No more support for custom anon/remember tokens based on FQCN
This commit is contained in:
Iltar van der Berg
Fabien Potencier
parent
57a1dd1c57
commit
860d4549c2
@ -5,3 +5,16 @@ Security
|
|||||||
--------
|
--------
|
||||||
|
|
||||||
* Using the `has_role()` function in security expressions is deprecated, use the `is_granted()` function instead.
|
* Using the `has_role()` function in security expressions is deprecated, use the `is_granted()` function instead.
|
||||||
|
* Passing custom class names to the
|
||||||
|
`Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define
|
||||||
|
custom anonymous and remember me token classes is deprecated. To
|
||||||
|
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||||
|
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||||
|
|
||||||
|
SecurityBundle
|
||||||
|
--------------
|
||||||
|
|
||||||
|
* Using the `security.authentication.trust_resolver.anonymous_class` and
|
||||||
|
`security.authentication.trust_resolver.rememberme_class` parameters to define
|
||||||
|
the token classes is deprecated. To use
|
||||||
|
custom tokens extend the existing AnonymousToken and RememberMeToken.
|
||||||
|
|||||||
@ -78,6 +78,7 @@ Security
|
|||||||
* The `ContextListener::setLogoutOnUserChange()` method has been removed.
|
* The `ContextListener::setLogoutOnUserChange()` method has been removed.
|
||||||
* The `Symfony\Component\Security\Core\User\AdvancedUserInterface` has been removed.
|
* The `Symfony\Component\Security\Core\User\AdvancedUserInterface` has been removed.
|
||||||
* The `ExpressionVoter::addExpressionLanguageProvider()` method has been removed.
|
* The `ExpressionVoter::addExpressionLanguageProvider()` method has been removed.
|
||||||
|
* The `AuthenticationTrustResolver` constructor arguments have been removed.
|
||||||
|
|
||||||
SecurityBundle
|
SecurityBundle
|
||||||
--------------
|
--------------
|
||||||
@ -85,6 +86,8 @@ SecurityBundle
|
|||||||
* The `logout_on_user_change` firewall option has been removed.
|
* The `logout_on_user_change` firewall option has been removed.
|
||||||
* The `switch_user.stateless` firewall option has been removed.
|
* The `switch_user.stateless` firewall option has been removed.
|
||||||
* The `SecurityUserValueResolver` class has been removed.
|
* The `SecurityUserValueResolver` class has been removed.
|
||||||
|
* The `security.authentication.trust_resolver.anonymous_class` parameter has been removed.
|
||||||
|
* The `security.authentication.trust_resolver.rememberme_class` parameter has been removed.
|
||||||
|
|
||||||
Translation
|
Translation
|
||||||
-----------
|
-----------
|
||||||
|
|||||||
@ -1,6 +1,15 @@
|
|||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
4.2.0
|
||||||
|
-----
|
||||||
|
|
||||||
|
* Using the `security.authentication.trust_resolver.anonymous_class` and
|
||||||
|
`security.authentication.trust_resolver.rememberme_class` parameters to define
|
||||||
|
the token classes is deprecated. To use
|
||||||
|
custom tokens extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||||
|
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||||
|
|
||||||
4.1.0
|
4.1.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
|||||||
@ -5,8 +5,8 @@
|
|||||||
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
|
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
|
||||||
|
|
||||||
<parameters>
|
<parameters>
|
||||||
<parameter key="security.authentication.trust_resolver.anonymous_class">Symfony\Component\Security\Core\Authentication\Token\AnonymousToken</parameter>
|
<parameter key="security.authentication.trust_resolver.anonymous_class">null</parameter>
|
||||||
<parameter key="security.authentication.trust_resolver.rememberme_class">Symfony\Component\Security\Core\Authentication\Token\RememberMeToken</parameter>
|
<parameter key="security.authentication.trust_resolver.rememberme_class">null</parameter>
|
||||||
<parameter key="security.role_hierarchy.roles" type="collection" />
|
<parameter key="security.role_hierarchy.roles" type="collection" />
|
||||||
</parameters>
|
</parameters>
|
||||||
|
|
||||||
|
|||||||
@ -6,6 +6,11 @@ CHANGELOG
|
|||||||
|
|
||||||
* added the `is_granted()` function in security expressions
|
* added the `is_granted()` function in security expressions
|
||||||
* deprecated the `has_role()` function in security expressions, use `is_granted()` instead
|
* deprecated the `has_role()` function in security expressions, use `is_granted()` instead
|
||||||
|
* Passing custom class names to the
|
||||||
|
`Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define
|
||||||
|
custom anonymous and remember me token classes is deprecated. To
|
||||||
|
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||||
|
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||||
|
|
||||||
4.1.0
|
4.1.0
|
||||||
-----
|
-----
|
||||||
|
|||||||
@ -11,6 +11,8 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authentication;
|
namespace Symfony\Component\Security\Core\Authentication;
|
||||||
|
