8000 [Security] Deprecate the old authentication mechanisms · symfony/symfony@91e4441 · GitHub
[go: up one dir, main page]
Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 91e4441

Browse files
chalasrchalasr
committed
[Security] Deprecate the old authentication mechanisms
1 parent 4382181 commit 91e4441

File tree

190 files changed

+2037
-141
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

190 files changed

+2037
-141
lines changed

UPGRADE-5.3.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,15 @@ Security
205205
* Deprecate all classes in the `Core\Encoder\` sub-namespace, use the `PasswordHasher` component instead
206206
* Deprecated voters that do not return a valid decision when calling the `vote` method
207207
* [BC break] Add optional array argument `$badges` to `UserAuthenticatorInterface::authenticateUser()`
208+
* Deprecate `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
209+
`AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
210+
`PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
211+
`AuthenticationFailureEvent` from security-core, use the new authenticator system instead
212+
* Deprecate `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
213+
`BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
214+
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
215+
from security-http, use the new authenticator system instead
216+
* Deprecate the Guard component, use the new authenticator system instead
208217

209218
SecurityBundle
210219
--------------
@@ -218,6 +227,10 @@ SecurityBundle
218227
* Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
219228
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
220229
* Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
230+
* Not setting the `enable_authenticator_manager` config option to `true` is deprecated
231+
* Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead
232+
* Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead
233+
* Deprecate the Guard component integration, use the new authenticator system instead
221234

222235
Serializer
223236
----------

UPGRADE-6.0.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,15 @@ Security
293293
`DefaultAuthenticationSuccessHandler`.
294294
* Removed the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName`
295295
* `AccessDecisionManager` now throw an exception when a voter does not return a valid decision.
296+
* Remove `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
297+
`AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
298+
`PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
299+
`AuthenticationFailureEvent` from security-core, use the new authenticator system instead
300+
* Remove `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
301+
`BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
302+
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
303+
from security-http, use the new authenticator system instead
304+
* Remove the Guard component, use the new authenticator system instead
296305

297306
SecurityBundle
298307
--------------
@@ -304,6 +313,10 @@ SecurityBundle
304313
* Remove the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
305314
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
306315
* The `security.authorization_checker` and `security.token_storage` services are now private
316+
* Not setting the `enable_authenticator_manager` option to `true` now throws an exception
317+
* Remove the `security.authentication.provider.*` services, use the new authenticator system instead
318+
* Remove the `security.authentication.listener.*` services, use the new authenticator system instead
319+
* Remove the Guard component integration, use the new authenticator system instead
307320

308321
Serializer
309322
----------

src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ services:
88
- container.service_subscriber
99

1010
security:
11+
enable_authenticator_manager: true
12+
1113
providers:
1214
main:
1315
memory:
@@ -30,3 +32,6 @@ security:
3032
form_login:
3133
check_path: /custom/login/check
3234
provider: custom
35+
36+
access_control:
37+
- { path: '^/main/user_profile$', roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@ CHANGELOG
1717
* Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
1818
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
1919
* Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
20+
* Not setting the `enable_authenticator_manager` config option to `true` is deprecated
21+
* Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead
22+
* Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead
23+
* Deprecate the Guard component integration, use the new authenticator system instead
2024

2125
5.2.0
2226
-----

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@
2121
* @author Wouter de Jong <wouter@wouterj.nl>
2222
*
2323
* @internal
24+
*
25+
* @deprecated since Symfony 5.3, use the new authenticator system instead
2426
*/
2527
class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
2628
{

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,8 @@ public function load(array $configs, ContainerBuilder $container)
130130
$container->getDefinition('security.authorization_checker')->setArgument(4, false);
131131
$container->getDefinition('security.authorization_checker')->setArgument(5, false);
132132
} else {
133+
trigger_deprecation('symfony/security-bundle', '5.3', 'Not setting the "security.enable_authenticator_manager" config option to true is deprecated.');
134+
133135
$loader->load('security_legacy.php');
134136
}
135137

src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,8 +24,10 @@
2424
abstract_arg('stateless firewall keys'),
2525
])
2626
->call('setSessionAuthenticationStrategy', [service('security.authentication.session_strategy')])
27+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
2728

