8000 [Security] Deprecate `UserInterface` & `TokenInterface`'s `eraseCrede… · symfony/security-core@1aadc21 · GitHub
[go: up one dir, main page]
Skip to content

Commit 1aadc21

Browse files
chalasrnicolas-grekas
chalasr
authored and
nicolas-grekas
committed
[Security] Deprecate UserInterface & TokenInterface's eraseCredentials() 
1 parent 2612a0d commit 1aadc21

File tree

8 files changed

+38
-6
lines changed

8 files changed

+38
-6
lines changed

Authentication/Token/AbstractToken.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,15 @@ public function setUser(UserInterface $user): void
5959
$this->user = $user;
6060
}
6161

62+
/**
63+
* Removes sensitive information from the token.
64+
*
65+
* @deprecated since Symfony 7.3
66+
*/
6267
public function eraseCredentials(): void
6368
{
69+
trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__));
70+
6471
if ($this->getUser() instanceof UserInterface) {
6572
$this->getUser()->eraseCredentials();
6673
}

Authentication/Token/NullToken.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,11 @@ public function getUserIdentifier(): string
4343
return '';
4444
}
4545

46+
/**
47+
* Removes sensitive information from the token.
48+
*
49+
* @deprecated since Symfony 7.3
50+
*/
4651
public function eraseCredentials(): void
4752
{
4853
}

Authentication/Token/TokenInterface.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,9 @@ public function setUser(UserInterface $user): void;
5656

5757
/**
5858
* Removes sensitive information from the token.
59+
*
60+
* @deprecated since Symfony 7.3, use a dedicated DTO instead or implement your
61+
* own erasing logic instead
5962
*/
6063
public function eraseCredentials(): void;
6164

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ CHANGELOG
77
* Add `UserAuthorizationChecker::isGrantedForUser()` to test user authorization without relying on the session.
88
For example, users not currently logged in, or while processing a message from a message queue.
99
* Add `OfflineTokenInterface` to mark tokens that do not represent the currently logged-in user
10+
* Deprecate `UserInterface::eraseCredentials()` and `TokenInterface::eraseCredentials()`,
11+
use a dedicated DTO or erase credentials on your own e.g. upon `AuthenticationTokenCreatedEvent` instead
1012

1113
7.2
1214
---

Tests/Authentication/Token/AbstractTokenTest.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,12 +12,15 @@
1212
namespace Symfony\Component\Security\Core\Tests\Authentication\Token;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1516
use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
1617
use Symfony\Component\Security\Core\User\InMemoryUser;
1718
use Symfony\Component\Security\Core\User\UserInterface;
1819

1920
class AbstractTokenTest extends TestCase
2021
{
22+
use ExpectDeprecationTrait;
23+
2124
/**
2225
* @dataProvider provideUsers
2326
*/
@@ -33,13 +36,17 @@ public static function provideUsers()
3336
yield [new InMemoryUser('fabien', null), 'fabien'];
3437
}
3538

39+
/**
40+
* @group legacy
41+
*/
3642
public function testEraseCredentials()
3743
{
3844
$token = new ConcreteToken(['ROLE_FOO']);
3945

4046
$user = $this->createMock(UserInterface::class);
4147
$user->expects($this->once())->method('eraseCredentials');
4248
$token->setUser($user);
49+
$this->expectDeprecation('The Symfony\Component\Security\Core\User\UserInterface::eraseCredentials method is deprecated (since Symfony 7.3, use a dedicated DTO instead or implement your own erasing logic instead).');
4350

4451
$token->eraseCredentials();
4552
}

Tests/User/InMemoryUserTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,9 @@ public function testIsEnabled()
5353
$this->assertFalse($user->isEnabled());
5454
}
5555

56+
/**
57+
* @group legacy
58+
*/
5659
public function testEraseCredentials()
5760
{
5861
$user = new InMemoryUser('fabien', 'superpass');

User/InMemoryUser.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@ public function isEnabled(): bool
7676

7777
public function eraseCredentials(): void
7878
{
79+
trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__));
7980
}
8081

8182
public function isEqualTo(UserInterface $user): bool

User/UserInterface.php

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -46,18 +46,22 @@ interface UserInterface
4646
*/
4747
public function getRoles(): array;
4848

49+
/**
50+
* Returns the identifier for this user (e.g. username or email address).
51+
*
52+
* @return non-empty-string
53+
*/
54+
public function getUserIdentifier(): string;
55+
4956
/**
5057
* Removes sensitive data from the user.
5158
*
5259
* This is important if, at any given point, sensitive information like
5360
* the plain-text password is stored on this object.
61+
*
62+
* @deprecated since Symfony 7.3, use a dedicated DTO instead or implement your
63+
* own erasing logic instead
5464
*/
5565
public function eraseCredentials(): void;
5666

57-
/**
58-
* Returns the identifier for this user (e.g. username or email address).
59-
*
60-
* @return non-empty-string
61-
*/
62-
public function getUserIdentifier(): string;
6367
}

0 commit comments

Comments
 (0)
0