From c49d00f9848f86c33578e02134da2b9e10bc3f41 Mon Sep 17 00:00:00 2001
From: Wouter de Jong <wouter@wouterj.nl>
Date: Sat, 16 May 2020 12:36:39 +0200
Subject: [PATCH] Added deprecation for RememberMe services without logout()
 method

---
 UPGRADE-5.1.md                                       |  1 +
 UPGRADE-6.0.md                                       |  1 +
 src/Symfony/Component/Security/CHANGELOG.md          |  1 +
 .../Http/EventListener/RememberMeLogoutListener.php  | 12 ++++++++++--
 .../Http/RememberMe/RememberMeServicesInterface.php  |  2 ++
 5 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/UPGRADE-5.1.md b/UPGRADE-5.1.md
index 449c12d226..a0560277ab 100644
--- a/UPGRADE-5.1.md
+++ b/UPGRADE-5.1.md
@@ -167,6 +167,7 @@ Security
 
  * Deprecated `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead.
  * Deprecated `DefaultLogoutSuccessHandler` in favor of `DefaultLogoutListener`.
+ * Deprecated `RememberMeServicesInterface` implementations without a `logout(Request $request, Response $response, TokenInterface $token)` method.
 
 Yaml
 ----
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
index 1c7e55be16..1d8243eff7 100644
--- a/UPGRADE-6.0.md
+++ b/UPGRADE-6.0.md
@@ -113,6 +113,7 @@ Security
  * Removed `ROLE_PREVIOUS_ADMIN` role in favor of `IS_IMPERSONATOR` attribute
  * Removed `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead.
  * Removed `DefaultLogoutSuccessHandler` in favor of `DefaultLogoutListener`.
+ * Added a `logout(Request $request, Response $response, TokenInterface $token)` method to the `RememberMeServicesInterface`.
 
 Yaml
 ----
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index e950032a5c..b54399022b 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -11,6 +11,7 @@ CHANGELOG
  * Deprecated `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface` in favor of listening on the `LogoutEvent`.
  * Added experimental new security using `Http\Authenticator\AuthenticatorInterface`, `Http\Authentication\AuthenticatorManager` and `Http\Firewall\AuthenticatorManagerListener`.
  * Added `CustomUserMessageAccountStatusException` to be used when extending `UserCheckerInterface`
+ * Deprecated `RememberMeServicesInterface` implementations without `logout(Request $request, Response $response, TokenInterface $token)` method, this method will be required in Symfony 6.0.
 
 5.0.0
 -----
diff --git a/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php b/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php
index 614c4ea11f..50c5df6caa 100644
--- a/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php
+++ b/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php
@@ -14,7 +14,7 @@ namespace Symfony\Component\Security\Http\EventListener;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Http\Event\LogoutEvent;
-use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
+use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
 
 /**
  * @author Wouter de Jong <wouter@wouterj.nl>
@@ -25,13 +25,21 @@ class RememberMeLogoutListener implements EventSubscriberInterface
 {
     private $rememberMeServices;
 
-    public function __construct(LogoutHandlerInterface $rememberMeServices)
+    public function __construct(RememberMeServicesInterface $rememberMeServices)
     {
+        if (!method_exists($rememberMeServices, 'logout')) {
+            trigger_deprecation('symfony/security-core', '5.1', '"%s" should implement the "logout(Request $request, Response $response, TokenInterface $token)" method, this method will be added to the "%s" in version 6.0.', \get_class($rememberMeServices), RememberMeServicesInterface::class);
+        }
+
         $this->rememberMeServices = $rememberMeServices;
     }
 
     public function onLogout(LogoutEvent $event): void
     {
+        if (!method_exists($this->rememberMeServices, 'logout')) {
+            return;
+        }
+
         if (null === $event->getResponse()) {
             throw new LogicException(sprintf('No response was set for this logout action. Make sure the DefaultLogoutListener or another listener has set the response before "%s" is called.', __CLASS__));
         }
diff --git a/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php b/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php
index ae52591da0..23fc0fc187 100644
--- a/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php
@@ -24,6 +24,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  * - PersistentTokenBasedRememberMeServices (requires a TokenProvider)
  *
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * @method logout(Request $request, Response $response, TokenInterface $token)
  */
 interface RememberMeServicesInterface
 {