Medium severity6.9GHSA Advisory· Published May 18, 2026
Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
CVE-2026-45701
Description
Impact
The password reset tokenand API key generation uses a weak cryptographical hash algorithm.
Patches
Fixed in 2.6.23 and 3.0.6 version.
Workarounds
Patch the related User.php and ResettingController.php file in the SecurityBundle.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Weak cryptographic hash used for password reset tokens and API key generation in Sulu CMS allows attackers to forge tokens, leading to account compromise.
Vulnerability
The password reset token and API key generation in Sulu CMS uses a weak cryptographic hash algorithm, allowing for potential token forgery. The vulnerability resides in the User.php and ResettingController.php files within the SecurityBundle. Affected versions are prior to 2.6.23 and 3.0.6 [1][2][3].
Exploitation
An attacker can exploit this vulnerability remotely without any privileges or user interaction, as the attack vector is network-based with low complexity [2]. By obtaining a sample token or understanding the weak hash logic, the attacker can generate valid password reset tokens or API keys, enabling unauthorized access.
Impact
Successful exploitation allows an attacker to reset user passwords or generate valid API keys, leading to account takeover and potential unauthorized access to the system. This compromises the confidentiality, integrity, and availability of user accounts and associated data.
Mitigation
Sulu has released fixed versions 2.6.23 and 3.0.6 on 2026-05-04 [1][3]. Users should upgrade to these versions immediately. As a workaround, administrators can manually patch the User.php and ResettingController.php files in the SecurityBundle as described in the advisory [1][2].
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
37e2ae0c0322fMerge commit from fork
2 files changed · +2 −2
src/Sulu/Bundle/SecurityBundle/Controller/ResettingController.php+1 −1 modified@@ -401,7 +401,7 @@ private function generateTokenForUser(UserInterface $user) */ private function generateTokenHash(string $token): string { - return \hash('sha1', $this->secret . '%' . $token); + return \hash('sha256', $this->secret . '%' . $token); } /**
src/Sulu/Bundle/SecurityBundle/Entity/User.php+1 −1 modified@@ -151,7 +151,7 @@ class User extends ApiEntity implements UserInterface, EquatableInterface, Audit */ public function __construct() { - $this->apiKey = \md5(\uniqid()); + $this->apiKey = \bin2hex(\random_bytes(64)); $this->userRoles = new ArrayCollection(); $this->userGroups = new ArrayCollection();
d7302aa5b51aMerge commit from fork
2 files changed · +0 −15
src/Sulu/Bundle/SecurityBundle/Controller/UserController.php+0 −5 modified@@ -112,11 +112,6 @@ private function initFieldDescriptors() 'locale', $this->userClass ); - $this->fieldDescriptors['apiKey'] = new DoctrineFieldDescriptor( - 'apiKey', - 'apiKey', - $this->userClass - ); } /**
src/Sulu/Bundle/SecurityBundle/Resources/config/lists/users.xml+0 −10 modified@@ -42,15 +42,5 @@ <field-name>locale</field-name> <entity-name>%sulu.model.user.class%</entity-name> </property> - - <property - name="apiKey" - visibility="yes" - searchability="never" - translation="sulu_admin.apiKey" - > - <field-name>apiKey</field-name> - <entity-name>%sulu.model.user.class%</entity-name> - </property> </properties> </list>
471e2f832d78Migrating SecurityBundle to service php definition (#8554)
17 files changed · +687 −569
src/Sulu/Bundle/SecurityBundle/DependencyInjection/SuluSecurityExtension.php+10 −10 modified@@ -29,7 +29,7 @@ use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\Definition; use Symfony\Component\DependencyInjection\Extension\PrependExtensionInterface; -use Symfony\Component\DependencyInjection\Loader\XmlFileLoader; +use Symfony\Component\DependencyInjection\Loader\PhpFileLoader; use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\HttpKernel\DependencyInjection\Extension; use Symfony\Component\Security\Http\AccessToken\AccessTokenExtractorInterface; @@ -73,31 +73,31 @@ public function load(array $configs, ContainerBuilder $container) $container->registerForAutoconfiguration(DescendantProviderInterface::class) ->addTag('sulu_security.access_control_descendant_provider'); - $loader = new XmlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config')); - $loader->load('services.xml'); - $loader->load('command.xml'); + $loader = new PhpFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config')); + $loader->load('services.php'); + $loader->load('command.php'); /** @var array<string, class-string> $bundles */ $bundles = $container->getParameter('kernel.bundles'); if (\in_array(SchebTwoFactorBundle::class, $bundles, true)) { - $loader->load('2fa.xml'); + $loader->load('2fa.php'); if (\interface_exists(AuthCodeMailerInterface::class)) { - $loader->load('2fa_email.xml'); + $loader->load('2fa_email.php'); } } if (\interface_exists(LogoutSuccessHandlerInterface::class)) { - $loader->load('logout_success_handler.xml'); + $loader->load('logout_success_handler.php'); } if ($config['checker']['enabled']) { - $loader->load('checker.xml'); + $loader->load('checker.php'); } if ($twoFactorForcePattern) { - $loader->load('2fa_force.xml'); + $loader->load('2fa_force.php'); } $this->configurePersistence($config['objects'], $container); @@ -120,7 +120,7 @@ public function load(array $configs, ContainerBuilder $container) throw new \RuntimeException('The symfony/security-http package is required to use the SuluSecurityBundle. At least symfony/security-http 6.2 is required.'); } - $loader->load('single_sign_on.xml'); + $loader->load('single_sign_on.php'); $container->setParameter( 'sulu_security.has_single_sign_on_providers',
src/Sulu/Bundle/SecurityBundle/Resources/config/2fa_email.php+28 −0 added@@ -0,0 +1,28 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +use Sulu\Bundle\SecurityBundle\TwoFactor\AuthCodeMailer; +use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator; +use Symfony\Component\DependencyInjection\Reference; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + + $services->set('sulu_security.two_factor_mailer', AuthCodeMailer::class) + ->args([ + new Reference('mailer.mailer'), + new Reference('twig'), + new Reference('translator'), + '%sulu_security.two_factor_email_template%', + '%scheb_two_factor.email.sender_email%', + '%scheb_two_factor.email.sender_name%', + ]); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/2fa_email.xml+0 −15 removed@@ -1,15 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - <services> - <service id="sulu_security.two_factor_mailer" class="Sulu\Bundle\SecurityBundle\TwoFactor\AuthCodeMailer"> - <argument type="service" id="mailer.mailer"/> - <argument type="service" id="twig"/> - <argument type="service" id="translator"/> - <argument>%sulu_security.two_factor_email_template%</argument> - <argument>%scheb_two_factor.email.sender_email%</argument> - <argument>%scheb_two_factor.email.sender_name%</argument> - </service> - </services> -</container>
