8000 [Security] Deprecate `TokenInterface::isAuthenticated()` and `setAuth… · symfony/symfony@366e1e7 · GitHub
[go: up one dir, main page]
Skip to content

Commit 366e1e7

Browse files
chalasrchalasr
committed
[Security] Deprecate TokenInterface::isAuthenticated() and setAuthenticated() 
1 parent 479919d commit 366e1e7

33 files changed

+222
-39
lines changed

UPGRADE-5.4.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,6 @@ Security
3030
behavior when using `enable_authenticator_manager: true`)
3131
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
3232
(this is the default behavior when using `enable_authenticator_manager: true`)
33+
* Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
34+
tokens will always be considered authenticated in 6.0
35+
* Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead

UPGRADE-6.0.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -316,6 +316,9 @@ Security
316316
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
317317
from security-http, use the new authenticator system instead
318318
* Remove the Guard component, use the new authenticator system instead
319+
* Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
320+
tokens will always be considered authenticated in 6.0
321+
* Remove `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead
319322

320323
SecurityBundle
321324
--------------

src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ public function __invoke(array $record): array
4242

4343
if (null !== $token = $this->getToken()) {
4444
$record['extra'][$this->getKey()] = [
45-
'authenticated' => $token->isAuthenticated(),
45+
'authenticated' => $token->isAuthenticated(false), // @deprecated since Symfony 5.4, always true in 6.0
4646
'roles' => $token->getRoleNames(),
4747
];
4848

src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,6 @@ public function testLegacyProcessor()
3939

4040
$this->assertArrayHasKey('token', $record['extra']);
4141
$this->assertEquals($token->getUsername(), $record['extra']['token']['username']);
42-
$this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);
4342
$this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);
4443
}
4544

@@ -59,7 +58,6 @@ public function testProcessor()
5958

6059
$this->assertArrayHasKey('token', $record['extra']);
6160
$this->assertEquals($token->getUserIdentifier(), $record['extra']['token']['user_identifier']);
62-
$this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);
6361
$this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);
6462
}
6563
}

src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ public function loginUser(object $user, string $firewallContext = 'main'): self
123123
}
124124

125125
$token = new TestBrowserToken($user->getRoles(), $user, $firewallContext);
126-
$token->setAuthenticated(true);
126+
$token->setAuthenticated(true, false);
127127

128128
$container = $this->getContainer();
129129
$container->get('security.untracked_token_storage')->setToken($token);

src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ public function collect(Request $request, Response $response, \Throwable $except
123123

124124
$this->data = [
125125
'enabled' => true,
126-
'authenticated' => $token->isAuthenticated(),
126+
'authenticated' => $token->isAuthenticated(false),
127127
'impersonated' => null !== $impersonatorUser,
128128
'impersonator_user' => $impersonatorUser,
129129
'impersonation_exit_path' => null,

src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,12 @@ public function setUser($user)
9999
throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');
100100
}
101101

102-
if (null === $this->user) {
102+
// @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
103+
if (2 === \func_num_args() && !func_get_arg(1)) {
104+
// ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
105+
// avoid doing the same checks twice
106+
$changed = false;
107+
} elseif (null === $this->user) {
103108
$changed = false;
104109
} elseif ($this->user instanceof UserInterface) {
105110
if (!$user instanceof UserInterface) {
@@ -113,18 +118,25 @@ public function setUser($user)
113118
$changed = (string) $this->user !== (string) $user;
114119
}
115120

121+
// @deprecated since Symfony 5.4
116122
if ($changed) {
117-
$this->setAuthenticated(false);
123+
$this->setAuthenticated(false, false);
118124
}
119125

120126
$this->user = $user;
121127
}
122128

123129
/**
124130
* {@inheritdoc}
131+
*
132+
* @deprecated since Symfony 5.4
125133
*/
126134
public function isAuthenticated()
127135
{
136+
if (0 === \func_num_args() || func_get_arg(0)) {
137+
trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
138+
}
139+
128140
return $this->authenticated;
129141
}
130142

@@ -133,6 +145,11 @@ public function isAuthenticated()
133145
*/
134146
public function setAuthenticated(bool $authenticated)
135147
{
148+
$numArgs = \func_num_args();
149+
if (0 === $numArgs || (2 === $numArgs && func_get_arg(1))) {
150+
trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" state anymore and will always be considered as authenticated.', __METHOD__);
151+
}
152+
136153
$this->authenticated = $authenticated;
137154
}
138155

