Added special test token and implemented 'real' functional tests

Author: wouterj

KernelBrowser.php

@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\FrameworkBundle;
 
+use Symfony\Bundle\FrameworkBundle\Test\TestBrowserToken;
 use Symfony\Component\BrowserKit\Cookie;
 use Symfony\Component\BrowserKit\CookieJar;
 use Symfony\Component\BrowserKit\History;
@@ -20,7 +21,6 @@
 use Symfony\Component\HttpKernel\HttpKernelBrowser;
 use Symfony\Component\HttpKernel\KernelInterface;
 use Symfony\Component\HttpKernel\Profiler\Profile as HttpProfile;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
@@ -107,6 +107,31 @@ public function enableReboot()
         $this->reboot = true;
     }
 
+    /**
+     * @param UserInterface $user
+     */
+    public function loginUser($user, string $firewallContext = 'main'): self
+    {
+        if (!interface_exists(UserInterface::class)) {
+            throw new \LogicException(sprintf('"%s" requires symfony/security-core to be installed.', __METHOD__));
+        }
+
+        if (!$user instanceof UserInterface) {
+            throw new \LogicException(sprintf('The first argument of "%s" must be instance of "%s", "%s" provided.', __METHOD__, UserInterface::class, \is_object($user) ? \get_class($user) : \gettype($user)));
+        }
+
+        $token = new TestBrowserToken($user->getRoles(), $user);
+        $token->setAuthenticated(true);
+        $session = $this->getContainer()->get('session');
+        $session->set('_security_'.$firewallContext, serialize($token));
+        $session->save();
+
+        $cookie = new Cookie($session->getName(), $session->getId());
+        $this->getCookieJar()->set($cookie);
+
+        return $this;
+    }
+
     /**
      * {@inheritdoc}
      *
@@ -206,17 +231,4 @@ protected function getScript($request)
 
         return $code.$this->getHandleScript();
     }
-
-    public function loginUser(UserInterface $user, string $firewallContext = 'main'): self
-    {
-        $token = new UsernamePasswordToken($user, null, $firewallContext, $user->getRoles());
-        $session = $this->getContainer()->get('session');
-        $session->set('_security_'.$firewallContext, serialize($token));
-        $session->save();
-
-        $cookie = new Cookie($session->getName(), $session->getId());
-        $this->getCookieJar()->set($cookie);
-
-        return $this;
-    }
 }

Test/TestBrowserToken.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Test;
+
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * A very limited token that is used to login in tests using the KernelBrowser.
+ *
+ * @author Wouter de Jong <[email protected]>
+ */
+class TestBrowserToken extends AbstractToken
+{
+    public function __construct(array $roles = [], UserInterface $user = null)
+    {
+        parent::__construct($roles);
+
+        if (null !== $user) {
+            $this->setUser($user);
+        }
+    }
+
+    public function getCredentials()
+    {
+        return null;
+    }
+}

Tests/Functional/Bundle/TestBundle/Controller/SecurityController.php

@@ -0,0 +1,26 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller;
+
+use Symfony\Component\DependencyInjection\ContainerAwareInterface;
+use Symfony\Component\DependencyInjection\ContainerAwareTrait;
+use Symfony\Component\HttpFoundation\Response;
+
+class SecurityController implements ContainerAwareInterface
+{
+    use ContainerAwareTrait;
+
+    public function profileAction()
+    {
+        return new Response('Welcome '.$this->container->get('security.token_storage')->getToken()->getUsername().'!');
+    }
+}

Tests/Functional/SecurityTest.php

@@ -11,18 +11,16 @@
 
 namespace Symfony\Bundle\FrameworkBundle\Tests\Functional;
 
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\User\User;
 
 class SecurityTest extends AbstractWebTestCase
 {
     /**
      * @dataProvider getUsers
      */
-    public function testLoginUser(string $username, ?string $password, array $roles, ?string $firewallContext, string $expectedProviderKey)
+    public function testLoginUser(string $username, array $roles, ?string $firewallContext)
     {
-        $user = new User($username, $password, $roles);
+        $user = new User($username, 'the-password', $roles);
         $client = $this->createClient(['test_case' => 'Security', 'root_config' => 'config.yml']);
 
         if (null === $firewallContext) {
@@ -31,27 +29,44 @@ public function testLoginUser(string $username, ?string $password, array $roles,
             $client->loginUser($user, $firewallContext);
         }
 
