[HttpFoundation] Extract request matchers for better reusability

fabpot · fabpot · commit 7996efe7b1bf · 2022-09-17T18:12:58.000+02:00
diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php
@@ -33,7 +33,13 @@
 use Symfony\Component\EventDispatcher\EventDispatcher;
 use Symfony\Component\ExpressionLanguage\Expression;
 use Symfony\Component\ExpressionLanguage\ExpressionLanguage;
-use Symfony\Component\HttpFoundation\RequestMatcher;
+use Symfony\Component\HttpFoundation\ChainRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\AttributesRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\HostRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\IpsRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\PathRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\PortRequestMatcher;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 use Symfony\Component\HttpKernel\KernelEvents;
 use Symfony\Component\PasswordHasher\Hasher\NativePasswordHasher;
@@ -893,7 +899,7 @@ private function createRequestMatcher(ContainerBuilder $container, string $path
             $methods = array_map('strtoupper', $methods);
         }
 
-        if (null !== $ips) {
+        if ($ips) {
             foreach ($ips as $ip) {
                 $container->resolveEnvPlaceholders($ip, null, $usedEnvs);
 
@@ -905,22 +911,58 @@ private function createRequestMatcher(ContainerBuilder $container, string $path
             }
         }
 
-        $id = '.security.request_matcher.'.ContainerBuilder::hash([$path, $host, $port, $methods, $ips, $attributes]);
+        $id = '.security.request_matcher.'.ContainerBuilder::hash([ChainRequestMatcher::class, $path, $host, $port, $methods, $ips, $attributes]);
 
         if (isset($this->requestMatchers[$id])) {
             return $this->requestMatchers[$id];
         }
 
-        // only add arguments that are necessary
-        $arguments = [$path, $host, $methods, $ips, $attributes, null, $port];
-        while (\count($arguments) > 0 && !end($arguments)) {
-            array_pop($arguments);
+        $arguments = [];
+        if ($methods) {
+            if (!$container->hasDefinition($lid = '.security.request_matcher.'.ContainerBuilder::hash([MethodRequestMatcher::class, $methods]))) {
+                $container->register($lid, MethodRequestMatcher::class)->setArguments([$methods]);
+            }
+            $arguments[] = new Reference($lid);
+        }
+
+        if ($path) {
+            if (!$container->hasDefinition($lid = '.security.request_matcher.'.ContainerBuilder::hash([PathRequestMatcher::class, $path]))) {
+                $container->register($lid, PathRequestMatcher::class)->setArguments([$path]);
+            }
+            $arguments[] = new Reference($lid);
+        }
+
+        if ($host) {
+            if (!$container->hasDefinition($lid = '.security.request_matcher.'.ContainerBuilder::hash([HostRequestMatcher::class, $host]))) {
+                $container->register($lid, HostRequestMatcher::class)->setArguments([$host]);
+            }
+            $arguments[] = new Reference($lid);
+        }
+
+        if ($ips) {
+            if (!$container->hasDefinition($lid = '.security.request_matcher.'.ContainerBuilder::hash([IpsRequestMatcher::class, $ips]))) {
+                $container->register($lid, IpsRequestMatcher::class)->setArguments([$ips]);
+            }
+            $arguments[] = new Reference($lid);
+        }
+
+        if ($attributes) {
+            if (!$container->hasDefinition($lid = '.security.request_matcher.'.ContainerBuilder::hash([AttributesRequestMatcher::class, $attributes]))) {
+                $container->register($lid, AttributesRequestMatcher::class)->setArguments([$attributes]);
+            }
+            $arguments[] = new Reference($lid);
+        }
+
+        if ($port) {
+            if (!$container->hasDefinition($lid = '.security.request_matcher.'.ContainerBuilder::hash([PortRequestMatcher::class, $port]))) {
+                $container->register($lid, PortRequestMatcher::class)->setArguments([$port]);
+            }
+            $arguments[] = new Reference($lid);
         }
 
         $container
-            ->register($id, RequestMatcher::class)
-            ->setPublic(false)
-            ->setArguments($arguments)
+            ->register($id, ChainRequestMatcher::class)
+            ->setArguments([$arguments])
         ;
 
         return $this->requestMatchers[$id] = new Reference($id);
diff --git a/Tests/DependencyInjection/CompleteConfigurationTest.php b/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -19,6 +19,10 @@
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Definition;
 use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\HttpFoundation\RequestMatcher\HostRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\PathRequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\PortRequestMatcher;
 use Symfony\Component\PasswordHasher\Hasher\NativePasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\Pbkdf2PasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\PlaintextPasswordHasher;
@@ -131,7 +135,7 @@ public function testFirewalls()
             [
                 'simple',
                 'security.user_checker',
-                '.security.request_matcher.xmi9dcw',
+                '.security.request_matcher.h5ibf38',
                 false,
                 false,
                 '',
@@ -180,7 +184,7 @@ public function testFirewalls()
             [
                 'host',
                 'security.user_checker',
-                '.security.request_matcher.iw4hyjb',
+                '.security.request_matcher.bcmu4fb',
                 true,
                 false,
                 'security.user.provider.concrete.default',
@@ -248,20 +252,27 @@ public function testFirewallRequestMatchers()
         foreach ($arguments[1]->getValues() as $reference) {
             if ($reference instanceof Reference) {
                 $definition = $container->getDefinition((string) $reference);
-                $matchers[] = $definition->getArguments();
+                $matchers[] = $definition->getArgument(0);
             }
         }
 
