10BC0 minor #31723 [Security] remove deprecated role classes (xabbuh) · symfony/symfony@343da8c · GitHub
[go: up one dir, main page]
Skip to content

Commit 343da8c

Browse files
author
Robin Chalas
committed
minor #31723 [Security] remove deprecated role classes (xabbuh)
This PR was merged into the 5.0-dev branch. Discussion ---------- [Security] remove deprecated role classes | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | yes | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | Commits ------- d64372d remove deprecated role classes
2 parents e5aaa8c + d64372d commit 343da8c

29 files changed

+39
-662
lines changed

src/Symfony/Bridge/Monolog/Processor/TokenProcessor.php

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,7 @@ public function __invoke(array $records)
3131
{
3232
$records['extra']['token'] = null;
3333
if (null !== $token = $this->tokenStorage->getToken()) {
34-
if (method_exists($token, 'getRoleNames')) {
35-
$roles = $token->getRoleNames();
36-
} else {
37-
$roles = array_map(function ($role) { return $role->getRole(); }, $token->getRoles(false));
38-
}
34+
$roles = $token->getRoleNames();
3935

4036
$records['extra']['token'] = [
4137
'username' => $token->getUsername(),

src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php

Lines changed: 2 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,7 @@
2222
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
2323
use Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager;
2424
use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
25-
use Symfony\Component\Security\Core\Role\Role;
2625
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
27-
use Symfony\Component\Security\Core\Role\SwitchUserRole;
2826
use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
2927
use Symfony\Component\Security\Http\FirewallMapInterface;
3028
use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
@@ -92,33 +90,15 @@ public function collect(Request $request, Response $response, \Exception $except
9290
];
9391
} else {
9492
$inheritedRoles = [];
95-
96-
if (method_exists($token, 'getRoleNames')) {
97-
$assignedRoles = $token->getRoleNames();
98-
} else {
99-
$assignedRoles = array_map(function (Role $role) { return $role->getRole(); }, $token->getRoles(false));
100-
}
93+
$assignedRoles = $token->getRoleNames();
10194

10295
$impersonatorUser = null;
10396
if ($token instanceof SwitchUserToken) {
10497
$impersonatorUser = $token->getOriginalToken()->getUsername();
105-
} else {
106-
foreach ($token->getRoles(false) as $role) {
107-
if ($role instanceof SwitchUserRole) {
108-
$impersonatorUser = $role->getSource()->getUsername();
109-
break;
110-
}
111-
}
11298
}
11399

114100
if (null !== $this->roleHierarchy) {
115-
if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
116-
$allRoles = $this->roleHierarchy->getReachableRoleNames($assignedRoles);
117-
} else {
118-
$allRoles = array_map(function (Role $role) { return (string) $role; }, $this->roleHierarchy->getReachableRoles($token->getR 4B92 oles(false)));
119-
}
120-
121-
foreach ($allRoles as $role) {
101+
foreach ($this->roleHierarchy->getReachableRoleNames($assignedRoles) as $role) {
122102
if (!\in_array($role, $assignedRoles, true)) {
123103
$inheritedRoles[] = $role;
124104
}

src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php

Lines changed: 0 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,7 @@
2828
use Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager;
2929
use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
3030
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
31-
use Symfony\Component\Security\Core\Role\Role;
3231
use Symfony\Component\Security\Core\Role\RoleHierarchy;
33-
use Symfony\Component\Security\Core\Role\SwitchUserRole;
3432
use Symfony\Component\Security\Http\FirewallMapInterface;
3533
use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
3634
use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
@@ -97,36 +95,6 @@ public function testCollectAuthenticationTokenAndRoles(array $roles, array $norm
9795
$this->assertSame('hhamon', $collector->getUser());
9896
}
9997