src/Sulu/Bundle/SecurityBundle/Resources/config/2fa_force.php+22 −0 added@@ -0,0 +1,22 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +use Sulu\Bundle\SecurityBundle\EventListener\ForceTwoFactorSubscriber; +use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + + $services->set('sulu_security.force_two_factor_listener', ForceTwoFactorSubscriber::class) + ->args(['%sulu_security.two_factor_force_pattern%']) + ->tag('doctrine.event_listener', ['event' => 'preUpdate']) + ->tag('doctrine.event_listener', ['event' => 'prePersist']); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/2fa_force.xml+0 −13 removed@@ -1,13 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - <services> - <service id="sulu_security.force_two_factor_listener" class="Sulu\Bundle\SecurityBundle\EventListener\ForceTwoFactorSubscriber"> - <argument>%sulu_security.two_factor_force_pattern%</argument> - - <tag name="doctrine.event_listener" event="preUpdate"/> - <tag name="doctrine.event_listener" event="prePersist"/> - </service> - </services> -</container>
src/Sulu/Bundle/SecurityBundle/Resources/config/2fa.php+25 −0 added@@ -0,0 +1,25 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +use Sulu\Bundle\SecurityBundle\Security\TwoFactorAuthenticationFailureHandler; +use Sulu\Bundle\SecurityBundle\Security\TwoFactorAuthenticationRequiredHandler; +use Sulu\Bundle\SecurityBundle\Security\TwoFactorAuthenticationSuccessHandler; +use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + + $services->set('sulu_security.two_factor_authentication_required_handler', TwoFactorAuthenticationRequiredHandler::class); + + $services->set('sulu_security.two_factor_authentication_success_handler', TwoFactorAuthenticationSuccessHandler::class); + + $services->set('sulu_security.two_factor_authentication_failure_handler', TwoFactorAuthenticationFailureHandler::class); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/2fa.xml+0 −10 removed@@ -1,10 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - <services> - <service id="sulu_security.two_factor_authentication_required_handler" class="Sulu\Bundle\SecurityBundle\Security\TwoFactorAuthenticationRequiredHandler"/> - <service id="sulu_security.two_factor_authentication_success_handler" class="Sulu\Bundle\SecurityBundle\Security\TwoFactorAuthenticationSuccessHandler"/> - <service id="sulu_security.two_factor_authentication_failure_handler" class="Sulu\Bundle\SecurityBundle\Security\TwoFactorAuthenticationFailureHandler"/> - </services> -</container>
src/Sulu/Bundle/SecurityBundle/Resources/config/checker.php+40 −0 added@@ -0,0 +1,40 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +use Sulu\Bundle\SecurityBundle\EventListener\LastLoginListener; +use Sulu\Bundle\SecurityBundle\EventListener\SuluSecurityListener; +use Sulu\Component\Security\Authorization\SecurityChecker; +use Sulu\Component\Security\Authorization\SecurityCheckerInterface; +use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator; +use Symfony\Component\DependencyInjection\Reference; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + + $services->set('sulu_security.security_checker', SecurityChecker::class) + ->public() + ->args([ + new Reference('security.token_storage'), + new Reference('security.authorization_checker'), + ]); + + $services->alias(SecurityCheckerInterface::class, 'sulu_security.security_checker'); + + $services->set('sulu_security.event_listener.security', SuluSecurityListener::class) + ->args([ + new Reference('sulu_security.security_checker'), + ]) + ->tag('kernel.event_subscriber'); + + $services->set('sulu_security.last_login_listener', LastLoginListener::class) + ->args([new Reference('doctrine.orm.entity_manager')]) + ->tag('kernel.event_subscriber'); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/checker.xml+0 −23 removed@@ -1,23 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - <services> - <service id="sulu_security.security_checker" class="Sulu\Component\Security\Authorization\SecurityChecker" public="true"> - <argument type="service" id="security.token_storage"/> - <argument type="service" id="security.authorization_checker"/> - </service> - <service id="Sulu\Component\Security\Authorization\SecurityCheckerInterface" alias="sulu_security.security_checker"/> - - <service id="sulu_security.event_listener.security" class="Sulu\Bundle\SecurityBundle\EventListener\SuluSecurityListener"> - <argument type="service" id="sulu_security.security_checker"/> - - <tag name="kernel.event_subscriber"/> - </service> - - <service id="sulu_security.last_login_listener" class="Sulu\Bundle\SecurityBundle\EventListener\LastLoginListener"> - <argument type="service" id="doctrine.orm.entity_manager" /> - <tag name="kernel.event_subscriber" /> - </service> - </services> -</container>
src/Sulu/Bundle/SecurityBundle/Resources/config/command.php+59 −0 added@@ -0,0 +1,59 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +namespace Symfony\Component\DependencyInjection\Loader\Configurator; + +use Sulu\Bundle\SecurityBundle\Command\CreateRoleCommand; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + + $services->set('sulu_security.command.create_role', CreateRoleCommand::class) + ->args([ + service('doctrine.orm.entity_manager'), + service('sulu.repository.role'), + service('sulu_admin.admin_pool'), + ]) + ->tag('console.command') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.command.init', \Sulu\Bundle\SecurityBundle\Command\InitCommand::class) + ->args([ + service('doctrine.orm.entity_manager'), + service('sulu.repository.role'), + service('sulu_admin.admin_pool'), + ]) + ->tag('console.command') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.command.create_user', \Sulu\Bundle\SecurityBundle\Command\CreateUserCommand::class) + ->args([ + service('doctrine.orm.entity_manager'), + service('sulu.repository.user'), + service('sulu.repository.role'), + service('sulu.repository.contact'), + service('sulu.core.localization_manager'), + service('sulu_security.salt_generator'), + service('sulu_security.encoder_factory'), + '%sulu_core.locales%', + ]) + ->tag('console.command') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.command.sync_phpcr_permissions', \Sulu\Bundle\SecurityBundle\Command\SyncPhpcrPermissionsCommand::class) + ->args([ + service('doctrine.orm.default_entity_manager'), + service('sulu_document_manager.document_manager'), + service('sulu_security.doctrine_access_control_provider'), + ]) + ->tag('console.command') + ->tag('sulu.context', ['context' => 'admin']); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/command.xml+0 −47 removed@@ -1,47 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - <services> - <service id="sulu_security.command.create_role" class="Sulu\Bundle\SecurityBundle\Command\CreateRoleCommand"> - <argument type="service" id="doctrine.orm.entity_manager"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="sulu_admin.admin_pool"/> - - <tag name="console.command" /> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.command.init" class="Sulu\Bundle\SecurityBundle\Command\InitCommand"> - <argument type="service" id="doctrine.orm.entity_manager"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="sulu_admin.admin_pool"/> - - <tag