8000 Deprecated is_*() expression functions · symfony/symfony@2fb0a98 · GitHub
[go: up one dir, main page]
Skip to content

Commit 2fb0a98

Browse files
wouterjwouterj
committed
Deprecated is_*() expression functions
is_granted() should be used instead with the correct attributes
1 parent aa8289d commit 2fb0a98

File tree

5 files changed

+82
-8
lines changed

5 files changed

+82
-8
lines changed

UPGRADE-5.1.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,21 @@ Routing
5959
* Deprecated `RouteCollectionBuilder` in favor of `RoutingConfigurator`.
6060
* Added argument `$priority` to `RouteCollection::add()`
6161

62+
Security
63+
--------
64+
65+
* The `is_anonymous()`, `is_remember_me()`, `is_authenticated()` and `is_fully_authenticated()` expression functions are removed. Use `is_granted()` with the correct attribute instead:
66+
67+
Before:
68+
```
69+
is_remember_me() or is_anonymous()
70+
```
71+
72+
After:
73+
```
74+
is_granted('IS_REMEBERED') or is_granted('IS_ANONYMOUS')
75+
```
76+
6277
Yaml
6378
----
6479

src/Symfony/Bundle/Security 10000 Bundle/Tests/Functional/app/StandardFormLogin/config.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,5 +50,5 @@ security:
5050
- { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
5151
- { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
5252
- { path: ^/highly_protected_resource$, roles: IS_ADMIN }
53-
- { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
53+
- { path: ^/protected-via-expression$, allow_if: "(is_granted('IS_ANONYMOUS') and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
5454
- { path: .*, roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ CHANGELOG
66

77
* Added access decision strategy to override access decisions by voter service priority
88
* Added `IS_ANONYMOUS`, `IS_REMEMBERED`, `IS_IMPERSONATOR`
9+
* Deprecated `is_anonymous()`, `is_remember_me()`, `is_authenticated()` and `is_fully_authenticated()` in favor of `is_granted(attribute)`
910

1011
5.0.0
1112
-----

src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,20 +25,32 @@ public function getFunctions()
2525
{
2626
return [
2727
new ExpressionFunction('is_anonymous', function () {
28+
@trigger_error("is_anonymous() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_ANONYMOUS') instead.", E_USER_DEPRECATED);
29+
2830
return '$trust_resolver->isAnonymous($token)';
2931
}, function (array $variables) {
32+
@trigger_error("is_anonymous() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_ANONYMOUS') instead.", E_USER_DEPRECATED);
33+
3034
return $variables['trust_resolver']->isAnonymous($variables['token']);
3135
}),
3236

3337
new ExpressionFunction('is_authenticated', function () {
38+
@trigger_error("is_authenticated() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_AUTHENTICATED') instead.", E_USER_DEPRECATED);
39+
3440
return '$token && !$trust_resolver->isAnonymous($token)';
3541
}, function (array $variables) {
42+
@trigger_error("is_authenticated() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_AUTHENTICATED') instead.", E_USER_DEPRECATED);
43+
3644
return $variables['token'] && !$variables['trust_resolver']->isAnonymous($variables['token']);
3745
}),
3846

3947
new ExpressionFunction('is_fully_authenticated', function () {
48+
@trigger_error("is_fully_authenticated() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_AUTHENTICATED_FULLY') instead.", E_USER_DEPRECATED);
49+
4050
return '$trust_resolver->isFullFledged($token)';
4151
}, function (array $variables) {
52+
@trigger_error("is_fully_authenticated() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_AUTHENTICATED_FULLY') instead.", E_USER_DEPRECATED);
53+
4254
return $variables['trust_resolver']->isFullFledged($variables['token']);
4355
}),
4456

@@ -49,8 +61,12 @@ public function getFunctions()
4961
}),
5062

5163
new ExpressionFunction('is_remember_me', function () {
64+
@trigger_error("is_remember_me() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_REMEMBERED') instead.", E_USER_DEPRECATED);
65+
5266
return '$trust_resolver->isRememberMe($token)';
5367
}, function (array $variables) {
68+
@trigger_error("is_remember_me() is deprecated since version 4.4 and will be removed in 5.0. Use is_granted('IS_REMEMBERED') instead.", E_USER_DEPRECATED);
69+
5470
return $variables['trust_resolver']->isRememberMe($variables['token']);
5571
}),
5672
];

src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php

Lines changed: 49 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
2222
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
2323
use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
24+
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
2425
use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
2526
use Symfony\Component\Security\Core\User\User;
2627