100-
/**
101-
* @group legacy
102-
*/
103-
public function testCollectImpersonatedToken()
104-
{
105-
$adminToken = new UsernamePasswordToken('yceruto', 'P4$$w0rD', 'provider', ['ROLE_ADMIN']);
106-
107-
$userRoles = [
108-
'ROLE_USER',
109-
new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $adminToken),
110-
];
111-
112-
$tokenStorage = new TokenStorage();
113-
$tokenStorage->setToken(new UsernamePasswordToken('hhamon', 'P4$$w0rD', 'provider', $userRoles));
114-
115-
$collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy());
116-
$collector->collect(new Request(), new Response());
117-
$collector->lateCollect();
118-
119-
$this->assertTrue($collector->isEnabled());
120-
$this->assertTrue($collector->isAuthenticated());
121-
$this->assertTrue($collector->isImpersonated());
122-
$this->assertSame('yceruto', $collector->getImpersonatorUser());
123-
$this->assertSame('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $collector->getTokenClass()->getValue());
124-
$this->assertTrue($collector->supportsRoleHierarchy());
125-
$this->assertSame(['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $collector->getRoles()->getValue(true));
126-
$this->assertSame([], $collector->getInheritedRoles()->getValue(true));
127-
$this->assertSame('hhamon', $collector->getUser());
128-
}
129-
13098
public function testCollectSwitchUserToken()
13199
{
132100
$adminToken = new UsernamePasswordToken('yceruto', 'P4$$w0rD', 'provider', ['ROLE_ADMIN']);
@@ -391,22 +359,12 @@ public function provideRoles()
391359
['ROLE_USER'],
392360
[],
393361
],
394-
[
395-
[new Role('ROLE_USER', false)],
396-
['ROLE_USER'],
397-
[],
398-
],
399362
// Inherited roles
400363
[
401364
['ROLE_ADMIN'],
402365
['ROLE_ADMIN'],
403366
['ROLE_USER', 'ROLE_ALLOWED_TO_SWITCH'],
404367
],
405-
[
406-
[new Role('ROLE_ADMIN', false)],
407-
['ROLE_ADMIN'],
408-
['ROLE_USER', 'ROLE_ALLOWED_TO_SWITCH'],
409-
],
410368
[
411369
['ROLE_ADMIN', 'ROLE_OPERATOR'],
412370
['ROLE_ADMIN', 'ROLE_OPERATOR'],

src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,11 @@ CHANGELOG
1111
* `SimpleAuthenticatorInterface`, `SimpleFormAuthenticatorInterface`, `SimplePreAuthenticatorInterface`,
1212
`SimpleAuthenticationProvider`, `SimpleAuthenticationHandler`, `SimpleFormAuthenticationListener` and
1313
`SimplePreAuthenticationListener` have been removed. Use Guard instead.
14+
* Removed the `Role` and `SwitchUserRole` classes. Use strings for roles instead.
15+
* Removed the `getReachableRoles()` method from the `RoleHierarchyInterface`. Role hierarchies must implement
16+
the `getReachableRoleNames()` method instead and return roles as strings.
17+
* Removed the `getRoles()` method from the `TokenInterface`. Tokens must implement the `getRoleNames()` method
18+
instead and return roles as strings.
1419

1520
4.3.0
1621
-----

src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php

Lines changed: 2 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@
1818
use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
1919
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
2020
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
21-
use Symfony\Component\Security\Core\Role\SwitchUserRole;
2221
use Symfony\Component\Security\Core\User\UserCheckerInterface;
2322
use Symfony\Component\Security\Core\User\UserInterface;
2423

@@ -89,9 +88,9 @@ public function authenticate(TokenInterface $token)
8988
}
9089

9190
if ($token instanceof SwitchUserToken) {
92-
$authenticatedToken = new SwitchUserToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token), $token->getOriginalToken());
91+
$authenticatedToken = new SwitchUserToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles(), $token->getOriginalToken());
9392
} else {
94-
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $this->getRoles($user, $token));
93+
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
9594
}
9695

