diff --git a/UPGRADE-5.3.md b/UPGRADE-5.3.md index 93f1409439..b9181da642 100644 --- a/UPGRADE-5.3.md +++ b/UPGRADE-5.3.md @@ -205,6 +205,15 @@ Security * Deprecate all classes in the `Core\Encoder\` sub-namespace, use the `PasswordHasher` component instead * Deprecated voters that do not return a valid decision when calling the `vote` method * [BC break] Add optional array argument `$badges` to `UserAuthenticatorInterface::authenticateUser()` + * Deprecate `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`, + `AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`, + `PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and + `AuthenticationFailureEvent` from security-core, use the new authenticator system instead + * Deprecate `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`, + `BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`, + `UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener` + from security-http, use the new authenticator system instead + * Deprecate the Guard component, use the new authenticator system instead SecurityBundle -------------- @@ -218,6 +227,10 @@ SecurityBundle * Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases, use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead * Deprecate the public `security.authorization_checker` and `security.token_storage` services to private + * Not setting the `enable_authenticator_manager` config option to `true` is deprecated + * Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead + * Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead + * Deprecate the Guard component integration, use the new authenticator system instead Serializer ---------- diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md index 25640765da..a37acd80e8 100644 --- a/UPGRADE-6.0.md +++ b/UPGRADE-6.0.md @@ -293,6 +293,15 @@ Security `DefaultAuthenticationSuccessHandler`. * Removed the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName` * `AccessDecisionManager` now throw an exception when a voter does not return a valid decision. + * Remove `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`, + `AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`, + `PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and + `AuthenticationFailureEvent` from security-core, use the new authenticator system instead + * Remove `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`, + `BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`, + `UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener` + from security-http, use the new authenticator system instead + * Remove the Guard component, use the new authenticator system instead SecurityBundle -------------- @@ -304,6 +313,10 @@ SecurityBundle * Remove the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases, use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead * The `security.authorization_checker` and `security.token_storage` services are now private + * Not setting the `enable_authenticator_manager` option to `true` now throws an exception + * Remove the `security.authentication.provider.*` services, use the new authenticator system instead + * Remove the `security.authentication.listener.*` services, use the new authenticator system instead + * Remove the Guard component integration, use the new authenticator system instead Serializer ---------- diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml index fac417fad1..78c580a9f4 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml @@ -8,6 +8,8 @@ services: - container.service_subscriber security: + enable_authenticator_manager: true + providers: main: memory: @@ -30,3 +32,6 @@ security: form_login: check_path: /custom/login/check provider: custom + + access_control: + - { path: '^/main/user_profile$', roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index 6fe4b5fba7..640f0d2ce3 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -17,6 +17,10 @@ CHANGELOG * Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases, use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead * Deprecate the public `security.authorization_checker` and `security.token_storage` services to private + * Not setting the `enable_authenticator_manager` config option to `true` is deprecated + * Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead + * Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead + * Deprecate the Guard component integration, use the new authenticator system instead 5.2.0 ----- diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php index 2d67694e62..ded4a61740 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php @@ -21,6 +21,8 @@ use Symfony\Component\DependencyInjection\Parameter; * @author Wouter de Jong * * @internal + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface { diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 54f222a84e..a6948efae7 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -130,6 +130,8 @@ class SecurityExtension extends Extension implements PrependExtensionInterface $container->getDefinition('security.authorization_checker')->setArgument(4, false); $container->getDefinition('security.authorization_checker')->setArgument(5, false); } else { + trigger_deprecation('symfony/security-bundle', '5.3', 'Not setting the "security.enable_authenticator_manager" config option to true is deprecated.'); + $loader->load('security_legacy.php'); } diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php index f113dec880..a57add5e51 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php @@ -24,8 +24,10 @@ return static function (ContainerConfigurator $container) { abstract_arg('stateless firewall keys'), ]) ->call('setSessionAuthenticationStrategy', [service('security.authentication.session_strategy')]) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->alias(GuardAuthenticatorHandler::class, 'security.authentication.guard_handler') + ->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.') ->set('security.authentication.provider.guard', GuardAuthenticationProvider::class) ->abstract() @@ -36,6 +38,7 @@ return static function (ContainerConfigurator $container) { abstract_arg('User Checker'), service('security.password_hasher'), ]) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.listener.guard', GuardAuthenticationListener::class) ->abstract() @@ -48,5 +51,6 @@ return static function (ContainerConfigurator $container) { param('security.authentication.hide_user_not_found'), ]) ->tag('monolog.logger', ['channel' => 'security']) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ; }; diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php index 0f7d557354..fd83cd3b96 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php @@ -62,6 +62,7 @@ return static function (ContainerConfigurator $container) { ->set('security.authentication.manager', NoopAuthenticationManager::class) ->alias(AuthenticationManagerInterface::class, 'security.authentication.manager') + ->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.') ->set('security.firewall.authenticator', AuthenticatorManagerListener::class) ->abstract() diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php index b3782e471f..ba04bbadad 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php @@ -73,6 +73,6 @@ return static function (ContainerConfigurator $container) { service('doctrine'), abstract_arg('user entity class name'), ]) - + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ; }; diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php index aa6a522de1..95398eae19 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php @@ -49,9 +49,11 @@ return static function (ContainerConfigurator $container) { service('security.authentication.manager'), ]) ->tag('monolog.logger', ['channel' => 'security']) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.provider.anonymous', AnonymousAuthenticationProvider::class) ->args([abstract_arg('Key')]) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.retry_entry_point', RetryAuthenticationEntryPoint::class) ->args([ @@ -161,6 +163,7 @@ return static function (ContainerConfigurator $container) { ->set('security.authentication.listener.form', UsernamePasswordFormAuthenticationListener::class) ->parent('security.authentication.listener.abstract') ->abstract() + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.listener.x509', X509AuthenticationListener::class) ->abstract() @@ -174,6 +177,7 @@ return static function (ContainerConfigurator $container) { service('event_dispatcher')->nullOnInvalid(), ]) ->tag('monolog.logger', ['channel' => 'security']) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.listener.json', UsernamePasswordJsonAuthenticationListener::class) ->abstract() @@ -191,6 +195,7 @@ return static function (ContainerConfigurator $container) { ]) ->call('setTranslator', [service('translator')->ignoreOnInvalid()]) ->tag('monolog.logger', ['channel' => 'security']) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.listener.remote_user', RemoteUserAuthenticationListener::class) ->abstract() @@ -203,6 +208,7 @@ return static function (ContainerConfigurator $container) { service('event_dispatcher')->nullOnInvalid(), ]) ->tag('monolog.logger', ['channel' => 'security']) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.listener.basic', BasicAuthenticationListener::class) ->abstract() @@ -214,6 +220,7 @@ return static function (ContainerConfigurator $container) { service('logger')->nullOnInvalid(), ]) ->tag('monolog.logger', ['channel' => 'security']) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.provider.dao', DaoAuthenticationProvider::class) ->abstract() @@ -224,6 +231,7 @@ return static function (ContainerConfigurator $container) { service('security.password_hasher_factory'), param('security.authentication.hide_user_not_found'), ]) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.provider.ldap_bind', LdapBindAuthenticationProvider::class) ->abstract() @@ -237,6 +245,7 @@ return static function (ContainerConfigurator $container) { abstract_arg('search dn'), abstract_arg('search password'), ]) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.provider.pre_authenticated', PreAuthenticatedAuthenticationProvider::class) ->abstract() @@ -244,6 +253,7 @@ return static function (ContainerConfigurator $container) { abstract_arg('User Provider'), abstract_arg('UserChecker'), ]) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.exception_listener', ExceptionListener::class) ->abstract() diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.php index e1b279d09a..1c0e3557ef 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.php +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.php @@ -32,10 +32,12 @@ return static function (ContainerConfigurator $container) { service('security.authentication.session_strategy'), ]) ->tag('monolog.logger', ['channel' => 'security']) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.authentication.provider.rememberme', RememberMeAuthenticationProvider::class) ->abstract() ->args([abstract_arg('User Checker')]) + ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.') ->set('security.rememberme.token.provider.in_memory', InMemoryTokenProvider::class) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php index cfa6b5e028..e9dfde9344 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php @@ -139,6 +139,7 @@ class AddSessionDomainConstraintPassTest extends TestCase $config = [ 'security' => [ + 'enable_authenticator_manager' => true, 'providers' => ['some_provider' => ['id' => 'foo']], 'firewalls' => ['some_firewall' => ['security' => false]], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index 9e8a044923..b48704cec9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -127,6 +127,127 @@ abstract class CompleteConfigurationTest extends TestCase $configs[0][2] = strtolower($configs[0][2]); $configs[2][2] = strtolower($configs[2][2]); + $this->assertEquals([ + [ + 'simple', + 'security.user_checker', + '.security.request_matcher.xmi9dcw', + false, + false, + '', + '', + '', + '', + '', + [], + null, + ], + [ + 'secure', + 'security.user_checker', + null, + true, + true, + 'security.user.provider.concrete.default', + null, + 'security.authenticator.form_login.secure', + null, + null, + [ + 'switch_user', + 'x509', + 'remote_user', + 'form_login', + 'http_basic', + 'remember_me', + ], + [ + 'parameter' => '_switch_user', + 'role' => 'ROLE_ALLOWED_TO_SWITCH', + ], + ], + [ + 'host', + 'security.user_checker', + '.security.request_matcher.iw4hyjb', + true, + false, + 'security.user.provider.concrete.default', + 'host', + 'security.authenticator.http_basic.host', + null, + null, + [ + 'http_basic', + ], + null, + ], + [ + 'with_user_checker', + 'app.user_checker', + null, + true, + false, + 'security.user.provider.concrete.default', + 'with_user_checker', + 'security.authenticator.http_basic.with_user_checker', + null, + null, + [ + 'http_basic', + ], + null, + ], + ], $configs); + + $this->assertEquals([ + [], + [ + 'security.channel_listener', + 'security.firewall.authenticator.secure', + 'security.authentication.switchuser_listener.secure', + 'security.access_listener', + ], + [ + 'security.channel_listener', + 'security.context_listener.0', + 'security.firewall.authenticator.host', + 'security.access_listener', + ], + [ + 'security.channel_listener', + 'security.context_listener.1', + 'security.firewall.authenticator.with_user_checker', + 'security.access_listener', + ], + ], $listeners); + + $this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered')); + } + + /** + * @group legacy + */ + public function testLegacyFirewalls() + { + $container = $this->getContainer('legacy_container1'); + $arguments = $container->getDefinition('security.firewall.map')->getArguments(); + $listeners = []; + $configs = []; + foreach (array_keys($arguments[1]->getValues()) as $contextId) { + $contextDef = $container->getDefinition($contextId); + $arguments = $contextDef->getArguments(); + $listeners[] = array_map('strval', $arguments[0]->getValues()); + + $configDef = $container->getDefinition((string) $arguments[3]); + $configs[] = array_values($configDef->getArguments()); + } + + // the IDs of the services are case sensitive or insensitive depending on + // the Symfony version. Transform them to lowercase to simplify tests. + $configs[0][2] = strtolower($configs[0][2]); + $configs[2][2] = strtolower($configs[2][2]); + $this->assertEquals([ [ 'simple', @@ -881,15 +1002,21 @@ abstract class CompleteConfigurationTest extends TestCase ]], $container->getDefinition('security.password_hasher_factory')->getArguments()); } - public function testRememberMeThrowExceptionsDefault() + /** + * @group legacy + */ + public function testLegacyRememberMeThrowExceptionsDefault() { - $container = $this->getContainer('container1'); + $container = $this->getContainer('legacy_container1'); $this->assertTrue($container->getDefinition('security.authentication.listener.rememberme.secure')->getArgument(5)); } - public function testRememberMeThrowExceptions() + /** + * @group legacy + */ + public function testLegacyRememberMeThrowExceptions() { - $container = $this->getContainer('remember_me_options'); + $container = $this->getContainer('legacy_remember_me_options'); $service = $container->getDefinition('security.authentication.listener.rememberme.main'); $this->assertEquals('security.authentication.rememberme.services.persistent.main', $service->getArgument(1)); $this->assertFalse($service->getArgument(5)); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php index 1d0a090f3f..6d011aebd5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'access_decision_manager' => [ 'allow_if_all_abstain' => true, 'allow_if_equal_granted_denied' => false, diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php index 1f0adbf301..cfa7751b7b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php index 8f615904dd..dee30bedc9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'access_decision_manager' => [ 'service' => 'app.access_decision_manager', ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php index bd78bdf24d..d964561c42 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'access_decision_manager' => [ 'service' => 'app.access_decision_manager', 'strategy' => 'affirmative', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php index 341f772e87..6254f57478 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'argon2i', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php index a416b3440d..ac29b31e09 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'bcrypt', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index 6118929a36..76d17b4820 