8000 feature #42516 [Security] Deprecate built-in authentication entry poi… · symfony/symfony@7f63fff · GitHub
[go: up one dir, main page]
Skip to content

Commit 7f63fff

Browse files
fabpotfabpot
committed
feature #42516 [Security] Deprecate built-in authentication entry points (wouterj)
This PR was merged into the 5.4 branch. Discussion ---------- [Security] Deprecate built-in authentication entry points | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | Ref #41613 | License | MIT | Doc PR | tbd The last item from #41613. Entry point logic is now included in the related build in authenticators, we should deprecate these unused classes (and remove them in 6.0). The interface has to be kept, as this implemented by the authenticators (and can be used to customize the entry points in an app). I've also deprecated the retry entry point and included the code in `ChannelListener` directly. This entry point has never made sense to me, as it's not related to authentication imho. Commits ------- c247b37 [Security] Deprecated build-in authentication entry points
2 parents 29b3d7b + c247b37 commit 7f63fff

File tree

13 files changed

+142
-50
lines changed

13 files changed

+142
-50
lines changed

UPGRADE-5.4.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,8 @@ Messenger
4343
SecurityBundle
4444
--------------
4545

46+
* Deprecate `security.authentication.basic_entry_point` and `security.authentication.retry_entry_point` services, the logic is moved into the
47+
`HttpBasicAuthenticator` and `ChannelListener` respectively
4648
* Deprecate not setting `$authenticatorManagerEnabled` to `true` in `SecurityDataCollector` and `DebugFirewallCommand`
4749
* Deprecate `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of
4850
`AuthenticatorFactoryInterface` and `SecurityExtension::addAuthenticatorFactory()`
@@ -64,6 +66,10 @@ SecurityBundle
6466
Security
6567
--------
6668

69+
* Deprecate the `$authenticationEntryPoint` argument of `ChannelListener`, and add `$httpPort` and `$httpsPort` arguments
70+
* Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener`
71+
* Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator`
72+
and `HttpBasicAuthenticator` should be used instead
6773
* Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
6874
* Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
6975
* Deprecate not returning an `UserInterface` from `Token::getUser()`

UPGRADE-6.0.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,9 @@ Routing
208208
Security
209209
--------
210210

211+
* Remove the `$authenticationEntryPoint` argument of `ChannelListener`
212+
* Remove `RetryAuthenticationEntryPoint`, this code was inlined in the `ChannelListener`
213+
* Remove `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, the `FormLoginAuthenticator` and `HttpBasicAuthenticator` should be used instead.
211214
* Remove `AnonymousToken`
212215
* Remove `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
213216
* Restrict the return type of `Token::getUser()` to `UserInterface` (removing `string|\Stringable`)
@@ -384,6 +387,8 @@ Security
384387
SecurityBundle
385388
--------------
386389

390+
* Remove `security.authentication.basic_entry_point` and `security.authentication.retry_entry_point` services,
391+
the logic is moved into the `HttpBasicAuthenticator` and `ChannelListener` respectively
387392
* Remove `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of
388393
`AuthenticatorFactoryInterface` and `SecurityExtension::addAuthenticatorFactory()`
389394
* Add `AuthenticatorFactoryInterface::getPriority()` which replaces `SecurityFactoryInterface::getPosition()`.

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@ CHANGELOG
44
5.4
55
---
66

7+
* Deprecate `security.authentication.basic_entry_point` and `security.authentication.retry_entry_point` services, the logic is moved into the
8+
`HttpBasicAuthenticator` and `ChannelListener` respectively
79
* Deprecate `FirewallConfig::allowsAnonymous()` and the `allows_anonymous` from the data collector data, there will be no anonymous concept as of version 6.
810
* Deprecate not setting `$authenticatorManagerEnabled` to `true` in `SecurityDataCollector` and `DebugFirewallCommand`
911
* Deprecate `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,19 +32,22 @@
3232
return static function (ContainerConfigurator $container) {
3333
$container->services()
3434

