Merge branch '2.x'

* 2.x:
  deprecate the access denied listener

Author: xabbuh

CHANGELOG.md

@@ -172,6 +172,7 @@ CHANGELOG
   in 3.0
 * deprecated the following options:
 
+  * `fos_rest.access_denied_listener`
   * `fos_rest.exception.exception_controller`
   * `fos_rest.exception.exception_listener`
   * `fos_rest.exception.service`
@@ -192,6 +193,7 @@ CHANGELOG
   * `FOS\RestBundle\Controller\ExceptionController`
   * `FOS\RestBundle\Controller\TemplatingExceptionController`
   * `FOS\RestBundle\Controller\TwigExceptionController`
+  * `FOS\RestBundle\EventListener\AccessDeniedListener`
   * `FOS\RestBundle\EventListener\ExceptionListener`
   * `FOS\RestBundle\Inflector\DoctrineInflector`
   * `FOS\RestBundle\Inflector\InflectorInterface`
@@ -209,6 +211,7 @@ CHANGELOG
 
 * the following services and aliases are marked as `deprecated`, they will be removed in  3.0:
 
+  * `fos_rest.access_denied_listener`
   * `fos_rest.exception_listener`
   * `fos_rest.exception.controller`
   * `fos_rest.exception.twig_controller`

DependencyInjection/Configuration.php

@@ -49,6 +49,7 @@ public function getConfigTreeBuilder(): TreeBuilder
                 ->scalarNode('disable_csrf_role')->defaultNull()->end()
                 ->arrayNode('access_denied_listener')
                     ->canBeEnabled()
+                    ->setDeprecated('The "%path%.%node%" option is deprecated since FOSRestBundle 2.8.')
                     ->beforeNormalization()
                         ->ifArray()->then(function ($v) {
                             if (!empty($v) && empty($v['formats'])) {

EventListener/AccessDeniedListener.php

@@ -11,6 +11,8 @@
 
 namespace FOS\RestBundle\EventListener;
 
+@trigger_error(sprintf('The %s\AccessDeniedListener class is deprecated since FOSRestBundle 2.8.', __NAMESPACE__), E_USER_DEPRECATED);
+
 use FOS\RestBundle\FOSRestBundle;
 use Symfony\Component\HttpKernel\Event\ExceptionEvent;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

Resources/config/access_denied_listener.xml

@@ -11,6 +11,7 @@
             <tag name="monolog.logger" channel="request" />
             <argument type="collection" /> <!-- formats -->
             <argument /> <!-- unauthorized challenge -->
+            <deprecated>The "%service_id%" service is deprecated since FOSRestBundle 2.8.</deprecated>
         </service>
 
     </services>

Tests/EventListener/AccessDeniedListenerTest.php

@@ -28,6 +28,8 @@
 /**
  * AccessDeniedListenerTest.
  *
+ * @group legacy
+ *
  * @author Boris Guéry <[email protected]>
  */
 class AccessDeniedListenerTest extends TestCase

