Merge branch '5.3' into 5.4

chalasr · chalasr · commit b47dbb37ce4f · 2021-09-26T21:04:13.000+02:00
* 5.3:
  [SecurityBundle] Fixed LogicException message of FirewallAwareTrait
  [LDAP] Fix resource type checks &amp; docblocks on PHP 8.1
  Fix Redis replication on Redis &lt;5
  Fix decorating non-entrypoint authenticators
  [Ldap] Make LdapAuthenticator an EntryPoint
diff --git a/Adapter/ExtLdap/Connection.php b/Adapter/ExtLdap/Connection.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Ldap\Adapter\ExtLdap;
 
+use LDAP\Connection as LDAPConnection;
 use Symfony\Component\Ldap\Adapter\AbstractConnection;
 use Symfony\Component\Ldap\Exception\AlreadyExistsException;
 use Symfony\Component\Ldap\Exception\ConnectionException;
@@ -32,7 +33,7 @@ class Connection extends AbstractConnection
     /** @var bool */
     private $bound = false;
 
-    /** @var resource */
+    /** @var resource|LDAPConnection */
     private $connection;
 
     /**
@@ -89,9 +90,7 @@ public function bind(string $dn = null, string $password = null)
     }
 
     /**
-     * Returns a link resource.
-     *
-     * @return resource
+     * @return resource|LDAPConnection
      *
      * @internal
      */
@@ -165,7 +164,7 @@ private function connect()
 
     private function disconnect()
     {
-        if ($this->connection && \is_resource($this->connection)) {
+        if ($this->connection) {
             ldap_unbind($this->connection);
         }
 
diff --git a/Adapter/ExtLdap/Query.php b/Adapter/ExtLdap/Query.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Ldap\Adapter\ExtLdap;
 
+use LDAP\Connection as LDAPConnection;
+use LDAP\Result;
 use Symfony\Component\Ldap\Adapter\AbstractQuery;
 use Symfony\Component\Ldap\Exception\LdapException;
 use Symfony\Component\Ldap\Exception\NotBoundException;
@@ -24,7 +26,10 @@ class Query extends AbstractQuery
     // As of PHP 7.2, we can use LDAP_CONTROL_PAGEDRESULTS instead of this
     public const PAGINATION_OID = '1.2.840.113556.1.4.319';
 
-    /** @var resource[] */
+    /** @var Connection */
+    protected $connection;
+
+    /** @var resource[]|Result[] */
     private $results;
 
     /** @var array */
@@ -153,7 +158,7 @@ public function execute()
      * Returns an LDAP search resource. If this query resulted in multiple searches, only the first
      * page will be returned.
      *
-     * @return resource|null
+     * @return resource|Result|null
      *
      * @internal
      */
@@ -165,7 +170,7 @@ public function getResource(int $idx = 0)
     /**
      * Returns all LDAP search resources.
      *
-     * @return resource[]
+     * @return resource[]|Result[]
      *
      * @internal
      */
@@ -208,7 +213,7 @@ private function resetPagination()
     /**
      * Sets LDAP pagination controls.
      *
-     * @param resource $con
+     * @param resource|LDAPConnection $con
      */
     private function controlPagedResult($con, int $pageSize, bool $critical, string $cookie): bool
     {
@@ -232,8 +237,8 @@ private function controlPagedResult($con, int $pageSize, bool $critical, string
     /**
      * Retrieve LDAP pagination cookie.
      *
-     * @param resource $con
-     * @param resource $result
+     * @param resource|LDAPConnection $con
+     * @param resource|Result         $result
      */
     private function controlPagedResultResponse($con, $result, string $cookie = ''): string
     {
@@ -250,9 +255,9 @@ private function controlPagedResultResponse($con, $result, string $cookie = ''):
     /**
      * Calls actual LDAP search function with the prepared options and parameters.
      *
-     * @param resource $con
+     * @param resource|LDAPConnection $con
      *
-     * @return resource|false
+     * @return resource|Result|false
      */
     private function callSearchFunction($con, callable $func, int $sizeLimit)
     {
diff --git a/Security/LdapAuthenticator.php b/Security/LdapAuthenticator.php
@@ -17,7 +17,10 @@
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\Exception\NotAnEntryPointException;
 
 /**
  * This class decorates internal authenticators to add the LDAP integration.
@@ -30,7 +33,7 @@
  *
  * @final
  */
-class LdapAuthenticator implements AuthenticatorInterface
+class LdapAuthenticator implements AuthenticationEntryPointInterface, InteractiveAuthenticatorInterface
 {
     private $authenticator;
     private $ldapServiceId;
@@ -90,4 +93,22 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio
     {
         return $this->authenticator->onAuthenticationFailure($request, $exception);
     }
+
+    public function start(Request $request, AuthenticationException $authException = null): Response
+    {
+        if (!$this->authenticator instanceof AuthenticationEntryPointInterface) {
+            throw new NotAnEntryPointException(sprintf('Decorated authenticator "%s" does not implement interface "%s".', get_debug_type($this->authenticator), AuthenticationEntryPointInterface::class));
+        }
+
+        return $this->authenticator->start($request, $authException);
+    }
+
+    public function isInteractive(): bool
+    {
+        if ($this->authenticator instanceof InteractiveAuthenticatorInterface) {
+            return $this->authenticator->isInteractive();
+        }
+
+        return false;
+    }
 }
