch_user=user_cannot_switch_2'); @@ -40,9 +43,12 @@ public function testSwitchedUserCanSwitchToOther() $this->assertEquals('user_cannot_switch_2', $client->getProfile()->getCollector('security')->getUser()); } - public function testSwitchedUserExit() + /** + * @dataProvider provideSecuritySystems + */ + public function testSwitchedUserExit(array $options) { - $client = $this->createAuthenticatedClient('user_can_switch'); + $client = $this->createAuthenticatedClient('user_can_switch', $options); $client->request('GET', '/profile?_switch_user=user_cannot_switch_1'); $client->request('GET', '/profile?_switch_user='.SwitchUserListener::EXIT_VALUE); @@ -51,9 +57,12 @@ public function testSwitchedUserExit() $this->assertEquals('user_can_switch', $client->getProfile()->getCollector('security')->getUser()); } - public function testSwitchUserStateless() + /** + * @dataProvider provideSecuritySystems + */ + public function testSwitchUserStateless(array $options) { - $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'switchuser_stateless.yml']); + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'switchuser_stateless.yml'] + $options); $client->request('POST', '/chk', [], [], ['HTTP_X_SWITCH_USER' => 'dunglas', 'CONTENT_TYPE' => 'application/json'], '{"user": {"login": "user_can_switch", "password": "test"}}'); $response = $client->getResponse(); @@ -66,16 +75,20 @@ public function testSwitchUserStateless() public function getTestParameters() { return [ - 'unauthorized_user_cannot_switch' => ['user_cannot_switch_1', 'user_cannot_switch_1', 'user_cannot_switch_1', 403], - 'authorized_user_can_switch' => ['user_can_switch', 'user_cannot_switch_1', 'user_cannot_switch_1', 200], - 'authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', 'user_does_not_exist', 'user_can_switch', 403], - 'authorized_user_can_switch_to_himself' => ['user_can_switch', 'user_can_switch', 'user_can_switch', 200], + 'unauthorized_user_cannot_switch' => ['user_cannot_switch_1', true, 'user_cannot_switch_1', 'user_cannot_switch_1', 403], + 'legacy_unauthorized_user_cannot_switch' => ['user_cannot_switch_1', false, 'user_cannot_switch_1', 'user_cannot_switch_1', 403], + 'authorized_user_can_switch' => ['user_can_switch', true, 'user_cannot_switch_1', 'user_cannot_switch_1', 200], + 'legacy_authorized_user_can_switch' => ['user_can_switch', false, 'user_cannot_switch_1', 'user_cannot_switch_1', 200], + 'authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', true, 'user_does_not_exist', 'user_can_switch', 403], + 'legacy_authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', false, 'user_does_not_exist', 'user_can_switch', 403], + 'authorized_user_can_switch_to_himself' => ['user_can_switch', true, 'user_can_switch', 'user_can_switch', 200], + 'legacy_authorized_user_can_switch_to_himself' => ['user_can_switch', false, 'user_can_switch', 'user_can_switch', 200], ]; } - protected function createAuthenticatedClient($username) + protected function createAuthenticatedClient($username, array $options = []) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'switchuser.yml']); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'switchuser.yml'] + $options); $client->followRedirects(true); $form = $client->request('GET', '/login')->selectButton('login')->form(); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AppKernel.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AppKernel.php index 8e622282c2c1..72d23f03f30f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AppKernel.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AppKernel.php @@ -25,8 +25,9 @@ class AppKernel extends Kernel private $varDir; private $testCase; private $rootConfig; + private $authenticatorManagerEnabled; - public function __construct($varDir, $testCase, $rootConfig, $environment, $debug) + public function __construct($varDir, $testCase, $rootConfig, $environment, $debug, $authenticatorManagerEnabled = false) { if (!is_dir(__DIR__.'/'.$testCase)) { throw new \InvalidArgumentException(sprintf('The test case "%s" does not exist.', $testCase)); @@ -39,6 +40,7 @@ public function __construct($varDir, $testCase, $rootConfig, $environment, $debu throw new \InvalidArgumentException(sprintf('The root config "%s" does not exist.', $rootConfig)); } $this->rootConfig = $rootConfig; + $this->authenticatorManagerEnabled = $authenticatorManagerEnabled; parent::__construct($environment, $debug); } @@ -48,7 +50,7 @@ public function __construct($varDir, $testCase, $rootConfig, $environment, $debu */ public function getContainerClass(): string { - return parent::getContainerClass().substr(md5($this->rootConfig), -16); + return parent::getContainerClass().substr(md5($this->rootConfig.