Tests/Functional/AbstractAuthenticatorTestCase.php

@@ -0,0 +1,82 @@
+<?php
+
+/*
+ * This file is part of the FOSRestBundle package.
+ *
+ * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace FOS\RestBundle\Tests\Functional;
+
+use Symfony\Component\ErrorHandler\ErrorRenderer\ErrorRendererInterface;
+
+abstract class AbstractAuthenticatorTestCase extends WebTestCase
+{
+    protected static $client;
+
+    public static function setUpBeforeClass()
+    {
+        if (!interface_exists(ErrorRendererInterface::class)) {
+            self::markTestSkipped();
+        }
+
+        parent::setUpBeforeClass();
+
+        self::$client = self::createClient(['test_case' => static::getTestCase()]);
+    }
+
+    public static function tearDownAfterClass()
+    {
+        self::deleteTmpDir(static::getTestCase());
+
+        parent::tearDownAfterClass();
+    }
+
+    public function testNoCredentialsGives401()
+    {
+        self::$client->request('POST', '/api/login', [], [], ['CONTENT_TYPE' => 'application/json']);
+        $response = self::$client->getResponse();
+
+        $this->assertEquals(401, $response->getStatusCode());
+        $this->assertEquals('application/json', $response->headers->get('Content-Type'));
+    }
+
+    public function testWrongCredentialsGives401()
+    {
+        $this->sendRequestContainingInvalidCredentials('/api/login');
+
+        $response = self::$client->getResponse();
+
+        $this->assertEquals(401, $response->getStatusCode());
+        $this->assertEquals('application/json', $response->headers->get('Content-Type'));
+    }
+
+    public function testSuccessfulLogin()
+    {
+        $this->sendRequestContainingValidCredentials('/api/login');
+
+        $response = self::$client->getResponse();
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEquals('application/json', $response->headers->get('Content-Type'));
+    }
+
+    public function testAccessDeniedExceptionGives403()
+    {
+        $this->sendRequestContainingValidCredentials('/api/comments');
+
+        $response = self::$client->getResponse();
+
+        $this->assertEquals(403, $response->getStatusCode());
+        $this->assertEquals('application/json', $response->headers->get('Content-Type'));
+    }
+
+    abstract protected static function getTestCase(): string;
+
+    abstract protected function sendRequestContainingInvalidCredentials(string $path): void;
+
+    abstract protected function sendRequestContainingValidCredentials(string $path): void;
+}

Tests/Functional/AccessDeniedListenerTest.php

@@ -13,6 +13,9 @@
 
 use Symfony\Component\ErrorHandler\ErrorRenderer\ErrorRendererInterface;
 
+/**
+ * @group legacy
+ */
 class AccessDeniedListenerTest extends WebTestCase
 {
     private static $client;

Tests/Functional/BasicAuthTest.php

@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of the FOSRestBundle package.
+ *
+ * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace FOS\RestBundle\Tests\Functional;
+
+class BasicAuthTest extends AbstractAuthenticatorTestCase
+{
+    protected static function getTestCase(): string
+    {
+        return 'BasicAuth';
+    }
+
+    protected function sendRequestContainingInvalidCredentials(string $path): void
+    {
+        self::$client->request('POST', $path, [], [], [
+            'PHP_AUTH_USER' => 'restapi',
+            'PHP_AUTH_PW' => 'wrongpw',
+        ]);
+    }
+
+    protected function sendRequestContainingValidCredentials(string $path): void
+    {
+        self::$client->request('POST', $path, [], [], [
+            'PHP_AUTH_USER' => 'restapi',
+            'PHP_AUTH_PW' => 'secretpw',
+        ]);
+    }
+}

Tests/Functional/Bundle/TestBundle/Security/ApiTokenAuthenticator.php

@@ -55,7 +55,7 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token,
 
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
-        throw new AuthenticationException('Token not valid');
+        return new JsonResponse(null, 401);
     }
 
     /**

Tests/Functional/CustomGuardAuthenticatorTest.php

@@ -0,0 +1,30 @@
+<?php
+
+/*
+ * This file is part of the FOSRestBundle package.
+ *
+ * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace FOS\RestBundle\Tests\Functional;
+
+class CustomGuardAuthenticatorTest extends AbstractAuthenticatorTestCase
+{
+    protected static function getTestCase(): string
+    {
+        return 'CustomGuardAuthenticator';
+    }
+
+    protected function sendRequestContainingInvalidCredentials(string $path): void
+    {
+        self::$client->request('POST', $path, [], [], ['HTTP_X-FOO' => 'BAR', 'CONTENT_TYPE' => 'application/json']);
+    }
+
+    protected function sendRequestContainingValidCredentials(string $path): void
+    {
+        self::$client->request('POST', $path, [], [], ['HTTP_X-FOO' => 'FOOBAR', 'CONTENT_TYPE' => 'application/json']);
+    }
+}