9796
$authenticatedToken->setAttributes($token->getAttributes());
@@ -107,26 +106,6 @@ public function supports(TokenInterface $token)
107106
return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey();
108107
}
109108

110-
/**
111-
* Retrieves roles from user and appends SwitchUserRole if original token contained one.
112-
*
113-
* @return array The user roles
114-
*/
115-
private function getRoles(UserInterface $user, TokenInterface $token)
116-
{
117-
$roles = $user->getRoles();
118-
119-
foreach ($token->getRoles(false) as $role) {
120-
if ($role instanceof SwitchUserRole) {
121-
$roles[] = $role;
122-
123-
break;
124-
}
125-
}
126-
127-
return $roles;
128-
}
129-
130109
/**
131110
* Retrieves the user from an implementation-specific location.
132111
*

src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

Lines changed: 7 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@
1111

1212
namespace Symfony\Component\Security\Core\Authentication\Token;
1313

14-
use Symfony\Component\Security\Core\Role\Role;
1514
use Symfony\Component\Security\Core\User\EquatableInterface;
1615
use Symfony\Component\Security\Core\User\UserInterface;
1716

@@ -24,7 +23,6 @@
2423
abstract class AbstractToken implements TokenInterface
2524
{
2625
private $user;
27-
private $roles = [];
2826
private $roleNames = [];
2927
private $authenticated = false;
3028
private $attributes = [];
@@ -37,32 +35,16 @@ abstract class AbstractToken implements TokenInterface
3735
public function __construct(array $roles = [])
3836
{
3937
foreach ($roles as $role) {
40-
if (\is_string($role)) {
41-
$role = new Role($role, false);
42-
} elseif (!$role instanceof Role) {
43-
throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or Role instances, but got %s.', \gettype($role)));
44-
}
45-
46-
$this->roles[] = $role;
47-
$this->roleNames[] = (string) $role;
38+
$this->roleNames[] = $role;
4839
}
4940
}
5041

51-
public function getRoleNames(): array
52-
{
53-
return $this->roleNames;
54-
}
55-
5642
/**
5743
* {@inheritdoc}
5844
*/
59-
public function getRoles()
45+
public function getRoleNames(): array
6046
{
61-
if (0 === \func_num_args() || func_get_arg(0)) {
62-
@trigger_error(sprintf('The %s() method is deprecated since Symfony 4.3. Use the getRoleNames() method instead.', __METHOD__), E_USER_DEPRECATED);
63-
}
64-
65-
return $this->roles;
47+
return $this->roleNames;
6648
}
6749

6850
/**
@@ -158,7 +140,7 @@ public function eraseCredentials()
158140
*/
159141
public function __serialize(): array
160142
{
161-
return [$this->user, $this->authenticated, $this->roles, $this->attributes, $this->roleNames];
143+
return [$this->user, $this->authenticated, null, $this->attributes, $this->roleNames];
162144
}
163145

164146
/**
@@ -198,15 +180,7 @@ public function serialize()
198180
*/
199181
public function __unserialize(array $data): void
200182
{
201-
[$this->user, $this->authenticated, $this->roles, $this->attributes] = $data;
202-
203-
// migration path to 4.3+
204-
if (null === $this->roleNames = $data[4] ?? null) {
205-
$this->roleNames = [];
206-
foreach ($this->roles as $role) {
207-
$this->roleNames[] = (string) $role;
208-
}
209-
}
183+
[$this->user, $this->authenticated, , $this->attributes, $this->roleNames] = $data;
210184
}
211185

212186
/**
@@ -291,8 +265,8 @@ public function __toString()
291265
$class = substr($class, strrpos($class, '\\') + 1);
292266

293267
$roles = [];
294-
foreach ($this->roles as $role) {
295-
$roles[] = $role->getRole();
268+
foreach ($this->roleNames as $role) {
269+
$roles[] = $role;
296270
}
297271

