IBX-8140: Enabled authenticator manager-based security

ibexa · May 9, 2024 · 0f2c44c · 0f2c44c
1 parent c97c8e0
commit 0f2c44c
Show file tree

Hide file tree

Showing 14 changed files with 75 additions and 1,101 deletions.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -625,11 +625,6 @@ parameters:
 			count: 1
 			path: src/bundle/Core/DependencyInjection/Compiler/RouterPass.php
 
-		-
-			message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\DependencyInjection\\\\Compiler\\\\SecurityPass\\:\\:process\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php
-
 		-
 			message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\DependencyInjection\\\\Compiler\\\\SessionConfigurationPass\\:\\:process\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -3320,16 +3315,6 @@ parameters:
 			count: 1
 			path: src/bundle/Core/Fragment/InlineFragmentRenderer.php
 
-		-
-			message: "#^Call to an undefined method Symfony\\\\Component\\\\DependencyInjection\\\\Extension\\\\ExtensionInterface\\:\\:addSecurityListenerFactory\\(\\)\\.$#"
-			count: 1
-			path: src/bundle/Core/IbexaCoreBundle.php
-
-		-
-			message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\IbexaCoreBundle\\:\\:build\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/bundle/Core/IbexaCoreBundle.php
-
 		-
 			message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\Imagine\\\\AliasCleaner\\:\\:removeAliases\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -12225,21 +12210,6 @@ parameters:
 			count: 1
 			path: src/lib/MVC/Symfony/Routing/UrlWildcardRouter.php
 
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProvider\\:\\:setConfigResolver\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProvider.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProvider\\:\\:setPermissionResolver\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProvider.php
-
-		-
-			message: "#^Parameter \\#3 \\$firewallName of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\DetermineTargetUrlEvent constructor expects string, string\\|null given\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php
-
 		-
 			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\RememberMeRepositoryAuthenticationProvider\\:\\:setPermissionResolver\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -12325,31 +12295,6 @@ parameters:
 			count: 1
 			path: src/lib/MVC/Symfony/Security/Authorization/Voter/ValueObjectVoter.php
 
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:__construct\\(\\) has parameter \\$fragmentPath with no type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:checkSiteAccessPermission\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:isMasterRequest\\(\\) has parameter \\$requestType with no type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:onInteractiveLogin\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:onKernelRequest\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php
-
 		-
 			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Exception\\\\UnauthorizedSiteAccessException\\:\\:__construct\\(\\) has parameter \\$username with no type specified\\.$#"
 			count: 1
@@ -12395,26 +12340,6 @@ parameters:
 			count: 1
 			path: src/lib/MVC/Symfony/Security/InteractiveLoginToken.php
 
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:__construct\\(\\) has parameter \\$roles with no value type specified in iterable type array\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/User.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:eraseCredentials\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/User.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:getSalt\\(\\) should return string but returns null\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/User.php
-
-		-
-			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:setAPIUser\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: src/lib/MVC/Symfony/Security/User.php
-
 		-
 			message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\\\EmailProvider\\:\\:loadUserByUsername\\(\\) has parameter \\$user with no type specified\\.$#"
 			count: 1
@@ -47275,16 +47200,6 @@ parameters:
 			count: 1
 			path: tests/lib/MVC/Symfony/Routing/UrlAliasRouterTest.php
 
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProviderTest\\:\\:testAuthenticate\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProviderTest.php
-
-		-
-			message: "#^Parameter \\#1 \\$configResolver of method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProvider\\:\\:setConfigResolver\\(\\) expects Ibexa\\\\Contracts\\\\Core\\\\SiteAccess\\\\ConfigResolverInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProviderTest.php
-
 		-
 			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\DefaultAuthenticationSuccessHandlerTest\\:\\:testSetConfigResolver\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -47395,111 +47310,6 @@ parameters:
 			count: 1
 			path: tests/lib/MVC/Symfony/Security/Authentication/RepositoryAuthenticationProviderTest.php
 
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:generateListener\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessNoSiteAccess\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessNotEzUser\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessPermissionDenied\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessPermissionGranted\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testGetSubscribedEvents\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnInteractiveLogin\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnInteractiveLoginAlreadyEzUser\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnInteractiveLoginNotUserObject\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestAccessDenied\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestAccessGranted\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestLoginRoute\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestNoSiteAccess\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestNullToken\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestSubRequest\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestSubRequestFragment\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Parameter \\#3 \\$configResolver of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Ibexa\\\\Contracts\\\\Core\\\\SiteAccess\\\\ConfigResolverInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Parameter \\#4 \\$eventDispatcher of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Symfony\\\\Component\\\\EventDispatcher\\\\EventDispatcherInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Parameter \\#5 \\$tokenStorage of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Symfony\\\\Component\\\\Security\\\\Core\\\\Authentication\\\\Token\\\\Storage\\\\TokenStorageInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject&Symfony\\\\Component\\\\Security\\\\Core\\\\Authorization\\\\AuthorizationCheckerInterface given\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Parameter \\#6 \\$authorizationChecker of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Symfony\\\\Component\\\\Security\\\\Core\\\\Authorization\\\\AuthorizationCheckerInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
-		-
-			message: "#^Property Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:\\$tokenStorage \\(PHPUnit\\\\Framework\\\\MockObject\\\\MockObject&Symfony\\\\Component\\\\Security\\\\Core\\\\Authorization\\\\AuthorizationCheckerInterface\\) does not accept PHPUnit\\\\Framework\\\\MockObject\\\\MockObject&Symfony\\\\Component\\\\Security\\\\Core\\\\Authentication\\\\Token\\\\Storage\\\\TokenStorageInterface\\.$#"
-			count: 1
-			path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php
-
 		-
 			message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\HttpUtilsTest\\:\\:checkRequestPathProvider\\(\\) has no return type specified\\.$#"
 			count: 1

