feature #28693 [Security] Deprecate simple_preauth and simple_form in favor of Guard (chalasr)
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Security] Deprecate simple_preauth and simple_form in favor of Guard
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
5093b9fb47
[Security] Deprecate simple_preauth and simple_form in favor of Guard
This commit is contained in:
commit
7cc7c716ac
|
@ -186,6 +186,9 @@ Security
|
|||
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||
* Accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated.
|
||||
* `SimpleAuthenticatorInterface`, `SimpleFormAuthenticatorInterface`, `SimplePreAuthenticatorInterface`,
|
||||
`SimpleAuthenticationProvider`, `SimpleAuthenticationHandler`, `SimpleFormAuthenticationListener` and
|
||||
`SimplePreAuthenticationListener` have been deprecated. Use Guard instead.
|
||||
|
||||
SecurityBundle
|
||||
--------------
|
||||
|
@ -196,6 +199,10 @@ SecurityBundle
|
|||
`security.authentication.trust_resolver.rememberme_class` parameters to define
|
||||
the token classes is deprecated. To use
|
||||
custom tokens extend the existing AnonymousToken and RememberMeToken.
|
||||
* The `simple_form` and `simple_preauth` authentication listeners have been deprecated,
|
||||
use Guard instead.
|
||||
* The `SimpleFormFactory` and `SimplePreAuthenticationFactory` classes have been deprecated,
|
||||
use Guard instead.
|
||||
|
||||
Serializer
|
||||
----------
|
||||
|
|
|
@ -160,6 +160,9 @@ Security
|
|||
the 3rd one must be either a `LogoutListener` instance or `null`.
|
||||
* The `AuthenticationTrustResolver` constructor arguments have been removed.
|
||||
* A user object that is not an instance of `UserInterface` cannot be accessed from `Security::getUser()` anymore and returns `null` instead.
|
||||
* `SimpleAuthenticatorInterface`, `SimpleFormAuthenticatorInterface`, `SimplePreAuthenticatorInterface`,
|
||||
`SimpleAuthenticationProvider`, `SimpleAuthenticationHandler`, `SimpleFormAuthenticationListener` and
|
||||
`SimplePreAuthenticationListener` have been removed. Use Guard instead.
|
||||
|
||||
SecurityBundle
|
||||
--------------
|
||||
|
@ -171,6 +174,10 @@ SecurityBundle
|
|||
now throws a `\TypeError`, pass a `LogoutListener` instance instead.
|
||||
* The `security.authentication.trust_resolver.anonymous_class` parameter has been removed.
|
||||
* The `security.authentication.trust_resolver.rememberme_class` parameter has been removed.
|
||||
* The `simple_form` and `simple_preauth` authentication listeners have been removed,
|
||||
use Guard instead.
|
||||
* The `SimpleFormFactory` and `SimplePreAuthenticationFactory` classes have been removed,
|
||||
use Guard instead.
|
||||
|
||||
Serializer
|
||||
----------
|
||||
|
|
|
@ -13,6 +13,8 @@ CHANGELOG
|
|||
* Added `json_login_ldap` authentication provider to use LDAP authentication with a REST API.
|
||||
* Made remember-me cookies inherit their default config from `framework.session.cookie_*`
|
||||
and added an "auto" mode to their "secure" config option to make them secure on HTTPS automatically.
|
||||
* Deprecated the `simple_form` and `simple_preauth` authentication listeners, use Guard instead.
|
||||
* Deprecated the `SimpleFormFactory` and `SimplePreAuthenticationFactory` classes, use Guard instead.