298272
return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUsername(), json_encode($this->authenticated), implode(', ', $roles));

src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,6 @@ public function getToken()
3939
*/
4040
public function setToken(TokenInterface $token = null)
4141
{
42-
if (null !== $token && !method_exists($token, 'getRoleNames')) {
43-
@trigger_error(sprintf('Not implementing the getRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($token), TokenInterface::class), E_USER_DEPRECATED);
44-
}
45-
4642
$this->token = $token;
4743
}
4844

src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -11,17 +11,14 @@
1111

1212
namespace Symfony\Component\Security\Core\Authentication\Token;
1313

14-
use Symfony\Component\Security\Core\Role\Role;
15-
1614
/**
1715
* TokenInterface is the interface for the user authentication information.
1816
*
1917
* @author Fabien Potencier <fabien@symfony.com>
2018
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
2119
*
22-
* @method array __serialize() Returns all the necessary state of the object for serialization purposes - not implementing it is deprecated since Symfony 4.3
23-
* @method void __unserialize(array $data) Restores the object state from an array given by __serialize() - not implementing it is deprecated since Symfony 4.3
24-
* @method string[] getRoleNames() The associated roles - not implementing it is deprecated since Symfony 4.3
20+
* @method array __serialize() Returns all the necessary state of the object for serialization purposes - not implementing it is deprecated since Symfony 4.3
21+
* @method void __unserialize(array $data) Restores the object state from an array given by __serialize() - not implementing it is deprecated since Symfony 4.3
2522
*/
2623
interface TokenInterface extends \Serializable
2724
{
@@ -37,11 +34,9 @@ public function __toString();
3734
/**
3835
* Returns the user roles.
3936
*
40-
* @return Role[] An array of Role instances
41-
*
42-
* @deprecated since Symfony 4.3, use the getRoleNames() method instead
37+
* @return string[] The associated roles
4338
*/
44-
public function getRoles();
39+
public function getRoleNames(): array;
4540

4641
/**
4742
* Returns the user credentials.

src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php

Lines changed: 2 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@
1818
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
1919
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
2020
use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
21-
use Symfony\Component\Security\Core\Role\Role;
2221
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
2322

2423
/**
@@ -78,30 +77,17 @@ public function vote(TokenInterface $token, $subject, array $attributes)
7877

7978
private function getVariables(TokenInterface $token, $subject)
8079
{
81-
if (method_exists($token, 'getRoleNames')) {
82-
$roleNames = $token->getRoleNames();
83-
$roles = array_map(function (string $role) { return new Role($role, false); }, $roleNames);
84-
} else {
85-
@trigger_error(sprintf('Not implementing the getRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($token), TokenInterface::class), E_USER_DEPRECATED);
86-
87-
$roles = $token->getRoles(false);
88-
$roleNames = array_map(function (Role $role) { return $role->getRole(); }, $roles);
89-
}
80+
$roleNames = $token->getRoleNames();
9081

91-
if (null !== $this->roleHierarchy && method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
82+
if (null !== $this->roleHierarchy) {
9283
$roleNames = $this->roleHierarchy->getReachableRoleNames($roleNames);
93-
$roles = array_map(function (string $role) { return new Role($role, false); }, $roleNames);
94-
} elseif (null !== $this->roleHierarchy) {
95-
$roles = $this->roleHierarchy->getReachableRoles($roles);
96-
$roleNames = array_map(function (Role $role) { return $role->getRole(); }, $roles);
9784
}
9885

9986
$variables = [
10087
'token' => $token,
10188
'user' => $token->getUser(),
10289
'object' => $subject,
10390
'subject' => $subject,
104-
'roles' => $roles,
10591
'role_names' => $roleNames,
10692
'trust_resolver' => $this->trustResolver,
10793
'auth_checker' => $this->authChecker,

0 commit comments

Comments
 (0)
0