diff --git a/UPGRADE-3.4.md b/UPGRADE-3.4.md index 5f44e9785d..61cd356096 100644 --- a/UPGRADE-3.4.md +++ b/UPGRADE-3.4.md @@ -270,6 +270,13 @@ Profiler * The `profiler.matcher` option has been deprecated. +Security +-------- + + * Deprecated the HTTP digest authentication: `NonceExpiredException`, + `DigestAuthenticationListener` and `DigestAuthenticationEntryPoint` will be + removed in 4.0. Use another authentication system like `http_basic` instead. + SecurityBundle -------------- @@ -290,6 +297,9 @@ SecurityBundle * Added `logout_on_user_change` to the firewall options. This config item will trigger a logout when the user has changed. Should be set to true to avoid deprecations in the configuration. + + * Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0. + Use another authentication system like `http_basic` instead. Translation ----------- diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md index 5513d6f921..8adc08b125 100644 --- a/UPGRADE-4.0.md +++ b/UPGRADE-4.0.md @@ -652,6 +652,10 @@ Security * Calling `ContextListener::setLogoutOnUserChange(false)` won't have any effect anymore. + * Removed the HTTP digest authentication system. The `NonceExpiredException`, + `DigestAuthenticationListener` and `DigestAuthenticationEntryPoint` classes + have been removed. Use another authentication system like `http_basic` instead. + SecurityBundle -------------- @@ -672,6 +676,9 @@ SecurityBundle * The firewall option `logout_on_user_change` is now always true, which will trigger a logout if the user changes between requests. + + * Removed the HTTP digest authentication system. The `HttpDigestFactory` class + has been removed. Use another authentication system like `http_basic` instead. Serializer ---------- diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index b60e2e7e88..7b86470811 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -16,6 +16,7 @@ CHANGELOG * Added `logout_on_user_change` to the firewall options. This config item will trigger a logout when the user has changed. Should be set to true to avoid deprecations in the configuration. + * deprecated HTTP digest authentication 3.3.0 ----- diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php index bedc87864c..8d764795c1 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php @@ -20,9 +20,18 @@ use Symfony\Component\DependencyInjection\Reference; * HttpDigestFactory creates services for HTTP digest authentication. * * @author Fabien Potencier + * + * @deprecated since 3.4, to be removed in 4.0 */ class HttpDigestFactory implements SecurityFactoryInterface { + public function __construct($triggerDeprecation = true) + { + if ($triggerDeprecation) { + @trigger_error(sprintf('The %s class and the whole HTTP digest authentication system is deprecated since 3.4 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED); + } + } + public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint) { $provider = 'security.authentication.provider.dao.'.$id; @@ -59,6 +68,7 @@ class HttpDigestFactory implements SecurityFactoryInterface public function addConfiguration(NodeDefinition $node) { $node + ->setDeprecated('The HTTP digest authentication is deprecated since 3.4 and will be removed in 4.0.') ->children() ->scalarNode('provider')->end() ->scalarNode('realm')->defaultValue('Secured Area')->end() diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php index 3b8f6dda85..4f17e12236 100644 --- a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php +++ b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php @@ -47,7 +47,7 @@ class SecurityBundle extends Bundle $extension->addSecurityListenerFactory(new JsonLoginFactory()); $extension->addSecurityListenerFactory(new HttpBasicFactory()); $extension->addSecurityListenerFactory(new HttpBasicLdapFactory()); - $extension->addSecurityListenerFactory(new HttpDigestFactory()); + $extension->addSecurityListenerFactory(new HttpDigestFactory(false)); $extension->addSecurityListenerFactory(new RememberMeFactory()); $extension->addSecurityListenerFactory(new X509Factory()); $extension->addSecurityListenerFactory(new RemoteUserFactory()); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index c7451496d4..9a461285f5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -86,6 +86,131 @@ abstract class CompleteConfigurationTest extends TestCase $configs[0][2] = strtolower($configs[0][2]); $configs[2][2] = strtolower($configs[2][2]); + $this->assertEquals(array( + array( + 'simple', + 'security.user_checker', + 'security.request_matcher.6tndozi', + false, + ), + array( + 'secure', + 'security.user_checker', + null, + true, + true, + 'security.user.provider.concrete.default', + null, + 'security.authentication.form_entry_point.secure', + null, + null, + array( + 'logout', + 'switch_user', + 'x509', + 'remote_user', + 'form_login', + 'http_basic', + 'remember_me', + 'anonymous', + ), + array( + 'parameter' => '_switch_user', + 'role' => 'ROLE_ALLOWED_TO_SWITCH', + ), + ), + array( + 'host', + 