|
||||
|
||||
4.1.0
|
||||
-----
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory;
|
||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SimpleFormFactory;
|
||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SimplePreAuthenticationFactory;
|
||||
use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
|
||||
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
|
||||
use Symfony\Component\Config\Definition\ConfigurationInterface;
|
||||
|
@ -265,6 +267,10 @@ class MainConfiguration implements ConfigurationInterface
|
|||
->canBeUnset()
|
||||
;
|
||||
|
||||
if ($factory instanceof SimplePreAuthenticationFactory || $factory instanceof SimpleFormFactory) {
|
||||
$factoryNode->setDeprecated(sprintf('The "%s" security listener is deprecated Symfony 4.2, use Guard instead.', $name));
|
||||
}
|
||||
|
||||
if ($factory instanceof AbstractFactory) {
|
||||
$abstractFactoryKeys[] = $name;
|
||||
}
|
||||
|
|
|
@ -18,14 +18,20 @@ use Symfony\Component\DependencyInjection\Reference;
|
|||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
class SimpleFormFactory extends FormLoginFactory
|
||||
{
|
||||
public function __construct()
|
||||
public function __construct(bool $triggerDeprecation = true)
|
||||
{
|
||||
parent::__construct();
|
||||
|
||||
$this->addOption('authenticator', null);
|
||||
|
||||
if ($triggerDeprecation) {
|
||||
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', __CLASS__), E_USER_DEPRECATED);
|
||||
}
|
||||
}
|
||||
|
||||
public function getKey()
|
||||
|
|
|
@ -18,9 +18,18 @@ use Symfony\Component\DependencyInjection\Reference;
|
|||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
class SimplePreAuthenticationFactory implements SecurityFactoryInterface
|
||||
{
|
||||
public function __construct(bool $triggerDeprecation = true)
|
||||
{
|
||||
if ($triggerDeprecation) {
|
||||
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', __CLASS__), E_USER_DEPRECATED);
|
||||
}
|
||||
}
|
||||
|
||||
public function getPosition()
|
||||
{
|
||||
return 'pre_auth';
|
||||
|
|
|
@ -114,6 +114,7 @@
|
|||
parent="security.authentication.listener.abstract"
|
||||
public="false"
|
||||
abstract="true">
|
||||
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
|
||||
</service>
|
||||
|
||||
<service id="security.authentication.simple_success_failure_handler" class="Symfony\Component\Security\Http\Authentication\SimpleAuthenticationHandler" abstract="true">
|
||||
|
@ -122,6 +123,7 @@
|
|||
<argument type="service" id="security.authentication.success_handler" />
|
||||
<argument type="service" id="security.authentication.failure_handler" />
|
||||
<argument type="service" id="logger" on-invalid="null" />
|
||||
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
|
||||
</service>
|
||||
|
||||
<service id="security.authentication.listener.simple_preauth" class="Symfony\Component\Security\Http\Firewall\SimplePreAuthenticationListener" abstract="true">
|
||||
|
@ -133,6 +135,7 @@
|
|||
<argument type="service" id="logger" on-invalid="null" />
|
||||
<argument type="service" id="event_dispatcher" on-invalid="null"/>
|
||||
<argument type="service" id="security.authentication.trust_resolver" />
|
||||
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
|
||||
</service>
|
||||
|
||||
<service id="security.authentication.listener.x509" class="Symfony\Component\Security\Http\Firewall\X509AuthenticationListener" abstract="true">
|
||||
|
@ -201,6 +204,7 @@
|
|||
<argument /> <!-- User Provider -->
|
||||
<argument /> <!-- Provider-shared Key -->
|
||||
<argument>null</argument> <!-- UserChecker -->
|
||||
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
|
||||
</service>
|
||||
|
||||
<service id="security.authentication.provider.pre_authenticated" class="Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider" abstract="true">
|
||||
|
|
|
@ -54,8 +54,8 @@ class SecurityBundle extends Bundle
|
|||
$extension->addSecurityListenerFactory(new RememberMeFactory());
|
||||
$extension->addSecurityListenerFactory(new X509Factory());
|
||||
$extension->addSecurityListenerFactory(new RemoteUserFactory());
|
||||
$extension->addSecurityListenerFactory(new SimplePreAuthenticationFactory());
|
||||
$extension->addSecurityListenerFactory(new SimpleFormFactory());
|
||||
$extension->addSecurityListenerFactory(new SimplePreAuthenticationFactory(false));
|
||||
$extension->addSecurityListenerFactory(new SimpleFormFactory(false));
|
||||
$extension->addSecurityListenerFactory(new GuardAuthenticationFactory());
|
||||
|
||||
$extension->addUserProviderFactory(new InMemoryFactory());
|
||||
|
|
|
@ -147,23 +147,6 @@ abstract class CompleteConfigurationTest extends TestCase
|
|||
),
|
||||
null,
|
||||
),
|
||||
array(
|
||||
'simple_auth',
|
||||
'security.user_checker',
|
||||
null,
|
||||
true,
|
||||
false,
|
||||
'security.user.provider.concrete.default',
|
||||
'simple_auth',
|
||||
'security.authentication.form_entry_point.simple_auth',
|
||||
null,
|
||||
null,
|
||||
array(
|
||||
'simple_form',
|
||||
'anonymous',
|
||||
),
|
||||
null,
|
||||
),
|
||||
), $configs);
|
||||
|
||||
$this->assertEquals(array(
|
||||
|
@ -193,13 +176,6 @@ abstract class CompleteConfigurationTest extends TestCase
|
|||
'security.authentication.listener.anonymous.with_user_checker',