-        /** @var SessionInterface $session */
-        $session = $client->getContainer()->get('session');
-        /** @var UsernamePasswordToken $userToken */
-        $userToken = unserialize($session->get('_security_'.$expectedProviderKey));
+        $client->request('GET', '/'.($firewallContext ?? 'main').'/user_profile');
+        $this->assertEquals('Welcome '.$username.'!', $client->getResponse()->getContent());
+    }
 
-        $this->assertSame('_security_'.$expectedProviderKey, array_keys($session->all())[0]);
-        $this->assertSame($expectedProviderKey, $userToken->getProviderKey());
-        $this->assertSame($username, $userToken->getUsername());
-        $this->assertSame($password, $userToken->getUser()->getPassword());
-        $this->assertSame($roles, $userToken->getUser()->getRoles());
+    public function getUsers()
+    {
+        yield ['the-username', ['ROLE_FOO'], null];
+        yield ['the-username', ['ROLE_FOO'], 'main'];
+        yield ['other-username', ['ROLE_FOO'], 'custom'];
 
-        $this->assertNotNull($client->getCookieJar()->get('MOCKSESSID'));
+        yield ['the-username', ['ROLE_FOO'], null];
+        yield ['no-role-username', [], null];
     }
 
-    public function getUsers()
+    public function testLoginUserMultipleRequests()
     {
-        yield ['the-username', 'the-password', ['ROLE_FOO'], null, 'main'];
-        yield ['the-username', 'the-password', ['ROLE_FOO'], 'main', 'main'];
-        yield ['the-username', 'the-password', ['ROLE_FOO'], 'custom_firewall_context', 'custom_firewall_context'];
+        $user = new User('the-username', 'the-password', ['ROLE_FOO']);
+        $client = $this->createClient(['test_case' => 'Security', 'root_config' => 'config.yml']);
+        $client->loginUser($user);
+
+        $client->request('GET', '/main/user_profile');
+        $this->assertEquals('Welcome the-username!', $client->getResponse()->getContent());
+
+        $client->request('GET', '/main/user_profile');
+        $this->assertEquals('Welcome the-username!', $client->getResponse()->getContent());
+    }
+
+    public function testLoginInBetweenRequests()
+    {
+        $user = new User('the-username', 'the-password', ['ROLE_FOO']);
+        $client = $this->createClient(['test_case' => 'Security', 'root_config' => 'config.yml']);
+
+        $client->request('GET', '/main/user_profile');
+        $this->assertTrue($client->getResponse()->isRedirect('http://localhost/login'));
+
+        $client->loginUser($user);
 
-        yield ['the-username', null, ['ROLE_FOO'], null, 'main'];
-        yield ['the-username', 'the-password', [], null, 'main'];
+        $client->request('GET', '/main/user_profile');
+        $this->assertEquals('Welcome the-username!', $client->getResponse()->getContent());
     }
 }

Tests/Functional/app/Security/config.yml

@@ -1,2 +1,26 @@
 imports:
     - { resource: ./../config/default.yml }
+
+security:
+    providers:
+        main:
+            memory:
+                users:
+                    the-username: { password: the-password, roles: ['ROLE_FOO'] }
+                    no-role-username: { password: the-password, roles: [] }
+        custom:
+            memory:
+                users:
+                    other-username: { password: the-password, roles: ['ROLE_FOO'] }
+
+    firewalls:
+        main:
+            pattern: ^/main
+            form_login:
+                check_path: /main/login/check
+            provider: main
+        custom:
+            pattern: ^/custom
+            form_login:
+                check_path: /custom/login/check
+            provider: custom

Tests/Functional/app/Security/routing.yml

@@ -1,2 +1,7 @@
-_sessiontest_bundle:
-    resource: '@TestBundle/Resources/config/routing.yml'
+security_profile:
+    path:     /main/user_profile
+    defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SecurityController::profileAction }
+
+security_custom_profile:
+    path:     /custom/user_profile
+    defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SecurityController::profileAction }

composer.json

@@ -47,7 +47,7 @@
         "symfony/messenger": "^4.4|^5.0",
         "symfony/mime": "^4.4|^5.0",
         "symfony/process": "^4.4|^5.0",
-        "symfony/security-bundle": "^4.0|^5.0",
+        "symfony/security-bundle": "^5.1",
         "symfony/security-csrf": "^4.4|^5.0",
         "symfony/security-http": "^4.4|^5.0",
         "symfony/serializer": "^4.4|^5.0",