Add functional test & fix reviews

Author: chalasr

Security/Security.php

@@ -22,11 +22,15 @@
 /**
  * Helper class for commonly-needed security tasks.
  *
+ * @author Ryan Weaver <ryan@symfonycasts.com>
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ * @author Arnaud Frézet <arnaud@larriereguichet.fr>
+ *
  * @final
  */
 class Security extends LegacySecurity
 {
-    public function __construct(private ContainerInterface $container, private array $authenticators = [])
+    public function __construct(private readonly ContainerInterface $container, private readonly array $authenticators = [])
     {
         parent::__construct($container, false);
     }
@@ -36,14 +40,21 @@ public function getFirewallConfig(Request $request): ?FirewallConfig
         return $this->container->get('security.firewall.map')->getFirewallConfig($request);
     }
 
+    /**
+     * @param UserInterface $user              The user to authenticate
+     * @param string|null   $authenticatorName The authenticator name (e.g. "form_login") or service id (e.g. SomeApiKeyAuthenticator::class) - required only if multiple authenticators are configured
+     * @param string|null   $firewallName      The firewall name - required only if multiple firewalls are configured
+     */
     public function login(UserInterface $user, string $authenticatorName = null, string $firewallName = null): void
     {
         $request = $this->container->get('request_stack')->getCurrentRequest();
+        $firewallName ??= $this->getFirewallConfig($request)?->getName();
 
-        if (!class_exists(AuthenticatorInterface::class)) {
-            throw new \LogicException('Security HTTP is missing. Try running "composer require symfony/security-http".');
+        if (!$firewallName) {
+            throw new LogicException('Unable to login as the current route is not covered by any firewall.');
         }
-        $authenticator = $this->getAuthenticator($authenticatorName, $firewallName ?? $this->getFirewallName($request));
+
+        $authenticator = $this->getAuthenticator($authenticatorName, $firewallName);
 
         $this->container->get('security.user_checker')->checkPreAuth($user);
         $this->container->get('security.user_authenticator')->authenticateUser($user, $authenticator, $request);
@@ -54,39 +65,33 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa
         if (!\array_key_exists($firewallName, $this->authenticators)) {
             throw new LogicException(sprintf('No authenticators found for firewall "%s".', $firewallName));
         }
+
         /** @var ServiceProviderInterface $firewallAuthenticatorLocator */
         $firewallAuthenticatorLocator = $this->authenticators[$firewallName];
 
         if (!$authenticatorName) {
             $authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices());
 
             if (!$authenticatorIds) {
-                throw new LogicException('No authenticator was found for the firewall "%s".');
+                throw new LogicException(sprintf('No authenticator was found for the firewall "%s".', $firewallName));
             }
-
             if (1 < \count($authenticatorIds)) {
                 throw new LogicException(sprintf('Too much authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds)));
             }
 
             return $firewallAuthenticatorLocator->get($authenticatorIds[0]);
         }
-        $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName;
 
-        if (!$firewallAuthenticatorLocator->has($authenticatorId)) {
-            throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Try to pass a firewall name in the Security::login() method.', $authenticatorName, $firewallName));
+        if ($firewallAuthenticatorLocator->has($authenticatorName)) {
+            return $firewallAuthenticatorLocator->get($authenticatorName);
         }
 
-        return $firewallAuthenticatorLocator->get($authenticatorId);
-    }
-
-    private function getFirewallName(Request $request): string
-    {
-        $firewall = $this->container->get('security.firewall.map')->getFirewallConfig($request);
+        $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName;
 
-        if (null === $firewall) {
-            throw new LogicException('No firewall found as the current route is not covered by any firewall.');
+        if (!$firewallAuthenticatorLocator->has($authenticatorId)) {
+            throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Available authenticators: "%s".', $authenticatorName, implode('", "', $firewallAuthenticatorLocator->getProvidedServices())));
         }
 
-        return $firewall->getName();
+        return $firewallAuthenticatorLocator->get($authenticatorId);
     }
 }