|
||||
'security.access_listener',
|
||||
),
|
||||
array(
|
||||
'security.channel_listener',
|
||||
'security.context_listener.2',
|
||||
'security.authentication.listener.simple_form.simple_auth',
|
||||
'security.authentication.listener.anonymous.simple_auth',
|
||||
'security.access_listener',
|
||||
),
|
||||
), $listeners);
|
||||
|
||||
$this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
|
||||
|
@ -475,6 +451,50 @@ abstract class CompleteConfigurationTest extends TestCase
|
|||
$this->addToAssertionCount(1);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedDeprecation The "simple_form" security listener is deprecated Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
public function testSimpleAuth()
|
||||
{
|
||||
$container = $this->getContainer('simple_auth');
|
||||
$arguments = $container->getDefinition('security.firewall.map')->getArguments();
|
||||
$listeners = array();
|
||||
$configs = array();
|
||||
foreach (array_keys($arguments[1]->getValues()) as $contextId) {
|
||||
$contextDef = $container->getDefinition($contextId);
|
||||
$arguments = $contextDef->getArguments();
|
||||
$listeners[] = array_map('strval', $arguments['index_0']->getValues());
|
||||
|
||||
$configDef = $container->getDefinition((string) $arguments['index_3']);
|
||||
$configs[] = array_values($configDef->getArguments());
|
||||
}
|
||||
|
||||
$this->assertSame(array(array(
|
||||
'simple_auth',
|
||||
'security.user_checker',
|
||||
null,
|
||||
true,
|
||||
false,
|
||||
'security.user.provider.concrete.default',
|
||||
'simple_auth',
|
||||
'security.authentication.form_entry_point.simple_auth',
|
||||
null,
|
||||
null,
|
||||
array('simple_form', 'anonymous',
|
||||
),
|
||||
null,
|
||||
)), $configs);
|
||||
|
||||
$this->assertSame(array(array(
|
||||
'security.channel_listener',
|
||||
'security.context_listener.0',
|
||||
'security.authentication.listener.simple_form.simple_auth',
|
||||
'security.authentication.listener.anonymous.simple_auth',
|
||||
'security.access_listener',
|
||||
)), $listeners);
|
||||
}
|
||||
|
||||
protected function getContainer($file)
|
||||
{
|
||||
$file .= '.'.$this->getFileExtension();
|
||||
|
|
|
@ -87,11 +87,6 @@ $container->loadFromExtension('security', array(
|
|||
'anonymous' => true,
|
||||
'http_basic' => true,
|
||||
),
|
||||
'simple_auth' => array(
|
||||
'provider' => 'default',
|
||||
'anonymous' => true,
|
||||
'simple_form' => array('authenticator' => 'simple_authenticator'),
|
||||
),
|
||||
),
|
||||
|
||||
'access_control' => array(
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
<?php
|
||||
|
||||
$container->loadFromExtension('security', array(
|
||||
'providers' => array(
|
||||
'default' => array(
|
||||
'memory' => array(
|
||||
'users' => array(
|
||||
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
'firewalls' => array(
|
||||
'simple_auth' => array(
|
||||
'provider' => 'default',
|
||||
'anonymous' => true,
|
||||
'simple_form' => array('authenticator' => 'simple_authenticator'),
|
||||
),
|
||||
),
|
||||
));
|
|
@ -68,11 +68,6 @@
|
|||
<user-checker>app.user_checker</user-checker>
|
||||
</firewall>
|
||||
|
||||
<firewall name="simple_auth" provider="default">
|
||||
<anonymous />
|
||||
<simple-form authenticator="simple_authenticator" />
|
||||
</firewall>
|
||||
|
||||
<role id="ROLE_ADMIN">ROLE_USER</role>
|
||||
<role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
|
||||
<role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<container xmlns="http://symfony.com/schema/dic/services"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:sec="http://symfony.com/schema/dic/security"
|
||||
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
|
||||
|
||||
<sec:config>
|
||||
<sec:provider name="default">
|
||||
<sec:memory>
|
||||
<sec:user name="foo" password="foo" roles="ROLE_USER" />
|
||||
</sec:memory>
|
||||
</sec:provider>
|
||||
|
||||
<sec:firewall name="simple_auth">
|
||||
<sec:simple_form authenticator="simple_authenticator"/>
|
||||
<sec:anonymous/>
|
||||
</sec:firewall>
|
||||
</sec:config>
|
||||
|
||||
</container>
|
|
@ -70,11 +70,6 @@ security:
|
|||
http_basic: ~
|
||||
user_checker: app.user_checker
|
||||
|
||||
simple_auth:
|
||||
provider: default
|
||||
anonymous: ~
|
||||
simple_form: { authenticator: simple_authenticator }
|
||||
|
||||
role_hierarchy:
|
||||
ROLE_ADMIN: ROLE_USER
|
||||
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
security:
|
||||
providers:
|
||||
default:
|
||||
memory:
|
||||
users:
|
||||
foo: { password: foo, roles: ROLE_USER }
|
||||
|
||||
firewalls:
|
||||
simple_auth:
|
||||
provider: default
|
||||
anonymous: ~
|
||||
simple_form: { authenticator: simple_authenticator }
|
|
@ -13,6 +13,9 @@ CHANGELOG
|
|||
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||
* allow passing null as $filter in LdapUserProvider to get the default filter
|
||||
* accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated
|
||||
* Deprecated `SimpleAuthenticatorInterface`, `SimpleFormAuthenticatorInterface`,
|
||||
`SimplePreAuthenticatorInterface`, `SimpleAuthenticationProvider`, `SimpleAuthenticationHandler`,
|
||||
`SimpleFormAuthenticationListener` and `SimplePreAuthenticationListener`. Use Guard instead.