name="console.command" /> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.command.create_user" class="Sulu\Bundle\SecurityBundle\Command\CreateUserCommand"> - <argument type="service" id="doctrine.orm.entity_manager"/> - <argument type="service" id="sulu.repository.user"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="sulu.repository.contact"/> - <argument type="service" id="sulu.core.localization_manager"/> - <argument type="service" id="sulu_security.salt_generator"/> - <argument type="service" id="sulu_security.encoder_factory"/> - <argument>%sulu_core.locales%</argument> - - <tag name="console.command" /> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.command.sync_phpcr_permissions" - class="Sulu\Bundle\SecurityBundle\Command\SyncPhpcrPermissionsCommand"> - <argument type="service" id="doctrine.orm.default_entity_manager"/> - <argument type="service" id="sulu_document_manager.document_manager"/> - <argument type="service" id="sulu_security.doctrine_access_control_provider"/> - <tag name="console.command"/> - <tag name="sulu.context" context="admin"/> - </service> - </services> -</container>
src/Sulu/Bundle/SecurityBundle/Resources/config/logout_success_handler.php+21 −0 added@@ -0,0 +1,21 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +namespace Symfony\Component\DependencyInjection\Loader\Configurator; + +use Sulu\Bundle\SecurityBundle\Security\LogoutSuccessHandler; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + + $services->set('sulu_security.logout_success_handler', LogoutSuccessHandler::class) + ->args([service('router')]); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/logout_success_handler.xml+0 −10 removed@@ -1,10 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - <services> - <service id="sulu_security.logout_success_handler" class="Sulu\Bundle\SecurityBundle\Security\LogoutSuccessHandler"> - <argument type="service" id="router"/> - </service> - </services> -</container>
src/Sulu/Bundle/SecurityBundle/Resources/config/services.php+420 −0 added@@ -0,0 +1,420 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +namespace Symfony\Component\DependencyInjection\Loader\Configurator; + +use Doctrine\Common\Cache\Psr6\DoctrineProvider; +use Sulu\Bundle\AdminBundle\Admin\View\ViewBuilderFactoryInterface; +use Sulu\Bundle\ContactBundle\Entity\PositionRepository; +use Sulu\Bundle\SecurityBundle\AccessControl\AccessControlQueryEnhancer; +use Sulu\Bundle\SecurityBundle\Admin\Helper\SecuritySystemsSelect; +use Sulu\Bundle\SecurityBundle\Admin\Helper\SystemLanguageSelect; +use Sulu\Bundle\SecurityBundle\Admin\SecurityAdmin; +use Sulu\Bundle\SecurityBundle\Build\SecurityBuilder; +use Sulu\Bundle\SecurityBundle\Build\UserBuilder; +use Sulu\Bundle\SecurityBundle\Controller\ContextsController; +use Sulu\Bundle\SecurityBundle\Controller\GroupController; +use Sulu\Bundle\SecurityBundle\Controller\PermissionController; +use Sulu\Bundle\SecurityBundle\Controller\ProfileController; +use Sulu\Bundle\SecurityBundle\Controller\ResettingController; +use Sulu\Bundle\SecurityBundle\Controller\RoleController; +use Sulu\Bundle\SecurityBundle\Controller\RoleSettingController; +use Sulu\Bundle\SecurityBundle\Controller\UserController; +use Sulu\Bundle\SecurityBundle\DataFixtures\ORM\LoadSecurityTypes; +use Sulu\Bundle\SecurityBundle\Entity\Group; +use Sulu\Bundle\SecurityBundle\Entity\GroupRepository; +use Sulu\Bundle\SecurityBundle\Entity\Role; +use Sulu\Bundle\SecurityBundle\Entity\UserRepository; +use Sulu\Bundle\SecurityBundle\Entity\UserSetting; +use Sulu\Bundle\SecurityBundle\Entity\UserSettingRepository; +use Sulu\Bundle\SecurityBundle\EventListener\AuhenticationFailureListener; +use Sulu\Bundle\SecurityBundle\EventListener\LogoutEventSubscriber; +use Sulu\Bundle\SecurityBundle\EventListener\PermissionInheritanceSubscriber; +use Sulu\Bundle\SecurityBundle\EventListener\PhpcrSecuritySubscriber; +use Sulu\Bundle\SecurityBundle\EventListener\SystemListener; +use Sulu\Bundle\SecurityBundle\EventListener\UserLocaleListener; +use Sulu\Bundle\SecurityBundle\Metadata\PasswordPolicyFormMetadataVisitor; +use Sulu\Bundle\SecurityBundle\Metadata\TwoFactorFormMetadataVisitor; +use Sulu\Bundle\SecurityBundle\Security\AuthenticationEntryPoint; +use Sulu\Bundle\SecurityBundle\Security\AuthenticationHandler; +use Sulu\Bundle\SecurityBundle\Serializer\Subscriber\SecuritySubscriber; +use Sulu\Bundle\SecurityBundle\System\SystemStore; +use Sulu\Bundle\SecurityBundle\System\SystemStoreInterface; +use Sulu\Bundle\SecurityBundle\Twig\UserTwigExtension; +use Sulu\Bundle\SecurityBundle\User\UserProvider; +use Sulu\Bundle\SecurityBundle\UserManager\UserManager; +use Sulu\Bundle\SecurityBundle\Util\TokenGenerator; +use Sulu\Component\Security\Authentication\SaltGenerator; +use Sulu\Component\Security\Authorization\AccessControl\AccessControlManager; +use Sulu\Component\Security\Authorization\AccessControl\DoctrineAccessControlProvider; +use Sulu\Component\Security\Authorization\AccessControl\PhpcrAccessControlProvider; +use Sulu\Component\Security\Authorization\MaskConverter; +use Sulu\Component\Security\Authorization\SecurityContextVoter; +use Sulu\Component\Security\Serializer\Subscriber\SecuredEntitySubscriber; +use Symfony\Component\Cache\Adapter\ArrayAdapter; +use Symfony\Component\DependencyInjection\ContainerInterface; +use Symfony\Component\DependencyInjection\Reference; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + $parameters = $container->parameters(); + $parameters->set('sulu_security.permissions', ['view' => 64, 'add' => 32, 'edit' => 16, 'delete' => 8, 'archive' => 4, 'live' => 2, 'security' => 1]); + $parameters->set('permissions', '%sulu_security.permissions%'); + $parameters->set('sulu_security.admin.class', SecurityAdmin::class); + $parameters->set('sulu_security.authentication_entry_point.class', AuthenticationEntryPoint::class); + $parameters->set('sulu_security.authentication_handler.class', AuthenticationHandler::class); + $parameters->set('sulu_security.mask_converter.class', MaskConverter::class); + $parameters->set('sulu_security.salt_generator.class', SaltGenerator::class); + $parameters->set('sulu_security.token_generator.class', TokenGenerator::class); + $parameters->set('sulu_security.security_context_voter.class', SecurityContextVoter::class); + $parameters->set('sulu_security.access_control_manager.class', AccessControlManager::class); + $parameters->set('sulu_security.phpcr_access_control_provider.class', PhpcrAccessControlProvider::class); + $parameters->set('sulu_security.doctrine_access_control_provider.class', DoctrineAccessControlProvider::class); + $parameters->set('sulu_security.permission_controller.class', PermissionController::class); + $parameters->set('sulu_security.group_repository.class', GroupRepository::class); + $parameters->set('sulu_security.user_repository.class', UserRepository::class); + $parameters->set('sulu_security.user_setting_repository.class', UserSettingRepository::class); + $parameters->set('sulu_security.user_repository_factory.class', 