$this->authenticatorManagerEnabled), -16); } public function registerBundles(): iterable @@ -78,6 +80,14 @@ public function getLogDir(): string public function registerContainerConfiguration(LoaderInterface $loader) { $loader->load($this->rootConfig); + + if ($this->authenticatorManagerEnabled) { + $loader->load(function ($container) { + $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, + ]); + }); + } } public function serialize() diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/ClearRememberMe/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/ClearRememberMe/config.yml index a0ed6f8e1e15..274ef3320413 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/ClearRememberMe/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/ClearRememberMe/config.yml @@ -19,7 +19,6 @@ security: remember_me: always_remember_me: true secret: key - anonymous: ~ access_control: - { path: ^/foo, roles: ROLE_USER } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/ClearRememberMe/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/ClearRememberMe/legacy_config.yml new file mode 100644 index 000000000000..5dfc17386954 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/ClearRememberMe/legacy_config.yml @@ -0,0 +1,7 @@ +imports: + - { resource: ./config.yml } + +security: + firewalls: + default: + anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml new file mode 100644 index 000000000000..d6a80d505947 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml @@ -0,0 +1,44 @@ +imports: + - { resource: ./../config/default.yml } + +services: + csrf_form_login.form.type: + class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\CsrfFormLoginBundle\Form\UserLoginType + arguments: + - '@request_stack' + tags: + - { name: form.type } + +security: + encoders: + Symfony\Component\Security\Core\User\User: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + + firewalls: + # This firewall doesn't make sense in combination with the rest of the + # configuration file, but it's here for testing purposes (do not use + # this file in a real world scenario though) + login_form: + pattern: ^/login$ + security: false + + default: + form_login: + check_path: /login_check + default_target_path: /profile + target_path_parameter: "user_login[_target_path]" + failure_path_parameter: "user_login[_failure_path]" + username_parameter: "user_login[username]" + password_parameter: "user_login[password]" + logout: + path: /logout_path + target: / + csrf_token_generator: security.csrf.token_manager + + access_control: + - { path: .*, roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml index 5a00ac329895..98ba0eb5326a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml @@ -1,47 +1,9 @@ imports: - - { resource: ./../config/default.yml } - -services: - csrf_form_login.form.type: - class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\CsrfFormLoginBundle\Form\UserLoginType - arguments: - - '@request_stack' - tags: - - { name: form.type } + - { resource: ./base_config.yml } security: - encoders: - Symfony\Component\Security\Core\User\User: plaintext - - providers: - in_memory: - memory: - users: - johannes: { password: test, roles: [ROLE_USER] } - firewalls: - # This firewall doesn't make sense in combination with the rest of the - # configuration file, but it's here for testing purposes (do not use - # this file in a real world scenario though) - login_form: - pattern: ^/login$ - security: false - default: form_login: - check_path: /login_check - default_target_path: /profile - target_path_parameter: "user_login[_target_path]" - failure_path_parameter: "user_login[_failure_path]" - username_parameter: "user_login[username]" - password_parameter: "user_login[password]" + enable_csrf: true csrf_parameter: "user_login[_token]" - csrf_token_generator: security.csrf.token_manager - anonymous: ~ - logout: - path: /logout_path - target: / - csrf_token_generator: security.csrf.token_manager - - access_control: - - { path: .*, roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_config.yml new file mode 100644 index 000000000000..832579f64376 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_config.yml @@ -0,0 +1,10 @@ +imports: + - { resource: ./base_config.yml } + +security: + firewalls: + default: + form_login: + csrf_token_generator: security.csrf.token_manager + csrf_parameter: "user_login[_token]" + anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_routes_as_path.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_routes_as_path.yml new file mode 100644 index 000000000000..14ea6c0e5f1e --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_routes_as_path.yml @@ -0,0 +1,13 @@ +imports: + - { resource: ./legacy_config.yml } + +security: + firewalls: + default: + form_login: + login_path: form_login + check_path: form_login_check + default_target_path: form_login_default_target_path + logout: + path: form_logout + target: form_login_homepage diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml index 43bb399bce6a..302d7382762d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml @@ -19,8 +19,6 @@ security: pattern: ^/secure/ http_basic: { realm: "Secure Gateway API" } entry_point: firewall_entry_point.entry_point.stub - default: - anonymous: ~ access_control: - { path: ^/secure/, roles: ROLE_SECURE } providers: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml index 3522f27f1389..055fcee19bd9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml @@ -17,7 +17,6 @@ security: firewalls: main: pattern: ^/ - anonymous: true json_login: check_path: /chk username_path: user.login diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml index e15e203c626c..c5076cce6fc2 