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'password_hashers' => [ 'JMS\FooBundle\Entity\User1' => 'plaintext', 'JMS\FooBundle\Entity\User2' => [ @@ -70,26 +71,24 @@ $container->loadFromExtension('security', [ 'provider' => 'default', 'http_basic' => true, 'form_login' => true, - 'anonymous' => true, 'switch_user' => true, 'x509' => true, 'remote_user' => true, 'logout' => true, 'remember_me' => ['secret' => 'TheSecret'], 'user_checker' => null, + 'entry_point' => 'form_login' ], 'host' => [ 'provider' => 'default', 'pattern' => '/test', 'host' => 'foo\\.example\\.org', 'methods' => ['GET', 'POST'], - 'anonymous' => true, 'http_basic' => true, ], 'with_user_checker' => [ 'provider' => 'default', 'user_checker' => 'app.user_checker', - 'anonymous' => true, 'http_basic' => true, ], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php index 68b8439a7d..eeec20726a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => [ 'memory' => $memory = [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php index 7c811cae1a..dd90214810 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/legacy_container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/legacy_container1.php new file mode 100644 index 0000000000..6118929a36 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/legacy_container1.php @@ -0,0 +1,108 @@ +loadFromExtension('security', [ + 'password_hashers' => [ + 'JMS\FooBundle\Entity\User1' => 'plaintext', + 'JMS\FooBundle\Entity\User2' => [ + 'algorithm' => 'sha1', + 'encode_as_base64' => false, + 'iterations' => 5, + ], + 'JMS\FooBundle\Entity\User3' => [ + 'algorithm' => 'md5', + ], + 'JMS\FooBundle\Entity\User4' => [ + 'id' => 'security.hasher.foo', + ], + 'JMS\FooBundle\Entity\User5' => [ + 'algorithm' => 'pbkdf2', + 'hash_algorithm' => 'sha1', + 'encode_as_base64' => false, + 'iterations' => 5, + 'key_length' => 30, + ], + 'JMS\FooBundle\Entity\User6' => [ + 'algorithm' => 'native', + 'time_cost' => 8, + 'memory_cost' => 100, + 'cost' => 15, + ], + 'JMS\FooBundle\Entity\User7' => [ + 'algorithm' => 'auto', + ], + ], + 'providers' => [ + 'default' => [ + 'memory' => [ + 'users' => [ + 'foo' => ['password' => 'foo', 'roles' => 'ROLE_USER'], + ], + ], + ], + 'digest' => [ + 'memory' => [ + 'users' => [ + 'foo' => ['password' => 'foo', 'roles' => 'ROLE_USER, ROLE_ADMIN'], + ], + ], + ], + 'basic' => [ + 'memory' => [ + 'users' => [ + 'foo' => ['password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => 'ROLE_SUPER_ADMIN'], + 'bar' => ['password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => ['ROLE_USER', 'ROLE_ADMIN']], + ], + ], + ], + 'service' => [ + 'id' => 'user.manager', + ], + 'chain' => [ + 'chain' => [ + 'providers' => ['service', 'basic'], + ], + ], + ], + + 'firewalls' => [ + 'simple' => ['provider' => 'default', 'pattern' => '/login', 'security' => false], + 'secure' => ['stateless' => true, + 'provider' => 'default', + 'http_basic' => true, + 'form_login' => true, + 'anonymous' => true, + 'switch_user' => true, + 'x509' => true, + 'remote_user' => true, + 'logout' => true, + 'remember_me' => ['secret' => 'TheSecret'], + 'user_checker' => null, + ], + 'host' => [ + 'provider' => 'default', + 'pattern' => '/test', + 'host' => 'foo\\.example\\.org', + 'methods' => ['GET', 'POST'], + 'anonymous' => true, + 'http_basic' => true, + ], + 'with_user_checker' => [ + 'provider' => 'default', + 'user_checker' => 'app.user_checker', + 'anonymous' => true, + 'http_basic' => true, + ], + ], + + 'access_control' => [ + ['path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https', 'methods' => ['get', 'POST'], 'port' => 8000], + ['path' => '/blog/.*', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'], + ['path' => '/blog/524', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'allow_if' => "token.getUserIdentifier() matches '/^admin/'"], + ], + + 'role_hierarchy' => [ + 'ROLE_ADMIN' => 'ROLE_USER', + 'ROLE_SUPER_ADMIN' => ['ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'], + 'ROLE_REMOTE' => 'ROLE_USER,ROLE_ADMIN', + ], +]); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/legacy_remember_me_options.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/legacy_remember_me_options.php new file mode 100644 index 0000000000..cfbef609a1 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/legacy_remember_me_options.php @@ -0,0 +1,18 @@ +loadFromExtension('security', [ + 'providers' => [ + 'default' => ['id' => 'foo'], + ], + + 'firewalls' => [ + 'main' => [ + 'form_login' => true, + 'remember_me' => [ + 'secret' => 'TheSecret', + 'catch_exceptions' => false, + 'token_provider' => 'token_provider_id', + ], + ], + ], +]); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php index 0a6a79f5f2..8ddc21f13e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php index cc0b776e43..10661fae20 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_delete_cookies.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_delete_cookies.php index 8ffe12e3eb..7a40881b65 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_delete_cookies.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_delete_cookies.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php index d0bd809579..03a5f1d28c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php @@ -3,6 +3,7 @@ $this->load('merge_import.php'); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php index c85937d6ea..198935390c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'firewalls' => [ 'main' => [ 'form_login' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php index 342ea64805..3f68562c8a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'argon2i', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php index 7565452eb5..1ac4f46dfe 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => [ 'memory' => [ @@ -16,13 +17,13 @@ $container->loadFromExtension('security', [ 'stateless' => true, 'http_basic' => true, 'form_login' => true, - 'anonymous' => true, 'switch_user' => true, 'x509' => true, 'remote_user' => true, 'logout' => true, 'remember_me' => ['secret' => 'TheSecret'], 'user_checker' => null, + 'entry_point' => 'form_login' ], ], ]); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php index cfbef609a1..0e8963f929 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php index 3ec569ae9a..8f17965b25 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'sodium', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml index 012c8dac7b..9116042908 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml index 1011f45c4a..85c8050cbc 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml index ebc208c057..3e189b8c61 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml index 1f2133ffe0..5b70a4614a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml index 3dc2c685be..8168af333e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml index d4c5d3ded1..a1f784ed96 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index ed7afe5e83..c97dd5bf7e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + @@ -50,10 +50,9 @@ - + - @@ -62,12 +61,10 @@ - - app.user_checker diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml index 52a64d2f42..6f74984045 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml index a61d597fad..a80f613e00 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/legacy_container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/legacy_container1.xml new file mode 100644 index 0000000000..ed7afe5e83 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/legacy_container1.xml @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + app.user_checker + + + ROLE_USER + ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH + ROLE_USER,ROLE_ADMIN + + + + + + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/legacy_remember_me_options.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/legacy_remember_me_options.xml new file mode 100644 index 0000000000..767397ada3 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/legacy_remember_me_options.xml @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml index 1ba3c5e509..b45f378a5b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml index 314f25d263..bdf9d5ec83 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_delete_cookies.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_delete_cookies.xml index e66043c359..78fdc86f8d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_delete_cookies.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_delete_cookies.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml index 8caaeeb153..569e20e65e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml index e518a7d9ac..c7c237f2fe 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml index a4a9d2010d..d0d0b4ff91 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml @@ -12,7 +12,7 @@ - + bcrypt diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml index 3c545ecedc..c4dea529ba 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + @@ -16,10 +16,9 @@ - + - diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml index 767397ada3..9921d6c5fe 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml index fd5cacef7b..67d4d1304b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml index a8d044f1de..db0f2b551c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true access_decision_manager: allow_if_all_abstain: true allow_if_equal_granted_denied: false diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml index f7fb5adc2c..adfeffa5fb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml index 7ef3d8d93c..b162a45916 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true access_decision_manager: service: app.access_decision_manager providers: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml index bd38b21ef3..ced97bb533 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true access_decision_manager: service: app.access_decision_manager strategy: affirmative diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml index 1079d6e5f8..0ae8214f12 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + enable_authenticator_manager: true password_hashers: JMS\FooBundle\Entity\User7: algorithm: argon2i diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml index 8e8397486d..c8a4a71ce4 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + enable_authenticator_manager: true password_hashers: JMS\FooBundle\Entity\User7: algorithm: bcrypt diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index 3eb50b91b7..16de382cc1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true password_hashers: JMS\FooBundle\Entity\User1: plaintext JMS\FooBundle\Entity\User2: @@ -51,7 +52,6 @@ security: stateless: true http_basic: true form_login: true - anonymous: true switch_user: x509: true remote_user: true @@ -59,18 +59,17 @@ security: remember_me: secret: TheSecret user_checker: ~ + entry_point: form_login host: provider: default pattern: /test host: foo\.example\.org methods: [GET,POST] - anonymous: true http_basic: true with_user_checker: provider: default - anonymous: ~ http_basic: ~ user_checker: app.user_checker diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml index 11c329aa8e..9aa008a75d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml index ec26640540..e10a2eaf39 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/legacy_container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/legacy_container1.yml new file mode 100644 index 0000000000..3eb50b91b7 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/legacy_container1.yml @@ -0,0 +1,87 @@ +security: + password_hashers: + JMS\FooBundle\Entity\User1: plaintext + JMS\FooBundle\Entity\User2: + algorithm: sha1 + encode_as_base64: false + iterations: 5 + JMS\FooBundle\Entity\User3: + algorithm: md5 + JMS\FooBundle\Entity\User4: + id: security.hasher.foo + JMS\FooBundle\Entity\User5: + algorithm: pbkdf2 + hash_algorithm: sha1 + encode_as_base64: false + iterations: 5 + key_length: 30 + JMS\FooBundle\Entity\User6: + algorithm: native + time_cost: 8 + memory_cost: 100 + cost: 15 + JMS\FooBundle\Entity\User7: + algorithm: auto + + providers: + default: + memory: + users: + foo: { password: foo, roles: ROLE_USER } + digest: + memory: + users: + foo: { password: foo, roles: 'ROLE_USER, ROLE_ADMIN' } + basic: + memory: + users: + foo: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: ROLE_SUPER_ADMIN } + bar: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: [ROLE_USER, ROLE_ADMIN] } + service: + id: user.manager + chain: + chain: + providers: [service, basic] + + + firewalls: + simple: { pattern: /login, security: false } + secure: + provider: default + stateless: true + http_basic: true + form_login: true + anonymous: true + switch_user: + x509: true + remote_user: true + logout: true + remember_me: + secret: TheSecret + user_checker: ~ + + host: + provider: default + pattern: /test + host: foo\.example\.org + methods: [GET,POST] + anonymous: true + http_basic: true + + with_user_checker: + provider: default + anonymous: ~ + http_basic: ~ + user_checker: app.user_checker + + role_hierarchy: + ROLE_ADMIN: ROLE_USER + ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] + ROLE_REMOTE: ROLE_USER,ROLE_ADMIN + + access_control: + - { path: /blog/524, role: ROLE_USER, requires_channel: https, methods: [get, POST], port: 8000} + - + path: /blog/.* + role: IS_AUTHENTICATED_ANONYMOUSLY + - { path: /blog/524, role: IS_AUTHENTICATED_ANONYMOUSLY, allow_if: "token.getUserIdentifier() matches '/^admin/'" } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/legacy_remember_me_options.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/legacy_remember_me_options.yml new file mode 100644 index 0000000000..a521c8c6a8 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/legacy_remember_me_options.yml @@ -0,0 +1,12 @@ +security: + providers: + default: + id: foo + + firewalls: + main: + form_login: true + remember_me: + secret: TheSecret + catch_exceptions: false + token_provider: token_provider_id diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml index 652f23b5f0..c3c1c28289 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml index 1916df4c2e..3cab5355dd 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_delete_cookies.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_delete_cookies.yml index 09bea8c13a..a94bc1ff8f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_delete_cookies.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_delete_cookies.