35+
->set('security.authentication.basic_entry_point', BasicAuthenti 67DE cationEntryPoint::class)
36+
->deprecate('symfony/security-bundle', '5.4', 'The "%service_id%" service is deprecated, the logic is contained in the authenticators.')
37+
3538
->set('security.authentication.retry_entry_point', RetryAuthenticationEntryPoint::class)
39+
->deprecate('symfony/security-bundle', '5.4', 'The "%service_id%" service is deprecated, the logic is integrated directly in "security.channel_listener".')
3640
->args([
3741
inline_service('int')->factory([service('router.request_context'), 'getHttpPort']),
3842
inline_service('int')->factory([service('router.request_context'), 'getHttpsPort']),
3943
])
4044

41-
->set('security.authentication.basic_entry_point', BasicAuthenticationEntryPoint::class)
42-
4345
->set('security.channel_listener', ChannelListener::class)
4446
->args([
4547
service('security.access_map'),
46-
service('security.authentication.retry_entry_point'),
4748
service('logger')->nullOnInvalid(),
49+
inline_service('int')->factory([service('router.request_context'), 'getHttpPort']),
50+
inline_service('int')->factory([service('router.request_context'), 'getHttpsPort']),
4851
])
4952
->tag('monolog.logger', ['channel' => 'security'])
5053

src/Symfony/Component/Security/Http/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ CHANGELOG
44
5.4
55
---
66

7+
* Deprecate the `$authenticationEntryPoint` argument of `ChannelListener`, and add `$httpPort` and `$httpsPort` arguments
8+
* Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener`
9+
* Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator`
10+
and `HttpBasicAuthenticator` should be used instead
711
* Deprecate the `$authManager` argument of `AccessListener`
812
* Deprecate not setting the `$exceptionOnNoToken` argument of `AccessListener` to `false`
913
* Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead

src/Symfony/Component/Security/Http/EntryPoint/BasicAuthenticationEntryPoint.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,16 @@
1414
use Symfony\Component\HttpFoundation\Request;
1515
use Symfony\Component\HttpFoundation\Response;
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
17+
use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
18+
19+
trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use the new security system with "%s" instead.', BasicAuthenticationEntryPoint::class, HttpBasicAuthenticator::class);
1720

1821
/**
1922
* BasicAuthenticationEntryPoint starts an HTTP Basic authentication.
2023
*
2124
* @author Fabien Potencier <fabien@symfony.com>
25+
*
26+
* @deprecated since Symfony 5.4
2227
*/
2328
class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
2429
{

src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,17 @@
1414
use Symfony\Component\HttpFoundation\Request;
1515
use Symfony\Component\HttpKernel\HttpKernelInterface;
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
17+
use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
1718
use Symfony\Component\Security\Http\HttpUtils;
1819

20+
trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use the new security system with "%s" instead.', FormAuthenticationEntryPoint::class, FormLoginAuthenticator::class);
21+
1922
/**
2023
* FormAuthenticationEntryPoint starts an authentication via a login form.
2124
*
2225
* @author Fabien Potencier <fabien@symfony.com>
26+
*
27+
* @deprecated since Symfony 5.4
2328
*/
2429
class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
2530
{

src/Symfony/Component/Security/Http/EntryPoint/RetryAuthenticationEntryPoint.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,18 @@
1414
use Symfony\Component\HttpFoundation\RedirectResponse;
1515
use Symfony\Component\HttpFoundation\Request;
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
17+
use Symfony\Component\Security\Http\Firewall\ChannelListener;
18+
19+
trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" directly (and optionally configure the HTTP(s) ports there).', RetryAuthenticationEntryPoint::class, ChannelListener::class);
1720

1821
/**
1922
* RetryAuthenticationEntryPoint redirects URL based on the configured scheme.
2023
*
2124
* This entry point is not intended to work with HTTP post requests.
2225
*
2326
* @author Fabien Potencier <fabien@symfony.com>
27+
*
28+
* @deprecated since Symfony 5.4
2429
*/
2530
class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface
2631
{

src/Symfony/Component/Security/Http/Firewall/ChannelListener.php

Lines changed: 46 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\Security\Http\Firewall;
1313