2829
->alias(GuardAuthenticatorHandler::class, 'security.authentication.guard_handler')
30+
->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.')
2931

3032
->set('security.authentication.provider.guard', GuardAuthenticationProvider::class)
3133
->abstract()
@@ -36,6 +38,7 @@
3638
abstract_arg('User Checker'),
3739
service('security.password_hasher'),
3840
])
41+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
3942

4043
->set('security.authentication.listener.guard', GuardAuthenticationListener::class)
4144
->abstract()
@@ -48,5 +51,6 @@
4851
param('security.authentication.hide_user_not_found'),
4952
])
5053
->tag('monolog.logger', ['channel' => 'security'])
54+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
5155
;
5256
};

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262

6363
->set('security.authentication.manager', NoopAuthenticationManager::class)
6464
->alias(AuthenticationManagerInterface::class, 'security.authentication.manager')
65+
->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.')
6566

6667
->set('security.firewall.authenticator', AuthenticatorManagerListener::class)
6768
->abstract()

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,6 @@
7373
service('doctrine'),
7474
abstract_arg('user entity class name'),
7575
])
76-
76+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
7777
;
7878
};

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,11 @@
4949
service('security.authentication.manager'),
5050
])
5151
->tag('monolog.logger', ['channel' => 'security'])
52+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
5253

5354
->set('security.authentication.provider.anonymous', AnonymousAuthenticationProvider::class)
5455
->args([abstract_arg('Key')])
56+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
5557

5658
->set('security.authentication.retry_entry_point', RetryAuthenticationEntryPoint::class)
5759
->args([
@@ -161,6 +163,7 @@
161163
->set('security.authentication.listener.form', UsernamePasswordFormAuthenticationListener::class)
162164
->parent('security.authentication.listener.abstract')
163165
->abstract()
166+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
164167

165168
->set('security.authentication.listener.x509', X509AuthenticationListener::class)
166169
->abstract()
@@ -174,6 +177,7 @@
174177
service('event_dispatcher')->nullOnInvalid(),
175178
])
176179
->tag('monolog.logger', ['channel' => 'security'])
180+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
177181

178182
->set('security.authentication.listener.json', UsernamePasswordJsonAuthenticationListener::class)
179183
->abstract()
@@ -191,6 +195,7 @@
191195
])
192196
->call('setTranslator', [service('translator')->ignoreOnInvalid()])
193197
->tag('monolog.logger', ['channel' => 'security'])
198+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
194199

195200
->set('security.authentication.listener.remote_user', RemoteUserAuthenticationListener::class)
196201
->abstract()
@@ -203,6 +208,7 @@
203208
service('event_dispatcher')->nullOnInvalid(),
204209
])
205210
->tag('monolog.logger', ['channel' => 'security'])
211+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
206212

207213
->set('security.authentication.listener.basic', BasicAuthenticationListener::class)
208214
->abstract()
@@ -214,6 +220,7 @@
214220
service('logger')->nullOnInvalid(),
215221
])
216222
->tag('monolog.logger', ['channel' => 'security'])
223+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
217224

218225
->set('security.authentication.provider.dao', DaoAuthenticationProvider::class)
219226
->abstract()
@@ -224,6 +231,7 @@
224231
service('security.password_hasher_factory'),
225232
param('security.authentication.hide_user_not_found'),
226233
])
234+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
227235

228236
->set('security.authentication.provider.ldap_bind', LdapBindAuthenticationProvider::class)
229237
->abstract()
@@ -237,13 +245,15 @@
237245
abstract_arg('search dn'),
238246
abstract_arg('search password'),
239247
])
248+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
240249

241250
->set('security.authentication.provider.pre_authenticated', PreAuthenticatedAuthenticationProvider::class)
242251
->abstract()
243252
->args([
244253
abstract_arg('User Provider'),
245254
abstract_arg('UserChecker'),
246255
])
256+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
247257

248258
->set('security.exception_listener', ExceptionListener::class)
249259
->abstract()

src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,12 @@
3232
service('security.authentication.session_strategy'),
3333
])
3434
->tag('monolog.logger', ['channel' => 'security'])
35+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
3536

