Skip to content

Commit

Permalink
[AdminBundle] Add support for csrf token on logout url in admin inter…
Browse files Browse the repository at this point in the history 
…face
  • Loading branch information
@acrobat
acrobat committed Nov 24, 2021
1 parent 762bea8 commit 82ba644
Show file tree
Hide file tree
Showing 8 changed files with 133 additions and 13 deletions.
7 changes: 7 additions & 0 deletions UPGRADE-6.2.md
View file
@@ -0,0 +1,7 @@
UPGRADE FROM 6.1 to 6.2
========================

AdminBundle
-----------

* Not passing a value for "$logoutUrlGenerator" in "Kunstmaan\AdminBundle\Helper\AdminPanel\DefaultAdminPanelAdaptor::__construct" is deprecated and will be required in 7.0.
52 changes: 52 additions & 0 deletions src/Kunstmaan/AdminBundle/Helper/AdminPanel/AdminPanelLogoutAction.php
View file
@@ -0,0 +1,52 @@
<?php

declare(strict_types=1);

namespace Kunstmaan\AdminBundle\Helper\AdminPanel;

final class AdminPanelLogoutAction implements AdminPanelActionInterface
{
/** @var string */
private $logoutUrl;
/** @var string|null */
private $icon;
/** @var string */
private $label;
/** @var string */
private $template = '@KunstmaanAdmin/AdminPanel/_admin_panel_logout_action.html.twig';

public function __construct(string $url, string $label, ?string $icon = null, ?string $template = null)
{
$this->logoutUrl = $url;
$this->label = $label;
$this->icon = $icon;
if (!empty($template)) {
$this->template = $template;
}
}

public function getLogoutUrl(): string
{
return $this->logoutUrl;
}

public function getUrl(): array
{
return [];
}

public function getIcon(): ?string
{
return $this->icon;
}

public function getLabel(): string
{
return $this->label;
}

public function getTemplate(): string
{
return $this->template;
}
}
29 changes: 23 additions & 6 deletions src/Kunstmaan/AdminBundle/Helper/AdminPanel/DefaultAdminPanelAdaptor.php
View file
Expand Up @@ -3,17 +3,25 @@
namespace Kunstmaan\AdminBundle\Helper\AdminPanel;

use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;

class DefaultAdminPanelAdaptor implements AdminPanelAdaptorInterface
{
/**
* @var TokenStorageInterface
*/
protected $tokenStorage;
/** @var LogoutUrlGenerator|null */
private $logoutUrlGenerator;

public function __construct(TokenStorageInterface $tokenStorage)
public function __construct(TokenStorageInterface $tokenStorage, LogoutUrlGenerator $logoutUrlGenerator = null)
{
$this->tokenStorage = $tokenStorage;
$this->logoutUrlGenerator = $logoutUrlGenerator;

if (null === $logoutUrlGenerator) {
trigger_deprecation('kunstmaan/admin-bundle', '6.2', 'Not passing a value for "$logoutUrlGenerator" in "%s" is deprecated and will be required in 7.0.', __METHOD__);
}
}

/**
Expand Down Expand Up @@ -54,11 +62,20 @@ protected function getChangePasswordAction()

protected function getLogoutAction()
{
return new AdminPanelAction(
[
'path' => 'kunstmaan_admin_logout',
'attrs' => ['id' => 'app__logout', 'title' => 'logout'],
],
// NEXT_MAJOR remove check
if (null === $this->logoutUrlGenerator) {
return new AdminPanelAction(
[
'path' => 'kunstmaan_admin_logout',
'attrs' => ['id' => 'app__logout', 'title' => 'logout'],
],
'',
'sign-out'
);
}

return new AdminPanelLogoutAction(
$this->logoutUrlGenerator->getLogoutUrl(),
'',
'sign-out'
);
Expand Down
2 changes: 1 addition & 1 deletion src/Kunstmaan/AdminBundle/Resources/config/services.yml
View file
Expand Up @@ -212,7 +212,7 @@ services:

kunstmaan_admin.admin_panel.adaptor:
class: Kunstmaan\AdminBundle\Helper\AdminPanel\DefaultAdminPanelAdaptor
arguments: ['@security.token_storage']
arguments: ['@security.token_storage', '@security.logout_url_generator']
tags:
- { name: 'kunstmaan_admin.admin_panel.adaptor' }

