allow configuration to run with no firewall on some paths. fix #72

cleanups on user context.

fix test

adjust to hash generator refactoring

update doc

Author: dbu

DependencyInjection/Compiler/UserContextListenerPass.php

@@ -2,6 +2,7 @@
 
 namespace FOS\HttpCacheBundle\DependencyInjection\Compiler;
 
+use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
@@ -24,8 +25,15 @@ public function process(ContainerBuilder $container)
 
         $definition = $container->getDefinition('fos_http_cache.user_context.hash_generator');
 
+        $providers = array();
         foreach ($container->findTaggedServiceIds(self::TAG_NAME) as $id => $parameters) {
-            $definition->addMethodCall('registerProvider', array(new Reference($id)));
+            $providers[] = new Reference($id);
         }
+
+        if (!count($providers)) {
+            throw new InvalidConfigurationException('No user context providers found. Either tag providers or disable fos_http_cache.user_context');
+        }
+
+        $definition->addArgument($providers);
     }
 }

DependencyInjection/Configuration.php

@@ -79,7 +79,7 @@ private function addUserContextListenerSection(ArrayNodeDefinition $rootNode)
                         ->end()
                         ->arrayNode('user_identifier_headers')
                             ->prototype('scalar')->end()
-                            ->treatNullLike(array('Cookie', 'Authentication'))
+                            ->defaultValue(array('Cookie', 'Authorization'))
                             ->info('List of headers that contains the unique identifier for the user in the hash request.')
                         ->end()
                         ->scalarNode('user_hash_header')

EventListener/UserContextSubscriber.php

@@ -50,11 +50,14 @@ class UserContextSubscriber implements EventSubscriberInterface
     public function __construct(
         RequestMatcherInterface $requestMatcher,
         HashGenerator $hashGenerator,
-        $userIdentifierHeaders = array('Vary', 'Authorization'),
+        array $userIdentifierHeaders = array('Cookie', 'Authorization'),
         $hashHeader = "X-User-Context-Hash",
         $ttl = 0
     )
     {
+        if (!count($userIdentifierHeaders)) {
+            throw new \InvalidArgumentException('The user context must vary on some request headers');
+        }
         $this->requestMatcher        = $requestMatcher;
         $this->hashGenerator         = $hashGenerator;
         $this->userIdentifierHeaders = $userIdentifierHeaders;
@@ -111,17 +114,19 @@ public function onKernelResponse(FilterResponseEvent $event)
             return;
         }
 
-        // Only set vary header if we have the hash header
-        if (!$event->getRequest()->headers->has($this->hashHeader)) {
-            return;
-        }
-
         $response = $event->getResponse();
-
         $vary = $response->getVary();
 
-        if (!in_array($this->hashHeader, $vary)) {
-            $vary[] = $this->hashHeader;
+        if ($event->getRequest()->headers->has($this->hashHeader)) {
+            if (!in_array($this->hashHeader, $vary)) {
+                $vary[] = $this->hashHeader;
+            }
+        } else {
+            foreach ($this->userIdentifierHeaders as $header) {
+                if (!in_array($header, $vary)) {
+                    $vary[] = $header;
+                }
+            }
         }
 
         $response->setVary($vary, true);

Resources/config/user_context.xml

@@ -30,7 +30,7 @@
         </service>
 
         <service id="fos_http_cache.user_context.role_provider" class="%fos_http_cache.user_context.role_provider.class%" abstract="true">
-            <argument type="service" id="security.context" />
+            <argument type="service" id="security.context" on-invalid="ignore" />
         </service>
     </services>
 </container>

Resources/doc/user-context.md

@@ -21,20 +21,45 @@ other responses are set to vary on the hash header.
 Additionally, the bundle provides a service that builds the user context hash
 from context providers.
 
-## Configuring the Context Event Subscriber
+## Configuring the User Context Event Subscriber
+
+First you need to set up your caching proxy as explained in
+[the user context documentation](http://foshttpcache.readthedocs.org/en/latest/user-context.html)
+
+Then add the route you specified in the hash lookup request to the Symfony
+routing configuration, so that the user context event subscriber can get
+triggered:
+
+```yaml
+# app/config/routing.yml
+user_context_hash:
+    /user-context-hash
+```
+
+.. note::
+
+    This route is never actually used, as the context event subscriber will act
+    before a controller would be called. But the user context is handled only
+    after security happened. Security in turn only happens after the routing.
+    If the routing does not find a route, the request is aborted with a "not
+    found" error.
+
+.. caution::
+
+    If you are using Symfony2 security, make sure that this route is route is
+    [inside the firewall](http://symfony.com/doc/current/book/security.html) for
+    which you are doing the cache groups.
 
