[Security] Move the Security helper to SecurityBundle

Author: chalasr

CHANGELOG.md

@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+6.2
+---
+
+ * Add the `Security` helper class
+
 6.1
 ---
 

Resources/config/security.php

@@ -17,6 +17,7 @@
 use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
 use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
 use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
+use Symfony\Bundle\SecurityBundle\Security\Security;
 use Symfony\Component\Ldap\Security\LdapUserProvider;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
@@ -33,7 +34,6 @@
 use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
-use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\InMemoryUserChecker;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;

Security/Security.php

@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Security;
+
+use Psr\Container\ContainerInterface;
+use Symfony\Component\Security\Core\Security as LegacySecurity;
+
+/**
+ * Helper class for commonly-needed security tasks.
+ *
+ * @final
+ */
+class Security extends LegacySecurity
+{
+    public function __construct(ContainerInterface $container)
+    {
+        parent::__construct($container, false);
+    }
+}

Tests/Functional/Bundle/AuthenticatorBundle/LoginFormAuthenticator.php

@@ -16,11 +16,11 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Component\Security\Http\Util\TargetPathTrait;
 
 class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
@@ -39,7 +39,7 @@ public function authenticate(Request $request): Passport
     {
         $username = $request->request->get('_username', '');
 
-        $request->getSession()->set(Security::LAST_USERNAME, $username);
+        $request->getSession()->set(SecurityRequestAttributes::LAST_USERNAME, $username);
 
         return new Passport(
             new UserBadge($username),

Tests/Functional/Bundle/CsrfFormLoginBundle/Form/UserLoginType.php

@@ -18,7 +18,7 @@
 use Symfony\Component\Form\FormEvents;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\OptionsResolver\OptionsResolver;
-use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 
 /**
  * Form type for use with the Security component's form-based authentication
@@ -55,18 +55,18 @@ public function buildForm(FormBuilderInterface $builder, array $options)
          * session for an authentication error and last username.
          */
         $builder->addEventListener(FormEvents::PRE_SET_DATA, function (FormEvent $event) use ($request) {
-            if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
-                $error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
+            if ($request->attributes->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {
+                $error = $request->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
             } else {
-                $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);
+                $error = $request->getSession()->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
             }
 
             if ($error) {
                 $event->getForm()->addError(new FormError($error->getMessage()));
             }
 
             $event->setData(array_replace((array) $event->getData(), [
-                'username' => $request->getSession()->get(Security::LAST_USERNAME),
+                'username' => $request->getSession()->get(SecurityRequestAttributes::LAST_USERNAME),
             ]));
         });
     }

Tests/Functional/Bundle/FormLoginBundle/Controller/LocalizedController.php

@@ -14,7 +14,7 @@
 use Psr\Container\ContainerInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Contracts\Service\ServiceSubscriberInterface;
 use Twig\Environment;
 
@@ -30,15 +30,15 @@ public function __construct(ContainerInterface $container)
     public function loginAction(Request $request)
     {
         // get the login error if there is one
-        if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
-            $error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
+        if ($request->attributes->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {
+            $error = $request->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
         } else {
-            $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);
+            $error = $request->getSession()->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
         }
 
         return new Response($this->container->get('twig')->render('@FormLogin/Localized/login.html.twig', [
             // last username entered by the user
-            'last_username' => $request->getSession()->get(Security::LAST_USERNAME),
+            'last_username' => $request->getSession()->get(SecurityRequestAttributes::LAST_USERNAME),
             'error' => $error,
         ]));
     }

Tests/Functional/Bundle/FormLoginBundle/Controller/LoginController.php

@@ -15,8 +15,8 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
-use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Contracts\Service\ServiceSubscriberInterface;
 use Twig\Environment;
 
@@ -32,15 +32,15 @@ public function __construct(ContainerInterface $container)
     public function loginAction(Request $request, UserInterface $user = null)
     {
         // get the login error if there is one
-        if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
-            $error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
+        if ($request->attributes->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {
+            $error = $request->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
         } else {
-            $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);
+            $error = $request->getSession()->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
         }
 
         return new Response($this->container->get('twig')->render('@FormLogin/Login/login.html.twig', [
             // last username entered by the user
-            'last_username' => $request->getSession()->get(Security::LAST_USERNAME),
+            'last_username' => $request->getSession()->get(SecurityRequestAttributes::LAST_USERNAME),
             'error' => $error,
         ]));
     }

Tests/Security/SecurityTest.php

@@ -0,0 +1,89 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Security;
+
+use PHPUnit\Framework\TestCase;
+use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\Security;
+use Symfony\Component\DependencyInjection\ServiceLocator;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+
+class SecurityTest extends TestCase
+{
+    public function testGetToken()
+    {
+        $token = new UsernamePasswordToken(new InMemoryUser('foo', 'bar'), 'provider');
+        $tokenStorage = $this->createMock(TokenStorageInterface::class);
+
+        $tokenStorage->expects($this->once())
+            ->method('getToken')
+            ->willReturn($token);
+
+        $container = $this->createContainer('security.token_storage', $tokenStorage);
+
+        $security = new Security($container);
+        $this->assertSame($token, $security->getToken());
+    }
+
+    /**
+     * @dataProvider getUserTests
+     */
+    public function testGetUser($userInToken, $expectedUser)
+    {
+        $token = $this->createMock(TokenInterface::class);
+        $token->expects($this->any())
+            ->method('getUser')
+            ->willReturn($userInToken);
+        $tokenStorage = $this->createMock(TokenStorageInterface::class);
+
+        $tokenStorage->expects($this->once())
+            ->method('getToken')
+            ->willReturn($token);
+
+        $container = $this->createContainer('security.token_storage', $tokenStorage);
+
+        $security = new Security($container);
+        $this->assertSame($expectedUser, $security->getUser());
+    }
+
+    public function getUserTests()
+    {
+        yield [null, null];
+
+        $user = new InMemoryUser('nice_user', 'foo');
+        yield [$user, $user];
+    }
+
+    public function testIsGranted()
+    {
+        $authorizationChecker = $this->createMock(AuthorizationCheckerInterface::class);
+
+        $authorizationChecker->expects($this->once())
+            ->method('isGranted')
+            ->with('SOME_ATTRIBUTE', 'SOME_SUBJECT')
+            ->willReturn(true);
+
+        $container = $this->createContainer('security.authorization_checker', $authorizationChecker);
+
+        $security = new Security($container);
+        $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
+    }
+
+    private function createContainer(string $serviceId, object $serviceObject): ContainerInterface
+    {
+        return new ServiceLocator([$serviceId => fn () => $serviceObject]);
+    }
+}

composer.json

@@ -27,7 +27,7 @@
         "symfony/password-hasher": "^5.4|^6.0",
         "symfony/security-core": "^5.4|^6.0",
         "symfony/security-csrf": "^5.4|^6.0",
-        "symfony/security-http": "^5.4|^6.0"
+        "symfony/security-http": "^6.2"
     },
     "require-dev": {
         "doctrine/annotations": "^1.10.4",