'Sulu\Component\Security\Authentication\UserRepositoryFactory'); + $parameters->set('sulu_security.build.user.class', UserBuilder::class); + $parameters->set('sulu_security.entity.role', Role::class); + $parameters->set('sulu_security.entity.group', Group::class); + $parameters->set('sulu_security.entity.user_setting', UserSetting::class); + $parameters->set('sulu_security.profile_controller.class', ProfileController::class); + + $services->set('sulu_security.resetting_controller', ResettingController::class) + ->public() + ->args([ + new Reference('validator'), + new Reference('translator'), + new Reference('sulu_security.token_generator'), + new Reference('twig'), + new Reference('security.token_storage'), + new Reference('event_dispatcher'), + new Reference('mailer'), + new Reference('sulu_security.encoder_factory'), + new Reference('sulu.repository.user'), + new Reference('router'), + new Reference('doctrine.orm.entity_manager'), + new Reference('sulu_activity.domain_event_collector'), + '%sulu_security.system%', + '%sulu_security.reset_password.mail.sender%', + '%sulu_security.reset_password.mail.subject%', + '%sulu_security.reset_password.mail.translation_domain%', + '%sulu_security.reset_password.mail.template%', + '%sulu_security.reset_password.mail.token_send_limit%', + '%sulu_admin.email%', + '%kernel.secret%', + new Reference('logger', ContainerInterface::NULL_ON_INVALID_REFERENCE), + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.admin', '%sulu_security.admin.class%') + ->args([ + new Reference(ViewBuilderFactoryInterface::class), + new Reference('sulu_security.security_checker'), + new Reference('router'), + new Reference('translator'), + new Reference('sulu_admin.admin_pool'), + '%sulu_admin.resources%', + ]) + ->tag('sulu.admin') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.security_systems_select_helper', SecuritySystemsSelect::class) + ->public() + ->args([ + new Reference('sulu_admin.admin_pool'), + '%sulu_security.system%', + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.system_language_select_helper', SystemLanguageSelect::class) + ->public() + ->args(['%sulu_core.translated_locales%']) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.authentication_entry_point', '%sulu_security.authentication_entry_point.class%'); + + $services->set('sulu_security.authentication_handler', '%sulu_security.authentication_handler.class%') + ->args([ + new Reference('router'), + '%sulu_security.two_factor_methods%', + ]); + + $services->set('sulu_security.mask_converter', '%sulu_security.mask_converter.class%') + ->public() + ->args(['%permissions%']); + + $services->set('sulu_security.salt_generator', '%sulu_security.salt_generator.class%') + ->public(); + + $services->alias('%sulu_security.salt_generator.class%', 'sulu_security.salt_generator'); + + $services->set('sulu_security.token_generator', '%sulu_security.token_generator.class%') + ->public(); + + $services->set('sulu_security.security_context_voter', '%sulu_security.security_context_voter.class%') + ->private() + ->args([ + new Reference('sulu_security.access_control_manager'), + '%permissions%', + ]) + ->tag('security.voter'); + + $services->set('sulu_security.access_control_manager', '%sulu_security.access_control_manager.class%') + ->args([ + new Reference('sulu_security.mask_converter'), + new Reference('event_dispatcher'), + new Reference('sulu_security.system_store'), + tagged_iterator('sulu_security.access_control_descendant_provider'), + new Reference('sulu.repository.role'), + new Reference('sulu.repository.access_control'), + new Reference('security.helper', ContainerInterface::NULL_ON_INVALID_REFERENCE), + '%sulu_security.permissions%', + ]); + + $services->set('sulu_security.system_store', SystemStore::class) + ->args([new Reference('sulu.repository.role')]) + ->tag('kernel.reset', ['method' => 'reset']); + + $services->alias(SystemStoreInterface::class, 'sulu_security.system_store'); + + $services->set('sulu_security.phpcr_access_control_provider', '%sulu_security.phpcr_access_control_provider.class%') + ->args([ + new Reference('sulu_document_manager.document_manager'), + new Reference('sulu.repository.role'), + '%permissions%', + ]) + ->tag('sulu.access_control'); + + $services->set('sulu_security.doctrine_access_control_provider', '%sulu_security.doctrine_access_control_provider.class%') + ->args([ + new Reference('doctrine.orm.default_entity_manager'), + new Reference('sulu.repository.role'), + new Reference('sulu.repository.access_control'), + new Reference('sulu_security.mask_converter'), + ]) + ->tag('sulu.access_control'); + + $services->set('sulu_security.permission_controller', '%sulu_security.permission_controller.class%') + ->public() + ->args([ + new Reference('sulu_security.access_control_manager'), + new Reference('sulu_security.security_checker'), + new Reference('sulu.repository.role'), + new Reference('fos_rest.view_handler'), + '%sulu_admin.resources%', + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.profile_controller', '%sulu_security.profile_controller.class%') + ->public() + ->args([ + new Reference('security.token_storage'), + new Reference('doctrine.orm.default_entity_manager'), + new Reference('fos_rest.view_handler'), + new Reference('sulu_security.user_setting_repository'), + new Reference('sulu_security.user_manager'), + '%sulu.model.user.class%', + '%sulu.model.contact.class%', + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.contexts_controller', ContextsController::class) + ->public() + ->args([ + new Reference('fos_rest.view_handler'), + new Reference('sulu_admin.admin_pool'), + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.group_controller', GroupController::class) + ->public() + ->args([ + new Reference('fos_rest.view_handler'), + new Reference('sulu_core.doctrine_rest_helper'), + new Reference('sulu_core.doctrine_list_builder_factory'), + new Reference('sulu.repository.role'), + new Reference('doctrine.orm.entity_manager'), + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.role_controller', RoleController::class) + ->public() + ->args([ + new Reference('fos_rest.view_handler'), + new Reference('sulu_core.list_builder.field_descriptor_factory'), + new Reference('sulu_core.doctrine_rest_helper'), + new Reference('sulu_core.doctrine_list_builder_factory'), + new Reference('sulu_security.mask_converter'), + new Reference('sulu.repository.role'), + new Reference('doctrine.orm.entity_manager'), + new Reference('sulu_activity.domain_event_collector'), + '%sulu.model.role.class%', + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.role_setting_controller', RoleSettingController::class) + ->public() + ->args([ + new Reference('fos_rest.view_handler'), + new Reference('sulu.repository.role_setting'), + new Reference('doctrine.orm.entity_manager'), + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.user_controller', UserController::class) + ->public() + ->args([ + new Reference('fos_rest.view_handler'), + new Reference('sulu_core.doctrine_rest_helper'), + new Reference('sulu_core.doctrine_list_builder_factory'), + new Reference('sulu_security.user_manager'), + new