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true providers: default: id: foo diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml index 60c0bbea55..50ae533138 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml @@ -2,6 +2,7 @@ imports: - { resource: merge_import.yml } security: + enable_authenticator_manager: true providers: default: { id: foo } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml index 4f8db0a09f..bf91f016a2 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true firewalls: main: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml index 8657b1ee74..60ac97f48f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + enable_authenticator_manager: true password_hashers: JMS\FooBundle\Entity\User7: algorithm: argon2i diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml index 6a196597c5..d42c45edb0 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml @@ -1,4 +1,6 @@ security: + enable_authenticator_manager: true + providers: default: memory: @@ -11,7 +13,6 @@ security: stateless: true http_basic: true form_login: true - anonymous: true switch_user: true x509: true remote_user: true @@ -19,3 +20,4 @@ security: remember_me: secret: TheSecret user_checker: ~ + entry_point: form_login diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml index a521c8c6a8..b4a1a8f6e4 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml @@ -1,4 +1,6 @@ security: + enable_authenticator_manager: true + providers: default: id: foo diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml index 955a0b2a20..7c417bfe71 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + enable_authenticator_manager: true password_hashers: JMS\FooBundle\Entity\User7: algorithm: sodium diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php index deb811d51b..3df3550923 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php @@ -49,6 +49,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -66,6 +67,9 @@ class SecurityExtensionTest extends TestCase $container->compile(); } + /** + * @group legacy + */ public function testFirewallWithoutAuthenticationListener() { $this->expectException(InvalidConfigurationException::class); @@ -97,6 +101,7 @@ class SecurityExtensionTest extends TestCase $extension->addUserProviderFactory(new DummyProvider()); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'my_foo' => ['foo' => []], ], @@ -117,6 +122,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -136,6 +142,9 @@ class SecurityExtensionTest extends TestCase $this->assertFalse($container->hasDefinition('security.access.role_hierarchy_voter')); } + /** + * @group legacy + */ public function testGuardHandlerIsPassedStatelessFirewalls() { $container = $this->getRawContainer(); @@ -168,6 +177,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -190,6 +200,7 @@ class SecurityExtensionTest extends TestCase { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -212,6 +223,7 @@ class SecurityExtensionTest extends TestCase $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" listener on "ambiguous" firewall is ambiguous as there is more than one registered provider.'); $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -232,6 +244,7 @@ class SecurityExtensionTest extends TestCase { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -241,7 +254,6 @@ class SecurityExtensionTest extends TestCase 'default' => [ 'form_login' => ['provider' => 'second'], 'remember_me' => ['secret' => 'baz'], - 'anonymous' => true, ], ], ]); @@ -257,6 +269,7 @@ class SecurityExtensionTest extends TestCase $rawExpression = "'foo' == 'bar' or 1 in [1, 3, 3]"; $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -295,6 +308,7 @@ class SecurityExtensionTest extends TestCase { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -315,6 +329,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -337,6 +352,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -357,6 +373,7 @@ class SecurityExtensionTest extends TestCase /** * @dataProvider sessionConfigurationProvider + * @group legacy */ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $samesite, $secure) { @@ -396,6 +413,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -471,6 +489,7 @@ class SecurityExtensionTest extends TestCase { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -481,7 +500,6 @@ class SecurityExtensionTest extends TestCase 'switch_user' => [ 'provider' => 'second', ], - 'anonymous' => true, ], ], ]); @@ -496,6 +514,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -521,6 +540,7 @@ class SecurityExtensionTest extends TestCase $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -542,6 +562,7 @@ class SecurityExtensionTest extends TestCase } /** + * @group legacy * @dataProvider provideEntryPointFirewalls */ public function testAuthenticatorManagerEnabledEntryPoint(array $firewall, $entryPointId) @@ -738,6 +759,9 @@ class SecurityExtensionTest extends TestCase yield [['user_checker' => TestUserChecker::class], TestUserChecker::class]; } + /** + * @group legacy + */ public function testConfigureCustomFirewallListener() { $container = $this->getRawContainer(); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AnonymousTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AnonymousTest.php index fdee9bce9b..f0155701cb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AnonymousTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AnonymousTest.php @@ -11,6 +11,9 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional; +/** + * @group legacy + */ class AnonymousTest extends AbstractWebTestCase { public function testAnonymous() diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php index 0e636a4e2f..6e6267b7f8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php @@ -13,20 +13,22 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional; class AuthenticationCommencingTest extends AbstractWebTestCase { - /** - * @dataProvider provideClientOptions - */ - public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped(array $options) + public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped() { - $client = $this->createClient($options); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml']); $client->request('GET', '/secure-but-not-covered-by-access-control'); $this->assertRedirect($client->getResponse(), '/login'); } - public function provideClientOptions() + /** + * @group legacy + */ + public function testLegacyAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped() { - yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; - yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml']); + + $client->request('GET', '/secure-but-not-covered-by-access-control'); + $this->assertRedirect($client->getResponse(), '/login'); } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php index 9e3b4a5523..9aa2b6f80a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php @@ -30,6 +30,22 @@ class AutowiringTypesTest extends AbstractWebTestCase $this->assertInstanceOf(TraceableAccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The debug.security.access.decision_manager service should be injected in non-debug mode'); } + /** + * @group legacy + */ + public function testLegacyAccessDecisionManagerAutowiring() + { + static::bootKernel(['debug' => false, 'root_config' => 'legacy_config.yml']); + + $autowiredServices = static::getContainer()->get('test.autowiring_types.autowired_services'); + $this->assertInstanceOf(AccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The security.access.decision_manager service should be injected in debug mode'); + + static::bootKernel(['debug' => true, 'root_config' => 'legacy_config.yml']); + + $autowiredServices = static::getContainer()->get('test.autowiring_types.autowired_services'); + $this->assertInstanceOf(TraceableAccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The debug.security.access.decision_manager service should be injected in non-debug mode'); + } + protected static function createKernel(array $options = []): KernelInterface { return parent::createKernel(['test_case' => 'AutowiringTypes'] + $options); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php index 81a4227272..6d1323bc1c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php @@ -100,11 +100,106 @@ class CsrfFormLoginTest extends AbstractWebTestCase $this->assertStringContainsString('You\'re browsing to path "/protected-resource".', $text); } + /** + * @group legacy + * @dataProvider provideLegacyClientOptions + */ + public function testLegacyFormLoginAndLogoutWithCsrfTokens($options) + { + $client = $this->createClient($options); + + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['user_login[username]'] = 'johannes'; + $form['user_login[password]'] = 'test'; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/profile'); + + $crawler = $client->followRedirect(); + + $text = $crawler->text(null, true); + $this->assertStringContainsString('Hello johannes!', $text); + $this->assertStringContainsString('You\'re browsing to path "/profile".', $text); + + $logoutLinks = $crawler->selectLink('Log out')->links(); + $this->assertCount(2, $logoutLinks); + $this->assertStringContainsString('_csrf_token=', $logoutLinks[0]->getUri()); + + $client->click($logoutLinks[0]); + + $this->assertRedirect($client->getResponse(), '/'); + } + + /** + * @group legacy + * @dataProvider provideLegacyClientOptions + */ + public function testLegacyFormLoginWithInvalidCsrfToken($options) + { + $client = $this->createClient($options); + + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['user_login[_token]'] = ''; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/login'); + + $text = $client->followRedirect()->text(null, true); + $this->assertStringContainsString('Invalid CSRF token.', $text); + } + + /** + * @group legacy + * @dataProvider provideLegacyClientOptions + */ + public function testFormLegacyLoginWithCustomTargetPath($options) + { + $client = $this->createClient($options); + + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['user_login[username]'] = 'johannes'; + $form['user_login[password]'] = 'test'; + $form['user_login[_target_path]'] = '/foo'; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/foo'); + + $text = $client->followRedirect()->text(null, true); + $this->assertStringContainsString('Hello johannes!', $text); + $this->assertStringContainsString('You\'re browsing to path "/foo".', $text); + } + + /** + * @group legacy + * @dataProvider provideLegacyClientOptions + */ + public function testLegacyFormLoginRedirectsToProtectedResourceAfterLogin($options) + { + $client = $this->createClient($options); + + $client->request('GET', '/protected-resource'); + $this->assertRedirect($client->getResponse(), '/login'); + + $form = $client->followRedirect()->selectButton('login')->form(); + $form['user_login[username]'] = 'johannes'; + $form['user_login[password]'] = 'test'; + $client->submit($form); + $this->assertRedirect($client->getResponse(), '/protected-resource'); + + $text = $client->followRedirect()->text(null, true); + $this->assertStringContainsString('Hello johannes!', $text); + $this->assertStringContainsString('You\'re browsing to path "/protected-resource".', $text); + } + public function provideClientOptions() { yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; - yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]]; + } + + public function provideLegacyClientOptions() + { + yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; yield [['test_case' => 'CsrfFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]]; } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php index 91cccd1c46..c2399cb652 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FirewallEntryPointTest.php @@ -15,9 +15,25 @@ use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\FirewallEntryPointBund class FirewallEntryPointTest extends AbstractWebTestCase { + public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials() + { + $client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']); + + $client->request('GET', '/secure/resource'); + + $this->assertEquals( + EntryPointStub::RESPONSE_TEXT, + $client->getResponse()->getContent(), + "Custom entry point wasn't started" + ); + } + + /** + * @group legacy + */ public function testItUsesTheConfiguredEntryPointWhenUsingUnknownCredentials() { - $client = $this->createClient(['test_case' => 'FirewallEntryPoint']); + $client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'legacy_config.yml']); $client->request('GET', '/secure/resource', [], [], [ 'PHP_AUTH_USER' => 'unknown', @@ -32,11 +48,11 @@ class FirewallEntryPointTest extends AbstractWebTestCase } /** - * @dataProvider provideSecuritySystems + * @group legacy */ - public function testItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials(array $options) + public function testLegacyItUsesTheConfiguredEntryPointFromTheExceptionListenerWithFormLoginAndNoCredentials() { - $client = $this->createClient($options + ['test_case' => 'FirewallEntryPoint', 'root_config' => 'config_form_login.yml']); + $client = $this->createClient(['test_case' => 'FirewallEntryPoint', 'root_config' => 'legacy_config_form_login.yml']); $client->request('GET', '/secure/resource'); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php index de3c15ab83..b1d38f40ef 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php @@ -153,11 +153,158 @@ class FormLoginTest extends AbstractWebTestCase } } + /** + * @dataProvider provideLegacyClientOptions + * @group legacy + */ + public function testLegacyFormLogin(array $options) + { + $client = $this->createClient($options); + + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'test'; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/profile'); + + $text = $client->followRedirect()->text(null, true); + $this->assertStringContainsString('Hello johannes!', $text); + $this->assertStringContainsString('You\'re browsing to path "/profile".', $text); + } + + /** + * @dataProvider provideLegacyClientOptions + * @group legacy + */ + public function testLegacyFormLogout(array $options) + { + $client = $this->createClient($options); + + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'test'; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/profile'); + + $crawler = $client->followRedirect(); + $text = $crawler->text(null, true); + + $this->assertStringContainsString('Hello johannes!', $text); + $this->assertStringContainsString('You\'re browsing to path "/profile".', $text); + + $logoutLinks = $crawler->selectLink('Log out')->links(); + $this->assertCount(6, $logoutLinks); + $this->assertSame($logoutLinks[0]->getUri(), $logoutLinks[1]->getUri()); + $this->assertSame($logoutLinks[2]->getUri(), $logoutLinks[3]->getUri()); + $this->assertSame($logoutLinks[4]->getUri(), $logoutLinks[5]->getUri()); + + $this->assertNotSame($logoutLinks[0]->getUri(), $logoutLinks[2]->getUri()); + $this->assertNotSame($logoutLinks[1]->getUri(), $logoutLinks[3]->getUri()); + + $this->assertSame($logoutLinks[0]->getUri(), $logoutLinks[4]->getUri()); + $this->assertSame($logoutLinks[1]->getUri(), $logoutLinks[5]->getUri()); + } + + /** + * @dataProvider provideLegacyClientOptions + * @group legacy + */ + public function testLegacyFormLoginWithCustomTargetPath(array $options) + { + $client = $this->createClient($options); + + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'test'; + $form['_target_path'] = '/foo'; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/foo'); + + $text = $client->followRedirect()->text(null, true); + $this->assertStringContainsString('Hello johannes!', $text); + $this->assertStringContainsString('You\'re browsing to path "/foo".', $text); + } + + /** + * @dataProvider provideLegacyClientOptions + * @group legacy + */ + public function testLegacyFormLoginRedirectsToProtectedResourceAfterLogin(array $options) + { + $client = $this->createClient($options); + + $client->request('GET', '/protected_resource'); + $this->assertRedirect($client->getResponse(), '/login'); + + $form = $client->followRedirect()->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'test'; + $client->submit($form); + $this->assertRedirect($client->getResponse(), '/protected_resource'); + + $text = $client->followRedirect()->text(null, true); + $this->assertStringContainsString('Hello johannes!', $text); + $this->assertStringContainsString('You\'re browsing to path "/protected_resource".', $text); + } + + /** + * @group time-sensitive + * @group legacy + */ + public function testLegacyLoginThrottling() + { + if (!class_exists(LoginThrottlingListener::class)) { + $this->markTestSkipped('Login throttling requires symfony/security-http:^5.2'); + } + + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_login_throttling.yml', 'enable_authenticator_manager' => true]); + + $attempts = [ + ['johannes', 'wrong'], + ['johannes', 'also_wrong'], + ['wrong', 'wrong'], + ['johannes', 'wrong_again'], + ]; + foreach ($attempts as $i => $attempt) { + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['_username'] = $attempt[0]; + $form['_password'] = $attempt[1]; + $client->submit($form); + + $text = $client->followRedirect()->text(null, true); + switch ($i) { + case 0: // First attempt : Invalid credentials (OK) + $this->assertStringContainsString('Invalid credentials', $text, 'Invalid response on 1st attempt'); + + break; + case 1: // Second attempt : login throttling ! + $this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 2nd attempt'); + + break; + case 2: // Third attempt with unexisting username + $this->assertStringContainsString('Invalid credentials.', $text, 'Invalid response on 3rd attempt'); + + break; + case 3: // Fourth attempt : still login throttling ! + $this->assertStringContainsString('Too many failed login attempts, please try again in 8 minutes.', $text, 'Invalid response on 4th attempt'); + + break; + } + } + } + public function provideClientOptions() { - yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; - yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml', 'enable_authenticator_manager' => true]]; yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]]; + } + + public function provideLegacyClientOptions() + { + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]]; } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/GuardedTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/GuardedTest.php index 83cd4118d7..6816442a23 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/GuardedTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/GuardedTest.php @@ -11,6 +11,9 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional; +/** + * @group legacy + */ class GuardedTest extends AbstractWebTestCase { public function testGuarded() diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php index 20010349ef..133c294b09 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php @@ -18,12 +18,9 @@ use