feature #40487 [Security] Remove deprecated support for passing a UserInterface implementation to Passport (wouterj)
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Remove deprecated support for passing a UserInterface implementation to Passport
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In https://github.com/symfony/symfony/pull/37846#pullrequestreview-473047140 , we agreed to have a deprecation path of only one minor release as the `Passport` feature is still experimental.
Commits
-------
99cf2a3a71
[Security] Disallow passing a UserInterface to Passport
This commit is contained in:
commit
2c37d6fd39
@ -91,6 +91,7 @@ Security
|
|||||||
If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing
|
If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing
|
||||||
them in your own user class, as they are not part of the `InMemoryUser` API
|
them in your own user class, as they are not part of the `InMemoryUser` API
|
||||||
* Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead
|
* Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead
|
||||||
|
* [BC break] Remove support for passing a `UserInterface` implementation to `Passport`, use the `UserBadge` instead.
|
||||||
* Deprecate `UserInterface::getPassword()`
|
* Deprecate `UserInterface::getPassword()`
|
||||||
If your `getPassword()` method does not return `null` (i.e. you are using password-based authentication),
|
If your `getPassword()` method does not return `null` (i.e. you are using password-based authentication),
|
||||||
you should implement `PasswordAuthenticatedUserInterface`.
|
you should implement `PasswordAuthenticatedUserInterface`.
|
||||||
|
@ -6,6 +6,7 @@ CHANGELOG
|
|||||||
|
|
||||||
* Deprecate class `User`, use `InMemoryUser` instead
|
* Deprecate class `User`, use `InMemoryUser` instead
|
||||||
* Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead
|
* Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead
|
||||||
|
* [BC break] Remove support for passing a `UserInterface` implementation to `Passport`, use the `UserBadge` instead.
|
||||||
* Add `PasswordAuthenticatedUserInterface` for user classes that use passwords
|
* Add `PasswordAuthenticatedUserInterface` for user classes that use passwords
|
||||||
* Add `LegacyPasswordAuthenticatedUserInterface` for user classes that use user-provided salts in addition to passwords
|
* Add `LegacyPasswordAuthenticatedUserInterface` for user classes that use user-provided salts in addition to passwords
|
||||||
* Deprecate all classes in the `Core\Encoder\` sub-namespace, use the `PasswordHasher` component instead
|
* Deprecate all classes in the `Core\Encoder\` sub-namespace, use the `PasswordHasher` component instead
|
||||||
|
@ -32,23 +32,13 @@ class Passport implements UserPassportInterface
|
|||||||
private $attributes = [];
|
private $attributes = [];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param UserBadge $userBadge
|
|
||||||
* @param CredentialsInterface $credentials the credentials to check for this authentication, use
|
* @param CredentialsInterface $credentials the credentials to check for this authentication, use
|
||||||
* SelfValidatingPassport if no credentials should be checked
|
* SelfValidatingPassport if no credentials should be checked
|
||||||
* @param BadgeInterface[] $badges
|
* @param BadgeInterface[] $badges
|
||||||
*/
|
*/
|
||||||
public function __construct($userBadge, CredentialsInterface $credentials, array $badges = [])
|
public function __construct(UserBadge $userBadge, CredentialsInterface $credentials, array $badges = [])
|
||||||
{
|
{
|
||||||
if ($userBadge instanceof UserInterface) {
|
$this->addBadge($userBadge);
|
||||||
trigger_deprecation('symfony/security-http', '5.2', 'The 1st argument of "%s" must be an instance of "%s", support for "%s" will be removed in symfony/security-http 5.3.', __CLASS__, UserBadge::class, UserInterface::class);
|
|
||||||
|
|
||||||
$this->user = $userBadge;
|
|
||||||
} elseif ($userBadge instanceof UserBadge) {
|
|
||||||
$this->addBadge($userBadge);
|
|
||||||
} else {
|
|
||||||
throw new \TypeError(sprintf('Argument 1 of "%s" must be an instance of "%s", "%s" given.', __METHOD__, UserBadge::class, get_debug_type($userBadge)));
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->addBadge($credentials);
|
$this->addBadge($credentials);
|
||||||
foreach ($badges as $badge) {
|
foreach ($badges as $badge) {
|
||||||
$this->addBadge($badge);
|
$this->addBadge($badge);
|
||||||
|
@ -26,21 +26,11 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
|
|||||||
class SelfValidatingPassport extends Passport
|
class SelfValidatingPassport extends Passport
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* @param UserBadge $userBadge
|
|
||||||
* @param BadgeInterface[] $badges
|
* @param BadgeInterface[] $badges
|
||||||
*/
|
*/
|
||||||
public function __construct($userBadge, array $badges = [])
|
public function __construct(UserBadge $userBadge, array $badges = [])
|
||||||
{
|
{
|
||||||
if ($userBadge instanceof UserInterface) {
|
$this->addBadge($userBadge);
|
||||||
trigger_deprecation('symfony/security-http', '5.2', 'The 1st argument of "%s" must be an instance of "%s", support for "%s" will be removed in symfony/security-http 5.3.', __CLASS__, UserBadge::class, UserInterface::class);
|
|
||||||
|
|
||||||
$this->user = $userBadge;
|
|
||||||
} elseif ($userBadge instanceof UserBadge) {
|
|
||||||
$this->addBadge($userBadge);
|
|
||||||
} else {
|
|
||||||
throw new \TypeError(sprintf('Argument 1 of "%s" must be an instance of "%s", "%s" given.', __METHOD__, UserBadge::class, get_debug_type($userBadge)));
|
|
||||||
}
|
|
||||||
|
|
||||||
foreach ($badges as $badge) {
|
foreach ($badges as $badge) {
|
||||||
$this->addBadge($badge);
|
$this->addBadge($badge);
|
||||||
}
|
}
|
||||||
|
@ -61,16 +61,4 @@ class UserProviderListenerTest extends TestCase
|
|||||||
{
|
{
|
||||||
yield [new SelfValidatingPassport(new UserBadge('wouter', function () {}))];
|
yield [new SelfValidatingPassport(new UserBadge('wouter', function () {}))];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @group legacy
|
|
||||||
*/
|
|
||||||
public function testLegacyUserPassport()
|
|
||||||
{
|
|
||||||
$passport = new SelfValidatingPassport($user = $this->createMock(UserInterface::class));
|
|
||||||
$this->listener->checkPassport(new CheckPassportEvent($this->createMock(AuthenticatorInterface::class), $passport));
|
|
||||||
|
|
||||||
$this->assertFalse($passport->hasBadge(UserBadge::class));
|
|
||||||
$this->assertSame($user, $passport->getUser());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user