Reference('doctrine.orm.entity_manager'), + '%sulu.model.user.class%', + ]) + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.group_repository', '%sulu_security.group_repository.class%') + ->args(['%sulu_security.entity.group%']) + ->factory([new Reference('doctrine.orm.entity_manager'), 'getRepository']); + + $services->set('sulu_security.user_setting_repository', '%sulu_security.user_setting_repository.class%') + ->public() + ->args(['%sulu_security.entity.user_setting%']) + ->factory([new Reference('doctrine.orm.entity_manager'), 'getRepository']); + + $services->set('sulu_security.user_repository', '%sulu_security.user_repository.class%') + ->public() + ->args(['%sulu.model.user.class%']) + ->factory([new Reference('doctrine.orm.entity_manager'), 'getRepository']); + + $services->set('sulu_security.user_provider', UserProvider::class) + ->args([ + new Reference('sulu_security.user_repository'), + new Reference('sulu_security.system_store'), + new Reference('doctrine.orm.entity_manager'), + ]); + + $services->set('sulu_security.build.user', '%sulu_security.build.user.class%') + ->tag('massive_build.builder'); + + $services->set('sulu_security.build.security', SecurityBuilder::class) + ->tag('massive_build.builder'); + + $services->set('sulu_security.serializer.handler.secured_entity', SecuredEntitySubscriber::class) + ->args([ + new Reference('sulu_security.access_control_manager'), + new Reference('security.token_storage'), + ]) + ->tag('jms_serializer.event_subscriber') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.document.serializer.subscriber.security', SecuritySubscriber::class) + ->args([ + new Reference('sulu_security.access_control_manager'), + new Reference('security.token_storage', ContainerInterface::NULL_ON_INVALID_REFERENCE), + ]) + ->tag('jms_serializer.event_subscriber'); + + $services->set('sulu_security.twig_extension.user.cache_adapter', ArrayAdapter::class); + + $services->set('sulu_security.twig_extension.user.cache', PositionRepository::class) + ->args([new Reference('sulu_security.twig_extension.user.cache_adapter')]) + ->factory([DoctrineProvider::class, 'wrap']); + + $services->set('sulu_security.twig_extension.user', UserTwigExtension::class) + ->args([ + new Reference('sulu_security.twig_extension.user.cache'), + new Reference('sulu.repository.user'), + ]) + ->tag('twig.extension'); + + $services->set('sulu_security.user_locale_listener', UserLocaleListener::class) + ->args([ + new Reference('security.token_storage'), + new Reference('translator'), + ]) + ->tag('kernel.event_subscriber') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.system_listener', SystemListener::class) + ->args([ + new Reference('sulu_security.system_store'), + null, + '%sulu.context%', + ]) + ->tag('kernel.event_subscriber'); + + $services->set('sulu_security.fixtures.security_types', LoadSecurityTypes::class) + ->args(['%sulu_security.security_types.fixture%']) + ->tag('doctrine.fixture.orm'); + + $services->set('sulu_security.login_failure_listener', AuhenticationFailureListener::class) + ->args([ + new Reference('sulu_security.encoder_factory'), + new Reference('sulu.repository.user'), + ]) + ->tag('kernel.event_subscriber') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.logout_event_subscriber', LogoutEventSubscriber::class) + ->args([new Reference('router')]) + ->tag('kernel.event_subscriber') + ->tag('sulu.context', ['context' => 'admin']); + + $services->set('sulu_security.access_control_query_enhancer', AccessControlQueryEnhancer::class) + ->args([ + new Reference('sulu_security.system_store'), + new Reference('doctrine.orm.entity_manager'), + ]); + + $services->set('sulu_security.permission_inheritance_subscriber', PermissionInheritanceSubscriber::class) + ->args([new Reference('sulu_security.access_control_manager')]) + ->tag('doctrine.event_listener', ['event' => 'postPersist']); + + $services->set('sulu_security.phpcr_security_subscriber', PhpcrSecuritySubscriber::class) + ->args([ + new Reference('sulu_security.phpcr_access_control_provider'), + new Reference('sulu_security.doctrine_access_control_provider'), + ]) + ->tag('kernel.event_subscriber'); + + $services->set('sulu_security.user_manager', UserManager::class) + ->public() + ->args([ + new Reference('doctrine.orm.entity_manager'), + new Reference('sulu_security.encoder_factory', ContainerInterface::NULL_ON_INVALID_REFERENCE), + new Reference('sulu.repository.role'), + new Reference('sulu_security.group_repository'), + new Reference('sulu_contact.contact_manager'), + new Reference('sulu_security.salt_generator'), + new Reference('sulu.repository.user'), + new Reference('sulu_activity.domain_event_collector'), + '%sulu_security.password_policy_pattern%', + ]); + + $services->set('sulu_security.password_pattern_form_metadata_visitor', PasswordPolicyFormMetadataVisitor::class) + ->args([ + new Reference('translator'), + '%sulu_security.password_policy_pattern%', + '%sulu_security.password_policy_info_translation_key%', + ]) + ->tag('sulu_admin.form_metadata_visitor'); + + $services->set('sulu_security.two_factor_form_metadata_visitor', TwoFactorFormMetadataVisitor::class) + ->args([ + '%sulu_security.two_factor_methods%', + '%sulu_security.two_factor_force_pattern%', + new Reference('security.helper', ContainerInterface::NULL_ON_INVALID_REFERENCE), + ]) + ->tag('sulu_admin.form_metadata_visitor'); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/services.xml+0 −398 removed@@ -1,398 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - - <parameters> - <parameter key="sulu_security.permissions" type="collection"> - <parameter key="view">64</parameter> - <parameter key="add">32</parameter> - <parameter key="edit">16</parameter> - <parameter key="delete">8</parameter> - <parameter key="archive">4</parameter> - <parameter key="live">2</parameter> - <parameter key="security">1</parameter> - </parameter> - - <parameter key="permissions">%sulu_security.permissions%</parameter><!-- TODO deprecated --> - - <parameter key="sulu_security.admin.class">Sulu\Bundle\SecurityBundle\Admin\SecurityAdmin</parameter> - <parameter key="sulu_security.authentication_entry_point.class">Sulu\Bundle\SecurityBundle\Security\AuthenticationEntryPoint</parameter> - <parameter key="sulu_security.authentication_handler.class">Sulu\Bundle\SecurityBundle\Security\AuthenticationHandler</parameter> - <parameter key="sulu_security.mask_converter.class">Sulu\Component\Security\Authorization\MaskConverter</parameter> - <parameter key="sulu_security.salt_generator.class">Sulu\Component\Security\Authentication\SaltGenerator</parameter> - <parameter key="sulu_security.token_generator.class">Sulu\Bundle\SecurityBundle\Util\TokenGenerator</parameter> - <parameter key="sulu_security.security_context_voter.class">Sulu\Component\Security\Authorization\SecurityContextVoter</parameter> - <parameter key="sulu_security.access_control_manager.class">Sulu\Component\Security\Authorization\AccessControl\AccessControlManager</parameter> - <parameter key="sulu_security.phpcr_access_control_provider.class">Sulu\Component\Security\Authorization\AccessControl\PhpcrAccessControlProvider</parameter> - <parameter