bug #36832 [Security] Improved upgrade path for custom remember me services (wouterj)
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Improved upgrade path for custom remember me services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | -
| Deprecations? | -
| Tickets | https://github.com/symfony/symfony/pull/36806#issuecomment-628592543
| License | MIT
| Doc PR |
This improves the upgrade path for custom remember me services now `LogoutHandlerInterface` has been deprecated.
As suggested in https://github.com/symfony/symfony/pull/36806#issuecomment-628592543, the `logout()` method should be added to the `RememberMeServicesInterface` in Symfony 6.
This patch allows developers to write a custom class implementing only `RememberMeServicesInterface` with a `logout()` method. Requiring them to implement `LogoutHandlerInterface` will mean they have to maintain 2 version of the class to support both Symfony 5.1+ and 6.0.
Commits
-------
c49d00f984
Added deprecation for RememberMe services without logout() method
This commit is contained in:
commit
c268915352
|
@ -167,6 +167,7 @@ Security
|
|||
|
||||
* Deprecated `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead.
|
||||
* Deprecated `DefaultLogoutSuccessHandler` in favor of `DefaultLogoutListener`.
|
||||
* Deprecated `RememberMeServicesInterface` implementations without a `logout(Request $request, Response $response, TokenInterface $token)` method.
|
||||
|
||||
Yaml
|
||||
----
|
||||
|
|
|
@ -113,6 +113,7 @@ Security
|
|||
* Removed `ROLE_PREVIOUS_ADMIN` role in favor of `IS_IMPERSONATOR` attribute
|
||||
* Removed `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead.
|
||||
* Removed `DefaultLogoutSuccessHandler` in favor of `DefaultLogoutListener`.
|
||||
* Added a `logout(Request $request, Response $response, TokenInterface $token)` method to the `RememberMeServicesInterface`.
|
||||
|
||||
Yaml
|
||||
----
|
||||
|
|
|
@ -11,6 +11,7 @@ CHANGELOG
|
|||
* Deprecated `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface` in favor of listening on the `LogoutEvent`.
|
||||
* Added experimental new security using `Http\Authenticator\AuthenticatorInterface`, `Http\Authentication\AuthenticatorManager` and `Http\Firewall\AuthenticatorManagerListener`.
|
||||
* Added `CustomUserMessageAccountStatusException` to be used when extending `UserCheckerInterface`
|
||||
* Deprecated `RememberMeServicesInterface` implementations without `logout(Request $request, Response $response, TokenInterface $token)` method, this method will be required in Symfony 6.0.
|
||||
|
||||
5.0.0
|
||||
-----
|
||||
|
|
|
@ -14,7 +14,7 @@ namespace Symfony\Component\Security\Http\EventListener;
|
|||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
use Symfony\Component\Security\Core\Exception\LogicException;
|
||||
use Symfony\Component\Security\Http\Event\LogoutEvent;
|
||||
use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
|
||||
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
|
||||
|
||||
/**
|
||||
* @author Wouter de Jong <wouter@wouterj.nl>
|
||||
|
@ -25,13 +25,21 @@ class RememberMeLogoutListener implements EventSubscriberInterface
|
|||
{
|
||||
private $rememberMeServices;
|
||||
|
||||
public function __construct(LogoutHandlerInterface $rememberMeServices)
|
||||
public function __construct(RememberMeServicesInterface $rememberMeServices)
|
||||
{
|
||||
if (!method_exists($rememberMeServices, 'logout')) {
|
||||
trigger_deprecation('symfony/security-core', '5.1', '"%s" should implement the "logout(Request $request, Response $response, TokenInterface $token)" method, this method will be added to the "%s" in version 6.0.', \get_class($rememberMeServices), RememberMeServicesInterface::class);
|
||||
}
|
||||
|
||||
$this->rememberMeServices = $rememberMeServices;
|
||||
}
|
||||
|
||||
public function onLogout(LogoutEvent $event): void
|
||||
{
|
||||
if (!method_exists($this->rememberMeServices, 'logout')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (null === $event->getResponse()) {
|
||||
throw new LogicException(sprintf('No response was set for this logout action. Make sure the DefaultLogoutListener or another listener has set the response before "%s" is called.', __CLASS__));
|
||||
}
|
||||
|
|
|
@ -24,6 +24,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|||
* - PersistentTokenBasedRememberMeServices (requires a TokenProvider)
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
*
|
||||
* @method logout(Request $request, Response $response, TokenInterface $token)
|
||||
*/
|
||||
interface RememberMeServicesInterface
|
||||
{
|
||||
|
|
Reference in New Issue