@@ -275,6 +292,9 @@ final public function unserialize($serialized)
275292
$this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized));
276293
}
277294

295+
/**
296+
* @deprecated since Symfony 5.4
297+
*/
278298
private function hasUserChanged(UserInterface $user): bool
279299
{
280300
if (!($this->user instanceof UserInterface)) {

src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,8 @@ public function __construct(string $secret, $user, array $roles = [])
3333

3434
$this->secret = $secret;
3535
$this->setUser($user);
36-
$this->setAuthenticated(true);
36+
// @deprecated since Symfony 5.4
37+
$this->setAuthenticated(true, false);
3738
}
3839

3940
/**

src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,11 +53,21 @@ public function getUserIdentifier(): string
5353
return '';
5454
}
5555

56+
/**
57+
* @deprecated since Symfony 5.4
58+
*/
5659
public function isAuthenticated()
5760
{
61+
if (0 === \func_num_args() || func_get_arg(0)) {
62+
trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
63+
}
64+
5865
return true;
5966
}
6067

68+
/**
69+
* @deprecated since Symfony 5.4
70+
*/
6171
public function setAuthenticated(bool $isAuthenticated)
6272
{
6373
throw new \BadMethodCallException('Cannot change authentication state of NullToken.');

src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
4141
$this->firewallName = $firewallName;
4242

4343
if ($roles) {
44-
$this->setAuthenticated(true);
44+
$this->setAuthenticated(true, false);
4545
}
4646
}
4747

src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ public function __construct(UserInterface $user, string $firewallName, string $s
4444
$this->secret = $secret;
4545

4646
$this->setUser($user);
47-
parent::setAuthenticated(true);
47+
parent::setAuthenticated(true, false);
4848
}
4949

5050
/**
@@ -56,7 +56,7 @@ public function setAuthenticated(bool $authenticated)
5656
throw new \LogicException('You cannot set this token to authenticated after creation.');
5757
}
5858

59-
parent::setAuthenticated(false);
59+
parent::setAuthenticated(false, false);
6060
}
6161

6262
/**

src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,11 +71,16 @@ public function setUser($user);
7171
* Returns whether the user is authenticated or not.
7272
*
7373
* @return bool true if the token has been authenticated, false otherwise
74+
*
75+
* Deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated
7476
*/
7577
public function isAuthenticated();
7678

7779
/**
7880
* Sets the authenticated flag.
81+
*
82+
* Deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated
83+
7984
*/
8085
public function setAuthenticated(bool $isAuthenticated);
8186

src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
4242
$this->credentials = $credentials;
4343
$this->firewallName = $firewallName;
4444

45-
parent::setAuthenticated(\count($roles) > 0);
45+
parent::setAuthenticated(\count($roles) > 0, false);
4646
}
4747

4848
/**
@@ -54,7 +54,7 @@ public function setAuthenticated(bool $isAuthenticated)
5454
throw new \LogicException('Cannot set this token to trusted after instantiation.');
5555
}
5656

57-
parent::setAuthenticated(false);
57+
parent::setAuthenticated(false, false);
5858
}
5959

6060
/**

src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,12 @@ final public function isGranted($attribute, $subject = null): bool
6262

6363
$token = new NullToken();
6464
} else {
65-
if ($this->alwaysAuthenticate || !$token->isAuthenticated()) {
65+
$authenticated = true;
66+
// @deprecated since Symfony 5.4
67+
if ($this->alwaysAuthenticate || !$authenticated = $token->isAuthenticated(false)) {
68+
if (!($authenticated ?? true)) {
69+
trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated.');
70+
}
6671
$this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
6772
}
6873
}

src/Symfony/Component/Security/Core/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ CHANGELOG
66

77
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
88
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker`
9+
* Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
10+
tokens will always be considered authenticated in 6.0
911

1012
5.3
1113
---

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ public function getUsername()
4141

4242
public function getRoles()
4343
{
44+
return [];
4445
}
4546

4647
public function getPassword()
@@ -104,6 +105,9 @@ public function testConstructor()
104105
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
105106
}
106107

108+
/**
109+
* @group legacy
110+
*/
107111
public function testAuthenticatedFlag()
108112
{
109113
$token = new ConcreteToken();
@@ -158,6 +162,7 @@ public function getUsers()
158162
}
159163