Tests/Functional/SecurityTest.php

@@ -12,7 +12,9 @@
 namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
 
 use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Bundle\SecurityBundle\Security\Security;
 use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\ArrayUserProvider;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\User\InMemoryUser;
@@ -81,6 +83,22 @@ public function userWillBeMarkedAsChangedIfRolesHasChangedProvider()
             ],
         ];
     }
+
+    /**
+     * @testWith    ["json_login"]
+     *              ["Symfony\\Bundle\\SecurityBundle\\Tests\\Functional\\Bundle\\AuthenticatorBundle\\ApiAuthenticator"]
+     */
+    public function testLoginWithBuiltInAuthenticator(string $authenticator)
+    {
+        $client = $this->createClient(['test_case' => 'SecurityHelper', 'root_config' => 'config.yml', 'debug' => true]);
+        static::getContainer()->get(WelcomeController::class)->authenticator = $authenticator;
+        $client->request('GET', '/welcome');
+        $response = $client->getResponse();
+
+        $this->assertInstanceOf(JsonResponse::class, $response);
+        $this->assertSame(200, $response->getStatusCode());
+        $this->assertSame(['message' => 'Welcome @chalasr!'], json_decode($response->getContent(), true));
+    }
 }
 
 final class UserWithoutEquatable implements UserInterface, PasswordAuthenticatedUserInterface
@@ -189,3 +207,20 @@ public function eraseCredentials(): void
     {
     }
 }
+
+class WelcomeController
+{
+    public $authenticator = 'json_login';
+
+    public function __construct(private Security $security)
+    {
+    }
+
+    public function welcome()
+    {
+        $user = new InMemoryUser('chalasr', '', ['ROLE_USER']);
+        $this->security->login($user, $this->authenticator);
+
+        return new JsonResponse(['message' => sprintf('Welcome @%s!', $this->security->getUser()->getUserIdentifier())]);
+    }
+}

Tests/Functional/app/SecurityHelper/config.yml

@@ -11,6 +11,12 @@ services:
         alias: security.token_storage
         public: true
 
+    Symfony\Bundle\SecurityBundle\Tests\Functional\WelcomeController:
+        arguments: ['@security.helper']
+        public: true
+
+    Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator: ~
+
 security:
     enable_authenticator_manager: true
     providers:
@@ -20,3 +26,11 @@ security:
 
     firewalls:
         default:
+            json_login:
+                username_path: user.login
+                password_path: user.password
+            custom_authenticators:
+                - 'Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator'
+
+    access_control:
+        - { path: ^/foo, roles: PUBLIC_ACCESS }

Tests/Functional/app/SecurityHelper/routing.yml

@@ -0,0 +1,3 @@
+welcome:
+    path: /welcome
+    defaults: { _controller: Symfony\Bundle\SecurityBundle\Tests\Functional\WelcomeController::welcome }

Tests/Security/SecurityTest.php

@@ -18,11 +18,17 @@
 use Symfony\Bundle\SecurityBundle\Security\Security;
 use Symfony\Component\DependencyInjection\ServiceLocator;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
+use Symfony\Contracts\Service\ServiceProviderInterface;
 
 class SecurityTest extends TestCase
 {
@@ -111,6 +117,52 @@ public function getFirewallConfigTests()
         yield [$request, new FirewallConfig('main', 'acme_user_checker')];
     }
 
+    public function testAutoLogin()
+    {
+        $request = new Request();
+        $authenticator = $this->createMock(AuthenticatorInterface::class);
+        $requestStack = $this->createMock(RequestStack::class);
+        $firewallMap = $this->createMock(FirewallMap::class);
+        $firewall = new FirewallConfig('main', 'main');
+        $userAuthenticator = $this->createMock(UserAuthenticatorInterface::class);
+        $user = $this->createMock(UserInterface::class);
+        $userChecker = $this->createMock(UserCheckerInterface::class);
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+                ['security.firewall.map', $firewallMap],
+                ['security.user_authenticator', $userAuthenticator],
+                ['security.user_checker', $userChecker],
+            ])
+        ;
+
+        $requestStack->expects($this->once())->method('getCurrentRequest')->willReturn($request);
+        $firewallMap->expects($this->once())->method('getFirewallConfig')->willReturn($firewall);
+        $userAuthenticator->expects($this->once())->method('authenticateUser')->with($user, $authenticator, $request);
+        $userChecker->expects($this->once())->method('checkPreAuth')->with($user);
+
+        $firewallAuthenticatorLocator = $this->createMock(ServiceProviderInterface::class);
+        $firewallAuthenticatorLocator
+            ->expects($this->once())
+            ->method('getProvidedServices')
+            ->willReturn(['security.authenticator.custom.dev' => $authenticator])
+        ;
+        $firewallAuthenticatorLocator
+            ->expects($this->once())
+            ->method('get')
+            ->with('security.authenticator.custom.dev')
+            ->willReturn($authenticator)
+        ;
+
+        $security = new Security($container, ['main' => $firewallAuthenticatorLocator]);
+
+        $security->login($user);
+    }
+
     private function createContainer(string $serviceId, object $serviceObject): ContainerInterface
     {
         return new ServiceLocator([$serviceId => fn () => $serviceObject]);