-        $this->assertEquals([
-            [
-                '/login',
-            ],
-            [
-                '/test',
-                'foo\\.example\\.org',
-                ['GET', 'POST'],
-            ],
-        ], $matchers);
+        $this->assertCount(2, $matchers);
+
+        $this->assertCount(1, $matchers[0]);
+        $def = $container->getDefinition((string) $matchers[0][0]);
+        $this->assertSame(PathRequestMatcher::class, $def->getClass());
+        $this->assertSame('/login', $def->getArgument(0));
+
+        $this->assertCount(3, $matchers[1]);
+        $def = $container->getDefinition((string) $matchers[1][0]);
+        $this->assertSame(MethodRequestMatcher::class, $def->getClass());
+        $this->assertSame(['GET', 'POST'], $def->getArgument(0));
+        $def = $container->getDefinition((string) $matchers[1][1]);
+        $this->assertSame(PathRequestMatcher::class, $def->getClass());
+        $this->assertSame('/test', $def->getArgument(0));
+        $def = $container->getDefinition((string) $matchers[1][2]);
+        $this->assertSame(HostRequestMatcher::class, $def->getClass());
+        $this->assertSame('foo\\.example\\.org', $def->getArgument(0));
     }
 
     public function testUserCheckerAliasIsRegistered()
@@ -294,17 +305,23 @@ public function testAccess()
             if (1 === $i) {
                 $this->assertEquals(['ROLE_USER'], $attributes);
                 $this->assertEquals('https', $channel);
-                $this->assertEquals(
-                    ['/blog/524', null, ['GET', 'POST'], [], [], null, 8000],
-                    $requestMatcher->getArguments()
-                );
+                $this->assertCount(3, $requestMatcher->getArgument(0));
+                $def = $container->getDefinition((string) $requestMatcher->getArgument(0)[0]);
+                $this->assertSame(MethodRequestMatcher::class, $def->getClass());
+                $this->assertSame(['GET', 'POST'], $def->getArgument(0));
+                $def = $container->getDefinition((string) $requestMatcher->getArgument(0)[1]);
+                $this->assertSame(PathRequestMatcher::class, $def->getClass());
+                $this->assertSame('/blog/524', $def->getArgument(0));
+                $def = $container->getDefinition((string) $requestMatcher->getArgument(0)[2]);
+                $this->assertSame(PortRequestMatcher::class, $def->getClass());
+                $this->assertSame(8000, $def->getArgument(0));
             } elseif (2 === $i) {
                 $this->assertEquals(['IS_AUTHENTICATED_ANONYMOUSLY'], $attributes);
                 $this->assertNull($channel);
-                $this->assertEquals(
-                    ['/blog/.*'],
-                    $requestMatcher->getArguments()
-                );
+                $this->assertCount(1, $requestMatcher->getArgument(0));
+                $def = $container->getDefinition((string) $requestMatcher->getArgument(0)[0]);
+                $this->assertSame(PathRequestMatcher::class, $def->getClass());
+                $this->assertSame('/blog/.*', $def->getArgument(0));
             } elseif (3 === $i) {
                 $this->assertEquals('IS_AUTHENTICATED_ANONYMOUSLY', $attributes[0]);
                 $expression = $container->getDefinition((string) $attributes[1])->getArgument(0);
diff --git a/Tests/DependencyInjection/SecurityExtensionTest.php b/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -26,7 +26,7 @@
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\ExpressionLanguage\Expression;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\RequestMatcher;
+use Symfony\Component\HttpFoundation\RequestMatcher\PathRequestMatcher;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
@@ -256,7 +256,7 @@ public function testRegisterAccessControlWithSpecifiedRequestMatcherService()
         $container = $this->getRawContainer();
 
         $requestMatcherId = 'My\Test\RequestMatcher';
-        $requestMatcher = new RequestMatcher('/');
+        $requestMatcher = new PathRequestMatcher('/');
         $container->set($requestMatcherId, $requestMatcher);
 
         $container->loadFromExtension('security', [
@@ -291,7 +291,7 @@ public function testRegisterAccessControlWithRequestMatcherAndAdditionalOptionsT
         $container = $this->getRawContainer();
 
         $requestMatcherId = 'My\Test\RequestMatcher';
-        $requestMatcher = new RequestMatcher('/');
+        $requestMatcher = new PathRequestMatcher('/');
         $container->set($requestMatcherId, $requestMatcher);
 
         $container->loadFromExtension('security', [
diff --git a/composer.json b/composer.json
@@ -23,7 +23,7 @@
         "symfony/dependency-injection": "^6.2",
         "symfony/event-dispatcher": "^5.4|^6.0",
         "symfony/http-kernel": "^6.2",
-        "symfony/http-foundation": "^5.4|^6.0",
+        "symfony/http-foundation": "^6.2",
         "symfony/password-hasher": "^5.4|^6.0",
         "symfony/security-core": "^6.2",
         "symfony/security-csrf": "^5.4|^6.0",