160164
/**
165+
* @group legacy
161166
* @dataProvider getUserChanges
162167
*/
163168
public function testSetUserSetsAuthenticatedToFalseWhenUserChanges($firstUser, $secondUser)
@@ -190,6 +195,7 @@ public function getUserChanges()
190195
}
191196

192197
/**
198+
* @group legacy
193199
* @dataProvider getUsers
194200
*/
195201
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
@@ -205,6 +211,9 @@ public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($
205211
$this->assertTrue($token->isAuthenticated());
206212
}
207213

214+
/**
215+
* @group legacy
216+
*/
208217
public function testIsUserChangedWhenSerializing()
209218
{
210219
$token = new ConcreteToken(['ROLE_ADMIN']);

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AnonymousTokenTest.php

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,19 @@ class AnonymousTokenTest extends TestCase
1818
{
1919
public function testConstructor()
2020
{
21-
$token = new AnonymousToken('foo', 'bar');
22-
$this->assertTrue($token->isAuthenticated());
23-
2421
$token = new AnonymousToken('foo', 'bar', ['ROLE_FOO']);
2522
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
2623
}
2724

25+
/**
26+
* @group legacy
27+
*/
28+
public function testIsAuthenticated()
29+
{
30+
$token = new AnonymousToken('foo', 'bar');
31+
$this->assertTrue($token->isAuthenticated());
32+
}
33+
2834
public function testGetKey()
2935
{
3036
$token = new AnonymousToken('foo', 'bar');

src/Symfony/Component/Security/Core/Tests/Authentication/Token/PreAuthenticatedTokenTest.php

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,7 @@ class PreAuthenticatedTokenTest extends TestCase
1818
{
1919
public function testConstructor()
2020
{
21-
$token = new PreAuthenticatedToken('foo', 'bar', 'key');
22-
$this->assertFalse($token->isAuthenticated());
23-
2421
$token = new PreAuthenticatedToken('foo', 'bar', 'key', ['ROLE_FOO']);
25-
$this->assertTrue($token->isAuthenticated());
2622
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
2723
$this->assertEquals('key', $token->getFirewallName());
2824
}
@@ -45,4 +41,13 @@ public function testEraseCredentials()
4541
$token->eraseCredentials();
4642
$this->assertEquals('', $token->getCredentials());
4743
}
44+
45+
/**
46+
* @group legacy
47+
*/
48+
public function testIsAuthenticated()
49+
{
50+
$token = new PreAuthenticatedToken('foo', 'bar', 'key');
51+
$this->assertFalse($token->isAuthenticated());
52+
}
4853
}

src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,15 @@ public function testConstructor()
2626
$this->assertEquals('foo', $token->getSecret());
2727
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
2828
$this->assertSame($user, $token->getUser());
29+
}
30+
31+
/**
32+
* @group legacy
33+
*/
34+
public function testIsAuthenticated()
35+
{
36+
$user = $this->getUser();
37+
$token = new RememberMeToken($user, 'fookey', 'foo');
2938
$this->assertTrue($token->isAuthenticated());
3039
}
3140

src/Symfony/Component/Security/Core/Tests/Authentication/Token/SwitchUserTokenTest.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
1616
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
1717
use Symfony\Component\Security\Core\Tests\Authentication\Token\Fixtures\CustomUser;
18+
use Symfony\Component\Security\Core\User\InMemoryUser;
1819
use Symfony\Component\Security\Core\User\UserInterface;
1920

2021
class SwitchUserTokenTest extends TestCase
@@ -42,6 +43,9 @@ public function testSerialize()
4243
$this->assertEquals(['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'], $unserializedOriginalToken->getRoleNames());
4344
}
4445

46+
/**
47+
* @group legacy
48+
*/
4549
public function testSetUserDoesNotDeauthenticate()
4650
{
4751
$impersonated = new class() implements UserInterface {
@@ -75,7 +79,7 @@ public function getSalt()
7579
}
7680
};
7781

78-
$originalToken = new UsernamePasswordToken('impersonator', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
82+
$originalToken = new UsernamePasswordToken(new InMemoryUser('impersonator', '', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']), 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
7983
$token = new SwitchUserToken($impersonated, 'bar', 'provider-key', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $originalToken);
8084
$token->setUser($impersonated);
8185
$this->assertTrue($token->isAuthenticated());

0 commit comments

Comments
 (0)
0