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml @@ -14,7 +14,6 @@ security: firewalls: main: pattern: ^/ - anonymous: true json_login: check_path: /chk username_path: user.login diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/config.yml index 2e20735b8023..f49d2f292b77 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/config.yml @@ -18,7 +18,6 @@ security: remember_me: true require_previous_session: false logout: ~ - anonymous: ~ stateless: true access_control: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml index 9e5563fea519..9d92ac82c3c6 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml @@ -22,5 +22,4 @@ security: secret: secret logout: invalidate_session: false - anonymous: ~ stateless: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeLogout/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeLogout/config.yml index 78857765160d..7f334ffcaee2 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeLogout/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeLogout/config.yml @@ -26,5 +26,4 @@ security: always_remember_me: true secret: key logout: ~ - anonymous: ~ stateless: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml index 7fc9f1217425..328242d27972 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml @@ -27,13 +27,11 @@ security: check_path: /login_check default_target_path: /profile logout: ~ - anonymous: ~ lazy: true # This firewall is here just to check its the logout functionality second_area: http_basic: ~ - anonymous: ~ logout: target: /second/target path: /second/logout diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml index cc6503affb26..c9fe56e56c73 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml @@ -15,7 +15,6 @@ security: default: form_login: ~ logout: ~ - anonymous: ~ access_control: # the '256.357.458.559' IP is wrong on purpose, to check invalid IP errors diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_config.yml new file mode 100644 index 000000000000..41a607ca0335 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_config.yml @@ -0,0 +1,9 @@ +imports: + - { resource: ./config.yml } + +security: + firewalls: + default: + anonymous: ~ + second_area: + anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_form_failure_handler.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_form_failure_handler.yml new file mode 100644 index 000000000000..470623410106 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_form_failure_handler.yml @@ -0,0 +1,7 @@ +imports: + - { resource: ./localized_form_failure_handler.yml } + +security: + firewalls: + default: + anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes.yml new file mode 100644 index 000000000000..df5da8cec9bf --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes.yml @@ -0,0 +1,7 @@ +imports: + - { resource: ./localized_routes.yml } + +security: + firewalls: + default: + anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_routes_as_path.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_routes_as_path.yml new file mode 100644 index 000000000000..14ea6c0e5f1e --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_routes_as_path.yml @@ -0,0 +1,13 @@ +imports: + - { resource: ./legacy_config.yml } + +security: + firewalls: + default: + form_login: + login_path: form_login + check_path: form_login_check + default_target_path: form_login_default_target_path + logout: + path: form_logout + target: form_login_homepage diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml index e01ed369b1f5..ced854a6819c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml @@ -17,4 +17,3 @@ security: login_path: localized_login_path check_path: localized_check_path failure_handler: localized_form_failure_handler - anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml index 5251fd1d93de..b07be914d45f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml @@ -20,7 +20,6 @@ security: logout: path: localized_logout_path target: localized_logout_target_path - anonymous: ~ access_control: - { path: '^/(?:[a-z]{2})/secure/.*', roles: ROLE_USER } diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index c1603160dd0c..7b2575a51f10 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -26,7 +26,7 @@ "symfony/security-core": "^5.1", "symfony/security-csrf": "^4.4|^5.0", "symfony/security-guard": "^5.1", - "symfony/security-http": "^5.1" + "symfony/security-http": "^5.1,>=5.1.2" }, "require-dev": { "doctrine/doctrine-bundle": "^2.0", diff --git a/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php index d165fbceb191..b277082a846d 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php +++ b/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php @@ -79,7 +79,14 @@ public function supports(Request $request): ?bool public function authenticate(Request $request): PassportInterface { - $credentials = $this->getCredentials($request); + try { + $credentials = $this->getCredentials($request); + } catch (BadRequestHttpException $e) { + $request->setRequestFormat('json'); + + throw $e; + } + $user = $this->userProvider->loadUserByUsername($credentials['username']); if (!$user instanceof UserInterface) { throw new AuthenticationServiceException('The user provider must return a UserInterface object.');