[LiveComponent] Allow configuring secret for fingerprints and checksums

smnandre · smnandre · commit 7ac04b514067 · 2024-12-21T18:31:29.000+01:00
Allow to configure a dedicated secret (used in FingerprintCalculator and LiveComonentHydrator) Suggested by #2453 Inspired by #56840
diff --git a/src/LiveComponent/CHANGELOG.md b/src/LiveComponent/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 2.23.0
+
+-   Allow configuring the secret used to compute fingerprints and checksums.
+
 ## 2.22.0
 
 -   Remove CSRF tokens - rely on same-origin/CORS instead
diff --git a/src/LiveComponent/src/DependencyInjection/LiveComponentExtension.php b/src/LiveComponent/src/DependencyInjection/LiveComponentExtension.php
@@ -12,6 +12,10 @@
 namespace Symfony\UX\LiveComponent\DependencyInjection;
 
 use Symfony\Component\AssetMapper\AssetMapperInterface;
+use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
+use Symfony\Component\Config\Definition\Builder\TreeBuilder;
+use Symfony\Component\Config\Definition\ConfigurationInterface;
+use Symfony\Component\DependencyInjection\Argument\TaggedIteratorArgument;
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -57,7 +61,7 @@
  *
  * @internal
  */
-final class LiveComponentExtension extends Extension implements PrependExtensionInterface
+final class LiveComponentExtension extends Extension implements PrependExtensionInterface, ConfigurationInterface
 {
     public const TEMPLATES_MAP_FILENAME = 'live_components_twig_templates.map';
 
@@ -93,16 +97,19 @@ function (ChildDefinition $definition, AsLiveComponent $attribute) {
             }
         );
 
+        $configuration = $this->getConfiguration($configs, $container);
+        $config = $this->processConfiguration($configuration, $configs);
+
         $container->registerForAutoconfiguration(HydrationExtensionInterface::class)
             ->addTag(LiveComponentBundle::HYDRATION_EXTENSION_TAG);
 
         $container->register('ux.live_component.component_hydrator', LiveComponentHydrator::class)
             ->setArguments([
-                tagged_iterator(LiveComponentBundle::HYDRATION_EXTENSION_TAG),
+                new TaggedIteratorArgument(LiveComponentBundle::HYDRATION_EXTENSION_TAG),
                 new Reference('property_accessor'),
                 new Reference('ux.live_component.metadata_factory'),
                 new Reference('serializer', ContainerInterface::NULL_ON_INVALID_REFERENCE),
-                '%kernel.secret%',
+                $config['secret'], // defaults to '%kernel.secret%'
             ])
         ;
 
@@ -236,7 +243,7 @@ function (ChildDefinition $definition, AsLiveComponent $attribute) {
 
         $container->register('ux.live_component.deterministic_id_calculator', DeterministicTwigIdCalculator::class);
         $container->register('ux.live_component.fingerprint_calculator', FingerprintCalculator::class)
-            ->setArguments(['%kernel.secret%']);
+            ->setArguments([$config['secret']]); // default to %kernel.secret%
 
         $container->setAlias(ComponentValidatorInterface::class, ComponentValidator::class);
 
@@ -258,6 +265,35 @@ function (ChildDefinition $definition, AsLiveComponent $attribute) {
             ->addTag('kernel.cache_warmer');
     }
 