|
||||
|
||||
4.1.0
|
||||
-----
|
||||
|
|
|
@ -19,8 +19,12 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface;
|
|||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
||||
|
||||
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', SimpleAuthenticationProvider::class), E_USER_DEPRECATED);
|
||||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
class SimpleAuthenticationProvider implements AuthenticationProviderInterface
|
||||
{
|
||||
|
|
|
@ -16,6 +16,8 @@ use Symfony\Component\Security\Core\User\UserProviderInterface;
|
|||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
interface SimpleAuthenticatorInterface
|
||||
{
|
||||
|
|
|
@ -17,6 +17,9 @@ use Symfony\Component\Security\Core\Exception\DisabledException;
|
|||
use Symfony\Component\Security\Core\Exception\LockedException;
|
||||
use Symfony\Component\Security\Core\User\UserChecker;
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
class SimpleAuthenticationProviderTest extends TestCase
|
||||
{
|
||||
/**
|
||||
|
|
|
@ -18,6 +18,8 @@ use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
|
|||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
|
||||
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', SimpleAuthenticationHandler::class), E_USER_DEPRECATED);
|
||||
|
||||
/**
|
||||
* Class to proxy authentication success/failure handlers.
|
||||
*
|
||||
|
@ -26,6 +28,8 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|||
* the default handlers are triggered.
|
||||
*
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
class SimpleAuthenticationHandler implements AuthenticationFailureHandlerInterface, AuthenticationSuccessHandlerInterface
|
||||
{
|
||||
|
|
|
@ -16,6 +16,8 @@ use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
|
|||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
interface SimpleFormAuthenticatorInterface extends SimpleAuthenticatorInterface
|
||||
{
|
||||
|
|
|
@ -16,6 +16,8 @@ use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
|
|||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
interface SimplePreAuthenticatorInterface extends SimpleAuthenticatorInterface
|
||||
{
|
||||
|
|
|
@ -29,8 +29,12 @@ use Symfony\Component\Security\Http\HttpUtils;
|
|||
use Symfony\Component\Security\Http\ParameterBagUtils;
|
||||
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
|
||||
|
||||
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', SimpleFormAuthenticationListener::class), E_USER_DEPRECATED);
|
||||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
|
||||
{
|
||||
|
|
|
@ -31,10 +31,14 @@ use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
|
|||
use Symfony\Component\Security\Http\SecurityEvents;
|
||||
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
|
||||
|
||||
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', SimplePreAuthenticationListener::class), E_USER_DEPRECATED);
|
||||
|
||||
/**
|
||||
* SimplePreAuthenticationListener implements simple proxying to an authenticator.
|
||||
*
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
*
|
||||
* @deprecated since Symfony 4.2, use Guard instead.
|
||||
*/
|
||||
class SimplePreAuthenticationListener implements ListenerInterface
|
||||
{
|
||||
|
|
|
@ -19,6 +19,9 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerI
|
|||
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
|
||||
use Symfony\Component\Security\Http\Authentication\SimpleAuthenticationHandler;
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
class SimpleAuthenticationHandlerTest extends TestCase
|
||||
{
|
||||
private $successHandler;
|
||||
|
|
|
@ -18,6 +18,9 @@ use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
|
|||
use Symfony\Component\Security\Http\Firewall\SimplePreAuthenticationListener;
|
||||
use Symfony\Component\Security\Http\SecurityEvents;
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
class SimplePreAuthenticationListenerTest extends TestCase
|
||||
{
|
||||
private $authenticationManager;
|
||||
|
|
Reference in New Issue