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -23,10 +25,18 @@ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterfac
|
|||||||
private $anonymousClass;
|
private $anonymousClass;
|
||||||
private $rememberMeClass;
|
private $rememberMeClass;
|
||||||
|
|
||||||
public function __construct(string $anonymousClass, string $rememberMeClass)
|
public function __construct(?string $anonymousClass = null, ?string $rememberMeClass = null)
|
||||||
{
|
{
|
||||||
$this->anonymousClass = $anonymousClass;
|
$this->anonymousClass = $anonymousClass;
|
||||||
$this->rememberMeClass = $rememberMeClass;
|
$this->rememberMeClass = $rememberMeClass;
|
||||||
|
|
||||||
|
if (null !== $anonymousClass && !is_a($anonymousClass, AnonymousToken::class, true)) {
|
||||||
|
@trigger_error(sprintf('Configuring a custom anonymous token class is deprecated since Symfony 4.2; have the "%s" class extend the "%s" class instead, and remove the "%s" constructor argument.', $anonymousClass, AnonymousToken::class, self::class), E_USER_DEPRECATED);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (null !== $rememberMeClass && !is_a($rememberMeClass, RememberMeToken::class, true)) {
|
||||||
|
@trigger_error(sprintf('Configuring a custom remember me token class is deprecated since Symfony 4.2; have the "%s" class extend the "%s" class instead, and remove the "%s" constructor argument.', $rememberMeClass, RememberMeToken::class, self::class), E_USER_DEPRECATED);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -38,9 +48,13 @@ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterfac
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (null !== $this->anonymousClass) {
|
||||||
return $token instanceof $this->anonymousClass;
|
return $token instanceof $this->anonymousClass;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $token instanceof AnonymousToken;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
@ -50,9 +64,13 @@ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterfac
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (null !== $this->rememberMeClass) {
|
||||||
return $token instanceof $this->rememberMeClass;
|
return $token instanceof $this->rememberMeClass;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $token instanceof RememberMeToken;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -13,10 +13,82 @@ namespace Symfony\Component\Security\Core\Tests\Authentication;
|
|||||||
|
|
||||||
use PHPUnit\Framework\TestCase;
|
use PHPUnit\Framework\TestCase;
|
||||||
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
|
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
|
||||||
class AuthenticationTrustResolverTest extends TestCase
|
class AuthenticationTrustResolverTest extends TestCase
|
||||||
{
|
{
|
||||||
public function testIsAnonymous()
|
public function testIsAnonymous()
|
||||||
|
{
|
||||||
|
$resolver = new AuthenticationTrustResolver();
|
||||||
|
$this->assertFalse($resolver->isAnonymous(null));
|
||||||
|
$this->assertFalse($resolver->isAnonymous($this->getToken()));
|
||||||
|
$this->assertFalse($resolver->isAnonymous($this->getRememberMeToken()));
|
||||||
|
$this->assertFalse($resolver->isAnonymous(new FakeCustomToken()));
|
||||||
|
$this->assertTrue($resolver->isAnonymous(new RealCustomAnonymousToken()));
|
||||||
|
$this->assertTrue($resolver->isAnonymous($this->getAnonymousToken()));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIsRememberMe()
|
||||||
|
{
|
||||||
|
$resolver = new AuthenticationTrustResolver();
|
||||||
|
|
||||||
|
$this->assertFalse($resolver->isRememberMe(null));
|
||||||
|
$this->assertFalse($resolver->isRememberMe($this->getToken()));
|
||||||
|
$this->assertFalse($resolver->isRememberMe($this->getAnonymousToken()));
|
||||||
|
$this->assertFalse($resolver->isRememberMe(new FakeCustomToken()));
|
||||||
|
$this->assertTrue($resolver->isRememberMe(new RealCustomRememberMeToken()));
|
||||||
|
$this->assertTrue($resolver->isRememberMe($this->getRememberMeToken()));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testisFullFledged()
|
||||||
|
{
|
||||||
|
$resolver = new AuthenticationTrustResolver();
|
||||||
|
|
||||||
|
$this->assertFalse($resolver->isFullFledged(null));
|
||||||
|
$this->assertFalse($resolver->isFullFledged($this->getAnonymousToken()));
|
||||||
|
$this->assertFalse($resolver->isFullFledged($this->getRememberMeToken()));
|
||||||
|
$this->assertFalse($resolver->isFullFledged(new RealCustomAnonymousToken()));
|
||||||
|
$this->assertFalse($resolver->isFullFledged(new RealCustomRememberMeToken()));
|
||||||
|
$this->assertTrue($resolver->isFullFledged($this->getToken()));
|
||||||
|
$this->assertTrue($resolver->isFullFledged(new FakeCustomToken()));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
* @expectedDeprecation Configuring a custom anonymous token class is deprecated since Symfony 4.2; have the "Symfony\Component\Security\Core\Tests\Authentication\FakeCustomToken" class extend the "Symfony\Component\Security\Core\Authentication\Token\AnonymousToken" class instead, and remove the "Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver" constructor argument.
