When no provider supports a connection, store a null token to storage; this implicitly promotes the fallback behavior from the session authentication provider up a layer

Author: mbabker

src/Authentication/ProviderBackedAuthenticator.php

@@ -8,6 +8,8 @@
 use BabDev\WebSocketBundle\Authentication\Storage\TokenStorage;
 use Psr\Log\LoggerAwareInterface;
 use Psr\Log\LoggerAwareTrait;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 final class ProviderBackedAuthenticator implements Authenticator, LoggerAwareInterface
 {
@@ -24,6 +26,8 @@ public function __construct(
     /**
      * Attempts to authenticate the current connection.
      *
+     * When no provider supports authenticating the connection, the authenticator will store a null token to storage.
+     *
      * @throws AuthenticationException if there was an error while trying to authenticate the user
      */
     public function authenticate(Connection $connection): void
@@ -35,22 +39,29 @@ public function authenticate(Connection $connection): void
                 continue;
             }
 
-            $token = $provider->authenticate($connection);
+            $this->storeTokenToStorage($connection, $provider->authenticate($connection));
 
-            $id = $this->tokenStorage->generateStorageId($connection);
+            return;
+        }
 
-            $this->tokenStorage->addToken($id, $token);
+        $this->logger?->debug('No authentication provider supported the connection, using a null token.');
 
-            $this->logger?->info(
-                'User "{user}" authenticated to websocket server',
-                [
-                    'resource_id' => $connection->getAttributeStore()->get('resource_id'),
-                    'storage_id' => $id,
-                    'user' => $token->getUserIdentifier() ?: 'Unknown User',
-                ],
-            );
+        $this->storeTokenToStorage($connection, new NullToken());
+    }
 
-            break;
-        }
+    private function storeTokenToStorage(Connection $connection, TokenInterface $token): void
+    {
+        $id = $this->tokenStorage->generateStorageId($connection);
+
+        $this->tokenStorage->addToken($id, $token);
+
+        $this->logger?->info(
+            'User "{user}" authenticated to websocket server',
+            [
+                'resource_id' => $connection->getAttributeStore()->get('resource_id'),
+                'storage_id' => $id,
+                'user' => $token->getUserIdentifier() ?: 'Unknown User',
+            ],
+        );
     }
 }

tests/Authentication/ProviderBackedAuthenticatorTest.php

@@ -8,6 +8,7 @@
 use BabDev\WebSocketBundle\Authentication\Storage\TokenStorage;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 final class ProviderBackedAuthenticatorTest extends TestCase
@@ -19,11 +20,13 @@ public function testTheAuthenticatorDoesNotAuthenticateAConnectionWhenItHasNoPro
 
         /** @var MockObject&TokenStorage $tokenStorage */
         $tokenStorage = $this->createMock(TokenStorage::class);
-        $tokenStorage->expects(self::never())
-            ->method('generateStorageId');
+        $tokenStorage->expects(self::once())
+            ->method('generateStorageId')
+            ->willReturn('conn-123');
 
-        $tokenStorage->expects(self::never())
-            ->method('addToken');
+        $tokenStorage->expects(self::once())
+            ->method('addToken')
+            ->with('conn-123', self::isInstanceOf(NullToken::class));
 
         new ProviderBackedAuthenticator([], $tokenStorage)->authenticate($connection);
     }