8000 [Security] Deprecate `TokenInterface::isAuthenticated()` and `setAuth… · symfony/symfony@55cb0f6 · GitHub
[go: up one dir, main page]
Skip to content
Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 55cb0f6

Browse files
chalasrchalasr
committed
[Security] Deprecate TokenInterface::isAuthenticated() and setAuthenticated() 
1 parent 479919d commit 55cb0f6

33 files changed

+229
-45
lines changed

UPGRADE-5.4.md

+3
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,6 @@ Security
3030
behavior when using `enable_authenticator_manager: true`)
3131
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
3232
(this is the default behavior when using `enable_authenticator_manager: true`)
33+
* Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
34+
tokens will always be considered authenticated in 6.0
35+
* Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead

UPGRADE-6.0.md

+3
Original file line numberDiff line numberDiff line change
@@ -316,6 +316,9 @@ Security
316316
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
317317
from security-http, use the new authenticator system instead
318318
* Remove the Guard component, use the new authenticator system instead
319+
* Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
320+
tokens will always be considered authenticated in 6.0
321+
* Remove `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead
319322

320323
SecurityBundle
321324
--------------

src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ public function __invoke(array $record): array
4242

4343
if (null !== $token = $this->getToken()) {
4444
$record['extra'][$this->getKey()] = [
45-
'authenticated' => $token->isAuthenticated(),
45+
'authenticated' => $token->isAuthenticated(false), // @deprecated since Symfony 5.4, always true in 6.0
4646
'roles' => $token->getRoleNames(),
4747
];
4848

src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php

-2
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,6 @@ public function testLegacyProcessor()
3939

4040
$this->assertArrayHasKey('token', $record['extra']);
4141
$this->assertEquals($token->getUsername(), $record['extra']['token']['username']);
42-
$this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);
4342
$this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);
4443
}
4544

@@ -59,7 +58,6 @@ public function testProcessor()
5958

6059
$this->assertArrayHasKey('token', $record['extra']);
6160
$this->assertEquals($token->getUserIdentifier(), $record['extra']['token']['user_identifier']);
62-
$this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);
6361
$this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);
6462
}
6563
}

src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ public function loginUser(object $user, string $firewallContext = 'main'): self
123123
}
124124

125125
$token = new TestBrowserToken($user->getRoles(), $user, $firewallContext);
126-
$token->setAuthenticated(true);
126+
$token->setAuthenticated(true, false);
127127

128128
$container = $this->getContainer();
129129
$container->get('security.untracked_token_storage')->setToken($token);

src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ public function collect(Request $request, Response $response, \Throwable $except
123123

124124
$this->data = [
125125
'enabled' => true,
126-
'authenticated' => $token->isAuthenticated(),
126+
'authenticated' => $token->isAuthenticated(false),
127127
'impersonated' => null !== $impersonatorUser,
128128
'impersonator_user' => $impersonatorUser,
129129
'impersonation_exit_path' => null,

src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

+21-2
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,12 @@ public function setUser($user)
9999
throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');
100100
}
101101

102-
if (null === $this->user) {
102+
// @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
103+
if (1 < \func_num_args() && !func_get_arg(1)) {
104+
// ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
105+
// avoid doing the same checks twice
106+
$changed = false;
107+
} elseif (null === $this->user) {
103108
$changed = false;
104109
} elseif ($this->user instanceof UserInterface) {
105110
if (!$user instanceof UserInterface) {
@@ -113,18 +118,25 @@ public function setUser($user)
113118
$changed = (string) $this->user !== (string) $user;
114119< 1CF5 /code>
}
115120

121+
// @deprecated since Symfony 5.4
116122
if ($changed) {
117-
$this->setAuthenticated(false);
123+
$this->setAuthenticated(false, false);
118124
}
119125

120126
$this->user = $user;
121127
}
122128

123129
/**
124130
* {@inheritdoc}
131+
*
132+
* @deprecated since Symfony 5.4
125133
*/
126134
public function isAuthenticated()
127135
{
136+
if (1 > \func_num_args() || func_get_arg(0)) {
137+
trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
138+
}
139+
128140
return $this->authenticated;
129141
}
130142

@@ -133,6 +145,10 @@ public function isAuthenticated()
133145
*/
134146
public function setAuthenticated(bool $authenticated)
135147
{
148+
if (2 > \func_num_args() || func_get_arg(1)) {
149+
trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" state anymore and will always be considered as authenticated.', __METHOD__);
150+
}
151+
136152
$this->authenticated = $authenticated;
137153
}
138154

