diff --git a/UPGRADE-5.3.md b/UPGRADE-5.3.md index 6c9f656e56..32615caf15 100644 --- a/UPGRADE-5.3.md +++ b/UPGRADE-5.3.md @@ -91,6 +91,8 @@ Routing Security -------- + * [BC BREAK] Remove method `checkIfCompletelyResolved()` from `PassportInterface`, checking that passport badges are + resolved is up to `AuthenticatorManager` * Deprecate class `User`, use `InMemoryUser` or your own implementation instead. If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing them in your own user class, as they are not part of the `InMemoryUser` API diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md index 40db39f449..d3f7ca0322 100644 --- a/src/Symfony/Component/Security/CHANGELOG.md +++ b/src/Symfony/Component/Security/CHANGELOG.md @@ -4,6 +4,9 @@ CHANGELOG 5.3 --- + * Add `PassportInterface:getBadges()`, implemented by `PassportTrait` + * [BC BREAK] Remove method `checkIfCompletelyResolved()` from `PassportInterface`, checking that passport badges are + resolved is up to `AuthenticatorManager` * Deprecate class `User`, use `InMemoryUser` instead * Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead * [BC break] Remove support for passing a `UserInterface` implementation to `Passport`, use the `UserBadge` instead. diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php index 0b48a5b245..501a9e2fb1 100644 --- a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php +++ b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php @@ -19,6 +19,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\AuthenticationEvents; use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent; use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface; @@ -168,7 +169,11 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent $this->eventDispatcher->dispatch($event); // check if all badges are resolved - $passport->checkIfCompletelyResolved(); + foreach ($passport->getBadges() as $badge) { + if (!$badge->isResolved()) { + throw new BadCredentialsException(sprintf('Authentication failed: Security badge "%s" is not resolved, did you forget to register the correct listeners?', get_debug_type($badge))); + } + } // create the authenticated token $authenticatedToken = $authenticator->createAuthenticatedToken($passport, $this->firewallName); diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php index 15034b20e5..9d4318a58b 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php +++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportInterface.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Http\Authenticator\Passport; -use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface; /** @@ -43,9 +42,7 @@ interface PassportInterface public function getBadge(string $badgeFqcn): ?BadgeInterface; /** - * Checks if all badges are marked as resolved. - * - * @throws BadCredentialsException when a badge is not marked as resolved + * @return array, BadgeInterface> An array of badge instances indexed by class name */ - public function checkIfCompletelyResolved(): void; + public function getBadges(): array; } diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php index 1846c80214..f3d402ef03 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php +++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/PassportTrait.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Http\Authenticator\Passport; -use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface; /** @@ -21,9 +20,6 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface; */ trait PassportTrait { - /** - * @var BadgeInterface[] - */ private $badges = []; public function addBadge(BadgeInterface $badge): PassportInterface @@ -43,12 +39,11 @@ trait PassportTrait return $this->badges[$badgeFqcn] ?? null; } - public function checkIfCompletelyResolved(): void + /** + * @return array, BadgeInterface> + */ + public function getBadges(): array { - foreach ($this->badges as $badge) { - if (!$badge->isResolved()) { - throw new BadCredentialsException(sprintf('Authentication failed security badge "%s" is not resolved, did you forget to register the correct listeners?', \get_class($badge))); - } - } + return $this->badges; } }