@@ -35,7 +36,7 @@ public function testIsAuthenticated($token, $expression, $result)
3536
$trustResolver = new AuthenticationTrustResolver();
3637
$tokenStorage = new TokenStorage();
3738
$tokenStorage->setToken($token);
38-
$accessDecisionManager = new AccessDecisionManager([new RoleVoter()]);
39+
$accessDecisionManager = new AccessDecisionManager([new RoleVoter(), new AuthenticatedVoter($trustResolver)]);
3940
$authChecker = new AuthorizationChecker($tokenStorage, $this->getMockBuilder(AuthenticationManagerInterface::class)->getMock(), $accessDecisionManager);
4041

4142
$context = [];
@@ -51,6 +52,52 @@ public function provider()
5152
$roles = ['ROLE_USER', 'ROLE_ADMIN'];
5253
$user = new User('username', 'password', $roles);
5354

55+
$anonymousToken = new AnonymousToken('firewall', 'anon.');
56+
$rememberMeToken = new RememberMeToken($user, 'providerkey', 'firewall');
57+
$usernamePasswordToken = new UsernamePasswordToken('username', 'password', 'providerkey', $roles);
58+
59+
return [
60+
[$anonymousToken, "is_granted('IS_ANONYMOUS')", true],
61+
[$anonymousToken, "is_granted('IS_AUTHENTICATED')", true],
62+
[$anonymousToken, "is_granted('IS_AUTHENTICATED_FULLY')", false],
63+
[$anonymousToken, "is_granted('IS_REMEMBERED')", false],
64+
[$anonymousToken, "is_granted('ROLE_USER')", false],
65+
66+
[$rememberMeToken, "is_granted('IS_ANONYMOUS')", false],
67+
[$rememberMeToken, "is_granted('IS_AUTHENTICATED')", true],
68+
[$rememberMeToken, "is_granted('IS_AUTHENTICATED_FULLY')", false],
69+
[$rememberMeToken, "is_granted('IS_REMEMBERED')", true],
70+
[$rememberMeToken, "is_granted('ROLE_FOO')", false],
71+
[$rememberMeToken, "is_granted('ROLE_USER')", true],
72+
73+
[$usernamePasswordToken, "is_granted('IS_ANONYMOUS')", false],
74+
[$usernamePasswordToken, "is_granted('IS_AUTHENTICATED')", true],
75+
[$usernamePasswordToken, "is_granted('IS_AUTHENTICATED_FULLY')", true],
76+
[$usernamePasswordToken, "is_granted('IS_REMEMBERED')", false],
77+
[$usernamePasswordToken, "is_granted('ROLE_FOO')", false],
78+
[$usernamePasswordToken, "is_granted('ROLE_USER')", true],
79+
];
80+
}
81+
82+
/**
83+
* @dataProvider provideLegacyIsAuthenticated
84+
*/
85+
public function testLegacyIsAuthenticated()
86+
{
87+
$expressionLanguage = new ExpressionLanguage();
88+
89+
$context = [];
90+
$context['trust_resolver'] = new AuthenticationTrustResolver();
91+
$context['token'] = new AnonymousToken('firewall', 'anon.');
92+
93+
$this->assertFalse($expressionLanguage->evaluate('is_authenticated()', $context));
94+
}
95+
96+
public function provideLegacyIsAuthenticated()
97+
{
98+
$roles = ['ROLE_USER', 'ROLE_ADMIN'];
99+
$user = new User('username', 'password', $roles);
100+
54101
$noToken = null;
55102
$anonymousToken = new AnonymousToken('firewall', 'anon.');
56103
$rememberMeToken = new RememberMeToken($user, 'providerkey', 'firewall');
@@ -63,24 +110,19 @@ public function provider()
63110
[$noToken, 'is_remember_me()', false],
64111

65112
[$anonymousToken, 'is_anonymous()', true],
66-
[$anonymousToken, 'is_authenticated()', false],
113+
[$anonymousToken, 'is_authenticated()', true],
67114
[$anonymousToken, 'is_fully_authenticated()', false],
68115
[$anonymousToken, 'is_remember_me()', false],
69-
[$anonymousToken, "is_granted('ROLE_USER')", false],
70116

71117
[$rememberMeToken, 'is_anonymous()', false],
72118
[$rememberMeToken, 'is_authenticated()', true],
73119
[$rememberMeToken, 'is_fully_authenticated()', false],
74120
[$rememberMeToken, 'is_remember_me()', true],
75-
[$rememberMeToken, "is_granted('ROLE_FOO')", false],
76-
[$rememberMeToken, "is_granted('ROLE_USER')", true],
77121

78122
[$usernamePasswordToken, 'is_anonymous()', false],
79123
[$usernamePasswordToken, 'is_authenticated()', true],
80124
[$usernamePasswordToken, 'is_fully_authenticated()', true],
81125
[$usernamePasswordToken, 'is_remember_me()', false],
82-
[$usernamePasswordToken, "is_granted('ROLE_FOO')", false],
83-
[$usernamePasswordToken, "is_granted('ROLE_USER')", true],
84126
];
85127
}
86128
}

0 commit comments

Comments
 (0)
0