8000 deprecate the Role and SwitchUserRole classes · symfony/symfony@1aec9b7 · GitHub
[go: up one dir, main page]
Skip to content

Commit 1aec9b7

Browse files
xabbuhxabbuh
committed
deprecate the Role and SwitchUserRole classes
1 parent 3ae36f4 commit 1aec9b7

File tree

8 files changed

+130
-80
lines changed

8 files changed

+130
-80
lines changed

src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,13 @@ public function authenticate(TokenInterface $token)
9393
throw $e;
9494
}
9595

96-
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token));
96+
$previousToken = null;
97+
98+
if ($token instanceof UsernamePasswordToken) {
99+
$previousToken = $token->getPreviousToken();
100+
}
101+
102+
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token), $previousToken);
97103
$authenticatedToken->setAttributes($token->getAttributes());
98104

99105
return $authenticatedToken;

src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php

Lines changed: 31 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,18 +20,20 @@ class UsernamePasswordToken extends AbstractToken
2020
{
2121
private $credentials;
2222
private $providerKey;
23+
private $previousToken;
2324

2425
/**
2526
* Constructor.
2627
*
27-
* @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
28-
* @param string $credentials This usually is the password of the user
29-
* @param string $providerKey The provider key
30-
* @param (RoleInterface|string)[] $roles An array of roles
28+
* @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
29+
* @param string $credentials This usually is the password of the user
30+
* @param string $providerKey The provider key
31+
* @param (RoleInterface|string)[] $roles An array of roles
32+
* @param TokenInterface|null $previousToken The token of the user that switched to the current user
3133
*
3234
* @throws \InvalidArgumentException
3335
*/
34-
public function __construct($user, $credentials, $providerKey, array $roles = array())
36+
public function __construct($user, $credentials, $providerKey, array $roles = array(), TokenInterface $previousToken = null)
3537
{
3638
parent::__construct($roles);
3739

@@ -42,6 +44,7 @@ public function __construct($user, $credentials, $providerKey, array $roles = ar
4244
$this->setUser($user);
4345
$this->credentials = $credentials;
4446
$this->providerKey = $providerKey;
47+
$this->previousToken = $previousToken;
4548

4649
parent::setAuthenticated(count($roles) > 0);
4750
}
@@ -76,6 +79,16 @@ public function getProviderKey()
7679
return $this->providerKey;
7780
}
7881

82+
public function isUserSwitched()
83+
{
84+
return null !== $this->previousToken;
85+
}
86+
87+
public function getPreviousToken()
88+
{
89+
return $this->previousToken;
90+
}
91+
7992
/**
8093
* {@inheritdoc}
8194
*/
@@ -91,15 +104,26 @@ public function eraseCredentials()
91104
*/
92105
public function serialize()
93106
{
94-
return serialize(array($this->credentials, $this->providerKey, parent::serialize()));
107+
$previousToken = $this->previousToken;
108+
109+
if (null !== $previousToken) {
110+
$previousToken = serialize($previousToken);
111+
}
112+
113+
return serialize(array($this->credentials, $this->providerKey, parent::serialize(), $previousToken));
95114
}
96115

97116
/**
98117
* {@inheritdoc}
99118
*/
100119
public function unserialize($serialized)
101120
{
102-
list($this->credentials, $this->providerKey, $parentStr) = unserialize($serialized);
121+
list($this->credentials, $this->providerKey, $parentStr, $previousToken) = unserialize($serialized);
122+
123+
if (null !== $previousToken) {
124+
$this->previousToken = unserialize($previousToken);
125+
}
126+
103127
parent::unserialize($parentStr);
104128
}
105129
}

src/Symfony/Component/Security/Core/Role/SwitchUserRole.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,12 @@
1818
* another one.
1919
*
2020
* @author Fabien Potencier <fabien@symfony.com>
21+
*
22+
* @deprecated since version 3.3 and will be removed in 4.0. Use strings as roles instead.
2123
*/
2224
class SwitchUserRole extends Role
2325
{
26+
private static $deprecationTriggered = false;
2427
private $source;
2528

