8000 [Security] Deprecate returning stringish objects from Security::getUser · symfony/symfony@8c410da · GitHub
[go: up one dir, main page]
Skip to content

Commit 8c410da

Browse files
ro0NLfabpot
ro0NL
authored and
fabpot
committed
[Security] Deprecate returning stringish objects from Security::getUser
1 parent eb112a5 commit 8c410da

File tree

5 files changed

+40
-0
lines changed

5 files changed

+40
-0
lines changed

UPGRADE-4.2.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ Security
9494
custom anonymous and remember me token classes is deprecated. To
9595
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
9696
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
97+
* Accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated.
9798

9899
SecurityBundle
99100
--------------

UPGRADE-5.0.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,7 @@ Security
126126
* The `FirewallMapInterface::getListeners()` method must return an array of 3 elements,
127127
the 3rd one must be either a `LogoutListener` instance or `null`.
128128
* The `AuthenticationTrustResolver` constructor arguments have been removed.
129+
* A user object that is not an instance of `UserInterface` cannot be accessed from `Security::getUser()` anymore and returns `null` instead.
129130

130131
SecurityBundle
131132
--------------

src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ CHANGELOG
1212
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
1313
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
1414
* allow passing null as $filter in LdapUserProvider to get the default filter
15+
* accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated
1516

1617
4.1.0
1718
-----

src/Symfony/Component/Security/Core/Security.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,11 @@ public function getUser()
4646
return null;
4747
}
4848

49+
if (!$user instanceof UserInterface) {
50+
@trigger_error(sprintf('Accessing the user object "%s" that is not an instance of "%s" from "%s()" is deprecated since Symfony 4.2, use "getToken()->getUser()" instead.', get_class($user), UserInterface::class, __METHOD__), E_USER_DEPRECATED);
51+
//return null; // 5.0 behavior
52+
}
53+
4954
return $user;
5055
}
5156

src/Symfony/Component/Security/Core/Tests/SecurityTest.php

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,10 +64,34 @@ public function getUserTests()
6464

6565
yield array('string_username', null);
6666

67+
//yield array(new StringishUser(), null); // 5.0 behavior
68+
6769
$user = new User('nice_user', 'foo');
6870
yield array($user, $user);
6971
}
7072

73+
/**
74+
* @group legacy
75+
* @expectedDeprecation Accessing the user object "Symfony\Component\Security\Core\Tests\StringishUser" that is not an instance of "Symfony\Component\Security\Core\User\UserInterface" from "Symfony\Component\Security\Core\Security::getUser()" is deprecated since Symfony 4.2, use "getToken()->getUser()" instead.
76+
*/
77+
public function testGetUserLegacy()
78+
{
79+
$token = $this->getMockBuilder(TokenInterface::class)->getMock();
80+
$token->expects($this->any())
81+
->method('getUser')
82+
->will($this->returnValue($user = new StringishUser()));
83+
$tokenStorage = $this->getMockBuilder(TokenStorageInterface::class)->getMock();
84+
85+
$tokenStorage->expects($this->once())
86+
->method('getToken')
87+
->will($this->returnValue($token));
88+
89+
$container = $this->createContainer('security.token_storage', $tokenStorage);
90+
91+
$security = new Security($container);
92+
$this->assertSame($user, $security->getUser());
93+
}
94+
7195
public function testIsGranted()
7296
{
7397
$authorizationChecker = $this->getMockBuilder(AuthorizationCheckerInterface::class)->getMock();
@@ -95,3 +119,11 @@ private function createContainer($serviceId, $serviceObject)
95119
return $container;
96120
}
97121
}
122+
123+
class StringishUser
124+
{
125+
public function __toString()
126+
{
127+
return 'stringish_user';
128+
}
129+
}

0 commit comments

Comments
 (0)
0