key="sulu_security.doctrine_access_control_provider.class">Sulu\Component\Security\Authorization\AccessControl\DoctrineAccessControlProvider</parameter> - <parameter key="sulu_security.permission_controller.class">Sulu\Bundle\SecurityBundle\Controller\PermissionController</parameter> - <parameter key="sulu_security.group_repository.class">Sulu\Bundle\SecurityBundle\Entity\GroupRepository</parameter> - <parameter key="sulu_security.user_repository.class">Sulu\Bundle\SecurityBundle\Entity\UserRepository</parameter> - <parameter key="sulu_security.user_setting_repository.class">Sulu\Bundle\SecurityBundle\Entity\UserSettingRepository</parameter> - <parameter key="sulu_security.user_repository_factory.class">Sulu\Component\Security\Authentication\UserRepositoryFactory</parameter> - <parameter key="sulu_security.build.user.class">Sulu\Bundle\SecurityBundle\Build\UserBuilder</parameter> - <parameter key="sulu_security.entity.role">Sulu\Bundle\SecurityBundle\Entity\Role</parameter> - <parameter key="sulu_security.entity.group">Sulu\Bundle\SecurityBundle\Entity\Group</parameter> - <parameter key="sulu_security.entity.user_setting">Sulu\Bundle\SecurityBundle\Entity\UserSetting</parameter> - <parameter key="sulu_security.profile_controller.class">Sulu\Bundle\SecurityBundle\Controller\ProfileController</parameter> - </parameters> - - <services> - <service id="sulu_security.resetting_controller" - class="Sulu\Bundle\SecurityBundle\Controller\ResettingController" - public="true"> - <argument type="service" id="validator"/> - <argument type="service" id="translator"/> - <argument type="service" id="sulu_security.token_generator"/> - <argument type="service" id="twig"/> - <argument type="service" id="security.token_storage"/> - <argument type="service" id="event_dispatcher"/> - <argument type="service" id="mailer"/> - <argument type="service" id="sulu_security.encoder_factory"/> - <argument type="service" id="sulu.repository.user"/> - <argument type="service" id="router"/> - <argument type="service" id="doctrine.orm.entity_manager"/> - <argument type="service" id="sulu_activity.domain_event_collector"/> - <argument>%sulu_security.system%</argument> - <argument>%sulu_security.reset_password.mail.sender%</argument> - <argument>%sulu_security.reset_password.mail.subject%</argument> - <argument>%sulu_security.reset_password.mail.translation_domain%</argument> - <argument>%sulu_security.reset_password.mail.template%</argument> - <argument>%sulu_security.reset_password.mail.token_send_limit%</argument> - <argument>%sulu_admin.email%</argument> - <argument>%kernel.secret%</argument> - <argument type="service" id="logger" on-invalid="null"/> - - <tag name="sulu.context" context="admin"/> - </service> - <service id="sulu_security.admin" class="%sulu_security.admin.class%"> - <argument type="service" id="Sulu\Bundle\AdminBundle\Admin\View\ViewBuilderFactoryInterface"/> - <argument type="service" id="sulu_security.security_checker"/> - <argument type="service" id="router"/> - <argument type="service" id="translator"/> - <argument type="service" id="sulu_admin.admin_pool"/> - <argument>%sulu_admin.resources%</argument> - <tag name="sulu.admin"/> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.security_systems_select_helper" class="Sulu\Bundle\SecurityBundle\Admin\Helper\SecuritySystemsSelect" public="true"> - <argument type="service" id="sulu_admin.admin_pool"/> - <argument>%sulu_security.system%</argument> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.system_language_select_helper" class="Sulu\Bundle\SecurityBundle\Admin\Helper\SystemLanguageSelect" public="true"> - <argument>%sulu_core.translated_locales%</argument> - <tag name="sulu.context" context="admin"/> - </service> - - <service - id="sulu_security.authentication_entry_point" - class="%sulu_security.authentication_entry_point.class%" - /> - - <service id="sulu_security.authentication_handler" class="%sulu_security.authentication_handler.class%"> - <argument type="service" id="router"/> - <argument>%sulu_security.two_factor_methods%</argument> - </service> - - <service id="sulu_security.mask_converter" class="%sulu_security.mask_converter.class%" public="true"> - <argument>%permissions%</argument> - </service> - - <service id="sulu_security.salt_generator" class="%sulu_security.salt_generator.class%" public="true"> - </service> - <service id="%sulu_security.salt_generator.class%" alias="sulu_security.salt_generator"/> - - <service id="sulu_security.token_generator" class="%sulu_security.token_generator.class%" public="true"> - </service> - - <service id="sulu_security.security_context_voter" class="%sulu_security.security_context_voter.class%" public="false"> - <argument type="service" id="sulu_security.access_control_manager"/> - <argument>%permissions%</argument> - <tag name="security.voter"/> - </service> - - <service id="sulu_security.access_control_manager" class="%sulu_security.access_control_manager.class%"> - <argument type="service" id="sulu_security.mask_converter"/> - <argument type="service" id="event_dispatcher"/> - <argument type="service" id="sulu_security.system_store"/> - <argument type="tagged_iterator" tag="sulu_security.access_control_descendant_provider"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="sulu.repository.access_control"/> - <argument type="service" id="security.helper" on-invalid="null"/> - <argument>%sulu_security.permissions%</argument> - </service> - - <service id="sulu_security.system_store" class="Sulu\Bundle\SecurityBundle\System\SystemStore"> - <argument type="service" id="sulu.repository.role"/> - <tag name="kernel.reset" method="reset" /> - </service> - - <service id="Sulu\Bundle\SecurityBundle\System\SystemStoreInterface" alias="sulu_security.system_store"/> - - <service id="sulu_security.phpcr_access_control_provider" class="%sulu_security.phpcr_access_control_provider.class%"> - <argument type="service" id="sulu_document_manager.document_manager"/> - <argument type="service" id="sulu.repository.role"/> - <argument>%permissions%</argument> - <tag name="sulu.access_control"/> - </service> - - <service id="sulu_security.doctrine_access_control_provider" class="%sulu_security.doctrine_access_control_provider.class%"> - <argument type="service" id="doctrine.orm.default_entity_manager"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="sulu.repository.access_control"/> - <argument type="service" id="sulu_security.mask_converter"/> - <tag name="sulu.access_control"/> - </service> - - <service id="sulu_security.permission_controller" class="%sulu_security.permission_controller.class%" public="true"> - <argument type="service" id="sulu_security.access_control_manager"/> - <argument type="service" id="sulu_security.security_checker"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="fos_rest.view_handler"/> - <argument>%sulu_admin.resources%</argument> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.profile_controller" class="%sulu_security.profile_controller.class%" public="true"> - <argument type="service" id="security.token_storage"/> - <argument type="service" id="doctrine.orm.default_entity_manager"/> - <argument type="service" id="fos_rest.view_handler"/> - <argument