8000 [Security] Deprecate "always authenticate" and "exception on no token" · symfony/symfony@4bba287 · GitHub
[go: up one dir, main page]
Skip to content

Commit 4bba287

Browse files
wouterjwouterj
committed
[Security] Deprecate "always authenticate" and "exception on no token"
1 parent cdcf696 commit 4bba287

File tree

12 files changed

+92
-14
lines changed

12 files changed

+92
-14
lines changed

UPGRADE-5.4.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,17 @@ HttpKernel
1111
----------
1212

1313
* Deprecate `AbstractTestSessionListener::getSession` inject a session in the request instead
14+
15+
SecurityBundle
16+
--------------
17+
18+
* Deprecate the `always_authenticate_before_granting` option
19+
20+
Security
21+
--------
22+
23+
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
24+
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker` (this is the default
25+
behavior when using `enable_authenticator_manager: true`)
26+
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
27+
(this is the default behavior when using `enable_authenticator_manager: true`)

UPGRADE-6.0.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,8 @@ Routing
194194
Security
195195
--------
196196

197+
* Remove the 4th and 5th argument of `AuthorizationChecker`
198+
* Remove the 5th argument of `AccessListener`
197199
* Remove class `User`, use `InMemoryUser` or your own implementation instead.
198200
If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing them
199201
in your own user class as they are not part of the `InMemoryUser` API
@@ -313,6 +315,7 @@ Security
313315
SecurityBundle
314316
--------------
315317

318+
* Remove the `always_authenticate_before_granting` option
316319
* Remove the `UserPasswordEncoderCommand` class and the corresponding `user:encode-password` command,
317320
use `UserPasswordHashCommand` and `user:hash-password` instead
318321
* Remove the `security.encoder_factory.generic` service, the `security.encoder_factory` and `Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface` aliases,

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate the `always_authenticate_before_granting` option
8+
49
5.3
510
---
611

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,10 @@ public function getConfigTreeBuilder()
9090
->defaultValue(SessionAuthenticationStrategy::MIGRATE)
9191
->end()
9292
->booleanNode('hide_user_not_found')->defaultTrue()->end()
93-
->booleanNode('always_authenticate_before_granting')->defaultFalse()->end()
93+
->booleanNode('always_authenticate_before_granting')
94+
->defaultFalse()
95+
->setDeprecated('symfony/security-bundle', '5.4')
96+
->end()
9497
->booleanNode('erase_credentials')->defaultTrue()->end()
9598
->booleanNode('enable_authenticator_manager')->defaultFalse()->info('Enables the new Symfony Security system based on Authenticators, all used authenticators must support this before enabling this.')->end()
9699
->arrayNode('access_decision_manager')

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -635,6 +635,9 @@ public function provideEntryPointRequiredData()
635635
];
636636
}
637637

638+
/**
639+
* @group legacy
640+
*/
638641
public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticatorManager()
639642
{
640643
$this->expectException(InvalidConfigurationException::class);

src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,13 @@ class AuthorizationChecker implements AuthorizationCheckerInterface
3434

3535
public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager, bool $alwaysAuthenticate = false, bool $exceptionOnNoToken = true)
3636
{
37+
if (false !== $alwaysAuthenticate) {
38+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 4th argument of "%s" to "false" is deprecated.', __METHOD__);
39+
}
40+
if (false !== $exceptionOnNoToken) {
41+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 5th argument of "%s" to "false" is deprecated.', __METHOD__);
42+
}
43+
3744
$this->tokenStorage = $tokenStorage;
3845
$this->authenticationManager = $authenticationManager;
3946
$this->accessDecisionManager = $accessDecisionManager;

src/Symfony/Component/Security/Core/CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
8+
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker`
9+
410
5.3
511
---
612

src/Symfony/Component/Security/Core/Tests/Authorization/AuthorizationCheckerTest.php

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,9 @@ protected function setUp(): void
3636
$this->authorizationChecker = new AuthorizationChecker(
3737
$this->tokenStorage,
3838
$this->authenticationManager,
39-
$this->accessDecisionManager
39+
$this->accessDecisionManager,
40+
false,
41+
false
4042
);
4143
}
4244

@@ -71,13 +73,23 @@ public function testVoteAuthenticatesTokenIfNecessary()
7173
$this->assertSame($newToken, $this->tokenStorage->getToken());
7274
}
7375

74-
public function testVoteWithoutAuthenticationToken()
76+
/**
77+
* @group legacy
78+
*/
79+
public function testLegacyVoteWithoutAuthenticationToken()
7580
{
81+
$authorizationChecker = new AuthorizationChecker(
82+
$this->tokenStorage,
83+
$this->authenticationManager,
84+
$this->accessDecisionManager
85+
);
86+
7687
$this->expectException(AuthenticationCredentialsNotFoundException::class);
77-
$this->authorizationChecker->isGranted('ROLE_FOO');
88+
89+
$authorizationChecker->isGranted('ROLE_FOO');
7890
}
7991

