[WSSE] - Using a PSR6 cache instead of file cache #6617
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -127,7 +127,7 @@ set an authenticated token in the token storage if successful. | |
|
|
||
| public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager) | ||
| { | ||
| $this->tokenStorage = $tokenStorage; | ||
| $this->authenticationManager = $authenticationManager; | ||
| } | ||
|
|
||
|
|
@@ -208,6 +208,7 @@ the ``PasswordDigest`` header value matches with the user's password. | |
| // src/AppBundle/Security/Authentication/Provider/WsseProvider.php | ||
| namespace AppBundle\Security\Authentication\Provider; | ||
|
|
||
| use Psr\Cache\CacheItemPoolInterface; | ||
| use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; | ||
| use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
| use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
|
|
@@ -218,12 +219,12 @@ the ``PasswordDigest`` header value matches with the user's password. | |
| class WsseProvider implements AuthenticationProviderInterface | ||
| { | ||
| private $userProvider; | ||
| private $cachePool; | ||
|
|
||
| public function __construct(UserProviderInterface $userProvider, CacheItemPoolInterface $cachePool) | ||
|
There was a problem hiding this comment. Imo we should type hint against the AdapterInterface from the Cache component. This way we can inject cache adapters defined through the There was a problem hiding this comment. No. We should not type hint against AdapterInterface. We want to use the PSR. Becasue we do not want to force the user to use Symfonys cache component. Let's use the strength of the PSRs. :) There was a problem hiding this comment. AdapterInterface extends the PSR ones, so no problem here and indeed: Let's be as generic as possible There was a problem hiding this comment. You are right. There's no need to require the more specialised interface here. |
||
| { | ||
| $this->userProvider = $userProvider; | ||
| $this->cachePool = $cachePool; | ||
| } | ||
|
|
||
| public function authenticate(TokenInterface $token) | ||
|
|
@@ -258,19 +259,18 @@ the ``PasswordDigest`` header value matches with the user's password. | |
| return false; | ||
| } | ||
|
|
||
| // Try to fetch the cache item from pool | ||
| $cacheItem = $this->cachePool->getItem(md5($nonce)); | ||
|
|
||
| // Validate that the nonce is *not* in cache | ||
| // if it is, this could be a replay attack | ||
| if ($cacheItem->isHit()) { | ||
| throw new NonceExpiredException('Previously used nonce detected'); | ||
| } | ||
|
|
||
| // Store the item in cache for 5 minutes | ||
| $cacheItem->set(null)->expiresAfter(300); | ||
| $this->cachePool->save($cacheItem); | ||
|
|
||
| // Validate Secret | ||
| $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | ||
|
|
@@ -411,7 +411,7 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider`` | |
| class: AppBundle\Security\Authentication\Provider\WsseProvider | ||
| arguments: | ||
| - '' # User Provider | ||
| - '@cache' | ||
|
There was a problem hiding this comment. We should inject the |
||
| public: false | ||
|
|
||
| wsse.security.authentication.listener: | ||
|
|
@@ -433,7 +433,7 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider`` | |
| public="false" | ||
| > | ||
| <argument /> <!-- User Provider --> | ||
| <argument type="service" id="cache"></argument> | ||
| </service> | ||
|
|
||
| <service id="wsse.security.authentication.listener" | ||
|
|
@@ -456,7 +456,7 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider`` | |
| 'AppBundle\Security\Authentication\Provider\WsseProvider', | ||
| array( | ||
| '', // User Provider | ||
| new Reference('cache'), | ||
| ) | ||
| ); | ||
| $definition->setPublic(false); | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please revert this change (we do not align assignments in Symfony).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry. I looked at the other constructor on this page where you do align it. I'll revert it. Thank you.