 Enable the event subscriber with:
 
-``` yaml
-# app/config.yml
+```yaml
+# app/config/config.yml
 fos_http_cache:
     user_context:
         enabled: true
 ```
 
-This will enable the subscriber with the default settings. You need to
-configure your caching proxy as explained in
-[the user context documentation](http://foshttpcache.readthedocs.org/en/latest/user-context.html)
+This will enable the subscriber with the default settings.
 
 Note: Enabling happens automatically if you configure any of the options on the
 user_context.

Tests/Unit/EventListener/UserContextSubscriberTest.php

@@ -9,6 +9,7 @@
 use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Routing\Matcher\RequestMatcherInterface;
 
 class UserContextSubscriberTest extends \PHPUnit_Framework_TestCase
 {
@@ -17,21 +18,21 @@ public function testOnKernelRequest()
         $request = new Request();
         $request->setMethod('HEAD');
 
-        $requestMatcher = \Mockery::mock('\Symfony\Component\HttpFoundation\RequestMatcherInterface');
-        $requestMatcher->shouldReceive('matches')->with($request)->andReturn(true);
+        $requestMatcher = $this->getRequestMatcher($request, true);
+        $hashGenerator = \Mockery::mock('\FOS\HttpCache\UserContext\HashGenerator');
+        $hashGenerator->shouldReceive('generateHash')->andReturn('hash');
 
-        $userContextSubscriber = new UserContextSubscriber($requestMatcher, new HashGenerator(), 'X-SessionId', 'X-Hash');
+        $userContextSubscriber = new UserContextSubscriber($requestMatcher, $hashGenerator, array('X-SessionId'), 'X-Hash');
         $event = $this->getKernelRequestEvent($request);
 
         $userContextSubscriber->onKernelRequest($event);
 
         $response = $event->getResponse();
-        $hash = hash('sha256', serialize(array()));
 
 
         $this->assertNotNull($response);
         $this->assertInstanceOf('\Symfony\Component\HttpFoundation\Response', $response);
-        $this->assertEquals($hash, $response->headers->get('X-Hash'));
+        $this->assertEquals('hash', $response->headers->get('X-Hash'));
         $this->assertNull($response->headers->get('Vary'));
         $this->assertEquals('max-age=0, no-cache, private', $response->headers->get('Cache-Control'));
     }
@@ -41,20 +42,20 @@ public function testOnKernelRequestCached()
         $request = new Request();
         $request->setMethod('HEAD');
 
-        $requestMatcher = \Mockery::mock('\Symfony\Component\HttpFoundation\RequestMatcherInterface');
-        $requestMatcher->shouldReceive('matches')->with($request)->andReturn(true);
+        $requestMatcher = $this->getRequestMatcher($request, true);
+        $hashGenerator = \Mockery::mock('\FOS\HttpCache\UserContext\HashGenerator');
+        $hashGenerator->shouldReceive('generateHash')->andReturn('hash');
 
-        $userContextSubscriber = new UserContextSubscriber($requestMatcher, new HashGenerator(), 'X-SessionId', 'X-Hash', 30);
+        $userContextSubscriber = new UserContextSubscriber($requestMatcher, $hashGenerator, array('X-SessionId'), 'X-Hash', 30);
         $event = $this->getKernelRequestEvent($request);
 
         $userContextSubscriber->onKernelRequest($event);
 
         $response = $event->getResponse();
-        $hash = hash('sha256', serialize(array()));
 
         $this->assertNotNull($response);
         $this->assertInstanceOf('\Symfony\Component\HttpFoundation\Response', $response);
-        $this->assertEquals($hash, $response->headers->get('X-Hash'));
+        $this->assertEquals('hash', $response->headers->get('X-Hash'));
         $this->assertEquals('X-SessionId', $response->headers->get('Vary'));
         $this->assertEquals('max-age=30, private', $response->headers->get('Cache-Control'));
     }
@@ -64,16 +65,15 @@ public function testOnKernelRequestNotMatched()
         $request = new Request();
         $request->setMethod('HEAD');
 
-        $requestMatcher = \Mockery::mock('\Symfony\Component\HttpFoundation\RequestMatcherInterface');
-        $requestMatcher->shouldReceive('matches')->with($request)->andReturn(false);
+        $requestMatcher = $this->getRequestMatcher($request, false);
+        $hashGenerator = \Mockery::mock('\FOS\HttpCache\UserContext\HashGenerator');
 
-        $userContextSubscriber = new UserContextSubscriber($requestMatcher, new HashGenerator(), 'X-SessionId', 'X-Hash');
+        $userContextSubscriber = new UserContextSubscriber($requestMatcher, $hashGenerator, array('X-SessionId'), 'X-Hash');
         $event = $this->getKernelRequestEvent($request);
 
         $userContextSubscriber->onKernelRequest($event);
 
         $response = $event->getResponse();
-        $hash = hash('sha256', serialize(array()));
 
         $this->assertNull($response);
     }
@@ -84,31 +84,34 @@ public function testOnKernelResponse()
         $request->setMethod('HEAD');
         $request->headers->set('X-Hash', 'hash');
 