|
||||||
|
*/
|
||||||
|
public function testsAnonymousDeprecationWithCustomClasses()
|
||||||
|
{
|
||||||
|
$resolver = new AuthenticationTrustResolver(FakeCustomToken::class);
|
||||||
|
|
||||||
|
$this->assertTrue($resolver->isAnonymous(new FakeCustomToken()));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
* @expectedDeprecation Configuring a custom remember me token class is deprecated since Symfony 4.2; have the "Symfony\Component\Security\Core\Tests\Authentication\FakeCustomToken" class extend the "Symfony\Component\Security\Core\Authentication\Token\RememberMeToken" class instead, and remove the "Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver" constructor argument.
|
||||||
|
*/
|
||||||
|
public function testIsRememberMeDeprecationWithCustomClasses()
|
||||||
|
{
|
||||||
|
$resolver = new AuthenticationTrustResolver(null, FakeCustomToken::class);
|
||||||
|
|
||||||
|
$this->assertTrue($resolver->isRememberMe(new FakeCustomToken()));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
* @expectedDeprecation Configuring a custom remember me token class is deprecated since Symfony 4.2; have the "Symfony\Component\Security\Core\Tests\Authentication\FakeCustomToken" class extend the "Symfony\Component\Security\Core\Authentication\Token\RememberMeToken" class instead, and remove the "Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver" constructor argument.
|
||||||
|
*/
|
||||||
|
public function testIsFullFledgedDeprecationWithCustomClasses()
|
||||||
|
{
|
||||||
|
$resolver = new AuthenticationTrustResolver(FakeCustomToken::class, FakeCustomToken::class);
|
||||||
|
|
||||||
|
$this->assertFalse($resolver->isFullFledged(new FakeCustomToken()));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIsAnonymousWithClassAsConstructorButStillExtending()
|
||||||
{
|
{
|
||||||
$resolver = $this->getResolver();
|
$resolver = $this->getResolver();
|
||||||
|
|
||||||
@ -24,9 +96,10 @@ class AuthenticationTrustResolverTest extends TestCase
|
|||||||
$this->assertFalse($resolver->isAnonymous($this->getToken()));
|
$this->assertFalse($resolver->isAnonymous($this->getToken()));
|
||||||
$this->assertFalse($resolver->isAnonymous($this->getRememberMeToken()));
|
$this->assertFalse($resolver->isAnonymous($this->getRememberMeToken()));
|
||||||
$this->assertTrue($resolver->isAnonymous($this->getAnonymousToken()));
|
$this->assertTrue($resolver->isAnonymous($this->getAnonymousToken()));
|
||||||
|
$this->assertTrue($resolver->isAnonymous(new RealCustomAnonymousToken()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testIsRememberMe()
|
public function testIsRememberMeWithClassAsConstructorButStillExtending()
|
||||||
{
|
{
|
||||||
$resolver = $this->getResolver();
|
$resolver = $this->getResolver();
|
||||||
|
|
||||||
@ -34,15 +107,18 @@ class AuthenticationTrustResolverTest extends TestCase
|
|||||||
$this->assertFalse($resolver->isRememberMe($this->getToken()));
|
$this->assertFalse($resolver->isRememberMe($this->getToken()));
|
||||||
$this->assertFalse($resolver->isRememberMe($this->getAnonymousToken()));
|
$this->assertFalse($resolver->isRememberMe($this->getAnonymousToken()));
|
||||||
$this->assertTrue($resolver->isRememberMe($this->getRememberMeToken()));
|
$this->assertTrue($resolver->isRememberMe($this->getRememberMeToken()));
|
||||||
|
$this->assertTrue($resolver->isRememberMe(new RealCustomRememberMeToken()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testisFullFledged()
|
public function testisFullFledgedWithClassAsConstructorButStillExtending()
|
||||||
{
|
{
|
||||||
$resolver = $this->getResolver();
|
$resolver = $this->getResolver();
|
||||||
|
|
||||||
$this->assertFalse($resolver->isFullFledged(null));
|
$this->assertFalse($resolver->isFullFledged(null));
|
||||||
$this->assertFalse($resolver->isFullFledged($this->getAnonymousToken()));
|
$this->assertFalse($resolver->isFullFledged($this->getAnonymousToken()));
|
||||||
$this->assertFalse($resolver->isFullFledged($this->getRememberMeToken()));
|
$this->assertFalse($resolver->isFullFledged($this->getRememberMeToken()));
|
||||||
|
$this->assertFalse($resolver->isFullFledged(new RealCustomAnonymousToken()));
|
||||||
|