+    public function getConfigTreeBuilder(): TreeBuilder
+    {
+        $treeBuilder = new TreeBuilder('live_component');
+        $rootNode = $treeBuilder->getRootNode();
+        \assert($rootNode instanceof ArrayNodeDefinition);
+
+        $rootNode
+            ->addDefaultsIfNotSet()
+            ->children()
+                ->scalarNode('secret')
+                    ->info('The secret used to compute fingerprints and checksums')
+                    ->beforeNormalization()
+                        ->ifString()
+                        ->then(trim(...))
+                    ->end()
+                    ->cannotBeEmpty()
+                    ->defaultValue('%kernel.secret%')
+                ->end()
+            ->end()
+        ;
+
+        return $treeBuilder;
+    }
+
+    public function getConfiguration(array $config, ContainerBuilder $container): ConfigurationInterface
+    {
+        return $this;
+    }
+
     private function isAssetMapperAvailable(ContainerBuilder $container): bool
     {
         if (!interface_exists(AssetMapperInterface::class)) {
diff --git a/src/LiveComponent/tests/Unit/DependencyInjection/LiveComponentConfigurationTest.php b/src/LiveComponent/tests/Unit/DependencyInjection/LiveComponentConfigurationTest.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Symfony\UX\LiveComponent\Tests\Unit\DependencyInjection;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
+use Symfony\Component\Config\Definition\Processor;
+use Symfony\UX\LiveComponent\DependencyInjection\LiveComponentExtension;
+
+class LiveComponentConfigurationTest extends TestCase
+{
+    public function testDefaultSecret()
+    {
+        $processor = new Processor();
+        $config = $processor->processConfiguration(new LiveComponentExtension(), []);
+
+        $this->assertEquals('%kernel.secret%', $config['secret']);
+    }
+    
+    public function testEmptySecretThrows()
+    {
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('The path "live_component.secret" cannot contain an empty value, but got null.');
+        
+        $processor = new Processor();
+        $config = $processor->processConfiguration(new LiveComponentExtension(), [
+            'live_component' => [
+                'secret' => null,
+            ],
+        ]);
+    }
+    
+    public function testCustomSecret()
+    {
+        $processor = new Processor();
+        $config = $processor->processConfiguration(new LiveComponentExtension(), [
+            'live_component' => [
+                'secret' => 'my_secret',
+            ],
+        ]);
+
+        $this->assertEquals('my_secret', $config['secret']);
+    }
+}
diff --git a/src/LiveComponent/tests/Unit/DependencyInjection/LiveComponentExtensionTest.php b/src/LiveComponent/tests/Unit/DependencyInjection/LiveComponentExtensionTest.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace Symfony\UX\LiveComponent\Tests\Unit\DependencyInjection;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag;
+use Symfony\UX\LiveComponent\DependencyInjection\LiveComponentExtension;
+
+class LiveComponentExtensionTest extends TestCase
+{
+    public function testKernelSecretIsUsedByDefault(): void
+    {
+        $container = $this->createContainer();
+        $container->registerExtension(new LiveComponentExtension());
+        $container->loadFromExtension('live_component', []);
+        $this->compileContainer($container);
+
+        $this->assertSame('%kernel.secret%', $container->getDefinition('ux.live_component.component_hydrator')->getArgument(4));
+        $this->assertSame('%kernel.secret%', $container->getDefinition('ux.live_component.fingerprint_calculator')->getArgument(0));
+    }
+
+    public function testCustomSecretIsUsedInDefinition(): void
+    {
+        $container = $this->createContainer();
+        $container->registerExtension(new LiveComponentExtension());
+        $container->loadFromExtension('live_component', [
+            'secret' => 'custom_secret',
+        ]);
+        $this->compileContainer($container);
+
+        $this->assertSame('custom_secret', $container->getDefinition('ux.live_component.component_hydrator')->getArgument(4));
+        $this->assertSame('custom_secret', $container->getDefinition('ux.live_component.fingerprint_calculator')->getArgument(0));
+    }
+    
+    private function createContainer(): ContainerBuilder
+    {
+        $container = new ContainerBuilder(new ParameterBag([
+            'kernel.cache_dir' => __DIR__,
+            'kernel.project_dir' => __DIR__,
+            'kernel.charset' => 'UTF-8',
+            'kernel.debug' => false,
+            'kernel.bundles' => [],
+            'kernel.bundles_metadata' => [],
+        ]));
+
+        return $container;
+    }
+
+    private function compileContainer(ContainerBuilder $container): void
+    {
+        $container->getCompilerPassConfig()->setOptimizationPasses([]);
+        $container->getCompilerPassConfig()->setRemovingPasses([]);
+        $container->getCompilerPassConfig()->setAfterRemovingPasses([]);
+        $container->compile();
+    }
+}