'security.user_checker', + 'security.request_matcher.and0kk1', + true, + false, + 'security.user.provider.concrete.default', + 'host', + 'security.authentication.basic_entry_point.host', + null, + null, + array( + 'http_basic', + 'anonymous', + ), + null, + ), + array( + 'with_user_checker', + 'app.user_checker', + null, + true, + false, + 'security.user.provider.concrete.default', + 'with_user_checker', + 'security.authentication.basic_entry_point.with_user_checker', + null, + null, + array( + 'http_basic', + 'anonymous', + ), + null, + ), + ), $configs); + + $this->assertEquals(array( + array(), + array( + 'security.channel_listener', + 'security.logout_listener.secure', + 'security.authentication.listener.x509.secure', + 'security.authentication.listener.remote_user.secure', + 'security.authentication.listener.form.secure', + 'security.authentication.listener.basic.secure', + 'security.authentication.listener.rememberme.secure', + 'security.authentication.listener.anonymous.secure', + 'security.authentication.switchuser_listener.secure', + 'security.access_listener', + ), + array( + 'security.channel_listener', + 'security.context_listener.0', + 'security.authentication.listener.basic.host', + 'security.authentication.listener.anonymous.host', + 'security.access_listener', + ), + array( + 'security.channel_listener', + 'security.context_listener.1', + 'security.authentication.listener.basic.with_user_checker', + 'security.authentication.listener.anonymous.with_user_checker', + 'security.access_listener', + ), + ), $listeners); + + $this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered')); + } + + /** + * @group legacy + */ + public function testFirewallsWithDigest() + { + $container = $this->getContainer('container1_with_digest'); + $arguments = $container->getDefinition('security.firewall.map')->getArguments(); + $listeners = array(); + $configs = array(); + foreach (array_keys($arguments[1]->getValues()) as $contextId) { + $contextDef = $container->getDefinition($contextId); + $arguments = $contextDef->getArguments(); + $listeners[] = array_map('strval', $arguments['index_0']->getValues()); + + $configDef = $container->getDefinition((string) $arguments['index_2']); + $configs[] = array_values($configDef->getArguments()); + } + + // the IDs of the services are case sensitive or insensitive depending on + // the Symfony version. Transform them to lowercase to simplify tests. + $configs[0][2] = strtolower($configs[0][2]); + $configs[2][2] = strtolower($configs[2][2]); + $this->assertEquals(array( array( 'simple', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index 581407fcc0..3748f05012 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -64,7 +64,6 @@ $container->loadFromExtension('security', array( 'simple' => array('pattern' => '/login', 'security' => false), 'secure' => array('stateless' => true, 'http_basic' => true, - 'http_digest' => array('secret' => 'TheSecret'), 'form_login' => true, 'anonymous' => true, 'switch_user' => true, diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php new file mode 100644 index 0000000000..581407fcc0 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php @@ -0,0 +1,105 @@ +loadFromExtension('security', array( + 'acl' => array(), + 'encoders' => array( + 'JMS\FooBundle\Entity\User1' => 'plaintext', + 'JMS\FooBundle\Entity\User2' => array( + 'algorithm' => 'sha1', + 'encode_as_base64' => false, + 'iterations' => 5, + ), + 'JMS\FooBundle\Entity\User3' => array( + 'algorithm' => 'md5', + ), + 'JMS\FooBundle\Entity\User4' => array( + 'id' => 'security.encoder.foo', + ), + 'JMS\FooBundle\Entity\User5' => array( + 'algorithm' => 'pbkdf2', + 'hash_algorithm' => 'sha1', + 'encode_as_base64' => false, + 'iterations' => 5, + 'key_length' => 30, + ), + 'JMS\FooBundle\Entity\User6' => array( + 'algorithm' => 'bcrypt', + 'cost' => 15, + ), + ), + 'providers' => array( + 'default' => array( + 'memory' => array( + 'users' => array( + 'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'), + ), + ), + ), + 'digest' => array( + 'memory' => array( + 'users' => array( + 'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER, ROLE_ADMIN'), + ), + ), + ), + 'basic' => array( + 'memory' => array( + 'users' => array( + 'foo' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => 'ROLE_SUPER_ADMIN'), + 'bar' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => array('ROLE_USER', 'ROLE_ADMIN')), + ), + ), + ), + 'service' => array( + 'id' => 'user.manager', + ), + 'chain' => array( + 'chain' => array( + 'providers' => array('service', 'basic'), + ), + ), + ), + + 'firewalls' => array( + 'simple' => array('pattern' => '/login', 'security' => false), + 'secure' => array('stateless' => true, + 'http_basic' => true, + 'http_digest' => array('secret' => 'TheSecret'), + 'form_login' => true, + 'anonymous' => true, + 'switch_user' => true, + 'x509' => true, + 'remote_user' => true, + 'logout' => true, + 'remember_me' => array('secret' => 'TheSecret'), + 'user_checker' => null, + 'logout_on_user_change' => true, + ), + 'host' => array( + 'pattern' => '/test', + 'host' => 'foo\\.example\\.org', + 'methods' => array('GET', 'POST'), + 'anonymous' => true, + 'http_basic' => true, + 'logout_on_user_change' => true, + ), + 'with_user_checker' => array( + 'user_checker' => 'app.user_checker', + 'anonymous' => true, + 'http_basic' => true, + 'logout_on_user_change' => true, + ), + ), + + 'access_control' => array( + array('path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https', 'methods' => array('get', 'POST')), + array('path' => '/blog/.*', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'), + array('path' => '/blog/524', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'allow_if' => "token.getUsername() matches '/^admin/'"), + ), + + 'role_hierarchy' => array( + 'ROLE_ADMIN' => 'ROLE_USER', + 'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'), + 'ROLE_REMOTE' => 'ROLE_USER,ROLE_ADMIN', + ), +)); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php index 91c475418b..3889752f8f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php @@ -15,7 +15,6 @@ $container->loadFromExtension('security', array( 'secure' => array( 'stateless' => true, 'http_basic' => true, - 'http_digest' => array('secret' => 'TheSecret'), 'form_login' => true, 'anonymous' => true, 'switch_user' => true, diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index e5049f2033..05c31e1854 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -49,7 +49,6 @@ - diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml new file mode 100644 index 0000000000..e5049f2033 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml @@ -0,0 +1,82 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + app.user_checker + + + ROLE_USER + ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH + ROLE_USER,ROLE_ADMIN + + + + + + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml index 7d648ae1ba..b97d39adb5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml @@ -15,7 +15,6 @@ - diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index a2b57201bf..b016adb851 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -46,8 +46,6 @@ security: secure: stateless: true http_basic: true - http_digest: - secret: TheSecret form_login: true anonymous: true switch_user: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml new file mode 100644 index 0000000000..a2b57201bf --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml @@ -0,0 +1,85 @@ +security: + acl: ~ + encoders: + JMS\FooBundle\Entity\User1: plaintext + JMS\FooBundle\Entity\User2: + algorithm: sha1 + encode_as_base64: false + iterations: 5 + JMS\FooBundle\Entity\User3: + algorithm: md5 + JMS\FooBundle\Entity\User4: + id: security.encoder.foo + JMS\FooBundle\Entity\User5: + algorithm: pbkdf2 + hash_algorithm: sha1 + encode_as_base64: false + iterations: 5 + key_length: 30 + JMS\FooBundle\Entity\User6: + algorithm: bcrypt + cost: 15 + + providers: + default: + memory: + users: + foo: { password: foo, roles: ROLE_USER } + digest: + memory: + users: + foo: { password: foo, roles: 'ROLE_USER, ROLE_ADMIN' } + basic: + memory: + users: + foo: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: ROLE_SUPER_ADMIN } + bar: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: [ROLE_USER, ROLE_ADMIN] } + service: + id: user.manager + chain: + chain: + providers: [service, basic] + + + firewalls: + simple: { pattern: /login, security: false } + secure: + stateless: true + http_basic: true + http_digest: + secret: TheSecret + form_login: true + anonymous: true + switch_user: true + x509: true + remote_user: true + logout: true + remember_me: + secret: TheSecret + user_checker: ~ + + host: + pattern: /test + host: foo\.example\.org + methods: [GET,POST] + anonymous: true + http_basic: true + logout_on_user_change: true + + with_user_checker: + anonymous: ~ + http_basic: ~ + user_checker: app.user_checker + logout_on_user_change: true + + role_hierarchy: + ROLE_ADMIN: ROLE_USER + ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] + ROLE_REMOTE: ROLE_USER,ROLE_ADMIN + + access_control: + - { path: /blog/524, role: ROLE_USER, requires_channel: https, methods: [get, POST]} + - + path: /blog/.