@@ -275,6 +291,9 @@ final public function unserialize($serialized)
275291
$this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized));
276292
}
277293

294+
/**
295+
* @deprecated since Symfony 5.4
296+
*/
278297
private function hasUserChanged(UserInterface $user): bool
279298
{
280299
if (!($this->user instanceof UserInterface)) {

src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php

+2-1
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,8 @@ public function __construct(string $secret, $user, array $roles = [])
3333

3434
$this->secret = $secret;
3535
$this->setUser($user);
36-
$this->setAuthenticated(true);
36+
// @deprecated since Symfony 5.4
37+
$this->setAuthenticated(true, false);
3738
}
3839

3940
/**

src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php

+10
Original file line numberDiff line numberDiff line change
@@ -53,11 +53,21 @@ public function getUserIdentifier(): string
5353
return '';
5454
}
5555

56+
/**
57+
* @deprecated since Symfony 5.4
58+
*/
5659
public function isAuthenticated()
5760
{
61+
if (0 === \func_num_args() || func_get_arg(0)) {
62+
trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
63+
}
64+
5865
return true;
5966
}
6067

68+
/**
69+
* @deprecated since Symfony 5.4
70+
*/
6171
public function setAuthenticated(bool $isAuthenticated)
6272
{
6373
throw new \BadMethodCallException('Cannot change authentication state of NullToken.');

src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
4141
$this->firewallName = $firewallName;
4242

4343
if ($roles) {
44-
$this->setAuthenticated(true);
44+
$this->setAuthenticated(true, false);
4545
}
4646
}
4747

src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ public function __construct(UserInterface $user, string $firewallName, string $s
4444
$this->secret = $secret;
4545

4646
$this->setUser($user);
47-
parent::setAuthenticated(true);
47+
parent::setAuthenticated(true, false);
4848
}
4949

5050
/**
@@ -56,7 +56,7 @@ public function setAuthenticated(bool $authenticated)
5656
throw new \LogicException('You cannot set this token to authenticated after creation.');
5757
}
5858

59-
parent::setAuthenticated(false);
59+
parent::setAuthenticated(false, false);
6060
}
6161

6262
/**

src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php

+4
Original file line numberDiff line numberDiff line change
@@ -71,11 +71,15 @@ public function setUser($user);
7171
* Returns whether the user is authenticated or not.
7272
*
7373
* @return bool true if the token has been authenticated, false otherwise
74+
*
75+
* @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated
7476
*/
7577
public function isAuthenticated();
7678

7779
/**
7880
* Sets the authenticated flag.
81+
*
82+
* @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated
7983
*/
8084
public function setAuthenticated(bool $isAuthenticated);
8185

src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
4242
$this->credentials = $credentials;
4343
$this->firewallName = $firewallName;
4444

45-
parent::setAuthenticated(\count($roles) > 0);
45+
parent::setAuthenticated(\count($roles) > 0, false);
4646
}
4747

4848
/**
@@ -54,7 +54,7 @@ public function setAuthenticated(bool $isAuthenticated)
5454
throw new \LogicException('Cannot set this token to trusted after instantiation.');
5555
}
5656

57-
parent::setAuthenticated(false);
57+
parent::setAuthenticated(false, false);
5858
}
5959

6060
/**

src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php

+6-1
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,12 @@ final public function isGranted($attribute, $subject = null): bool
6262

6363
$token = new NullToken();
6464
} else {
65-
if ($this->alwaysAuthenticate || !$token->isAuthenticated()) {
65+
$authenticated = true;
66+
// @deprecated since Symfony 5.4
67+
if ($this->alwaysAuthenticate || !$authenticated = $token->isAuthenticated(false)) {
68+
if (!($authenticated ?? true)) {
69+
trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated.');
70+
}
6671
$this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
6772
}
6873
}

src/Symfony/Component/Security/Core/CHANGELOG.md

+2
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ CHANGELOG
66

77
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
88
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker`
9+
* Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
10+
tokens will always be considered authenticated in 6.0
911

1012
5.3
1113
---

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

+9
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ public function getUsername()
4141

4242
public function getRoles()
4343
{
44+
return [];
4445
}
4546

4647
public function getPassword()
@@ -104,6 +105,9 @@ public function testConstructor()
104105
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
105106
}
106107

108+
/**
109+
* @group legacy
110+
*/
107111
public function testAuthenticatedFlag()
108112
{
109113
$token = new ConcreteToken();
@@ -158,6 +162,7 @@ public function getUsers()
158162
}
159163