-        $requestMatcher = \Mockery::mock('\Symfony\Component\HttpFoundation\RequestMatcherInterface');
-        $requestMatcher->shouldReceive('matches')->with($request)->andReturn(false);
+        $requestMatcher = $this->getRequestMatcher($request, false);
+        $hashGenerator = \Mockery::mock('\FOS\HttpCache\UserContext\HashGenerator');
 
-        $userContextSubscriber = new UserContextSubscriber($requestMatcher, new HashGenerator(), 'X-SessionId', 'X-Hash');
+        $userContextSubscriber = new UserContextSubscriber($requestMatcher, $hashGenerator, array('X-SessionId'), 'X-Hash');
         $event = $this->getKernelResponseEvent($request);
 
         $userContextSubscriber->onKernelResponse($event);
 
         $this->assertContains('X-Hash', $event->getResponse()->headers->get('Vary'));
     }
 
+    /**
+     * If there is no hash in the request, vary on the user identifier.
+     */
     public function testOnKernelResponseNotCached()
     {
         $request = new Request();
         $request->setMethod('HEAD');
 
-        $requestMatcher = \Mockery::mock('\Symfony\Component\HttpFoundation\RequestMatcherInterface');
-        $requestMatcher->shouldReceive('matches')->with($request)->andReturn(false);
+        $requestMatcher = $this->getRequestMatcher($request, false);
+        $hashGenerator = \Mockery::mock('\FOS\HttpCache\UserContext\HashGenerator');
 
-        $userContextSubscriber = new UserContextSubscriber($requestMatcher, new HashGenerator(), 'X-SessionId', 'X-Hash');
+        $userContextSubscriber = new UserContextSubscriber($requestMatcher, $hashGenerator, array('X-SessionId'), 'X-Hash');
         $event = $this->getKernelResponseEvent($request);
 
         $userContextSubscriber->onKernelResponse($event);
 
-        $this->assertNull($event->getResponse()->headers->get('Vary'));
+        $this->assertEquals('X-SessionId', $event->getResponse()->headers->get('Vary'));
     }
 
     protected function getKernelRequestEvent(Request $request)
@@ -129,4 +132,18 @@ protected function getKernelResponseEvent(Request $request, Response $response =
             $response ?: new Response()
         );
     }
+
+    /**
+     * @param Request $request
+     * @param bool    $match
+     *
+     * @return \Mockery\MockInterface|RequestMatcherInterface
+     */
+    private function getRequestMatcher(Request $request, $match)
+    {
+        $requestMatcher = \Mockery::mock('\Symfony\Component\HttpFoundation\RequestMatcherInterface');
+        $requestMatcher->shouldReceive('matches')->with($request)->andReturn($match);
+
+        return $requestMatcher;
+    }
 }

UserContext/RequestMatcher.php

@@ -22,7 +22,7 @@ public function __construct($accept = 'application/vnd.fos.user-context-hash', $
      */
     public function matches(Request $request)
     {
-        if ($this->accept != $request->headers->get('accept', null)) {
+        if ($this->accept !== null && $this->accept != $request->headers->get('accept', null)) {
             return false;
         }
 
@@ -32,4 +32,4 @@ public function matches(Request $request)
 
         return true;
     }
-} 
+}

UserContext/RoleProvider.php

@@ -4,30 +4,50 @@
 
 use FOS\HttpCache\UserContext\ContextProviderInterface;
 use FOS\HttpCache\UserContext\UserContext;
+use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
+use Symfony\Component\Security\Core\Role\RoleInterface;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 
 /**
- * RoleProvider add roles to the UserContext for the hash generation
+ * The RoleProvider adds roles to the UserContext for the hash generation.
  */
 class RoleProvider implements ContextProviderInterface
 {
+    /**
+     * @var SecurityContextInterface|null
+     */
     private $context;
 
-    public function __construct(SecurityContextInterface $context)
+    /**
+     * Create the role provider with a security context.
+     *
+     * The security context is optional to not fail on routes that have no
+     * firewall. It is however not valid to call updateUserContext when not in
+     * a firewall context.
+     *
+     * @param SecurityContextInterface|null $context
+     */
+    public function __construct(SecurityContextInterface $context = null)
     {
         $this->context = $context;
     }
 
     /**
      * {@inheritDoc}
+     *
+     * @throws InvalidConfigurationException when called without a security context being set.
      */
     public function updateUserContext(UserContext $context)
     {
+        if (null === $this->context) {
+            throw new InvalidConfigurationException('The context hash URL must be under a firewall.');
+        }
+
         if (null === $token = $this->context->getToken()) {
             return;
         }
 
-        $roles = array_map(function ($role) {
+        $roles = array_map(function (RoleInterface $role) {
             return $role->getRole();
         }, $token->getRoles());