Expand Down
11 changes: 11 additions & 0 deletions src/Kunstmaan/AdminBundle/Resources/views/AdminPanel/_admin_panel_logout_action.html.twig
View file
@@ -0,0 +1,11 @@
<li>
<a href="{{ action.getLogoutUrl() }}">
{% if action.getIcon() is not null %}
<i class="fa fa-{{ action.getIcon() }}"></i>
{% endif %}
{% if (action.getLabel()) is not empty %}
&nbsp;
{{ action.getLabel() }}
{% endif %}
</a>
</li>
43 changes: 37 additions & 6 deletions src/Kunstmaan/AdminBundle/Tests/Helper/AdminPanel/DefaultAdminPanelAdapterTest.php
View file
Expand Up @@ -4,19 +4,50 @@

use Kunstmaan\AdminBundle\Entity\User;
use Kunstmaan\AdminBundle\Helper\AdminPanel\AdminPanelAction;
use Kunstmaan\AdminBundle\Helper\AdminPanel\AdminPanelLogoutAction;
use Kunstmaan\AdminBundle\Helper\AdminPanel\DefaultAdminPanelAdaptor;
use PHPUnit\Framework\TestCase;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;

class DefaultAdminPanelAdapterTest extends TestCase
{
use ExpectDeprecationTrait;

public function testAdminPanelAdapter()
{
$token = $this->createMock(TokenInterface::class);
$storage = $this->createMock(TokenStorageInterface::class);
$storage->expects($this->once())->method('getToken')->willReturn($token);
$token->expects($this->once())->method('getUser')->willReturn((new User())->setUsername('test'));
$requestStack = new RequestStack();
$requestStack->push(new Request());

$storage = new TokenStorage();
$storage->setToken(new UsernamePasswordToken((new User())->setUsername('test'), 'password', 'main'));

$logoutUrlGenerator = new LogoutUrlGenerator($requestStack, null, $storage);
$logoutUrlGenerator->registerListener('main', '/logout', 'logout', '_token');

$adapter = new DefaultAdminPanelAdaptor($storage, $logoutUrlGenerator);
$actions = $adapter->getAdminPanelActions();

$this->assertCount(3, $actions);
$this->assertInstanceOf(AdminPanelAction::class, $actions[0]);
$this->assertInstanceOf(AdminPanelAction::class, $actions[1]);
$this->assertInstanceOf(AdminPanelLogoutAction::class, $actions[2]);
}

/**
* @group legacy
*/
public function testAdminPanelAdapterConstructorDeprecation()
{
$this->expectDeprecation('Since kunstmaan/admin-bundle 6.2: Not passing a value for "$logoutUrlGenerator" in "Kunstmaan\AdminBundle\Helper\AdminPanel\DefaultAdminPanelAdaptor::__construct" is deprecated and will be required in 7.0.');

$storage = new TokenStorage();
$storage->setToken(new UsernamePasswordToken((new User())->setUsername('test'), 'password', 'main'));

$adapter = new DefaultAdminPanelAdaptor($storage);
$actions = $adapter->getAdminPanelActions();

Expand Down
1 change: 1 addition & 0 deletions src/Kunstmaan/GeneratorBundle/Resources/SensioGeneratorBundle/skeleton/config/security.yaml
View file
Expand Up @@ -25,6 +25,7 @@ security:
logout:
path: kunstmaan_admin_logout
target: KunstmaanAdminBundle_homepage
csrf_token_generator: 'security.csrf.token_manager'
anonymous: true
remember_me:
secret: "%kernel.secret%"
Expand Down
1 change: 1 addition & 0 deletions ...nstmaan/GeneratorBundle/Resources/SensioGeneratorBundle/skeleton/config/security_sf5.yaml
View file
Expand Up @@ -27,6 +27,7 @@ security:
logout:
path: kunstmaan_admin_logout
target: KunstmaanAdminBundle_homepage
csrf_token_generator: 'security.csrf.token_manager'
remember_me:
secret: "%kernel.secret%"
lifetime: 604800
Expand Down

0 comments on commit 82ba644

Please sign in to comment.