2629
/**
@@ -31,6 +34,12 @@ class SwitchUserRole extends Role
3134
*/
3235
public function __construct($role, TokenInterface $source)
3336
{
37+
if (!self::$deprecationTriggered && (func_num_args() < 3 || func_get_arg(2))) {
38+
@trigger_error(sprintf('The "%s" class is deprecated since version 3.3 and will be removed in 4.0. Use strings as roles instead.', __CLASS__), E_USER_DEPRECATED);
39+
40+
self::$deprecationTriggered = true;
41+
}
42+
3443
parent::__construct($role);
3544

3645
$this->source = $source;
@@ -43,6 +52,12 @@ public function __construct($role, TokenInterface $source)
4352
*/
4453
public function getSource()
4554
{
55+
if (!self::$deprecationTriggered) {
56+
@trigger_error(sprintf(' 10000 ;The "%s" class is deprecated since version 3.3 and will be removed in 4.0. Use strings as roles instead.', __CLASS__), E_USER_DEPRECATED);
57+
58+
self::$deprecationTriggered = true;
59+
}
60+
4661
return $this->source;
4762
}
4863
}

src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\Security\Core\Tests\Authentication\Provider;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
1516
use Symfony\Component\Security\Core\Exception\AccountExpiredException;
1617
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
1718
use Symfony\Component\Security\Core\Exception\CredentialsExpiredException;
@@ -190,6 +191,9 @@ public function testAuthenticate()
190191
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
191192
}
192193

194+
/**
195+
* @group legacy
196+
*/
193197
public function testAuthenticateWithPreservingRoleSwitchUserRole()
194198
{
195199
$user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
@@ -226,6 +230,35 @@ public function testAuthenticateWithPreservingRoleSwitchUserRole()
226230
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
227231
}
228232

233+
public function testAuthenticatePreservesOriginalToken()
234+
{
235+
$user = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
236+
$user->expects($this->once())
237+
->method('getRoles')
238+
->will($this->returnValue(array('ROLE_FOO')))
239+
;
240+
241+
$provider = $this->getProvider();
242+
$provider->expects($this->once())
243+
->method('retrieveUser')
244+
->will($this->returnValue($user))
245+
;
246+
247+
$originalToken = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
248+
$token = new UsernamePasswordToken($this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock(), 'foo', 'key', array(), $originalToken);
249+
$token->setAttributes(array('foo' => 'bar'));
250+
251+
$authToken = $provider->authenticate($token);
252+
253+
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken);
254+
$this->assertTrue($authToken->isUserSwitched());
255+
$this->assertSame($originalToken, $authToken->getPreviousToken());
256+
$this->assertSame($user, $authToken->getUser());
257+
$this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false);
258+
$this->assertEquals('foo', $authToken->getCredentials());
259+
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
260+
}
261+
229262
protected function getSupportedToken()
230263
{
231264
$mock = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken')->setMethods(array('getCredentials', 'getProviderKey', 'getRoles'))->disableOriginalConstructor()->getMock();

src/Symfony/Component/Security/Core/Tests/Role/SwitchUserRoleTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@
1414
use PHPUnit\Framework\TestCase;
1515
use Symfony\Component\Security\Core\Role\SwitchUserRole;
1616

17+
/**
18+
* @group legacy
19+
*/
1720
class SwitchUserRoleTest extends TestCase
1821
{
1922
public function testGetSource()

src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -138,9 +138,9 @@ private function attemptSwitchUser(Request $request)
138138
$this->userChecker->checkPostAuth($user);
139139

140140
$roles = $user->getRoles();
141-
$roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->tokenStorage->getToken());
141+
$roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->tokenStorage->getToken(), false);
142142

143-
$token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles);
143+
$token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles, $token);
144144

145145
if (null !== $this->dispatcher) {
146146
$switchEvent = new SwitchUserEvent($request, $token->getUser());
@@ -183,12 +183,14 @@ private function attemptExitUser(Request $request)
183183
*/
184184
private function getOriginalToken(TokenInterface $token)
185185
{
186-
foreach ($token->getRoles() as $role) {
187-
if ($role instanceof SwitchUserRole) {
188-
return $role->getSource();
189-
}
186+
if (!$token instanceof UsernamePasswordToken) {
187+
return false;
188+
}
189+
190+
if (!$token->isUserSwitched()) {
191+
return false;
190192
}
191193

192-
return false;
194+
return $token->getPreviousToken();
193195
}
194196
}

0 commit comments

Comments
 (0)
0