$this->assertFalse($resolver->isFullFledged(new RealCustomRememberMeToken()));
|
||||||
$this->assertTrue($resolver->isFullFledged($this->getToken()));
|
$this->assertTrue($resolver->isFullFledged($this->getToken()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -69,3 +145,84 @@ class AuthenticationTrustResolverTest extends TestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class FakeCustomToken implements TokenInterface
|
||||||
|
{
|
||||||
|
public function serialize()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function unserialize($serialized)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __toString()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getRoles()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getCredentials()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getUser()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setUser($user)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getUsername()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function isAuthenticated()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setAuthenticated($isAuthenticated)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function eraseCredentials()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getAttributes()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setAttributes(array $attributes)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function hasAttribute($name)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getAttribute($name)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setAttribute($name, $value)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class RealCustomAnonymousToken extends AnonymousToken
|
||||||
|
{
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class RealCustomRememberMeToken extends RememberMeToken
|
||||||
|
{
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@ -31,10 +31,8 @@ class ExpressionLanguageTest extends TestCase
|
|||||||
*/
|
*/
|
||||||
public function testIsAuthenticated($token, $expression, $result)
|
public function testIsAuthenticated($token, $expression, $result)
|
||||||
{
|
{
|
||||||
$anonymousTokenClass = 'Symfony\\Component\\Security\\Core\\Authentication\\Token\\AnonymousToken';
|
|
||||||
$rememberMeTokenClass = 'Symfony\\Component\\Security\\Core\\Authentication\\Token\\RememberMeToken';
|
|
||||||
$expressionLanguage = new ExpressionLanguage();
|
$expressionLanguage = new ExpressionLanguage();
|
||||||
$trustResolver = new AuthenticationTrustResolver($anonymousTokenClass, $rememberMeTokenClass);
|
$trustResolver = new AuthenticationTrustResolver();
|
||||||
$tokenStorage = new TokenStorage();
|
$tokenStorage = new TokenStorage();
|
||||||
$tokenStorage->setToken($token);
|
$tokenStorage->setToken($token);
|
||||||
$accessDecisionManager = new AccessDecisionManager(array(new RoleVoter()));
|
$accessDecisionManager = new AccessDecisionManager(array(new RoleVoter()));
|
||||||
|
|||||||
@ -23,7 +23,7 @@ class AuthenticatedVoterTest extends TestCase
|
|||||||
*/
|
*/
|
||||||
public function testVote($authenticated, $attributes, $expected)
|
public function testVote($authenticated, $attributes, $expected)
|
||||||
{
|
{
|
||||||
$voter = new AuthenticatedVoter($this->getResolver());
|
$voter = new AuthenticatedVoter(new AuthenticationTrustResolver());
|
||||||
|
|
||||||
$this->assertSame($expected, $voter->vote($this->getToken($authenticated), null, $attributes));
|
$this->assertSame($expected, $voter->vote($this->getToken($authenticated), null, $attributes));
|
||||||
}
|
}
|
||||||
@ -52,14 +52,6 @@ class AuthenticatedVoterTest extends TestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getResolver()
|
|
||||||
{
|
|
||||||
return new AuthenticationTrustResolver(
|
|
||||||
'Symfony\\Component\\Security\\Core\\Authentication\\Token\\AnonymousToken',
|
|
||||||
'Symfony\\Component\\Security\\Core\\Authentication\\Token\\RememberMeToken'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function getToken($authenticated)
|
protected function getToken($authenticated)
|
||||||
{
|
{
|
||||||
if ('fully' === $authenticated) {
|
if ('fully' === $authenticated) {
|
||||||
|
|||||||
Reference in New Issue
Block a user