160164
/**
165+
* @group legacy
161166
* @dataProvider getUserChanges
162167
*/
163168
public function testSetUserSetsAuthenticatedToFalseWhenUserChanges($firstUser, $secondUser)
@@ -190,6 +195,7 @@ public function getUserChanges()
190195
}
191196

192197
/**
198+
* @group legacy
193199
* @dataProvider getUsers
194200
*/
195201
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
@@ -205,6 +211,9 @@ public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($
205211
$this->assertTrue($token->isAuthenticated());
206212
}
207213

214+
/**
215+
* @group legacy
216+
*/
208217
public function testIsUserChangedWhenSerializing()
209218
{
210219
$token = new ConcreteToken(['ROLE_ADMIN']);

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AnonymousTokenTest.php

+9-3
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,19 @@ class AnonymousTokenTest extends TestCase
1818
{
1919
public function testConstructor()
2020
{
21-
$token = new AnonymousToken('foo', 'bar');
22-
$this->assertTrue($token->isAuthenticated());
23-
2421
$token = new AnonymousToken('foo', 'bar', ['ROLE_FOO']);
2522
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
2623
}
2724

25+
/**
26+
* @group legacy
27+
*/
28+
public function testIsAuthenticated()
29+
{
30+
$token = new AnonymousToken('foo', 'bar');
31+
$this->assertTrue($token->isAuthenticated());
32+
}
33+
2834
public function testGetKey()
2935
{
3036
$token = new AnonymousToken('foo', 'bar');

src/Symfony/Component/Security/Core/Tests/Authentication/Token/PreAuthenticatedTokenTest.php

+9-4
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,7 @@ class PreAuthenticatedTokenTest extends TestCase
1818
{
1919
public function testConstructor()
2020
{
21-
$token = new PreAuthenticatedToken('foo', 'bar', 'key');
22-
$this->assertFalse($token->isAuthenticated());
23-
2421
$token = new PreAuthenticatedToken('foo', 'bar', 'key', ['ROLE_FOO']);
25-
$this->assertTrue($token->isAuthenticated());
2622
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
2723
$this->assertEquals('key', $token->getFirewallName());
2824
}
@@ -45,4 +41,13 @@ public function testEraseCredentials()
4541
$token->eraseCredentials();
4642
$this->assertEquals('', $token->getCredentials());
4743
}
44+
45+
/**
46+
* @group legacy
47+
*/
48+
public function testIsAuthenticated()
49+
{
50+
$token = new PreAuthenticatedToken('foo', 'bar', 'key');
51+
$this->assertFalse($token->isAuthenticated());
52+
}
4853
}

src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php

+9
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,15 @@ public function testConstructor()
2626
$this->assertEquals('foo', $token->getSecret());
2727
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
2828
$this->assertSame($user, $token->getUser());
29+
}
30+
31+
/**
32+
* @group legacy
33+
*/
34+
public function testIsAuthenticated()
35+
{
36+
$user = $this->getUser();
37+
$token = new RememberMeToken($user, 'fookey', 'foo');
2938
$this->assertTrue($token->isAuthenticated());
3039
}
3140

src/Symfony/Component/Security/Core/Tests/Authentication/Token/SwitchUserTokenTest.php

+5-1
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
1616
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
1717
use Symfony\Component\Security\Core\Tests\Authentication\Token\Fixtures\CustomUser;
18+
use Symfony\Component\Security\Core\User\InMemoryUser;
1819
use Symfony\Component\Security\Core\User\UserInterface;
1920

2021
class SwitchUserTokenTest extends TestCase
@@ -42,6 +43,9 @@ public function testSerialize()
4243
$this->assertEquals(['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'], $unserializedOriginalToken->getRoleNames());
4344
}
4445

46+
/**
47+
* @group legacy
48+
*/
4549
public function testSetUserDoesNotDeauthenticate()
4650
{
4751
$impersonated = new class() implements UserInterface {
@@ -75,7 +79,7 @@ public function getSalt()
7579
}
7680
};
7781

78-
$originalToken = new UsernamePasswordToken('impersonator', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
82+
$originalToken = new UsernamePasswordToken(new InMemoryUser('impersonator', '', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']), 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
7983
$token = new SwitchUserToken($impersonated, 'bar', 'provider-key', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $originalToken);
8084
$token->setUser($impersonated);
8185
$this->assertTrue($token->isAuthenticated());

0 commit comments

Comments
 (0)
0