8000 [Security] Deprecate "always authenticate" and "exception on no token" · symfony/symfony@4bba287 · GitHub
[go: up one dir, main page]
Skip to content

Commit 4bba287

Browse files
wouterjwouterj
committed
[Security] Deprecate "always authenticate" and "exception on no token"
1 parent cdcf696 commit 4bba287

File tree

12 files changed

+92
-14
lines changed

12 files changed

+92
-14
lines changed

UPGRADE-5.4.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,17 @@ HttpKernel
1111
----------
1212

1313
* Deprecate `AbstractTestSessionListener::getSession` inject a session in the request instead
14+
15+
SecurityBundle
16+
--------------
17+
18+
* Deprecate the `always_authenticate_before_granting` option
19+
20+
Security
21+
--------
22+
23+
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
24+
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker` (this is the default
25+
behavior when using `enable_authenticator_manager: true`)
26+
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
27+
(this is the default behavior when using `enable_authenticator_manager: true`)

UPGRADE-6.0.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,8 @@ Routing
194194
Security
195195
--------
196196

197+
* Remove the 4th and 5th argument of `AuthorizationChecker`
198+
* Remove the 5th argument of `AccessListener`
197199
* Remove class `User`, use `InMemoryUser` or your own implementation instead.
198200
If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing them
199201
in your own user class as they are not part of the `InMemoryUser` API
@@ -313,6 +315,7 @@ Security
313315
SecurityBundle
314316
--------------
315317

318+
* Remove the `always_authenticate_before_granting` option
316319
* Remove the `UserPasswordEncoderCommand` class and the corresponding `user:encode-password` command,
317320
use `UserPasswordHashCommand` and `user:hash-password` instead
318321
* Remove the `security.encoder_factory.generic` service, the `security.encoder_factory` and `Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface` aliases,

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate the `always_authenticate_before_granting` option
8+
49
5.3
510
---
611

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,10 @@ public function getConfigTreeBuilder()
9090
->defaultValue(SessionAuthenticationStrategy::MIGRATE)
9191
->end()
9292
->booleanNode('hide_user_not_found')->defaultTrue()->end()
93-
->booleanNode('always_authenticate_before_granting')->defaultFalse()->end()
93+
->booleanNode('always_authenticate_before_granting')
94+
->defaultFalse()
95+
->setDeprecated('symfony/security-bundle', '5.4')
96+
->end()
9497
->booleanNode('erase_credentials')->defaultTrue()->end()
9598
->booleanNode('enable_authenticator_manager')->defaultFalse()->info('Enables the new Symfony Security system based on Authenticators, all used authenticators must support this before enabling this.')->end()
9699
->arrayNode('access_decision_manager')

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -635,6 +635,9 @@ public function provideEntryPointRequiredData()
635635
];
636636
}
637637

638+
/**
639+
* @group legacy
640+
*/
638641
public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticatorManager()
639642
{
640643
$this->expectException(InvalidConfigurationException::class);

src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,13 @@ class AuthorizationChecker implements AuthorizationCheckerInterface
3434

3535
public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager, bool $alwaysAuthenticate = false, bool $exceptionOnNoToken = true)
3636
{
37+
if (false !== $alwaysAuthenticate) {
38+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 4th argument of "%s" to "false" is deprecated.', __METHOD__);
39+
}
40+
if (false !== $exceptionOnNoToken) {
41+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 5th argument of "%s" to "false" is deprecated.', __METHOD__);
42+
}
43+
3744
$this->tokenStorage = $tokenStorage;
3845
$this->authenticationManager = $authenticationManager;
3946
$this->accessDecisionManager = $accessDecisionManager;

src/Symfony/Component/Security/Core/CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
8+
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker`
9+
410
5.3
511
---
612

src/Symfony/Component/Security/Core/Tests/Authorization/AuthorizationCheckerTest.php

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,9 @@ protected function setUp(): void
3636
$this->authorizationChecker = new AuthorizationChecker(
3737
$this->tokenStorage,
3838
$this->authenticationManager,
39-
$this->accessDecisionManager
39+
$this->accessDecisionManager,
40+
false,
41+
false
4042
);
4143
}
4244

@@ -71,13 +73,23 @@ public function testVoteAuthenticatesTokenIfNecessary()
7173
$this->assertSame($newToken, $this->tokenStorage->getToken());
7274
}
7375

74-
public function testVoteWithoutAuthenticationToken()
76+
/**
77+
* @group legacy
78+
*/
79+
public function testLegacyVoteWithoutAuthenticationToken()
7580
{
81+
$authorizationChecker = new AuthorizationChecker(
82+
$this->tokenStorage,
83+
$this->authenticationManager,
84+
$this->accessDecisionManager
85+
);
86+
7687
$this->expectException(AuthenticationCredentialsNotFoundException::class);
77-
$this->authorizationChecker->isGranted('ROLE_FOO');
88+
89+
$authorizationChecker->isGranted('ROLE_FOO');
7890
}
7991

80-
public function testVoteWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse()
92+
public function testVoteWithoutAuthenticationToken()
8193
{
8294
$authorizationChecker = new AuthorizationChecker($this->tokenStorage, $this->authenticationManager, $this->accessDecisionManager, false, false);
8395

src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public function testIsAuthenticated($token, $expression, $result)
3737
$tokenStorage = new TokenStorage();
3838
$tokenStorage->setToken($token);
3939
$accessDecisionManager = new AccessDecisionManager([new RoleVoter(), new AuthenticatedVoter($trustResolver)]);
40-
$authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager);
40+
$authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager, false, false);
4141

4242
$context = [];
4343
$context['auth_checker'] = $authChecker;

src/Symfony/Component/Security/Http/CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
8+
49
5.3
510
---
611

0 commit comments

Comments
 (0)
0