* + role: IS_AUTHENTICATED_ANONYMOUSLY + - { path: /blog/524, role: IS_AUTHENTICATED_ANONYMOUSLY, allow_if: "token.getUsername() matches '/^admin/'" } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml index 23afa8cd9b..6a196597c5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml @@ -10,8 +10,6 @@ security: secure: stateless: true http_basic: true - http_digest: - secret: TheSecret form_login: true anonymous: true switch_user: true diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md index 53aa474446..5ac97ca8b2 100644 --- a/src/Symfony/Component/Security/CHANGELOG.md +++ b/src/Symfony/Component/Security/CHANGELOG.md @@ -12,6 +12,7 @@ CHANGELOG property will trigger a deprecation when the user has changed. As of 4.0 the user will always be logged out when the user has changed between requests. + * deprecated HTTP digest authentication 3.3.0 ----- diff --git a/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php b/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php index 998e987e40..bc03a03ac7 100644 --- a/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php +++ b/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php @@ -11,12 +11,16 @@ namespace Symfony\Component\Security\Core\Exception; +@trigger_error(sprintf('The %s class and the whole HTTP digest authentication system is deprecated since 3.4 and will be removed in 4.0.', NonceExpiredException::class), E_USER_DEPRECATED); + /** * NonceExpiredException is thrown when an authentication is rejected because * the digest nonce has expired. * * @author Fabien Potencier * @author Alexander + * + * @deprecated since 3.4, to be removed in 4.0 */ class NonceExpiredException extends AuthenticationException { diff --git a/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php index 9dfd592945..1854265991 100644 --- a/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php +++ b/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php @@ -21,6 +21,8 @@ use Psr\Log\LoggerInterface; * DigestAuthenticationEntryPoint starts an HTTP Digest authentication. * * @author Fabien Potencier + * + * @deprecated since 3.4, to be removed in 4.0 */ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterface { @@ -31,6 +33,8 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac public function __construct($realmName, $secret, $nonceValiditySeconds = 300, LoggerInterface $logger = null) { + @trigger_error(sprintf('The %s class and the whole HTTP digest authentication system is deprecated since 3.4 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED); + $this->realmName = $realmName; $this->secret = $secret; $this->nonceValiditySeconds = $nonceValiditySeconds; diff --git a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php index 4479a5cae9..ce8e435aa8 100644 --- a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php @@ -28,6 +28,8 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; * DigestAuthenticationListener implements Digest HTTP authentication. * * @author Fabien Potencier + * + * @deprecated since 3.4, to be removed in 4.0 */ class DigestAuthenticationListener implements ListenerInterface { @@ -39,6 +41,8 @@ class DigestAuthenticationListener implements ListenerInterface public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, $providerKey, DigestAuthenticationEntryPoint $authenticationEntryPoint, LoggerInterface $logger = null) { + @trigger_error(sprintf('The %s class and the whole HTTP digest authentication system is deprecated since 3.4 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED); + if (empty($providerKey)) { throw new \InvalidArgumentException('$providerKey must not be empty.'); } @@ -137,6 +141,9 @@ class DigestAuthenticationListener implements ListenerInterface } } +/** + * @deprecated since 3.4, to be removed in 4.0. + */ class DigestData { private $elements = array(); @@ -145,6 +152,8 @@ class DigestData public function __construct($header) { + @trigger_error(sprintf('The %s class and the whole HTTP digest authentication system is deprecated since 3.4 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED); + $this->header = $header; preg_match_all('/(\w+)=("((?:[^"\\\\]|\\\\.)+)"|([^\s,$]+))/', $header, $matches, PREG_SET_ORDER); foreach ($matches as $match) { diff --git a/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php b/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php index e08570dbbd..035a5baae9 100644 --- a/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php +++ b/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php @@ -16,6 +16,9 @@ use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\NonceExpiredException; +/** + * @group legacy + */ class DigestAuthenticationEntryPointTest extends TestCase { public function testStart() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php index 495dae4262..b6f7efa8b5 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php @@ -8,6 +8,9 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint; use Symfony\Component\Security\Http\Firewall\DigestAuthenticationListener; +/** + * @group legacy + */ class DigestAuthenticationListenerTest extends TestCase { public function testHandleWithValidDigest() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestDataTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestDataTest.php index 7317e2f83c..185055efce 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestDataTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestDataTest.php @@ -14,6 +14,9 @@ namespace Symfony\Component\Security\Http\Tests\Firewall; use PHPUnit\Framework\TestCase; use Symfony\Component\Security\Http\Firewall\DigestData; +/** + * @group legacy + */ class DigestDataTest extends TestCase { public function testGetResponse()