1fc7b86f07
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Security] Refactor logout listener to dispatch an event instead
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes (sort of...)
| New feature? | yes
| Deprecations? | yes
| Tickets | Fix #25212, Fix #22473
| License | MIT
| Doc PR | tbd
The current `LogoutListener` has some extension points, but they are not really DX-friendly (ref #25212). It requires hacking a `addMethodCall('addHandler')` in the container builder to register a custom logout handler.
Also, it is impossible to overwrite the default logout functionality from a bundle (ref #22473).
This PR introduces a `LogoutEvent` that replaces both the `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`. This provides a DX-friendly extension point and also cleans up the authentication factories (no more `addMethodCall()`'s).
In order to allow different logout handlers for different firewalls, I created a specific event dispatcher for each firewall (as also shortly discussed in #33558). The `dispatcher` tag attribute allows you to specify which dispatcher it should be registered to (defaulting to the global dispatcher). The `EventBubblingLogoutListener` also dispatches logout events on the global dispatcher, to be used for listeners that should run on all firewalls.
_@weaverryan and I discussed this feature while working on #33558, but figured it was unrelated and could be done while preservering BC. So that's why a separate PR is created._
Commits
-------
a9f096eb1f
[Security] Refactor logout listener to dispatch an event instead
3.8 KiB
3.8 KiB
UPGRADE FROM 5.x to 6.0
Config
- The signature of method
NodeDefinition::setDeprecated()
has been updated toNodeDefinition::setDeprecation(string $package, string $version, string $message)
. - The signature of method
BaseNode::setDeprecated()
has been updated toBaseNode::setDeprecation(string $package, string $version, string $message)
. - Passing a null message to
BaseNode::setDeprecated()
to un-deprecate a node is not supported anymore.
Console
Command::setHidden()
has a default value (true
) for$hidden
parameter
DependencyInjection
- The signature of method
Definition::setDeprecated()
has been updated toDefinition::setDeprecation(string $package, string $version, string $message)
. - The signature of method
Alias::setDeprecated()
has been updated toAlias::setDeprecation(string $package, string $version, string $message)
. - The signature of method
DeprecateTrait::deprecate()
has been updated toDeprecateTrait::deprecation(string $package, string $version, string $message)
. - Removed the
Psr\Container\ContainerInterface
andSymfony\Component\DependencyInjection\ContainerInterface
aliases of theservice_container
service, configure them explicitly instead.
Dotenv
- Removed argument
$usePutenv
from Dotenv's constructor, useDotenv::usePutenv()
instead.
EventDispatcher
- Removed
LegacyEventDispatcherProxy
. Use the event dispatcher without the proxy.
Form
- Added the
getIsEmptyCallback()
method to theFormConfigInterface
. - Added the
setIsEmptyCallback()
method to theFormConfigBuilderInterface
. - Added argument
callable|null $filter
toChoiceListFactoryInterface::createListFromChoices()
andcreateListFromLoader()
.
FrameworkBundle
MicroKernelTrait::configureRoutes()
is now always called with aRoutingConfigurator
- The "framework.router.utf8" configuration option defaults to
true
- Removed
session.attribute_bag
service andsession.flash_bag
service.
HttpFoundation
- Removed
Response::create()
,JsonResponse::create()
,RedirectResponse::create()
, andStreamedResponse::create()
methods (use__construct()
instead)
HttpKernel
- Removed support for
service:action
syntax to reference controllers. UseserviceOrFqcn::method
instead.
Messenger
- Removed AmqpExt transport. Run
composer require symfony/amqp-messenger
to keep the transport in your application. - Removed Doctrine transport. Run
composer require symfony/doctrine-messenger
to keep the transport in your application. - Removed RedisExt transport. Run
composer require symfony/redis-messenger
to keep the transport in your application. - Use of invalid options in Redis and AMQP connections now throws an error.
- The signature of method
RetryStrategyInterface::isRetryable()
has been updated toRetryStrategyInterface::isRetryable(Envelope $message, \Throwable $throwable = null)
. - The signature of method
RetryStrategyInterface::getWaitingTime()
has been updated toRetryStrategyInterface::getWaitingTime(Envelope $message, \Throwable $throwable = null)
.
PhpUnitBridge
- Removed support for
@expectedDeprecation
annotations, use theExpectDeprecationTrait::expectDeprecation()
method instead.
Routing
- Removed
RouteCollectionBuilder
. - Added argument
$priority
toRouteCollection::add()
- Removed the
RouteCompiler::REGEX_DELIMITER
constant
Security
- Removed
ROLE_PREVIOUS_ADMIN
role in favor ofIS_IMPERSONATOR
attribute - Removed
LogoutSuccessHandlerInterface
andLogoutHandlerInterface
, register a listener on theLogoutEvent
event instead. - Removed
DefaultLogoutSuccessHandler
in favor ofDefaultLogoutListener
.