Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SecurityBundle] Set translator in AccessTokenAuthenticator in Security bundle config #54734

Open
wants to merge 9 commits into
base: 6.4
Choose a base branch
from
Open

[SecurityBundle] Set translator in AccessTokenAuthenticator in Security bundle config #54734

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
6057d99
set translator in AccessTokenAuthenticator in Security bundle config
dwgebler Apr 25, 2024
a57d25f
translate errors in access token handler but revert if non-ascii chars
dwgebler Apr 25, 2024
23746cf
fabpot code style lint fix
dwgebler Apr 25, 2024
7d3e87a
replace mb check with preg_match to avoid mbstring dependency
dwgebler Apr 25, 2024
727c32a
emit deprecation on non-ascii translation
dwgebler Apr 29, 2024
097a044
lint fix
dwgebler Apr 29, 2024
1dabbb8
add group legacy annotation
dwgebler Apr 29, 2024
7e36370
lint fix
dwgebler Apr 29, 2024
16bc9da
lint fix
dwgebler Apr 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_access_token.php
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@
null,
null,
])
->call('setTranslator', [service('translator')->ignoreOnInvalid()])

->set('security.authenticator.access_token.chain_extractor', ChainAccessTokenExtractor::class)
->abstract()
Expand Down
7 changes: 7 additions & 0 deletions src/Symfony/Component/Security/Http/Authenticator/AccessTokenAuthenticator.php
View file
Open in desktop
Expand Up @@ -84,6 +84,13 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio

if (null !== $this->translator) {
$errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
if (preg_match('/[^\x00-\x7F]/', $errorMessage)) {
trigger_deprecation(
'symfony/security-http',
'6.4',
'Using non-ASCII characters in the error message is deprecated. Use ASCII characters only.'
);
}
} else {
$errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
}
Expand Down
78 changes: 78 additions & 0 deletions src/Symfony/Component/Security/Http/Tests/Authenticator/AccessTokenAuthenticatorTest.php
View file
Open in desktop
Expand Up @@ -13,6 +13,7 @@

use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\User\InMemoryUser;
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
Expand All @@ -22,6 +23,7 @@
use Symfony\Component\Security\Http\Authenticator\AccessTokenAuthenticator;
use Symfony\Component\Security\Http\Authenticator\FallbackUserLoader;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Contracts\Translation\TranslatorInterface;

class AccessTokenAuthenticatorTest extends TestCase
{
Expand All @@ -36,6 +38,82 @@ protected function setUp(): void
$this->userProvider = new InMemoryUserProvider(['test' => ['password' => 's$cr$t']]);
}

public function testOnAuthenticationFailureWithTranslatorTranslatesErrorMessage()
{
$request = Request::create('/test');

$this->accessTokenExtractor
->expects($this->once())
->method('extractAccessToken')
->with($request)
->willReturn(null);

$authenticator = new AccessTokenAuthenticator(
$this->accessTokenHandler,
$this->accessTokenExtractor,
$this->userProvider,
);

$translator = $this->createMock(TranslatorInterface::class);
$translator
->expects($this->once())
->method('trans')
->with('Invalid credentials.')
->willReturn('Credenciales invalidas.');

$authenticator->setTranslator($translator);

$response = null;
try {
$authenticator->authenticate($request);
} catch (BadCredentialsException $e) {
$response = $authenticator->onAuthenticationFailure($request, $e);
}
$this->assertInstanceOf(Response::class, $response);
$this->assertSame('Bearer error="invalid_token",error_description="Credenciales invalidas."', $response->headers->get('WWW-Authenticate'));
}

/**
* @group legacy
*
* @expectedDeprecation Since symfony/security-http 6.4: Using non-ASCII characters in the error message is deprecated. Use ASCII characters only.
*/
public function testOnAuthenticationFailureWithTranslatorThrowsDeprecationWhenTranslatedMessageContainsNonAscii()
{
$request = Request::create('/test');

$this->accessTokenExtractor
->expects($this->once())
->method('extractAccessToken')
->with($request)
->willReturn(null);

$authenticator = new AccessTokenAuthenticator(
$this->accessTokenHandler,
$this->accessTokenExtractor,
$this->userProvider,
);

$nonAsciiString = 'Credenciales inválidas.';
$translator = $this->createMock(TranslatorInterface::class);
$translator
->expects($this->once())
->method('trans')
->with('Invalid credentials.')
->willReturn($nonAsciiString);

$authenticator->setTranslator($translator);

$response = null;
try {
$authenticator->authenticate($request);
} catch (BadCredentialsException $e) {
$response = $authenticator->onAuthenticationFailure($request, $e);
}
$this->assertInstanceOf(Response::class, $response);
$this->assertSame('Bearer error="invalid_token",error_description="Credenciales inválidas."', $response->headers->get('WWW-Authenticate'));
}

public function testAuthenticateWithoutAccessToken()
{
$this->expectException(BadCredentialsException::class);
Expand Down