Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
In #2286971: Remove dependency of current_user on request and authentication manager the method scope is changed from public to protected
# core/lib/Drupal/Core/Authentication/AuthenticationManager.php:259
protected function getSortedProviders() {
but https://www.drupal.org/project/restui uses this to configure the rest resources in
# modules/restui/restui.module:37
$authentication_providers = array_keys(\Drupal::service('authentication')->getSortedProviders());
Proposed resolution
Add a public method AuthenticationManager::getProviderKeys() #5
Create Interface for AuthenticationManager #3
Comments
Comment #1
clemens.tolboomComment #2
BerdirHm, is there on other method that can be used?
I guess having a method that returns all providers is useful, not 100% if that is the right one, though.
Comment #3
dawehnerIf we make this method public we should probably add an AuthenticationManagerInterface as well?
An alternative implementation is to provide an alternative service which lets you access to data, which though is not needed on runtime per default,
but this feels too much of an overhead.
Comment #4
BerdirIf we make it public, then let's also add some unit tests. There's an existing unit test class, see existing examples there on how to set up the authentication manager and add providers, create one with 3 or so providers with different weight, then make sure you get them in the correct order.
Comment #5
clemens.tolboomThanks for the quick responses :)
REST UI is only interested in the provider keys to change config for those.
So best options is to just add a public method AuthenticationManager::getProviderKeys() to fix for REST UI [edit]
as @dawehner suggest[/edit]. Making it public again is indeed heavier.If one needs to change a provider there should be other ways to gain access to one.
Comment #6
clemens.tolboomI've added interface and put two public methods behind it.
Comment #7
dawehnerSo shouldn't the authentication manager interface extend all the other ones here?
Comment #8
clemens.tolboom@dawehner thanks. That seems logic. I moved the other interfaces around.
Comment #9
znerol CreditAttribution: znerol commented#2286971: Remove dependency of current_user on request and authentication manager modified
AuthenticationSubscriber
in a way such that it is possible to use a bareAuthenticationProviderInterface
as theauthentication
service. E.g.We even could automatically eliminate
AuthenticationManager
for sites which only use one authentication method, e.g. in #2432585: Improve authentication manager service construction to support custom global service providers. Therefore it should not be assumed that theauthentication
service actually implements theAuthenticationManagerInterface
.Comment #10
googletorp CreditAttribution: googletorp commentedYou need to document the @return
Fx
I know it may seem a bit double, but this is how the coding standards / doxygen is.
Comment #11
clemens.tolboom@znerol thanks for the pointer. I have no clue what to do for this issue. This is a Contributed project blocker for Rest UI #2456283: AuthenticationManager::getSortedProviders is protected
AuthenticationManagerInterface::getProviderKeys gives Rest UI the config keys to setup rest. Is there an alternative to get to the active providers for Rest UI?
@googletorp thanks for the review.
Comment #12
googletorp CreditAttribution: googletorp commentedI know it's small stuff, but comments has to end with a "." like in a sentence. You can use a code sniffer to detect this for you.
Comment #13
clemens.tolboom@googletorp hehe ... I just copied over your text line :p
@googletorp is this RTBC now?
Comment #14
googletorp CreditAttribution: googletorp commented#13 Yeah, sorry my bad for being in a hurry.
Looks good to me :)
Comment #15
znerol CreditAttribution: znerol commentedRe #11: I think that #2456283: AuthenticationManager::getSortedProviders is protected should not assume that the
authentication
service always hasgetProviderKeys
.Comment #16
alexpottHow come the rest ui can't just get the authentication providers from the container?
I.e just add
to your service and implement an add provider method.
Comment #17
znerol CreditAttribution: znerol commentedFixed in #2432585: Improve authentication manager service construction to support custom global service providers. See #2456283-6: AuthenticationManager::getSortedProviders is protected for how this is supposed to work now.
Comment #18
clemens.tolboomThis is a 'Won't fix' as it is resolved differently both in Core and contrib Rest UI
Comment #19
-enzo- CreditAttribution: -enzo- at Anexus commentedComment #20
-enzo- CreditAttribution: -enzo- at Anexus commentedI am co-maintainer of project Drupal Console (http://drupalconsole.com) and we have the same blocker as REST UI had in the past, Drupal Console used to have a command to enable Rest Resources listing the Authentication methods available to be used by a Rest Resource.
The solution provided by Rest UI module to overwrite the AddProvider function to build a list of Authentication methods available isn't an option for us because Drupal Console is not a module so we can't overwrite the service. For that reason we require a way to get the list of method available.
If there is a security issue in rollback function getSortedProviders to public again, please let me know to consider remove that command from Drupal Console.
Comment #21
clemens.tolboom[edit]Bad reply[/edit]
Comment #22
clemens.tolboomSorry for my bad reading. @-enzo- has a good point which I missed.
Comment #23
znerol CreditAttribution: znerol commentedWe switched
getSortedProviders()
in #2286971: Remove dependency of current_user on request and authentication manager to protected because of the following reasons:The
authentication
service is only required to implementAuthenticationProviderInterface
. Usage of the authentication manager is optional, authentication also works if a site hard-codes the cookie authentication provider into theauthentication
service. Throughout core there is nothing which desires to access metadata about providers managed by the authentication manager, therefore we concluded that this metadata is private to the manager.I see that this conclusion is not quite correct. In fact provider keys are kind of shared with the routing system. Also I see that it might be useful for other use-cases to retrieve metadata about the providers if the authentication manager is in use.
However, I do no think that we simply should revert the visibility of
getSortedProviders()
. Rather let's add a method which returns metadata records keyed by provider key, such that the result looks something like this:Another option would be to simply move the provider collector service from the REST UI module to the core REST module. After all it currently looks like this is where that information is needed.
Comment #24
clemens.tolboom@znerol I think that's a great idea. But is that acceptable by core committers?
Comment #25
clemens.tolboomI close this as works as designed and start working on #2490228: Add Authentication Collector
Note this problem is also evident in #2228141: Add authentication support to REST views