[Security] Deprecate returning stringish objects from Security::getUser
This commit is contained in:
parent
eb112a5288
commit
8c410da7e7
@ -94,6 +94,7 @@ Security
|
|||||||
custom anonymous and remember me token classes is deprecated. To
|
custom anonymous and remember me token classes is deprecated. To
|
||||||
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||||
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||||
|
* Accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated.
|
||||||
|
|
||||||
SecurityBundle
|
SecurityBundle
|
||||||
--------------
|
--------------
|
||||||
|
@ -126,6 +126,7 @@ Security
|
|||||||
* The `FirewallMapInterface::getListeners()` method must return an array of 3 elements,
|
* The `FirewallMapInterface::getListeners()` method must return an array of 3 elements,
|
||||||
the 3rd one must be either a `LogoutListener` instance or `null`.
|
the 3rd one must be either a `LogoutListener` instance or `null`.
|
||||||
* The `AuthenticationTrustResolver` constructor arguments have been removed.
|
* The `AuthenticationTrustResolver` constructor arguments have been removed.
|
||||||
|
* A user object that is not an instance of `UserInterface` cannot be accessed from `Security::getUser()` anymore and returns `null` instead.
|
||||||
|
|
||||||
SecurityBundle
|
SecurityBundle
|
||||||
--------------
|
--------------
|
||||||
|
@ -12,6 +12,7 @@ CHANGELOG
|
|||||||
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||||
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||||
* allow passing null as $filter in LdapUserProvider to get the default filter
|
* allow passing null as $filter in LdapUserProvider to get the default filter
|
||||||
|
* accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated
|
||||||
|
|
||||||
4.1.0
|
4.1.0
|
||||||
-----
|
-----
|
||||||
|
@ -46,6 +46,11 @@ final class Security
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!$user instanceof UserInterface) {
|
||||||
|
@trigger_error(sprintf('Accessing the user object "%s" that is not an instance of "%s" from "%s()" is deprecated since Symfony 4.2, use "getToken()->getUser()" instead.', get_class($user), UserInterface::class, __METHOD__), E_USER_DEPRECATED);
|
||||||
|
//return null; // 5.0 behavior
|
||||||
|
}
|
||||||
|
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,10 +64,34 @@ class SecurityTest extends TestCase
|
|||||||
|
|
||||||
yield array('string_username', null);
|
yield array('string_username', null);
|
||||||
|
|
||||||
|
//yield array(new StringishUser(), null); // 5.0 behavior
|
||||||
|
|
||||||
$user = new User('nice_user', 'foo');
|
$user = new User('nice_user', 'foo');
|
||||||
yield array($user, $user);
|
yield array($user, $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
* @expectedDeprecation Accessing the user object "Symfony\Component\Security\Core\Tests\StringishUser" that is not an instance of "Symfony\Component\Security\Core\User\UserInterface" from "Symfony\Component\Security\Core\Security::getUser()" is deprecated since Symfony 4.2, use "getToken()->getUser()" instead.
|
||||||
|
*/
|
||||||
|
public function testGetUserLegacy()
|
||||||
|
{
|
||||||
|
$token = $this->getMockBuilder(TokenInterface::class)->getMock();
|
||||||
|
$token->expects($this->any())
|
||||||
|
->method('getUser')
|
||||||
|
->will($this->returnValue($user = new StringishUser()));
|
||||||
|
$tokenStorage = $this->getMockBuilder(TokenStorageInterface::class)->getMock();
|
||||||
|
|
||||||
|
$tokenStorage->expects($this->once())
|
||||||
|
->method('getToken')
|
||||||
|
->will($this->returnValue($token));
|
||||||
|
|
||||||
|
$container = $this->createContainer('security.token_storage', $tokenStorage);
|
||||||
|
|
||||||
|
$security = new Security($container);
|
||||||
|
$this->assertSame($user, $security->getUser());
|
||||||
|
}
|
||||||
|
|
||||||
public function testIsGranted()
|
public function testIsGranted()
|
||||||
{
|
{
|
||||||
$authorizationChecker = $this->getMockBuilder(AuthorizationCheckerInterface::class)->getMock();
|
$authorizationChecker = $this->getMockBuilder(AuthorizationCheckerInterface::class)->getMock();
|
||||||
@ -95,3 +119,11 @@ class SecurityTest extends TestCase
|
|||||||
return $container;
|
return $container;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class StringishUser
|
||||||
|
{
|
||||||
|
public function __toString()
|
||||||
|
{
|
||||||
|
return 'stringish_user';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Reference in New Issue
Block a user