Symfony\Component\HttpFoundation\JsonResponse; */ class JsonLoginTest extends AbstractWebTestCase { - /** - * @dataProvider provideSecuritySystems - */ - public function testDefaultJsonLoginSuccess(array $options) + public function testDefaultJsonLoginSuccess() { - $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}'); $response = $client->getResponse(); @@ -32,12 +29,9 @@ class JsonLoginTest extends AbstractWebTestCase $this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true)); } - /** - * @dataProvider provideSecuritySystems - */ - public function testDefaultJsonLoginFailure(array $options) + public function testDefaultJsonLoginFailure() { - $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}'); $response = $client->getResponse(); @@ -46,12 +40,9 @@ class JsonLoginTest extends AbstractWebTestCase $this->assertSame(['error' => 'Invalid credentials.'], json_decode($response->getContent(), true)); } - /** - * @dataProvider provideSecuritySystems - */ - public function testCustomJsonLoginSuccess(array $options) + public function testCustomJsonLoginSuccess() { - $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}'); $response = $client->getResponse(); @@ -60,12 +51,9 @@ class JsonLoginTest extends AbstractWebTestCase $this->assertSame(['message' => 'Good game @dunglas!'], json_decode($response->getContent(), true)); } - /** - * @dataProvider provideSecuritySystems - */ - public function testCustomJsonLoginFailure(array $options) + public function testCustomJsonLoginFailure() { - $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}'); $response = $client->getResponse(); @@ -75,11 +63,81 @@ class JsonLoginTest extends AbstractWebTestCase } /** - * @dataProvider provideSecuritySystems + * @group legacy */ - public function testDefaultJsonLoginBadRequest(array $options) + public function testDefaultJsonLoginBadRequest() { - $client = $this->createClient($options + ['test_case' => 'JsonLogin', 'root_config' => 'config.yml']); + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']); + $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], 'Not a json content'); + $response = $client->getResponse(); + + $this->assertSame(400, $response->getStatusCode()); + $this->assertSame('application/json', $response->headers->get('Content-Type')); + $this->assertSame(['type' => 'https://tools.ietf.org/html/rfc2616#section-10', 'title' => 'An error occurred', 'status' => 400, 'detail' => 'Bad Request'], json_decode($response->getContent(), true)); + } + + /** + * @group legacy + */ + public function testLegacyDefaultJsonLoginSuccess() + { + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']); + $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}'); + $response = $client->getResponse(); + + $this->assertInstanceOf(JsonResponse::class, $response); + $this->assertSame(200, $response->getStatusCode()); + $this->assertSame(['message' => 'Welcome @dunglas!'], json_decode($response->getContent(), true)); + } + + /** + * @group legacy + */ + public function testLegacyDefaultJsonLoginFailure() + { + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']); + $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}'); + $response = $client->getResponse(); + + $this->assertInstanceOf(JsonResponse::class, $response); + $this->assertSame(401, $response->getStatusCode()); + $this->assertSame(['error' => 'Invalid credentials.'], json_decode($response->getContent(), true)); + } + + /** + * @group legacy + */ + public function testLegacyCustomJsonLoginSuccess() + { + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_custom_handlers.yml']); + $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "foo"}}'); + $response = $client->getResponse(); + + $this->assertInstanceOf(JsonResponse::class, $response); + $this->assertSame(200, $response->getStatusCode()); + $this->assertSame(['message' => 'Good game @dunglas!'], json_decode($response->getContent(), true)); + } + + /** + * @group legacy + */ + public function testLegacyCustomJsonLoginFailure() + { + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_custom_handlers.yml']); + $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], '{"user": {"login": "dunglas", "password": "bad"}}'); + $response = $client->getResponse(); + + $this->assertInstanceOf(JsonResponse::class, $response); + $this->assertSame(500, $response->getStatusCode()); + $this->assertSame(['message' => 'Something went wrong'], json_decode($response->getContent(), true)); + } + + /** + * @group legacy + */ + public function testLegacyDefaultJsonLoginBadRequest() + { + $client = $this->createClient(['test_case' => 'JsonLogin', 'root_config' => 'legacy_config.yml']); $client->request('POST', '/chk', [], [], ['CONTENT_TYPE' => 'application/json'], 'Not a json content'); $response = $client->getResponse(); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php index 334c526580..a6efa746a3 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php @@ -40,7 +40,7 @@ class LocalizedRoutesAsPathTest extends AbstractWebTestCase */ public function testLoginFailureWithLocalizedFailurePath($locale, array $options) { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => ($options['enable_authenticator_manager'] ? '' : 'legacy_').'localized_form_failure_handler.yml'] + $options); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'localized_form_failure_handler.yml'] + $options); $crawler = $client->request('GET', '/'.$locale.'/login'); $form = $crawler->selectButton('login')->form(); @@ -73,11 +73,79 @@ class LocalizedRoutesAsPathTest extends AbstractWebTestCase $this->assertCount(1, $crawler->selectButton('login'), (string) $client->getResponse()); } + /** + * @group legacy + * @dataProvider getLegacyLocalesAndClientConfig + */ + public function testLegacyLoginLogoutProcedure($locale, array $options) + { + $client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options); + + $crawler = $client->request('GET', '/'.$locale.'/login'); + $form = $crawler->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'test'; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/'.$locale.'/profile'); + $this->assertEquals('Profile', $client->followRedirect()->text()); + + $client->request('GET', '/'.$locale.'/logout'); + $this->assertRedirect($client->getResponse(), '/'.$locale.'/'); + $this->assertEquals('Homepage', $client->followRedirect()->text()); + } + + /** + * @group issue-32995 + * @group legacy + * @dataProvider getLegacyLocalesAndClientConfig + */ + public function testLegacyLoginFailureWithLocalizedFailurePath($locale, array $options) + { + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_localized_form_failure_handler.yml'] + $options); + + $crawler = $client->request('GET', '/'.$locale.'/login'); + $form = $crawler->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'foobar'; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), '/'.$locale.'/login'); + } + + /** + * @group legacy + * @dataProvider getLegacyLocalesAndClientConfig + */ + public function testLegacyAccessRestrictedResource($locale, array $options) + { + $client = $this->createClient(['test_case' => 'StandardFormLogin'] + $options); + + $client->request('GET', '/'.$locale.'/secure/'); + $this->assertRedirect($client->getResponse(), '/'.$locale.'/login'); + } + + /** + * @group legacy + * @dataProvider getLegacyLocalesAndClientConfig + */ + public function testLegacyAccessRestrictedResourceWithForward($locale, array $options) + { + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_localized_routes_with_forward.yml'] + $options); + + $crawler = $client->request('GET', '/'.$locale.'/secure/'); + $this->assertCount(1, $crawler->selectButton('login'), (string) $client->getResponse()); + } + public function getLocalesAndClientConfig() { - yield ['en', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']]; - yield ['en', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']]; - yield ['de', ['enable_authenticator_manager' => true, 'root_config' => 'localized_routes.yml']]; - yield ['de', ['enable_authenticator_manager' => false, 'root_config' => 'legacy_localized_routes.yml']]; + yield ['en', ['root_config' => 'localized_routes.yml']]; + yield ['de', ['root_config' => 'localized_routes.yml']]; + } + + public function getLegacyLocalesAndClientConfig() + { + yield ['en', ['root_config' => 'legacy_localized_routes.yml']]; + yield ['de', ['root_config' => 'legacy_localized_routes.yml']]; } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index 8af5aa7c35..29c0b2282a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -20,12 +20,9 @@ use Symfony\Component\HttpKernel\KernelEvents; class LogoutTest extends AbstractWebTestCase { - /** - * @dataProvider provideSecuritySystems - */ - public function testCsrfTokensAreClearedOnLogout(array $options) + public function testCsrfTokensAreClearedOnLogout() { - $client = $this->createClient($options + ['test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']); + $client = $this->createClient(['enable_authenticator_manager' => true, 'test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']); $client->disableReboot(); $this->callInRequestContext($client, function () { static::getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar'); @@ -49,11 +46,49 @@ class LogoutTest extends AbstractWebTestCase } /** - * @dataProvider provideSecuritySystems + * @group legacy */ - public function testAccessControlDoesNotApplyOnLogout(array $options) + public function testLegacyCsrfTokensAreClearedOnLogout() { - $client = $this->createClient($options + ['test_case' => 'Logout', 'root_config' => 'config_access.yml']); + $client = $this->createClient(['enable_authenticator_manager' => false, 'test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml']); + $client->disableReboot(); + $this->callInRequestContext($client, function () { + static::getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar'); + }); + + $client->request('POST', '/login', [ + '_username' => 'johannes', + '_password' => 'test', + ]); + + $this->callInRequestContext($client, function () { + $this->assertTrue(static::getContainer()->get('security.csrf.token_storage')->hasToken('foo')); + $this->assertSame('bar', static::getContainer()->get('security.csrf.token_storage')->getToken('foo')); + }); + + $client->request('GET', '/logout'); + + $this->callInRequestContext($client, function () { + $this->assertFalse(static::getContainer()->get('security.csrf.token_storage')->hasToken('foo')); + }); + } + + public function testAccessControlDoesNotApplyOnLogout() + { + $client = $this->createClient(['enable_authenticator_manager' => true, 'test_case' => 'Logout', 'root_config' => 'config_access.yml']); + + $client->request('POST', '/login', ['_username' => 'johannes', '_password' => 'test']); + $client->request('GET', '/logout'); + + $this->assertRedirect($client->getResponse(), '/'); + } + + /** + * @group legacy + */ + public function testLegacyAccessControlDoesNotApplyOnLogout() + { + $client = $this->createClient(['enable_authenticator_manager' => false, 'test_case' => 'Logout', 'root_config' => 'config_access.yml']); $client->request('POST', '/login', ['_username' => 'johannes', '_password' => 'test']); $client->request('GET', '/logout'); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php index 6c8ba6482e..0f04a0eece 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php @@ -11,9 +11,24 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional; +use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException; + class MissingUserProviderTest extends AbstractWebTestCase { public function testUserProviderIsNeeded() + { + $client = $this->createClient(['enable_authenticator_manager' => true, 'test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]); + + $this->expectException(InvalidConfigurationException::class); + $this->expectExceptionMessage('"default" firewall requires a user provider but none was defined'); + + $client->request('GET', '/', [], [], [ + 'PHP_AUTH_USER' => 'username', + 'PHP_AUTH_PW' => 'pa$$word', + ]); + } + + public function testLegacyUserProviderIsNeeded() { $client = $this->createClient(['test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php index 304befd326..6933821a77 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php @@ -22,8 +22,11 @@ class RememberMeCookieTest extends AbstractWebTestCase $this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure()); } - /** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */ - public function testOldSessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag) + /** + * @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap + * @group legacy + */ + public function testLegacySessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag) { $client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'legacy_config.yml']); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeTest.php index 9e736f0955..7af43e1154 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeTest.php @@ -13,18 +13,76 @@ namespace Symfony\Bundle\SecurityBundle\Tests\Functional; class RememberMeTest extends AbstractWebTestCase { - public function provideRememberMeSystems() + /** + * @dataProvider provideConfigs + */ + public function testRememberMe(array $options) { - foreach ($this->provideSecuritySystems() as $securitySystem) { - yield [$securitySystem[0] + ['root_config' => 'config_session.yml']]; - yield [$securitySystem[0] + ['root_config' => 'config_persistent.yml']]; - } + $client = $this->createClient(array_merge_recursive(['root_config' => 'config.yml', 'test_case' => 'RememberMe'], $options)); + $client->request('POST', '/login', [ + '_username' => 'johannes', + '_password' => 'test', + ]); + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $client->request('GET', '/profile'); + $this->assertSame('johannes', $client->getResponse()->getContent()); + + // clear session, this should trigger remember me on the next request + $client->getCookieJar()->expire('MOCKSESSID'); + + $client->request('GET', '/profile'); + $this->assertSame('johannes', $client->getResponse()->getContent(), 'Not logged in after resetting session.'); + + // logout, this should clear the remember-me cookie + $client->request('GET', '/logout'); + $this->assertSame(302, $client->getResponse()->getStatusCode(), 'Logout unsuccessful.'); + $this->assertNull($client->getCookieJar()->get('REMEMBERME')); + } + + public function testUserChangeClearsCookie() + { + $client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'clear_on_change_config.yml']); + + $client->request('POST', '/login', [ + '_username' => 'johannes', + '_password' => 'test', + ]); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + $cookieJar = $client->getCookieJar(); + $this->assertNotNull($cookieJar->get('REMEMBERME')); + + $client->request('GET', '/profile'); + $this->assertRedirect($client->getResponse(), '/login'); + $this->assertNull($cookieJar->get('REMEMBERME')); + } + + public function testSessionLessRememberMeLogout() + { + $client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'stateless_config.yml']); + + $client->request('POST', '/login', [ + '_username' => 'johannes', + '_password' => 'test', + ]); + + $cookieJar = $client->getCookieJar(); + $cookieJar->expire(session_name()); + + $this->assertNotNull($cookieJar->get('REMEMBERME')); + $this->assertSame('lax', $cookieJar->get('REMEMBERME')->getSameSite()); + + $client->request('GET', '/logout'); + $this->assertSame(302, $client->getResponse()->getStatusCode(), 'Logout unsuccessful.'); + $this->assertNull($cookieJar->get('REMEMBERME')); } /** - * @dataProvider provideRememberMeSystems + * @dataProvider provideLegacyConfigs + * @group legacy */ - public function testRememberMe(array $options) + public function testLegacyRememberMe(array $options) { $client = $this->createClient(array_merge_recursive(['root_config' => 'config.yml', 'test_case' => 'RememberMe'], $options)); @@ -50,11 +108,11 @@ class RememberMeTest extends AbstractWebTestCase } /** - * @dataProvider provideSecuritySystems + * @group legacy */ - public function testUserChangeClearsCookie(array $options) + public function testLegacyUserChangeClearsCookie() { - $client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'clear_on_change_config.yml'] + $options); + $client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'clear_on_change_config.yml']); $client->request('POST', '/login', [ '_username' => 'johannes', @@ -71,11 +129,11 @@ class RememberMeTest extends AbstractWebTestCase } /** - * @dataProvider provideSecuritySystems + * @group legacy */ - public function testSessionLessRememberMeLogout(array $options) + public function