bug #72 Make sure token is always authenticated (yoshz)

chalasr · chalasr · commit a0b55850f82e · 2021-12-14T14:19:48.000+01:00
This PR was squashed before being merged into the 0.1-dev branch. Discussion ---------- Make sure token is always authenticated After upgrading to symfony 5.4, authorization is broken because the OAuth2Token doesn't is "authenticated" anymore (see #68). From symfony 5.4 on the `authenticated` property is not used anymore but triggers an error in the AuthorizationChecker when it is false (this seems buggy as well). This fix ensures the authenticated property is always true when an user is set on the token. ~~This is the same behavior as the UsernamePasswordToken and RememberMeToken.~~ Seems this fix is only necessary for symfony 5.4. Symfony 6.0 works fine. I have updated the pipeline config to tests on the right versions and update composer to v2 as it is required for symfony 6.0. Commits ------- 9468f33 Make sure token is always authenticated
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -10,8 +10,8 @@ jobs:
             fail-fast: false
             matrix:
                 #Stable supported versions
-                php: ['7.3', '7.4', '8.0']
-                symfony: ['5.3.*']
+                php: ['7.3', '7.4', '8.0', '8.1']
+                symfony: ['5.3.*', '5.4.*']
                 composer-flags: ['--prefer-stable']
                 can-fail: [false]
                 include:
@@ -20,13 +20,18 @@ jobs:
                       symfony: '5.3.*'
                       composer-flags: '--prefer-stable --prefer-lowest'
                       can-fail: false
-                    # Development versions
-                    - php: '8.1-rc'
-                      symfony: '5.4.x-dev'
-                      composer-flags: ''
+                    # Symfony 6
+                    - php: '8.0'
+                      symfony: '6.0.*'
+                      composer-flags: '--prefer-stable'
                       can-fail: false
+                    - php: '8.1'
+                      symfony: '6.0.*'
+                      composer-flags: '--prefer-stable'
+                      can-fail: false
+                    # Development versions
                     - php: '8.1-rc'
-                      symfony: '6.0.x-dev'
+                      symfony: '6.1.x-dev'
                       composer-flags: ''
                       can-fail: false
 
diff --git a/src/Security/Authenticator/OAuth2Authenticator.php b/src/Security/Authenticator/OAuth2Authenticator.php
@@ -157,6 +157,11 @@ public function createToken(Passport $passport, string $firewallName): TokenInte
         $oauthClientId = $passport->getAttribute('oauthClientId', '');
 
         $token = new OAuth2Token($passport->getUser(), $accessTokenId, $oauthClientId, $scopeBadge->getScopes(), $this->rolePrefix);
+        if (method_exists(AuthenticatorInterface::class, 'createAuthenticatedToken') && !method_exists(AuthenticatorInterface::class, 'createToken')) {
+            // symfony 5.4 only
+            /** @psalm-suppress TooManyArguments */
+            $token->setAuthenticated(true, false);
+        }
 
         return $token;
     }