80-
public function testVoteWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse()
92+
public function testVoteWithoutAuthenticationToken()
8193
{
8294
$authorizationChecker = new AuthorizationChecker($this->tokenStorage, $this->authenticationManager, $this->accessDecisionManager, false, false);
8395

src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public function testIsAuthenticated($token, $expression, $result)
3737
$tokenStorage = new TokenStorage();
3838
$tokenStorage->setToken($token);
3939
$accessDecisionManager = new AccessDecisionManager([new RoleVoter(), new AuthenticatedVoter($trustResolver)]);
40-
$authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager);
40+
$authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager, false, false);
4141

4242
$context = [];
4343
$context['auth_checker'] = $authChecker;

src/Symfony/Component/Security/Http/CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
8+
49
5.3
510
---
611

src/Symfony/Component/Security/Http/Firewall/AccessListener.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,10 @@ class AccessListener extends AbstractListener
4040

4141
public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionManagerInterface $accessDecisionManager, AccessMapInterface $map, AuthenticationManagerInterface $authManager, bool $exceptionOnNoToken = true)
4242
{
43+
if (false !== $exceptionOnNoToken) {
44+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 5th argument of "%s" to "false" is deprecated.', __METHOD__);
45+
}
46+
4347
$this->tokenStorage = $tokenStorage;
4448
$this->accessDecisionManager = $accessDecisionManager;
4549
$this->map = $map;

src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,9 @@ public function testHandleWhenTheAccessDecisionManagerDecidesToRefuseAccess()
7171
$tokenStorage,
7272
$accessDecisionManager,
7373
$accessMap,
74-
$this->createMock(AuthenticationManagerInterface::class)
74+
$this->createMock(AuthenticationManagerInterface::class),
75+
false,
76+
false
7577
);
7678

7779
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
@@ -135,7 +137,9 @@ public function testHandleWhenTheTokenIsNotAuthenticated()
135137
$tokenStorage,
136138
$accessDecisionManager,
137139
$accessMap,
138-
$authManager
140+
$authManager,
141+
false,
142+
false
139143
);
140144

141145
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
@@ -170,7 +174,9 @@ public function testHandleWhenThereIsNoAccessMapEntryMatchingTheRequest()
170174
$tokenStorage,
171175
$this->createMock(AccessDecisionManagerInterface::class),
172176
$accessMap,
173-
$this->createMock(AuthenticationManagerInterface::class)
177+
$this->createMock(AuthenticationManagerInterface::class),
178+
false,
179+
false
174180
);
175181

176182
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
@@ -198,15 +204,20 @@ public function testHandleWhenAccessMapReturnsEmptyAttributes()
198204
$tokenStorage,
199205
$this->createMock(AccessDecisionManagerInterface::class),
200206
$accessMap,
201-
$this->createMock(AuthenticationManagerInterface::class)
207+
$this->createMock(AuthenticationManagerInterface::class),
208+
false,
209+
false
202210
);
203211

204212
$event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
205213

206214
$listener(new LazyResponseEvent($event));
207215
}
208216

209-
public function testHandleWhenTheSecurityTokenStorageHasNoToken()
217+
/**
218+
* @group legacy
219+
*/
220+
public function testLegacyHandleWhenTheSecurityTokenStorageHasNoToken()
210221
{
211222
$this->expectException(AuthenticationCredentialsNotFoundException::class);
212223
$tokenStorage = $this->createMock(TokenStorageInterface::class);
@@ -236,7 +247,7 @@ public function testHandleWhenTheSecurityTokenStorageHasNoToken()
236247
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
237248
}
238249

239-
public function testHandleWhenTheSecurityTokenStorageHasNoTokenAndExceptionOnTokenIsFalse()
250+
public function testHandleWhenTheSecurityTokenStorageHasNoToken()
240251
{
241252
$this->expectException(AccessDeniedException::class);
242253
$tokenStorage = new TokenStorage();
@@ -260,13 +271,14 @@ public function testHandleWhenTheSecurityTokenStorageHasNoTokenAndExceptionOnTok
260271
$accessDecisionManager,
261272
$accessMap,
262273
$this->createMock(AuthenticationManagerInterface::class),
274+
false,
263275
false
264276
);
265277

266278
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
267279
}
268280

269-
public function testHandleWhenPublicAccessIsAllowedAndExceptionOnTokenIsFalse()
281+
public function testHandleWhenPublicAccessIsAllowed()
270282
{
271283
$tokenStorage = new TokenStorage();
272284
$request = new Request();
@@ -289,6 +301,7 @@ public function testHandleWhenPublicAccessIsAllowedAndExceptionOnTokenIsFalse()
289301
$accessDecisionManager,
290302
$accessMap,
291303
$this->createMock(AuthenticationManagerInterface::class),
304+
false,
292305
false
293306
);
294307

@@ -320,6 +333,7 @@ public function testHandleWhenPublicAccessWhileAuthenticated()
320333
$accessDecisionManager,
321334
$accessMap,
322335
$this->createMock(AuthenticationManagerInterface::class),
336+
false,
323337
false
324338
);
325339

@@ -355,7 +369,9 @@ public function testHandleMWithultipleAttributesShouldBeHandledAsAnd()
355369
$tokenStorage,
356370
$accessDecisionManager,
357371
$accessMap,
358-
$this->createMock(AuthenticationManagerInterface::class)
372+
$this->createMock(AuthenticationManagerInterface::class),
373+
false,
374+
false
359375
);
360376

361377
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));

0 commit comments

Comments
 (0)
0