type="service" id="sulu_security.user_setting_repository"/> - <argument type="service" id="sulu_security.user_manager"/> - <argument>%sulu.model.user.class%</argument> - <argument>%sulu.model.contact.class%</argument> - <tag name="sulu.context" context="admin"/> - </service> - - <service - id="sulu_security.contexts_controller" - class="Sulu\Bundle\SecurityBundle\Controller\ContextsController" - public="true" - > - <argument type="service" id="fos_rest.view_handler"/> - <argument type="service" id="sulu_admin.admin_pool"/> - - <tag name="sulu.context" context="admin"/> - </service> - - <service - id="sulu_security.group_controller" - class="Sulu\Bundle\SecurityBundle\Controller\GroupController" - public="true" - > - <argument type="service" id="fos_rest.view_handler" /> - <argument type="service" id="sulu_core.doctrine_rest_helper" /> - <argument type="service" id="sulu_core.doctrine_list_builder_factory" /> - <argument type="service" id="sulu.repository.role" /> - <argument type="service" id="doctrine.orm.entity_manager" /> - - <tag name="sulu.context" context="admin"/> - </service> - - <service - id="sulu_security.role_controller" - class="Sulu\Bundle\SecurityBundle\Controller\RoleController" - public="true" - > - <argument type="service" id="fos_rest.view_handler" /> - <argument type="service" id="sulu_core.list_builder.field_descriptor_factory" /> - <argument type="service" id="sulu_core.doctrine_rest_helper" /> - <argument type="service" id="sulu_core.doctrine_list_builder_factory" /> - <argument type="service" id="sulu_security.mask_converter" /> - <argument type="service" id="sulu.repository.role" /> - <argument type="service" id="doctrine.orm.entity_manager" /> - <argument type="service" id="sulu_activity.domain_event_collector" /> - <argument>%sulu.model.role.class%</argument> - - <tag name="sulu.context" context="admin"/> - </service> - - <service - id="sulu_security.role_setting_controller" - class="Sulu\Bundle\SecurityBundle\Controller\RoleSettingController" - public="true" - > - <argument type="service" id="fos_rest.view_handler" /> - <argument type="service" id="sulu.repository.role_setting" /> - <argument type="service" id="doctrine.orm.entity_manager" /> - - <tag name="sulu.context" context="admin"/> - </service> - - <service - id="sulu_security.user_controller" - class="Sulu\Bundle\SecurityBundle\Controller\UserController" - public="true" - > - <argument type="service" id="fos_rest.view_handler" /> - <argument type="service" id="sulu_core.doctrine_rest_helper" /> - <argument type="service" id="sulu_core.doctrine_list_builder_factory" /> - <argument type="service" id="sulu_security.user_manager" /> - <argument type="service" id="doctrine.orm.entity_manager" /> - <argument>%sulu.model.user.class%</argument> - - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.group_repository" class="%sulu_security.group_repository.class%"> - <factory service="doctrine.orm.entity_manager" method="getRepository"/> - - <argument>%sulu_security.entity.group%</argument> - </service> - - <service id="sulu_security.user_setting_repository" class="%sulu_security.user_setting_repository.class%" public="true"> - <factory service="doctrine.orm.entity_manager" method="getRepository"/> - - <argument>%sulu_security.entity.user_setting%</argument> - </service> - - <service id="sulu_security.user_repository" class="%sulu_security.user_repository.class%" public="true"> - <factory service="doctrine.orm.entity_manager" method="getRepository"/> - - <argument>%sulu.model.user.class%</argument> - </service> - - <service id="sulu_security.user_provider" class="Sulu\Bundle\SecurityBundle\User\UserProvider"> - <argument type="service" id="sulu_security.user_repository"/> - <argument type="service" id="sulu_security.system_store"/> - <argument type="service" id="doctrine.orm.entity_manager"/> - </service> - - <service id="sulu_security.build.user" class="%sulu_security.build.user.class%"> - <tag name="massive_build.builder" /> - </service> - - <service id="sulu_security.build.security" class="Sulu\Bundle\SecurityBundle\Build\SecurityBuilder"> - <tag name="massive_build.builder" /> - </service> - - <service id="sulu_security.serializer.handler.secured_entity" class="Sulu\Component\Security\Serializer\Subscriber\SecuredEntitySubscriber"> - <argument type="service" id="sulu_security.access_control_manager"/> - <argument type="service" id="security.token_storage"/> - - <tag name="jms_serializer.event_subscriber" /> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.document.serializer.subscriber.security" - class="Sulu\Bundle\SecurityBundle\Serializer\Subscriber\SecuritySubscriber"> - <argument type="service" id="sulu_security.access_control_manager"/> - <argument type="service" id="security.token_storage" on-invalid="null"/> - - <tag name="jms_serializer.event_subscriber"/> - </service> - - <service id="sulu_security.twig_extension.user.cache_adapter" class="Symfony\Component\Cache\Adapter\ArrayAdapter" /> - <service id="sulu_security.twig_extension.user.cache" class="Sulu\Bundle\ContactBundle\Entity\PositionRepository"> - <factory class="Doctrine\Common\Cache\Psr6\DoctrineProvider" method="wrap"/> - <argument type="service" id="sulu_security.twig_extension.user.cache_adapter" /> - </service> - - <service id="sulu_security.twig_extension.user" class="Sulu\Bundle\SecurityBundle\Twig\UserTwigExtension"> - <argument type="service" id="sulu_security.twig_extension.user.cache"/> - <argument type="service" id="sulu.repository.user"/> - - <tag name="twig.extension"/> - </service> - - <service id="sulu_security.user_locale_listener" - class="Sulu\Bundle\SecurityBundle\EventListener\UserLocaleListener"> - <argument type="service" id="security.token_storage"/> - <argument type="service" id="translator"/> - - <tag name="kernel.event_subscriber"/> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.system_listener" class="Sulu\Bundle\SecurityBundle\EventListener\SystemListener"> - <argument type="service" id="sulu_security.system_store" /> - <argument>null</argument> - <argument>%sulu.context%</argument> - - <tag name="kernel.event_subscriber"/> - </service> - - <service id="sulu_security.fixtures.security_types" class="Sulu\Bundle\SecurityBundle\DataFixtures\ORM\LoadSecurityTypes"> - <argument>%sulu_security.security_types.fixture%</argument> - - <tag name="doctrine.fixture.orm"/> - </service> - - <service id="sulu_security.login_failure_listener" - class="Sulu\Bundle\SecurityBundle\EventListener\AuhenticationFailureListener"> - <argument type="service" id="sulu_security.encoder_factory"/> - <argument type="service" id="sulu.repository.user"/> - - <tag name="kernel.event_subscriber"/> - <tag name="sulu.context" context="admin"/> - </service> - - <service id="sulu_security.logout_event_subscriber" class="Sulu\Bundle\SecurityBundle\EventListener\LogoutEventSubscriber"> - <argument type="service" id="router"/> - - <tag name="kernel.event_subscriber"/> - <tag name="sulu.context" context="admin"/> - </service> - - <service - id="sulu_security.access_control_query_enhancer" - class="Sulu\Bundle\SecurityBundle\AccessControl\AccessControlQueryEnhancer" - > - <argument