testLegacySessionLessRememberMeLogout() { - $client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'stateless_config.yml'] + $options); + $client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'stateless_config.yml']); $client->request('POST', '/login', [ '_username' => 'johannes', @@ -92,4 +150,16 @@ class RememberMeTest extends AbstractWebTestCase $this->assertSame(302, $client->getResponse()->getStatusCode(), 'Logout unsuccessful.'); $this->assertNull($cookieJar->get('REMEMBERME')); } + + public function provideConfigs() + { + yield [['root_config' => 'config_session.yml']]; + yield [['root_config' => 'config_persistent.yml']]; + } + + public function provideLegacyConfigs() + { + yield [['root_config' => 'legacy_config_session.yml']]; + yield [['root_config' => 'legacy_config_persistent.yml']]; + } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php index d7d38a30c6..b649a4e6fa 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php @@ -120,24 +120,155 @@ class SecurityRoutingIntegrationTest extends AbstractWebTestCase $this->assertAllowed($allowedClient, '/protected-via-expression'); } - /** - * @dataProvider provideSecuritySystems - */ - public function testInvalidIpsInAccessControl(array $options) + public function testInvalidIpsInAccessControl() { $this->expectException(\LogicException::class); $this->expectExceptionMessage('The given value "256.357.458.559" in the "security.access_control" config option is not a valid IP address.'); - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml'] + $options); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml']); + $client->request('GET', '/unprotected_resource'); + } + + public function testPublicHomepage() + { + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml']); + $client->request('GET', '/en/'); + + $this->assertEquals(200, $client->getResponse()->getStatusCode(), (string) $client->getResponse()); + $this->assertTrue($client->getResponse()->headers->getCacheControlDirective('public')); + $this->assertSame(0, self::getContainer()->get('session')->getUsageIndex()); + } + /** + * @dataProvider provideLegacyClientOptions + * @group legacy + */ + public function testLegacyRoutingErrorIsNotExposedForProtectedResourceWhenAnonymous(array $options) + { + $client = $this->createClient($options); + $client->request('GET', '/protected_resource'); + + $this->assertRedirect($client->getResponse(), '/login'); + } + + /** + * @dataProvider provideLegacyClientOptions + * @group legacy + */ + public function testLegacyRoutingErrorIsExposedWhenNotProtected(array $options) + { + $client = $this->createClient($options); + $client->request('GET', '/unprotected_resource'); + + $this->assertEquals(404, $client->getResponse()->getStatusCode(), (string) $client->getResponse()); + } + + /** + * @dataProvider provideLegacyClientOptions + * @group legacy + */ + public function testLegacyRoutingErrorIsNotExposedForProtectedResourceWhenLoggedInWithInsufficientRights(array $options) + { + $client = $this->createClient($options); + + $form = $client->request('GET', '/login')->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'test'; + $client->submit($form); + + $client->request('GET', '/highly_protected_resource'); + + $this->assertNotEquals(404, $client->getResponse()->getStatusCode()); + } + + /** + * @group legacy + * @dataProvider provideLegacyClientOptions + */ + public function testLegacySecurityConfigurationForSingleIPAddress(array $options) + { + $allowedClient = $this->createClient($options, ['REMOTE_ADDR' => '10.10.10.10']); + + $this->ensureKernelShutdown(); + + $barredClient = $this->createClient($options, ['REMOTE_ADDR' => '10.10.20.10']); + + $this->assertAllowed($allowedClient, '/secured-by-one-ip'); + $this->assertRestricted($barredClient, '/secured-by-one-ip'); + } + + /** + * @group legacy + * @dataProvider provideLegacyClientOptions + */ + public function testLegacySecurityConfigurationForMultipleIPAddresses(array $options) + { + $allowedClientA = $this->createClient($options, ['REMOTE_ADDR' => '1.1.1.1']); + + $this->ensureKernelShutdown(); + + $allowedClientB = $this->createClient($options, ['REMOTE_ADDR' => '2.2.2.2']); + + $this->ensureKernelShutdown(); + + $allowedClientC = $this->createClient($options, ['REMOTE_ADDR' => '203.0.113.0']); + + $this->ensureKernelShutdown(); + + $barredClient = $this->createClient($options, ['REMOTE_ADDR' => '192.168.1.1']); + + $this->assertAllowed($allowedClientA, '/secured-by-two-ips'); + $this->assertAllowed($allowedClientB, '/secured-by-two-ips'); + + $this->assertRestricted($allowedClientA, '/secured-by-one-real-ip'); + $this->assertRestricted($allowedClientA, '/secured-by-one-real-ipv6'); + $this->assertAllowed($allowedClientC, '/secured-by-one-real-ip-with-mask'); + + $this->assertRestricted($barredClient, '/secured-by-two-ips'); + } + + /** + * @group legacy + * @dataProvider provideLegacyConfigs + */ + public function testLegacySecurityConfigurationForExpression(array $options) + { + $allowedClient = $this->createClient($options, ['HTTP_USER_AGENT' => 'Firefox 1.0']); + $this->assertAllowed($allowedClient, '/protected-via-expression'); + $this->ensureKernelShutdown(); + + $barredClient = $this->createClient($options, []); + $this->assertRestricted($barredClient, '/protected-via-expression'); + $this->ensureKernelShutdown(); + + $allowedClient = $this->createClient($options, []); + + $allowedClient->request('GET', '/protected-via-expression'); + $form = $allowedClient->followRedirect()->selectButton('login')->form(); + $form['_username'] = 'johannes'; + $form['_password'] = 'test'; + $allowedClient->submit($form); + $this->assertRedirect($allowedClient->getResponse(), '/protected-via-expression'); + $this->assertAllowed($allowedClient, '/protected-via-expression'); + } + + /** + * @group legacy + */ + public function testLegacyInvalidIpsInAccessControl() + { + $this->expectException(\LogicException::class); + $this->expectExceptionMessage('The given value "256.357.458.559" in the "security.access_control" config option is not a valid IP address.'); + + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'invalid_ip_access_control.yml', 'enable_authenticator_manager' => false]); $client->request('GET', '/unprotected_resource'); } /** - * @dataProvider provideSecuritySystems + * @group legacy */ - public function testPublicHomepage(array $options) + public function testLegacyPublicHomepage() { - $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml'] + $options); + $client = $this->createClient(['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml']); $client->request('GET', '/en/'); $this->assertEquals(200, $client->getResponse()->getStatusCode(), (string) $client->getResponse()); @@ -159,13 +290,23 @@ class SecurityRoutingIntegrationTest extends AbstractWebTestCase public function provideClientOptions() { - yield [['test_case' => 'StandardFormLogin', 'root_config' => 'config.yml', 'enable_authenticator_manager' => true]]; - yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml', 'enable_authenticator_manager' => false]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml', 'enable_authenticator_manager' => true]]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]]; + } + + public function provideLegacyClientOptions() + { + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml', 'enable_authenticator_manager' => true]]; yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml', 'enable_authenticator_manager' => true]]; - yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml', 'enable_authenticator_manager' => false]]; } public function provideConfigs() + { + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'base_config.yml']]; + yield [['test_case' => 'StandardFormLogin', 'root_config' => 'routes_as_path.yml']]; + } + + public function provideLegacyConfigs() { yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_config.yml']]; yield [['test_case' => 'StandardFormLogin', 'root_config' => 'legacy_routes_as_path.yml']]; diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php index a1a6c9b6da..d0ac17b1c9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php @@ -35,20 +35,6 @@ class SecurityTest extends AbstractWebTestCase $this->assertSame($token, $security->getToken()); } - public function userWillBeMarkedAsChangedIfRolesHasChangedProvider() - { - return [ - [ - new InMemoryUser('user1', 'test', ['ROLE_ADMIN']), - new InMemoryUser('user1', 'test', ['ROLE_USER']), - ], - [ - new UserWithoutEquatable('user1', 'test', ['ROLE_ADMIN']), - new UserWithoutEquatable('user1', 'test', ['ROLE_USER']), - ], - ]; - } - /** * @dataProvider userWillBeMarkedAsChangedIfRolesHasChangedProvider */ @@ -77,6 +63,69 @@ class SecurityTest extends AbstractWebTestCase $client->request('GET', '/admin'); $this->assertEquals(302, $client->getResponse()->getStatusCode()); } + + /** + * @dataProvider userWillBeMarkedAsChangedIfRolesHasChangedProvider + * @group legacy + */ + public function testLegacyUserWillBeMarkedAsChangedIfRolesHasChanged(UserInterface $userWithAdminRole, UserInterface $userWithoutAdminRole) + { + $client = $this->createClient(['test_case' => 'AbstractTokenCompareRoles', 'root_config' => 'legacy_config.yml']); + $client->disableReboot(); + + /** @var ArrayUserProvider $userProvider */ + $userProvider = static::$kernel->getContainer()->get('security.user.provider.array'); + $userProvider->addUser($userWithAdminRole); + + $client->request('POST', '/login', [ + '_username' => 'user1', + '_password' => 'test', + ]); + + // user1 has ROLE_ADMIN and can visit secure page + $client->request('GET', '/admin'); + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + // updating user provider with same user but revoked ROLE_ADMIN from user1 + $userProvider->setUser('user1', $userWithoutAdminRole); + + // user1 has lost ROLE_ADMIN and MUST be redirected away from secure page + $client->request('GET', '/admin'); + $this->assertEquals(302, $client->getResponse()->getStatusCode()); + } + + /** + * @group legacy + */ + public function testLegacyServiceIsFunctional() + { + $kernel = self::createKernel(['test_case' => 'SecurityHelper', 'root_config' => 'legacy_config.yml']); + $kernel->boot(); + $container = $kernel->getContainer(); + + // put a token into the storage so the final calls can function + $user = new InMemoryUser('foo', 'pass'); + $token = new UsernamePasswordToken($user, '', 'provider', ['ROLE_USER']); + $container->get('functional.test.security.token_storage')->setToken($token); + + $security = $container->get('functional_test.security.helper'); + $this->assertTrue($security->isGranted('ROLE_USER')); + $this->assertSame($token, $security->getToken()); + } + + public function userWillBeMarkedAsChangedIfRolesHasChangedProvider() + { + return [ + [ + new InMemoryUser('user1', 'test', ['ROLE_ADMIN']), + new InMemoryUser('user1', 'test', ['ROLE_USER']), + ], + [ + new UserWithoutEquatable('user1', 'test', ['ROLE_ADMIN']), + new UserWithoutEquatable('user1', 'test', ['ROLE_USER']), + ], + ]; + } } final class UserWithoutEquatable implements UserInterface, PasswordAuthenticatedUserInterface diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php index 194a1d7886..ac86e4815f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php @@ -19,9 +19,22 @@ class SwitchUserTest extends AbstractWebTestCase /** * @dataProvider getTestParameters */ - public function testSwitchUser($originalUser, $authenticatorManagerEnabled, $targetUser, $expectedUser, $expectedStatus) + public function testSwitchUser($originalUser, $targetUser, $expectedUser, $expectedStatus) { - $client = $this->createAuthenticatedClient($originalUser, ['enable_authenticator_manager' => $authenticatorManagerEnabled]); + $client = $this->createAuthenticatedClient($originalUser, ['root_config' => 'switchuser.yml']); + + $client->request('GET', '/profile?_switch_user='.$targetUser); + + $this->assertEquals($expectedStatus, $client->getResponse()->getStatusCode()); + $this->assertEquals($expectedUser, $client->getProfile()->getCollector('security')->getUser()); + } + + /** + * @dataProvider getLegacyTestParameters + */ + public function testLegacySwitchUser($originalUser, $targetUser, $expectedUser, $expectedStatus) + { + $client = $this->createAuthenticatedClient($originalUser, ['root_config' => 'legacy_switchuser.yml']); $client->request('GET', '/profile?_switch_user='.$targetUser); @@ -75,14 +88,20 @@ class SwitchUserTest extends AbstractWebTestCase public function getTestParameters() { return [ - 'unauthorized_user_cannot_switch' => ['user_cannot_switch_1', true, 'user_cannot_switch_1', 'user_cannot_switch_1', 403], - 'legacy_unauthorized_user_cannot_switch' => ['user_cannot_switch_1', false, 'user_cannot_switch_1', 'user_cannot_switch_1', 403], - 'authorized_user_can_switch' => ['user_can_switch', true, 'user_cannot_switch_1', 'user_cannot_switch_1', 200], - 'legacy_authorized_user_can_switch' => ['user_can_switch', false, 'user_cannot_switch_1', 'user_cannot_switch_1', 200], - 'authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', true, 'user_does_not_exist', 'user_can_switch', 403], - 'legacy_authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', false, 'user_does_not_exist', 'user_can_switch', 403], - 'authorized_user_can_switch_to_himself' => ['user_can_switch', true, 'user_can_switch', 'user_can_switch', 200], - 'legacy_authorized_user_can_switch_to_himself' => ['user_can_switch', false, 'user_can_switch', 'user_can_switch', 200], + 'unauthorized_user_cannot_switch' => ['user_cannot_switch_1', 'user_cannot_switch_1', 'user_cannot_switch_1', 403], + 'authorized_user_can_switch' => ['user_can_switch', 'user_cannot_switch_1', 'user_cannot_switch_1', 200], + 'authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', 'user_does_not_exist', 'user_can_switch', 403], + 'authorized_user_can_switch_to_himself' => ['user_can_switch', 'user_can_switch', 'user_can_switch', 200], + ]; + } + + public function getLegacyTestParameters() + { + return [ + 'legacy_unauthorized_user_cannot_switch' => ['user_cannot_switch_1', 'user_cannot_switch_1', 'user_cannot_switch_1', 403], + 'legacy_authorized_user_can_switch' => ['user_can_switch', 'user_cannot_switch_1', 'user_cannot_switch_1', 200], + 'legacy_authorized_user_cannot_switch_to_non_existent' => ['user_can_switch', 'user_does_not_exist', 'user_can_switch', 403], + 'legacy_authorized_user_can_switch_to_himself' => ['user_can_switch', 'user_can_switch', 'user_can_switch', 200], ]; } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml index 2fc91cbcbf..1cc13de777 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml @@ -8,6 +8,7 @@ services: class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\ArrayUserProvider security: + enable_authenticator_manager: true password_hashers: \Symfony\Component\Security\Core\User\UserInterface: plaintext @@ -23,7 +24,6 @@ security: remember_me: true require_previous_session: false logout: ~ - anonymous: ~ stateless: false access_control: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/legacy_config.yml new file mode 100644 index 0000000000..54bfaf89cb --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/legacy_config.yml @@ -0,0 +1,30 @@ +imports: + - { resource: ./../config/framework.yml } + +services: + _defaults: { public: true } + + security.user.provider.array: + class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\ArrayUserProvider + +security: + password_hashers: + \Symfony\Component\Security\Core\User\UserInterface: plaintext + + providers: + array: + id: security.user.provider.array + + firewalls: + default: + form_login: + check_path: login + remember_me: true + require_previous_session: false + logout: ~ + stateless: false + + access_control: + - { path: ^/admin$, roles: ROLE_ADMIN } + - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: .*, roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml index 4fb5ce880a..7822396eae 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml @@ -3,6 +3,7 @@ imports: - { resource: ./security.yml } security: + enable_authenticator_manager: true firewalls: api: pattern: / diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml index 1cb8b0c678..b2433ecd35 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml @@ -3,6 +3,7 @@ imports: - { resource: ./security.yml } security: + enable_authenticator_manager: true firewalls: api: pattern: / diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml index 2045118e1b..8be3ebc643 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml @@ -7,6 +7,7 @@ services: class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AutowiringBundle\AutowiredServices autowire: true security: + enable_authenticator_manager: true providers: dummy: memory: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/legacy_config.yml new file mode 100644 index 0000000000..2045118e1b --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/legacy_config.yml @@ -0,0 +1,15 @@ +imports: + - { resource: ../config/framework.yml } + +services: + _defaults: { public: true } + test.autowiring_types.autowired_services: + class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AutowiringBundle\AutowiredServices + autowire: true +security: + providers: + dummy: + memory: ~ + firewalls: + dummy: + security: false diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml index 069fece617..945fd0fce3 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml @@ -15,6 +15,7 @@ services: - { name: container.service_subscriber } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml index 98ba0eb532..ff265cac9e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./base_config.yml } security: + enable_authenticator_manager: true firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_base_config.yml new file mode 100644 index 0000000000..069fece617 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_base_config.yml @@ -0,0 +1,49 @@ +imports: + - { resource: ./../config/default.yml } + +services: + csrf_form_login.form.type: + class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\CsrfFormLoginBundle\Form\UserLoginType + arguments: + - '@request_stack' + tags: + - { name: form.type } + + Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\CsrfFormLoginBundle\Controller\LoginController: + public: true + tags: + - { name: container.service_subscriber } + +security: + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + + firewalls: + # This firewall doesn't make sense in combination with the rest of the + # configuration file, but it's here for testing purposes (do not use + # this file in a real world scenario though) + login_form: + pattern: ^/login$ + security: false + + default: + form_login: + check_path: /login_check + default_target_path: /profile + target_path_parameter: "user_login[_target_path]" + failure_path_parameter: "user_login[_failure_path]" + username_parameter: "user_login[username]" + password_parameter: "user_login[password]" + logout: + path: /logout_path + target: / + csrf_token_generator: security.csrf.token_manager + + access_control: + - { path: .*, roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_config.yml index 832579f643..b5764bd00e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/legacy_config.yml @@ -1,5 +1,5 @@ imports: - - { resource: ./base_config.yml } + - { resource: ./legacy_base_config.yml } security: firewalls: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml index d481e6d2b7..57abb3f2f6 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml @@ -2,6 +2,7 @@ imports: - { resource: ./config.yml } security: + enable_authenticator_manager: true firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml index 7fb035db6b..474e366139 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml @@ -16,6 +16,7 @@ services: logger: { class: Psr\Log\NullLogger } security: + enable_authenticator_manager: true firewalls: secure: pattern: ^/secure/ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml index 8763b08110..28bcb19421 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml @@ -2,6 +2,7 @@ imports: - { resource: ./config.yml } security: + enable_authenticator_manager: true firewalls: secure: pattern: ^/ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/legacy_config.yml new file mode 100644 index 0000000000..7fb035db6b --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/legacy_config.yml @@ -0,0 +1,32 @@ +framework: + secret: test + router: { resource: "%kernel.project_dir%/%kernel.test_case%/routing.yml", utf8: true } + validation: { enabled: true, enable_annotations: true } + csrf_protection: true + form: + enabled: true + legacy_error_messages: false + test: ~ + default_locale: en + session: + storage_factory_id: session.storage.factory.mock_file + profiler: { only_exceptions: false } + +services: + logger: { class: Psr\Log\NullLogger } + +security: + firewalls: + secure: + pattern: ^/secure/ + http_basic: { realm: "Secure Gateway API" } + entry_point: firewall_entry_point.entry_point.stub + access_control: + - { path: ^/secure/, roles: ROLE_SECURE } + providers: + in_memory: + memory: + users: + john: { password: doe, roles: [ROLE_SECURE] } + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/legacy_config_form_login.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/legacy_config_form_login.yml new file mode 100644 index 0000000000..efd4d78ed7 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/legacy_config_form_login.yml @@ -0,0 +1,9 @@ +imports: + - { resource: ./legacy_config.yml } + +security: + firewalls: + secure: + pattern: ^/ + form_login: + check_path: /login_check diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml index d0d03c914c..4a8cacb279 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml @@ -5,6 +5,7 @@ framework: serializer: ~ security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml index f1f1a93ab0..b8986de18f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/legacy_config.yml new file mode 100644 index 0000000000..d0d03c914c --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/legacy_config.yml @@ -0,0 +1,26 @@ +imports: + - { resource: ./../config/framework.yml } + +framework: + serializer: ~ + +security: + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + dunglas: { password: foo, roles: [ROLE_USER] } + + firewalls: + main: + pattern: ^/ + json_login: + check_path: /chk + username_path: user.login + password_path: user.password + + access_control: + - { path: ^/foo, roles: ROLE_USER } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/legacy_custom_handlers.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/legacy_custom_handlers.yml new file mode 100644 index 0000000000..f1f1a93ab0 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/legacy_custom_handlers.yml @@ -0,0 +1,31 @@ +imports: + - { resource: ./../config/framework.yml } + +security: + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + dunglas: { password: foo, roles: [ROLE_USER] } + + firewalls: + main: + pattern: ^/ + json_login: + check_path: /chk + username_path: user.login + password_path: user.password + success_handler: json_login.success_handler + failure_handler: json_login.failure_handler + + access_control: + - { path: ^/foo, roles: ROLE_USER } + +services: + json_login.success_handler: + class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\JsonLoginBundle\Security\Http\JsonAuthenticationSuccessHandler + json_login.failure_handler: + class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\JsonLoginBundle\Security\Http\JsonAuthenticationFailureHandler diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml index 84a0493e05..e2bebd525f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml @@ -2,6 +2,7 @@ imports: - { resource: ./config.yml } security: + enable_authenticator_manager: true providers: in_memory: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml index 80d5ec570e..6723443045 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml @@ -12,6 +12,7 @@ services: protocol_version: 3 referrals: false security: + enable_authenticator_manager: true providers: ldap: ldap: @@ -27,7 +28,6 @@ security: main: pattern: ^/login stateless: true - anonymous: true json_login_ldap: check_path: /login require_previous_session: false diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml index 2472cec31a..974f0ab79d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml index 696a9041e8..fe52f22500 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml index a529c217f2..40ded00c55 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml @@ -4,6 +4,7 @@ services: arguments: ['@kernel'] security: + enable_authenticator_manager: true firewalls: default: remember_me: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml index 411de7211e..a11750e6f6 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml @@ -1,4 +1,5 @@ security: + enable_authenticator_manager: true firewalls: default: remember_me: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_clear_on_change_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_clear_on_change_config.yml new file mode 100644 index 0000000000..3932d711ed --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_clear_on_change_config.yml @@ -0,0 +1,9 @@ +imports: + - { resource: ./legacy_config.yml } + - { resource: ./legacy_config_session.yml } + +services: + Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RememberMeBundle\Security\UserChangingUserProvider: + public: true + decorates: security.user.provider.concrete.in_memory + arguments: ['@.inner'] diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config.yml new file mode 100644 index 0000000000..696a9041e8 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config.yml @@ -0,0 +1,22 @@ +imports: + - { resource: ./../config/framework.yml } + +security: + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + + firewalls: + default: + logout: ~ + form_login: + check_path: login + remember_me: true + + access_control: + - { path: ^/profile, roles: ROLE_USER } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config_persistent.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config_persistent.yml new file mode 100644 index 0000000000..40ded00c55 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config_persistent.yml @@ -0,0 +1,13 @@ +services: + app.static_token_provider: + class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RememberMeBundle\Security\StaticTokenProvider + arguments: ['@kernel'] + +security: + enable_authenticator_manager: true + firewalls: + default: + remember_me: + always_remember_me: true + secret: key + token_provider: app.static_token_provider diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config_session.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config_session.yml new file mode 100644 index 0000000000..411de7211e --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_config_session.yml @@ -0,0 +1,6 @@ +security: + firewalls: + default: + remember_me: + always_remember_me: true + secret: key diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_stateless_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_stateless_config.yml new file mode 100644 index 0000000000..69a5586c80 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/legacy_stateless_config.yml @@ -0,0 +1,13 @@ +imports: + - { resource: ./config.yml } + - { resource: ./config_session.yml } + +framework: + session: + cookie_secure: auto + cookie_samesite: lax + +security: + firewalls: + default: + stateless: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml index 69a5586c80..cf9102da35 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml @@ -8,6 +8,7 @@ framework: cookie_samesite: lax security: + enable_authenticator_manager: true firewalls: default: stateless: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml index 01aa24889f..f2ac6ebde3 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml @@ -12,6 +12,7 @@ services: public: true security: + enable_authenticator_manager: true providers: in_memory: memory: @@ -19,4 +20,3 @@ security: firewalls: default: - anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/legacy_config.yml new file mode 100644 index 0000000000..01aa24889f --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/legacy_config.yml @@ -0,0 +1,22 @@ +imports: + - { resource: ./../config/framework.yml } + +services: + # alias the service so we can access it in the tests + functional_test.security.helper: + alias: security.helper + public: true + + functional.test.security.token_storage: + alias: security.token_storage + public: true + +security: + providers: + in_memory: + memory: + users: [] + + firewalls: + default: + anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml new file mode 100644 index 0000000000..b0543f9808 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml @@ -0,0 +1,57 @@ +imports: + - { resource: ./../config/default.yml } + +parameters: + env(APP_IP): '127.0.0.1' + env(APP_IPS): '127.0.0.1, ::1' + +security: + enable_authenticator_manager: true + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + + firewalls: + # This firewall doesn't make sense in combination with the rest of the + # configuration file, but it's here for testing purposes (do not use + # this file in a real world scenario though) + login_form: + pattern: ^/login$ + security: false + + default: + form_login: + check_path: /login_check + default_target_path: /profile + logout: ~ + lazy: true + + # This firewall is here just to check its the logout functionality + second_area: + http_basic: ~ + logout: + target: /second/target + path: /second/logout + + access_control: + - { path: ^/en/$, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/unprotected_resource$, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secure-but-not-covered-by-access-control$, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: IS_AUTHENTICATED_ANONYMOUSLY } + # these real IP addresses are reserved for docs/examples (https://tools.ietf.org/search/rfc5737) + - { path: ^/secured-by-one-real-ip$, ips: 198.51.100.0, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-one-real-ip-with-mask$, ips: '203.0.113.0/24', roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-one-real-ipv6$, ips: 0:0:0:0:0:ffff:c633:6400, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-one-env-placeholder-multiple-ips$, ips: '%env(APP_IPS)%', roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/highly_protected_resource$, roles: IS_ADMIN } + - { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" } + - { path: .*, roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml index 6b57da1eab..0f190d9b6d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/default.yml } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_base_config.yml similarity index 100% rename from src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml rename to src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_base_config.yml diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_config.yml index 41a607ca03..e393772ae4 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_config.yml @@ -1,5 +1,5 @@ imports: - - { resource: ./config.yml } + - { resource: ./legacy_base_config.yml } security: firewalls: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_form_failure_handler.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_form_failure_handler.yml index 4706234101..51ae007f38 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_form_failure_handler.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_form_failure_handler.yml @@ -1,7 +1,20 @@ imports: - - { resource: ./localized_form_failure_handler.yml } + - { resource: ./../config/default.yml } security: + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + firewalls: default: + form_login: + login_path: localized_login_path + check_path: localized_check_path + failure_handler: localized_form_failure_handler anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes.yml index df5da8cec9..2c552175e6 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes.yml @@ -1,7 +1,26 @@ imports: - - { resource: ./localized_routes.yml } + - { resource: ./../config/default.yml } security: + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + firewalls: default: + form_login: + login_path: localized_login_path + check_path: localized_check_path + default_target_path: localized_default_target_path + logout: + path: localized_logout_path + target: localized_logout_target_path anonymous: ~ + + access_control: + - { path: '^/(?:[a-z]{2})/secure/.*', roles: ROLE_USER } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes_with_forward.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes_with_forward.yml new file mode 100644 index 0000000000..c8875e0d07 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_localized_routes_with_forward.yml @@ -0,0 +1,9 @@ +imports: + - { resource: ./legacy_localized_routes.yml } + +security: + firewalls: + default: + form_login: + use_forward: true + failure_forward: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_login_throttling.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_login_throttling.yml new file mode 100644 index 0000000000..90648d0730 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_login_throttling.yml @@ -0,0 +1,13 @@ +imports: + - { resource: ./legacy_base_config.yml } + +framework: + lock: ~ + rate_limiter: ~ + +security: + firewalls: + default: + login_throttling: + max_attempts: 1 + interval: '8 minutes' diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_switchuser.