[SecurityBundle] Create a smooth upgrade path for security factories

Author: wouterj

CHANGELOG.md

@@ -4,6 +4,11 @@ CHANGELOG
 5.4
 ---
 
+ * Deprecate `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of
+   `AuthenticatorFactoryInterface` and `SecurityExtension::addAuthenticatorFactory()`
+ * Add `AuthenticatorFactoryInterface::getPriority()` which replaces `SecurityFactoryInterface::getPosition()`
+ * Deprecate passing an array of arrays as 1st argument to `MainConfiguration`, pass a sorted flat array of
+   factories instead.
  * Deprecate the `always_authenticate_before_granting` option
 
 5.3

DependencyInjection/MainConfiguration.php

@@ -12,6 +12,8 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
 
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 use Symfony\Component\Config\Definition\ConfigurationInterface;
@@ -31,8 +33,17 @@ class MainConfiguration implements ConfigurationInterface
     private $factories;
     private $userProviderFactories;
 
+    /**
+     * @param (SecurityFactoryInterface|AuthenticatorFactoryInterface)[] $factories
+     */
     public function __construct(array $factories, array $userProviderFactories)
     {
+        if (\is_array(current($factories))) {
+            trigger_deprecation('symfony/security-bundle', '5.4', 'Passing an array of arrays as 1st argument to "%s" is deprecated, pass a sorted array of factories instead.', __METHOD__);
+
+            $factories = array_merge(...array_values($factories));
+        }
+
         $this->factories = $factories;
         $this->userProviderFactories = $userProviderFactories;
     }
@@ -297,19 +308,17 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
         ;
 
         $abstractFactoryKeys = [];
-        foreach ($factories as $factoriesAtPosition) {
-            foreach ($factoriesAtPosition as $factory) {
-                $name = str_replace('-', '_', $factory->getKey());
-                $factoryNode = $firewallNodeBuilder->arrayNode($name)
-                    ->canBeUnset()
-                ;
-
-                if ($factory instanceof AbstractFactory) {
-                    $abstractFactoryKeys[] = $name;
-                }
-
-                $factory->addConfiguration($factoryNode);
+        foreach ($factories as $factory) {
+            $name = str_replace('-', '_', $factory->getKey());
+            $factoryNode = $firewallNodeBuilder->arrayNode($name)
+                ->canBeUnset()
+            ;
+
+            if ($factory instanceof AbstractFactory) {
+                $abstractFactoryKeys[] = $name;
             }
+
+            $factory->addConfiguration($factoryNode);
         }
 
         // check for unreachable check paths

DependencyInjection/Security/Factory/AnonymousFactory.php

@@ -52,6 +52,11 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
         throw new InvalidConfigurationException(sprintf('The authenticator manager no longer has "anonymous" security. Please remove this option under the "%s" firewall'.($config['lazy'] ? ' and add "lazy: true"' : '').'.', $firewallName));
     }
 
+    public function getPriority()
+    {
+        return -60;
+    }
+
     public function getPosition()
     {
         return 'anonymous';

DependencyInjection/Security/Factory/AuthenticatorFactoryInterface.php

@@ -11,9 +11,12 @@
 
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
+use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 
 /**
+ * @method int getPriority() defines the position at which the authenticator is called
+ *
  * @author Wouter de Jong <wouter@wouterj.nl>
  */
 interface AuthenticatorFactoryInterface
@@ -24,4 +27,14 @@ interface AuthenticatorFactoryInterface
      * @return string|string[] The authenticator service ID(s) to be used by the firewall
      */
     public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId);
+
+    /**
+     * Defines the configuration key used to reference the authenticator
+     * in the firewall configuration.
+     *
+     * @return string
+     */
+    public function getKey();
+
+    public function addConfiguration(NodeDefinition $builder);
 }

DependencyInjection/Security/Factory/CustomAuthenticatorFactory.php

@@ -27,6 +27,11 @@ public function create(ContainerBuilder $container, string $id, array $config, s
         throw new \LogicException('Custom authenticators are not supported when "security.enable_authenticator_manager" is not set to true.');
     }
 
+    public function getPriority(): int
+    {
+        return 0;
+    }
+
     public function getPosition(): string
     {
         return 'pre_auth';

DependencyInjection/Security/Factory/FormLoginFactory.php

@@ -27,6 +27,8 @@
  */
 class FormLoginFactory extends AbstractFactory implements AuthenticatorFactoryInterface
 {
+    public const PRIORITY = -30;
+
     public function __construct()
     {
         $this->addOption('username_parameter', '_username');
@@ -37,6 +39,11 @@ public function __construct()
         $this->addOption('post_only', true);
     }
 
+    public function getPriority(): int
+    {
+        return self::PRIORITY;
+    }
+
     public function getPosition()
     {
         return 'form';

DependencyInjection/Security/Factory/GuardAuthenticationFactory.php

@@ -34,6 +34,11 @@ public function getPosition()
         return 'pre_auth';
     }
 
+    public function getPriority(): int
+    {
+        return 0;
+    }
+
     public function getKey()
     {
         return 'guard';

DependencyInjection/Security/Factory/HttpBasicFactory.php

@@ -25,6 +25,8 @@
  */
 class HttpBasicFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
 {
+    public const PRIORITY = -50;
+
     public function create(ContainerBuilder $container, string $id, array $config, string $userProvider, ?string $defaultEntryPoint)
     {
         $provider = 'security.authentication.provider.dao.'.$id;
@@ -66,6 +68,11 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
         return $authenticatorId;
     }
 
+    public function getPriority(): int
+    {
+        return self::PRIORITY;
+    }
+
     public function getPosition()
     {
         return 'http';

DependencyInjection/Security/Factory/JsonLoginFactory.php

@@ -24,6 +24,8 @@
  */
 class JsonLoginFactory extends AbstractFactory implements AuthenticatorFactoryInterface
 {
+    public const PRIORITY = -40;
+
     public function __construct()
     {
         $this->addOption('username_path', 'username');
@@ -32,6 +34,11 @@ public function __construct()
         $this->defaultSuccessHandlerOptions = [];
     }
 
+    public function getPriority(): int
+    {
+        return self::PRIORITY;
+    }
+
     /**
      * {@inheritdoc}
      */

DependencyInjection/Security/Factory/LoginLinkFactory.php

@@ -27,6 +27,8 @@
  */
 class LoginLinkFactory extends AbstractFactory implements AuthenticatorFactoryInterface
 {
+    public const PRIORITY = -20;
+
     public function addConfiguration(NodeDefinition $node)
     {
         /** @var NodeBuilder $builder */
@@ -147,6 +149,11 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
         return $authenticatorId;
     }
 
+    public function getPriority(): int
+    {
+        return self::PRIORITY;
+    }
+
     public function getPosition()
     {
         return 'form';