diff --git a/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php b/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php
@@ -7,12 +7,9 @@
 namespace Ibexa\Bundle\Core\DependencyInjection\Compiler;
 
 use Ibexa\Contracts\Core\Repository\PermissionResolver;
-use Ibexa\Contracts\Core\Repository\UserService;
-use Ibexa\Core\MVC\Symfony\Security\Authentication\AnonymousAuthenticationProvider;
 use Ibexa\Core\MVC\Symfony\Security\Authentication\DefaultAuthenticationSuccessHandler;
 use Ibexa\Core\MVC\Symfony\Security\Authentication\GuardRepositoryAuthenticationProvider;
 use Ibexa\Core\MVC\Symfony\Security\Authentication\RememberMeRepositoryAuthenticationProvider;
-use Ibexa\Core\MVC\Symfony\Security\Authentication\RepositoryAuthenticationProvider;
 use Ibexa\Core\MVC\Symfony\Security\HttpUtils;
 use Ibexa\Core\MVC\Symfony\SiteAccess;
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
@@ -21,52 +18,25 @@
 
 /**
  * Security related compiler pass.
- * Manipulates Symfony core security services to adapt them to eZ security needs.
+ * Manipulates Symfony core security services to adapt them to Ibexa security needs.
  */
-class SecurityPass implements CompilerPassInterface
+final class SecurityPass implements CompilerPassInterface
 {
-    public const CONSTANT_AUTH_TIME_SETTING = 'ibexa.security.authentication.constant_auth_time';
+    public const string CONSTANT_AUTH_TIME_SETTING = 'ibexa.security.authentication.constant_auth_time';
 
-    public const CONSTANT_AUTH_TIME_DEFAULT = 1.0;
+    public const float CONSTANT_AUTH_TIME_DEFAULT = 1.0;
 
-    public function process(ContainerBuilder $container)
+    public function process(ContainerBuilder $container): void
     {
-        if (!($container->hasDefinition('security.authentication.provider.dao') &&
-              $container->hasDefinition('security.authentication.provider.rememberme') &&
-              $container->hasDefinition('security.authentication.provider.guard') &&
-              $container->hasDefinition('security.authentication.provider.anonymous'))) {
+        if (
+            !$container->hasDefinition('security.authentication.provider.rememberme') ||
+            !$container->hasDefinition('security.authentication.provider.guard')
+        ) {
             return;
         }
 
         $configResolverRef = new Reference('ibexa.config.resolver');
         $permissionResolverRef = new Reference(PermissionResolver::class);
-        $userServiceRef = new Reference(UserService::class);
-        $loggerRef = new Reference('logger');
-
-        // Override and inject the Repository in the authentication provider.
-        // We need it for checking user credentials
-        $daoAuthenticationProviderDef = $container->findDefinition('security.authentication.provider.dao');
-        $daoAuthenticationProviderDef->setClass(RepositoryAuthenticationProvider::class);
-        $daoAuthenticationProviderDef->addMethodCall(
-            'setPermissionResolver',
-            [$permissionResolverRef]
-        );
-        $daoAuthenticationProviderDef->addMethodCall(
-            'setUserService',
-            [$userServiceRef]
-        );
-        $daoAuthenticationProviderDef->addMethodCall(
-            'setConstantAuthTime',
-            [
-                $container->hasParameter(self::CONSTANT_AUTH_TIME_SETTING) ?
-                (float)$container->getParameter(self::CONSTANT_AUTH_TIME_SETTING) :
-                self::CONSTANT_AUTH_TIME_DEFAULT,
-            ]
-        );
-        $daoAuthenticationProviderDef->addMethodCall(
-            'setLogger',
-            [$loggerRef]
-        );
 
         $rememberMeAuthenticationProviderDef = $container->findDefinition('security.authentication.provider.rememberme');
         $rememberMeAuthenticationProviderDef->setClass(RememberMeRepositoryAuthenticationProvider::class);
@@ -82,18 +52,6 @@ public function process(ContainerBuilder $container)
             [$permissionResolverRef]
         );
 
-        $anonymousAuthenticationProviderDef = $container->findDefinition('security.authentication.provider.anonymous');
-        $anonymousAuthenticationProviderDef->setClass(AnonymousAuthenticationProvider::class);
-        $anonymousAuthenticationProviderDef->addMethodCall(
-            'setPermissionResolver',
-            [$permissionResolverRef]
-        );
-
-        $anonymousAuthenticationProviderDef->addMethodCall(
-            'setConfigResolver',
-            [$configResolverRef]
-        );
-
         if (!$container->hasDefinition('security.http_utils')) {
             return;
         }
@@ -119,7 +77,9 @@ public function process(ContainerBuilder $container)
             'setEventDispatcher',
             [new Reference('event_dispatcher')]
         );
+        $successHandlerDef->addMethodCall(
+            'setPermissionResolver',
+            [$permissionResolverRef]
+        );
     }
 }
-
-class_alias(SecurityPass::class, 'eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Compiler\SecurityPass');
diff --git a/src/bundle/Core/DependencyInjection/Security/HttpBasicFactory.php b/src/bundle/Core/DependencyInjection/Security/HttpBasicFactory.php