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_switchuser.yml new file mode 100644 index 0000000000..bd6f56d2c7 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/legacy_switchuser.yml @@ -0,0 +1,14 @@ +imports: + - { resource: ./base_config.yml } + +security: + providers: + in_memory: + memory: + users: + user_can_switch: { password: test, roles: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH] } + user_cannot_switch_1: { password: test, roles: [ROLE_USER] } + user_cannot_switch_2: { password: test, roles: [ROLE_USER] } + firewalls: + default: + switch_user: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml index f1cddb0e7f..95603e5835 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/default.yml } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml index 83ceaaac81..42f18b392d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/default.yml } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml index 12d90d8835..9cbfe5dae7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml @@ -2,6 +2,7 @@ imports: - { resource: ./localized_routes.yml } security: + enable_authenticator_manager: true firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml index c445ce6963..fa94d30dc0 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml @@ -1,11 +1,12 @@ imports: - - { resource: ./config.yml } + - { resource: ./base_config.yml } framework: lock: ~ rate_limiter: ~ security: + enable_authenticator_manager: true firewalls: default: login_throttling: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml index d481e6d2b7..435951968d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml @@ -1,7 +1,8 @@ imports: - - { resource: ./config.yml } + - { resource: ./base_config.yml } security: + enable_authenticator_manager: true firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml index 2f144aae9f..4806ed5e0c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml @@ -1,7 +1,8 @@ imports: - - { resource: ./config.yml } + - { resource: ./base_config.yml } security: + enable_authenticator_manager: true providers: in_memory: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index 46873c4237..761b3dbe17 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -41,6 +41,7 @@ "symfony/expression-language": "^4.4|^5.0", "symfony/form": "^4.4|^5.0", "symfony/framework-bundle": "^5.3", + "symfony/ldap": "^5.3", "symfony/process": "^4.4|^5.0", "symfony/rate-limiter": "^5.2", "symfony/serializer": "^4.4|^5.0", @@ -55,7 +56,7 @@ "symfony/browser-kit": "<4.4", "symfony/console": "<4.4", "symfony/framework-bundle": "<4.4", - "symfony/ldap": "<4.4", + "symfony/ldap": "<5.1", "symfony/twig-bundle": "<4.4" }, "autoload": { diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md index b143c899f9..f6f051fa51 100644 --- a/src/Symfony/Component/Security/CHANGELOG.md +++ b/src/Symfony/Component/Security/CHANGELOG.md @@ -6,6 +6,15 @@ The CHANGELOG for version 5.4 and newer can be found in the security sub-package 5.3 --- + * Deprecate the Guard component + * Deprecate `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`, + `AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`, + `PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and + `AuthenticationFailureEvent` from security-core. Use the new authenticator system instead + * Deprecate `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`, + `BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`, + `UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener` + from security-http, use the new authenticator system instead * Add `getPassport()` method and a second `$passport` constructor argument to `AuthenticationTokenCreatedEvent` * The authenticator system is no longer experimental * Login Link functionality is no longer experimental diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php index 6237f79aa1..6776ee78be 100644 --- a/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php +++ b/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php @@ -19,6 +19,8 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; * which process Token authentication. * * @author Fabien Potencier + * + * @internal since Symfony 5.3 */ interface AuthenticationManagerInterface { diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php index ddf098306d..92a48dc964 100644 --- a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php +++ b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php @@ -24,6 +24,8 @@ use Symfony\Component\Security\Core\Exception\ProviderNotFoundException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AuthenticationProviderManager::class); + // Help opcache.preload discover always-needed symbols class_exists(AuthenticationEvents::class); class_exists(AuthenticationFailureEvent::class); @@ -35,6 +37,8 @@ class_exists(AuthenticationSuccessEvent::class); * * @author Fabien Potencier * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class AuthenticationProviderManager implements AuthenticationManagerInterface { diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/AnonymousAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/AnonymousAuthenticationProvider.php index bbb930d525..53f8cf18bf 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/AnonymousAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/AnonymousAuthenticationProvider.php @@ -16,10 +16,14 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AnonymousAuthenticationProvider::class); + /** * AnonymousAuthenticationProvider validates AnonymousToken instances. * * @author Fabien Potencier + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class AnonymousAuthenticationProvider implements AuthenticationProviderInterface { diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/AuthenticationProviderInterface.php b/src/Symfony/Component/Security/Core/Authentication/Provider/AuthenticationProviderInterface.php index 6638726836..e2dee80ba5 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/AuthenticationProviderInterface.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/AuthenticationProviderInterface.php @@ -14,6 +14,8 @@ namespace Symfony\Component\Security\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" interface is deprecated, use the new authenticator system instead.', AuthenticationProviderInterface::class); + /** * AuthenticationProviderInterface is the interface for all authentication * providers. @@ -21,6 +23,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; * Concrete implementations processes specific Token instances. * * @author Fabien Potencier + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ interface AuthenticationProviderInterface extends AuthenticationManagerInterface { diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php index 4ef55664dc..d83c1a0ca7 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php @@ -24,11 +24,15 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', DaoAuthenticationProvider::class); + /** * DaoAuthenticationProvider uses a UserProviderInterface to retrieve the user * for a UsernamePasswordToken. * * @author Fabien Potencier + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class DaoAuthenticationProvider extends UserAuthenticationProvider { diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php index e9a3ab0294..418523e20c 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php @@ -21,6 +21,8 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', LdapBindAuthenticationProvider::class); + /** * LdapBindAuthenticationProvider authenticates a user against an LDAP server. * @@ -28,6 +30,8 @@ use Symfony\Component\Security\Core\User\UserProviderInterface; * credentials to the ldap. * * @author Charles Sarrazin + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class LdapBindAuthenticationProvider extends UserAuthenticationProvider { diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php index 292b8b9fed..4f69f33a23 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php @@ -18,6 +18,8 @@ use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', PreAuthenticatedAuthenticationProvider::class); + /** * Processes a pre-authenticated authentication request. * @@ -27,6 +29,8 @@ use Symfony\Component\Security\Core\User\UserProviderInterface; * UserNotFoundException, for example. * * @author Fabien Potencier + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderInterface { diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php index 8ee8109b80..2fd52f2ddd 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php @@ -19,6 +19,11 @@ use Symfony\Component\Security\Core\Exception\LogicException; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', RememberMeAuthenticationProvider::class); + +/** + * @deprecated since Symfony 5.3, use the new authenticator system instead + */ class RememberMeAuthenticationProvider implements AuthenticationProviderInterface { private $userChecker; diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php index a4811faffe..61226a5e59 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php @@ -22,10 +22,14 @@ use Symfony\Component\Security\Core\Exception\UserNotFoundException; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', UserAuthenticationProvider::class); + /** * UserProviderInterface retrieves users for UsernamePasswordToken tokens. * * @author Fabien Potencier + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ abstract class UserAuthenticationProvider implements AuthenticationProviderInterface { diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php index b7934137e6..a68a27d407 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php @@ -68,7 +68,7 @@ abstract class AbstractToken implements TokenInterface public function getUserIdentifier(): string { - // method returns "null" in non-legacy mode if not overriden + // method returns "null" in non-legacy mode if not overridden $username = $this->getUsername(false); if (null !== $username) { trigger_deprecation('symfony/security-core', '5.3', 'Method "%s::getUsername()" is deprecated, override "getUserIdentifier()" instead.', get_debug_type($this)); diff --git a/src/Symfony/Component/Security/Core/Event/AuthenticationFailureEvent.php b/src/Symfony/Component/Security/Core/Event/AuthenticationFailureEvent.php index e286e24f46..4e9562c261 100644 --- a/src/Symfony/Component/Security/Core/Event/AuthenticationFailureEvent.php +++ b/src/Symfony/Component/Security/Core/Event/AuthenticationFailureEvent.php @@ -13,11 +13,16 @@ namespace Symfony\Component\Security\Core\Event; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Http\Event\LoginFailureEvent; + +trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use "%s" with the new authenticator system instead.', AuthenticationFailureEvent::class, LoginFailureEvent::class); /** * This event is dispatched on authentication failure. * * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.3, use LoginFailureEvent with the new authenticator system instead */ final class AuthenticationFailureEvent extends AuthenticationEvent { diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php index d41805bffb..661ffa4521 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationProviderManagerTest.php @@ -25,6 +25,9 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\ProviderNotFoundException; use Symfony\Component\Security\Core\User\InMemoryUser; +/** + * @group legacy + */ class AuthenticationProviderManagerTest extends TestCase { public function testAuthenticateWithoutProviders() diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/AnonymousAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/AnonymousAuthenticationProviderTest.php index 5aa23d981c..08127b6cbd 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/AnonymousAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/AnonymousAuthenticationProviderTest.php @@ -18,6 +18,9 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; +/** + * @group legacy + */ class AnonymousAuthenticationProviderTest extends TestCase { public function testSupports() diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php index eb9095e231..27dc2acc8d 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php @@ -27,6 +27,7 @@ use Symfony\Component\Security\Core\User\UserProviderInterface; /** * @requires extension ldap + * @group legacy */ class LdapBindAuthenticationProviderTest extends TestCase { diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php index 15c079b8c3..f7f5fb4515 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/PreAuthenticatedAuthenticationProviderTest.php @@ -23,6 +23,9 @@ use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; +/** + * @group legacy + */ class PreAuthenticatedAuthenticationProviderTest extends TestCase { public function testSupports() diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php index 41994e7b18..9a6a417b0d 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php @@ -23,6 +23,9 @@ use Symfony\Component\Security\Core\User\InMemoryUser; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; +/** + * @group legacy + */ class RememberMeAuthenticationProviderTest extends TestCase { public function testSupports() diff --git a/src/Symfony/Component/Security/Guard/AbstractGuardAuthenticator.php b/src/Symfony/Component/Security/Guard/AbstractGuardAuthenticator.php index 8491c69cc8..13ada75f1d 100644 --- a/src/Symfony/Component/Security/Guard/AbstractGuardAuthenticator.php +++ b/src/Symfony/Component/Security/Guard/AbstractGuardAuthenticator.php @@ -18,6 +18,8 @@ use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken; * An optional base class that creates a PostAuthenticationGuardToken for you. * * @author Ryan Weaver + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ abstract class AbstractGuardAuthenticator implements AuthenticatorInterface { diff --git a/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php b/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php index f91478bfc9..52c6b78c45 100644 --- a/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php +++ b/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php @@ -16,11 +16,14 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; +use Symfony\Component\Security\Http\Firewall\AnonymousAuthenticationListener; /** * A base class to make form login authentication easier! * * @author Ryan Weaver + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ abstract class AbstractFormLoginAuthenticator extends AbstractGuardAuthenticator { diff --git a/src/Symfony/Component/Security/Guard/Authenticator/GuardBridgeAuthenticator.php b/src/Symfony/Component/Security/Guard/Authenticator/GuardBridgeAuthenticator.php index b338411100..020771846b 100644 --- a/src/Symfony/Component/Security/Guard/Authenticator/GuardBridgeAuthenticator.php +++ b/src/Symfony/Component/Security/Guard/Authenticator/GuardBridgeAuthenticator.php @@ -32,6 +32,8 @@ use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface; use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', GuardBridgeAuthenticator::class); + /** * This authenticator is used to bridge Guard authenticators with * the Symfony Authenticator system. @@ -39,6 +41,8 @@ use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface * @author Wouter de Jong * * @internal + * + * @deprecated since Symfony 5.3 */ class GuardBridgeAuthenticator implements InteractiveAuthenticatorInterface, AuthenticationEntryPointInterface { diff --git a/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php b/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php index 870ba38782..699fd3e979 100644 --- a/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php +++ b/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php @@ -29,6 +29,8 @@ use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface * * @author Ryan Weaver * @author Amaury Leroux de Lens + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { diff --git a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php index 3d3cd1ace5..7eba97b107 100644 --- a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php +++ b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php @@ -28,6 +28,8 @@ use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; use Symfony\Component\Security\Http\Firewall\AbstractListener; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', GuardAuthenticationListener::class); + /** * Authentication listener for the "guard" system. * @@ -35,6 +37,8 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; * @author Amaury Leroux