[Security] Deprecate returning stringish objects from Security::getUser
This commit is contained in:
Roland Franssen
Fabien Potencier
parent
eb112a5288
commit
8c410da7e7
@ -94,6 +94,7 @@ Security
|
||||
custom anonymous and remember me token classes is deprecated. To
|
||||
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||
* Accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated.
|
||||
|
||||
SecurityBundle
|
||||
--------------
|
||||
|
||||
@ -126,6 +126,7 @@ Security
|
||||
* The `FirewallMapInterface::getListeners()` method must return an array of 3 elements,
|
||||
the 3rd one must be either a `LogoutListener` instance or `null`.
|
||||
* The `AuthenticationTrustResolver` constructor arguments have been removed.
|
||||
* A user object that is not an instance of `UserInterface` cannot be accessed from `Security::getUser()` anymore and returns `null` instead.
|
||||
|
||||
SecurityBundle
|
||||
--------------
|
||||
|
||||
@ -12,6 +12,7 @@ CHANGELOG
|
||||
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||
* allow passing null as $filter in LdapUserProvider to get the default filter
|
||||
* accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated
|
||||
|
||||
4.1.0
|
||||
-----
|
||||
|
||||
@ -46,6 +46,11 @@ final class Security
|
||||
return null;
|
||||
}
|
||||
|
||||
if (!$user instanceof UserInterface) {
|
||||
@trigger_error(sprintf('Accessing the user object "%s" that is not an instance of "%s" from "%s()" is deprecated since Symfony 4.2, use "getToken()->getUser()" instead.', get_class($user), UserInterface::class, __METHOD__), E_USER_DEPRECATED);
|
||||
//return null; // 5.0 behavior
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
|
||||
@ -64,10 +64,34 @@ class SecurityTest extends TestCase
|
||||
|
||||
yield array('string_username', null);
|
||||
|
||||
//yield array(new StringishUser(), null); // 5.0 behavior
|
||||
|
||||
$user = new User('nice_user', 'foo');
|
||||
yield array($user, $user);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedDeprecation Accessing the user object "Symfony\Component\Security\Core\Tests\StringishUser" that is not an instance of "Symfony\Component\Security\Core\User\UserInterface" from "Symfony\Component\Security\Core\Security::getUser()" is deprecated since Symfony 4.2, use "getToken()->getUser()" instead.
|
||||
*/
|
||||
public function testGetUserLegacy()
|
||||
{
|
||||
$token = $this->getMockBuilder(TokenInterface::class)->getMock();
|
||||
$token->expects($this->any())
|
||||
->method('getUser')
|
||||
->will($this->returnValue($user = new StringishUser()));
|
||||
$tokenStorage = $this->getMockBuilder(TokenStorageInterface::class)->getMock();
|
||||
|
||||
$tokenStorage->expects($this->once())
|
||||
->method('getToken')
|
||||
->will($this->returnValue($token));
|
||||
|
||||
$container = $this->createContainer('security.token_storage', $tokenStorage);
|
||||
|
||||
$security = new Security($container);
|
||||
$this->assertSame($user, $security->getUser());
|
||||
}
|
||||
|
||||
public function testIsGranted()
|
||||
{
|
||||
$authorizationChecker = $this->getMockBuilder(AuthorizationCheckerInterface::class)->getMock();
|
||||
@ -95,3 +119,11 @@ class SecurityTest extends TestCase
|
||||
return $container;
|
||||
}
|
||||
}
|
||||
|
||||
class StringishUser
|
||||
{
|
||||
public function __toString()
|
||||
{
|
||||
return 'stringish_user';
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user