type="service" id="sulu_security.system_store" /> - <argument type="service" id="doctrine.orm.entity_manager" /> - </service> - - <service - id="sulu_security.permission_inheritance_subscriber" - class="Sulu\Bundle\SecurityBundle\EventListener\PermissionInheritanceSubscriber" - > - <argument type="service" id="sulu_security.access_control_manager" /> - <tag name="doctrine.event_listener" event="postPersist"/> - </service> - - <service id="sulu_security.phpcr_security_subscriber" class="Sulu\Bundle\SecurityBundle\EventListener\PhpcrSecuritySubscriber"> - <argument type="service" id="sulu_security.phpcr_access_control_provider" /> - <argument type="service" id="sulu_security.doctrine_access_control_provider" /> - - <tag name="kernel.event_subscriber"/> - </service> - - <service id="sulu_security.user_manager" class="Sulu\Bundle\SecurityBundle\UserManager\UserManager" public="true"> - <argument type="service" id="doctrine.orm.entity_manager"/> - <argument type="service" id="sulu_security.encoder_factory" on-invalid="null"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="sulu_security.group_repository"/> - <argument type="service" id="sulu_contact.contact_manager"/> - <argument type="service" id="sulu_security.salt_generator"/> - <argument type="service" id="sulu.repository.user"/> - <argument type="service" id="sulu_activity.domain_event_collector"/> - <argument>%sulu_security.password_policy_pattern%</argument> - </service> - - <service - id="sulu_security.password_pattern_form_metadata_visitor" - class="Sulu\Bundle\SecurityBundle\Metadata\PasswordPolicyFormMetadataVisitor" - > - <argument type="service" id="translator"/> - <argument>%sulu_security.password_policy_pattern%</argument> - <argument>%sulu_security.password_policy_info_translation_key%</argument> - - <tag name="sulu_admin.form_metadata_visitor" /> - </service> - - <service - id="sulu_security.two_factor_form_metadata_visitor" - class="Sulu\Bundle\SecurityBundle\Metadata\TwoFactorFormMetadataVisitor" - > - <argument>%sulu_security.two_factor_methods%</argument> - <argument>%sulu_security.two_factor_force_pattern%</argument> - <argument type="service" id="security.helper" on-invalid="null"/> - - <tag name="sulu_admin.form_metadata_visitor" /> - </service> - </services> -</container>
src/Sulu/Bundle/SecurityBundle/Resources/config/single_sign_on.php+62 −0 added@@ -0,0 +1,62 @@ +<?php + +/* + * This file is part of Sulu. + * + * (c) Sulu GmbH + * + * This source file is subject to the MIT license that is bundled + * with this source code in the file LICENSE. + */ + +use Sulu\Bundle\SecurityBundle\SingleSignOn\Adapter\OpenId\OpenIdSingleSignOnAdapterFactory; +use Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterFactory; +use Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterProvider; +use Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnLoginRequestSubscriber; +use Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenExtractor; +use Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenHandler; +use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator; + +use function Symfony\Component\DependencyInjection\Loader\Configurator\tagged_iterator; +use function Symfony\Component\DependencyInjection\Loader\Configurator\tagged_locator; + +use Symfony\Component\DependencyInjection\Reference; + +return static function(ContainerConfigurator $container) { + $services = $container->services(); + + $services->set('sulu_security.open_id_login_subscriber', SingleSignOnLoginRequestSubscriber::class) + ->args([ + new Reference('sulu_security.single_sign_provider'), + new Reference('router'), + new Reference('sulu.repository.user'), + ]) + ->tag('kernel.event_subscriber'); + + $services->set('sulu_security.single_sign_on_adapter_factory_open_id', OpenIdSingleSignOnAdapterFactory::class) + ->args([ + new Reference('http_client'), + new Reference('sulu_security.user_repository'), + new Reference('doctrine.orm.entity_manager'), + new Reference('sulu.repository.contact'), + new Reference('sulu.repository.role'), + new Reference('router'), + '%sulu_core.translations%', + ]) + ->tag('sulu_security.single_sign_on_factory'); + + $services->set('sulu_security.single_sign_on_adapter_factory', SingleSignOnAdapterFactory::class) + ->args([tagged_iterator('sulu_security.single_sign_on_factory')]); + + $services->set('sulu_security.single_sign_provider', SingleSignOnAdapterProvider::class) + ->args([tagged_locator('sulu_security.single_sign_on_adapter', indexAttribute: 'domain')]); + + $services->set('sulu_security.single_sign_on_token_extractor', SingleSignOnTokenExtractor::class) + ->args([new Reference('sulu_security.single_sign_provider')]); + + $services->set('sulu_security.single_sign_on_token_handler', SingleSignOnTokenHandler::class) + ->args([ + new Reference('sulu_security.single_sign_provider'), + new Reference('http_client'), + ]); +};
src/Sulu/Bundle/SecurityBundle/Resources/config/single_sign_on.xml+0 −43 removed@@ -1,43 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<container xmlns="http://symfony.com/schema/dic/services" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - <services> - - <service id="sulu_security.open_id_login_subscriber" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnLoginRequestSubscriber"> - <argument type="service" id="sulu_security.single_sign_provider"/> - <argument type="service" id="router"/> - <argument type="service" id="sulu.repository.user"/> - <tag name="kernel.event_subscriber"/> - </service> - - <service id="sulu_security.single_sign_on_adapter_factory_open_id" class="Sulu\Bundle\SecurityBundle\SingleSignOn\Adapter\OpenId\OpenIdSingleSignOnAdapterFactory"> - <argument type="service" id="http_client"/> - <argument type="service" id="sulu_security.user_repository"/> - <argument type="service" id="doctrine.orm.entity_manager"/> - <argument type="service" id="sulu.repository.contact"/> - <argument type="service" id="sulu.repository.role"/> - <argument type="service" id="router"/> - <argument>%sulu_core.translations%</argument> - - <tag name="sulu_security.single_sign_on_factory"/> - </service> - - <service id="sulu_security.single_sign_on_adapter_factory" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterFactory"> - <argument type="tagged_iterator" tag="sulu_security.single_sign_on_factory"/> - </service> - - <service id="sulu_security.single_sign_provider" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterProvider"> - <argument type="tagged_locator" tag="sulu_security.single_sign_on_adapter" index-by="domain" /> - </service> - - <service id="sulu_security.single_sign_on_token_extractor" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenExtractor"> - <argument type="service" id="sulu_security.single_sign_provider"/> - </service> - - <service id="sulu_security.single_sign_on_token_handler" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenHandler"> - <argument type="service" id="sulu_security.single_sign_provider"/> - <argument type="service" id="http_client"/> - </service> - </services> -</container>
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
4News mentions
0No linked articles in our index yet.