de Lens * * @final + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class GuardAuthenticationListener extends AbstractListener { diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php b/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php index 11f207a9ab..cbd5bdfc93 100644 --- a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php +++ b/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php @@ -22,6 +22,8 @@ use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', GuardAuthenticatorHandler::class); + /** * A utility class that does much of the *work* during the guard authentication process. * @@ -31,6 +33,8 @@ use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; * @author Ryan Weaver * * @final + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class GuardAuthenticatorHandler { diff --git a/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php b/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php index dd2eeba33d..deebad31d5 100644 --- a/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php +++ b/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php @@ -11,8 +11,12 @@ namespace Symfony\Component\Security\Guard; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', PasswordAuthenticatedInterface::class); + /** * An optional interface for "guard" authenticators that deal with user passwords. + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ interface PasswordAuthenticatedInterface { diff --git a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php index 880d275f68..e84a4c6a42 100644 --- a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php @@ -29,11 +29,15 @@ use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; use Symfony\Component\Security\Guard\Token\GuardTokenInterface; use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', GuardAuthenticationProvider::class); + /** * Responsible for accepting the PreAuthenticationGuardToken and calling * the correct authenticator to retrieve the authenticated token. * * @author Ryan Weaver + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class GuardAuthenticationProvider implements AuthenticationProviderInterface { diff --git a/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php b/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php index c54fa67ed9..646fe83509 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php @@ -24,6 +24,7 @@ use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticato /** * @author Jean Pasdeloup + * @group legacy */ class FormLoginAuthenticatorTest extends TestCase { diff --git a/src/Symfony/Component/Security/Guard/Tests/Authenticator/GuardBridgeAuthenticatorTest.php b/src/Symfony/Component/Security/Guard/Tests/Authenticator/GuardBridgeAuthenticatorTest.php index 24a4d71c50..3dd65a1715 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Authenticator/GuardBridgeAuthenticatorTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Authenticator/GuardBridgeAuthenticatorTest.php @@ -26,6 +26,9 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials; use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; +/** + * @group legacy + */ class GuardBridgeAuthenticatorTest extends TestCase { private $guardAuthenticator; diff --git a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php index 351116d5b4..cd4d6036ea 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php @@ -31,6 +31,7 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; /** * @author Ryan Weaver * @author Amaury Leroux de Lens + * @group legacy */ class GuardAuthenticationListenerTest extends TestCase { diff --git a/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php b/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php index 58784baca0..d36cf666f3 100644 --- a/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php @@ -25,6 +25,9 @@ use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +/** + * @group legacy + */ class GuardAuthenticatorHandlerTest extends TestCase { private $tokenStorage; diff --git a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php index 1205e23ad9..61b70af133 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php @@ -26,6 +26,7 @@ use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken; /** * @author Ryan Weaver + * @group legacy */ class GuardAuthenticationProviderTest extends TestCase { diff --git a/src/Symfony/Component/Security/Guard/Token/GuardTokenInterface.php b/src/Symfony/Component/Security/Guard/Token/GuardTokenInterface.php index 063ffd3ba7..a44413bb33 100644 --- a/src/Symfony/Component/Security/Guard/Token/GuardTokenInterface.php +++ b/src/Symfony/Component/Security/Guard/Token/GuardTokenInterface.php @@ -13,6 +13,8 @@ namespace Symfony\Component\Security\Guard\Token; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', GuardTokenInterface::class); + /** * A marker interface that both guard tokens implement. * @@ -21,6 +23,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; * interface. * * @author Ryan Weaver + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ interface GuardTokenInterface extends TokenInterface { diff --git a/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php b/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php index 3b9ef2d7f6..494d1d2096 100644 --- a/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php +++ b/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php @@ -14,6 +14,8 @@ namespace Symfony\Component\Security\Guard\Token; use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; use Symfony\Component\Security\Core\User\UserInterface; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', PostAuthenticationGuardToken::class); + /** * Used as an "authenticated" token, though it could be set to not-authenticated later. * @@ -21,6 +23,8 @@ use Symfony\Component\Security\Core\User\UserInterface; * GuardTokenInterface as your authenticated token (like this class). * * @author Ryan Weaver + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class PostAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface { diff --git a/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php b/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php index 451d96c6ee..d9738f049b 100644 --- a/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php +++ b/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php @@ -13,6 +13,8 @@ namespace Symfony\Component\Security\Guard\Token; use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; +trigger_deprecation('symfony/security-guard', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', PreAuthenticationGuardToken::class); + /** * The token used by the guard auth system before authentication. * @@ -21,6 +23,8 @@ use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; * successful, a different authenticated token is returned * * @author Ryan Weaver + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class PreAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface { diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php index 616a4efdd7..7b8622f22f 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php @@ -31,6 +31,8 @@ use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AbstractAuthenticationListener::class); + /** * The AbstractAuthenticationListener is the preferred base class for all * browser-/HTTP-based authentication requests. @@ -47,6 +49,8 @@ use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; * * @author Fabien Potencier * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ abstract class AbstractAuthenticationListener extends AbstractListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php index 7f8fcc1d82..9b9851f4ff 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -25,6 +25,8 @@ use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AbstractPreAuthenticatedListener::class); + /** * AbstractPreAuthenticatedListener is the base class for all listener that * authenticates users based on a pre-authenticated request (like a certificate @@ -33,6 +35,8 @@ use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; * @author Fabien Potencier * * @internal + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ abstract class AbstractPreAuthenticatedListener extends AbstractListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php index 71c90a926e..8f175ae798 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php @@ -19,6 +19,8 @@ use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AnonymousAuthenticationListener::class); + // Help opcache.preload discover always-needed symbols class_exists(AnonymousToken::class); @@ -28,7 +30,7 @@ class_exists(AnonymousToken::class); * * @author Fabien Potencier * - * @final + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class AnonymousAuthenticationListener extends AbstractListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php index bf18dc1687..9469fa8819 100644 --- a/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php @@ -22,12 +22,16 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', AnonymousAuthenticationListener::class); + /** * BasicAuthenticationListener implements Basic HTTP authentication. * * @author Fabien Potencier * * @final + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class BasicAuthenticationListener extends AbstractListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php b/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php index c288fcb94b..5640de55cd 100644 --- a/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php @@ -24,12 +24,16 @@ use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', RememberMeListener::class); + /** * RememberMeListener implements authentication capabilities via a cookie. * * @author Johannes M. Schmitt * * @final + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class RememberMeListener extends AbstractListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/RemoteUserAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/RemoteUserAuthenticationListener.php index a33ed27f05..d4b0389784 100644 --- a/src/Symfony/Component/Security/Http/Firewall/RemoteUserAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/RemoteUserAuthenticationListener.php @@ -18,11 +18,15 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInt use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', RemoteUserAuthenticationListener::class); + /** * REMOTE_USER authentication listener. * * @author Fabien Potencier * @author Maxime Douailin + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class RemoteUserAuthenticationListener extends AbstractPreAuthenticatedListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 11ccf5237c..0d13f81e2e 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -29,11 +29,15 @@ use Symfony\Component\Security\Http\ParameterBagUtils; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', UsernamePasswordFormAuthenticationListener::class); + /** * UsernamePasswordFormAuthenticationListener is the default implementation of * an authentication via a simple form composed of a username and a password. * * @author Fabien Potencier + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php index 2e15d9826f..8e0da4c2e8 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php @@ -36,13 +36,15 @@ use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterfa use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; use Symfony\Contracts\Translation\TranslatorInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', UsernamePasswordJsonAuthenticationListener::class); + /** * UsernamePasswordJsonAuthenticationListener is a stateless implementation of * an authentication via a JSON document composed of a username and a password. * * @author Kévin Dunglas * - * @final + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class UsernamePasswordJsonAuthenticationListener extends AbstractListener { diff --git a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php index c15c8ff730..07a287e545 100644 --- a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php @@ -18,10 +18,14 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInt use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +trigger_deprecation('symfony/security-http', '5.3', 'The "%s" class is deprecated, use the new authenticator system instead.', X509AuthenticationListener::class); + /** * X509 authentication listener. * * @author Fabien Potencier + * + * @deprecated since Symfony 5.3, use the new authenticator system instead */ class X509AuthenticationListener extends AbstractPreAuthenticatedListener { diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/AbstractPreAuthenticatedListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/AbstractPreAuthenticatedListenerTest.php index 83909a73ad..a5b7a5b9d4 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/AbstractPreAuthenticatedListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/AbstractPreAuthenticatedListenerTest.php @@ -22,6 +22,9 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\Firewall\AbstractPreAuthenticatedListener; +/** + * @group legacy + */ class AbstractPreAuthenticatedListenerTest extends TestCase { public function testHandleWithValidValues() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php index fa430acfab..235f667014 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php @@ -22,6 +22,9 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInt use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Firewall\AnonymousAuthenticationListener; +/** + * @group legacy + */ class AnonymousAuthenticationListenerTest extends TestCase { public function testHandleWithTokenStorageHavingAToken() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/BasicAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/BasicAuthenticationListenerTest.php index f1e6c8bca7..d87e798bc8 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/BasicAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/BasicAuthenticationListenerTest.php @@ -26,6 +26,9 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Security\Http\Firewall\BasicAuthenticationListener; +/** + * @group legacy + */ class BasicAuthenticationListenerTest extends TestCase { public function testHandleWithValidUsernameAndPasswordServerParameters() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php index 6f374edd26..1ec37ef623 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php @@ -29,6 +29,9 @@ use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +/** + * @group legacy + */ class RememberMeListenerTest extends TestCase { public function testOnCoreSecurityDoesNotTryToPopulateNonEmptyTokenStorage() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/RemoteUserAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/RemoteUserAuthenticationListenerTest.php index a50f99bd94..2dac33fcd2 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/RemoteUserAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/RemoteUserAuthenticationListenerTest.php @@ -18,6 +18,9 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInt use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Http\Firewall\RemoteUserAuthenticationListener; +/** + * @group legacy + */ class RemoteUserAuthenticationListenerTest extends TestCase { public function testGetPreAuthenticatedData() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php index 64cc07e15d..84748efc77 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php @@ -30,6 +30,9 @@ use Symfony\Component\Security\Http\Firewall\SwitchUserListener; use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; +/** + * @group legacy + */ class SwitchUserListenerTest extends TestCase { private $tokenStorage; diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php index 0244c6582a..fae5e7df6b 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php @@ -32,6 +32,9 @@ use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; +/** + * @group legacy + */ class UsernamePasswordFormAuthenticationListenerTest extends TestCase { /** diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php index 59e241318c..e13a7362d3 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php @@ -33,6 +33,8 @@ use Symfony\Component\Translation\Translator; /** * @author Kévin Dunglas + * + * @group legacy */ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase { diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php index d48525b4d5..c0b3026d42 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php @@ -18,6 +18,9 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInt use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Http\Firewall\X509AuthenticationListener; +/** + * @group legacy + */ class X509AuthenticationListenerTest extends TestCase { /**