1414
use Psr\Log\LoggerInterface;
15+
use Symfony\Component\HttpFoundation\RedirectResponse;
1516
use Symfony\Component\HttpFoundation\Request;
1617
use Symfony\Component\HttpKernel\Event\RequestEvent;
1718
use Symfony\Component\Security\Http\AccessMapInterface;
@@ -28,14 +29,31 @@
2829
class ChannelListener extends AbstractListener
2930
{
3031
private $map;
31-
private $authenticationEntryPoint;
32+
private $authenticationEntryPoint = null;
3233
private $logger;
34+
private $httpPort;
35+
private $httpsPort;
3336

34-
public function __construct(AccessMapInterface $map, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null)
37+
public function __construct(AccessMapInterface $map, /*LoggerInterface*/ $logger = null, /*int*/ $httpPort = 80, /*int*/ $httpsPort = 443)
3538
{
39+
if ($logger instanceof AuthenticationEntryPointInterface) {
40+
trigger_deprecation('symfony/security-http', '5.4', 'The "$authenticationEntryPoint" argument of "%s()" is deprecated.', __METHOD__);
41+
42+
$this->authenticationEntryPoint = $logger;
43+
$nrOfArgs = \func_num_args();
44+
$logger = $nrOfArgs > 2 ? func_get_arg(2) : null;
45+
$httpPort = $nrOfArgs > 3 ? func_get_arg(3) : 80;
46+
$httpPort = $nrOfArgs > 4 ? func_get_arg(4) : 443;
47+
}
48+
49+
if (null !== $logger && !$logger instanceof LoggerInterface) {
50+
throw new \TypeError(sprintf('Argument "$logger" of "%s()" must be instance of "%s", "%s" given.', __METHOD__, LoggerInterface::class, get_debug_type($logger)));
51+
}
52+
3653
$this->map = $map;
37-
$this->authenticationEntryPoint = $authenticationEntryPoint;
3854
$this->logger = $logger;
55+
$this->httpPort = $httpPort;
56+
$this->httpsPort = $httpsPort;
3957
}
4058

4159
/**
@@ -74,8 +92,31 @@ public function authenticate(RequestEvent $event)
7492
{
7593
$request = $event->getRequest();
7694

77-
$response = $this->authenticationEntryPoint->start($request);
95+
$event->setResponse($this->createRedirectResponse($request));
96+
}
97+
98+
private function createRedirectResponse(Request $request): RedirectResponse
99+
{
100+
if (null !== $this->authenticationEntryPoint) {
101+
return $this->authenticationEntryPoint->start($request);
102+
}
103+
104+
$scheme = $request->isSecure() ? 'http' : 'https';
105+
if ('http' === $scheme && 80 != $this->httpPort) {
106+
$port = ':'.$this->httpPort;
107+
} elseif ('https' === $scheme && 443 != $this->httpsPort) {
108+
$port = ':'.$this->httpsPort;
109+
} else {
110+
$port = '';
111+
}
112+
113+
$qs = $request->getQueryString();
114+
if (null !== $qs) {
115+
$qs = '?'.$qs;
116+
}
117+
118+
$url = $scheme.'://'.$request->getHost().$port.$request->getBaseUrl().$request->getPathInfo().$qs;
78119

79-
$event->setResponse($response);
120+
return new RedirectResponse($url, 301);
80121
}
81122
}

src/Symfony/Component/Security/Http/Tests/EntryPoint/BasicAuthenticationEntryPointTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1717
use Symfony\Component\Security\Http\EntryPoint\BasicAuthenticationEntryPoint;
1818

19+
/**
20+
* @group legacy
21+
*/
1922
class BasicAuthenticationEntryPointTest extends TestCase
2023
{
2124
public function testStart()

0 commit comments

Comments
 (0)
0