3637
->set('security.authentication.provider.rememberme', RememberMeAuthenticationProvider::class)
3738
->abstract()
3839
->args([abstract_arg('User Checker')])
40+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
3941

4042
->set('security.rememberme.token.provider.in_memory', InMemoryTokenProvider::class)
4143

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,7 @@ private function createContainer($sessionStorageOptions)
139139

140140
$config = [
141141
'security' => [
142+
'enable_authenticator_manager' => true,
142143
'providers' => ['some_provider' => ['id' => 'foo']],
143144
'firewalls' => ['some_firewall' => ['security' => false]],
144145
],

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

Lines changed: 131 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,127 @@ public function testFirewalls()
127127
$configs[0][2] = strtolower($configs[0][2]);
128128
$configs[2][2] = strtolower($configs[2][2]);
129129

130+
$this->assertEquals([
131+
[
132+
'simple',
133+
'security.user_checker',
134+
'.security.request_matcher.xmi9dcw',
135+
false,
136+
false,
137+
'',
138+
'',
139+
'',
140+
'',
141+
'',
142+
[],
143+
null,
144+
],
145+
[
146+
'secure',
147+
'security.user_checker',
148+
null,
149+
true,
150+
true,
151+
'security.user.provider.concrete.default',
152+
null,
153+
'security.authenticator.form_login.secure',
154+
null,
155+
null,
156+
[
157+
'switch_user',
158+
'x509',
159+
'remote_user',
160+
'form_login',
161+
'http_basic',
162+
'remember_me',
163+
],
164+
[
165+
'parameter' => '_switch_user',
166+
'role' => 'ROLE_ALLOWED_TO_SWITCH',
167+
],
168+
],
169+
[
170+
'host',
171+
'security.user_checker',
172+
'.security.request_matcher.iw4hyjb',
173+
true,
174+
false,
175+
'security.user.provider.concrete.default',
176+
'host',
177+
'security.authenticator.http_basic.host',
178+
null,
179+
null,
180+
[
181+
'http_basic',
182+
],
183+
null,
184+
],
185+
[
186+
'with_user_checker',
187+
'app.user_checker',
188+
null,
189+
true,
190+
false,
191+
'security.user.provider.concrete.default',
192+
'with_user_checker',
193+
'security.authenticator.http_basic.with_user_checker',
194+
null,
195+
null,
196+
[
197+
'http_basic',
198+
],
199+
null,
200+
],
201+
], $configs);
202+
203+
$this->assertEquals([
204+
[],
205+
[
206+
'security.channel_listener',
207+
'security.firewall.authenticator.secure',
208+
'security.authentication.switchuser_listener.secure',
209+
'security.access_listener',
210+
],
211+
[
212+
'security.channel_listener',
213+
'security.context_listener.0',
214+
'security.firewall.authenticator.host',
215+
'security.access_listener',
216+
],
217+
[
218+
'security.channel_listener',
219+
'security.context_listener.1',
220+
'security.firewall.authenticator.with_user_checker',
221+
'security.access_listener',
222+
],
223+
], $listeners);
224+
225+
$this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
226+
}
227+
228+
/**
229+
* @group legacy
230+
*/
231+
public function testLegacyFirewalls()
232+
{
233+
$container = $this->getContainer('legacy_container1');
234+
$arguments = $container->getDefinition('security.firewall.map')->getArguments();
235+
$listeners = [];
236+
$configs = [];
237+
foreach (array_keys($arguments[1]->getValues()) as $contextId) {
238+
$contextDef = $container->getDefinition($contextId);
239+
$arguments = $contextDef->getArguments();
240+
$listeners[] = array_map('strval', $arguments[0]->getValues());
241+
242+
$configDef = $container->getDefinition((string) $arguments[3]);
243+
$configs[] = array_values($configDef->getArguments());
244+
}
245+
246+
// the IDs of the services are case sensitive or insensitive depending on
247+
// the Symfony version. Transform them to lowercase to simplify tests.
248+
$configs[0][2] = strtolower($configs[0][2]);
249+
$configs[2][2] = strtolower($configs[2][2]);
250+
130251
$this->assertEquals([
131252
[
132253
'simple',
@@ -881,15 +1002,21 @@ public function testHashersWithBCrypt()
8811002
]], $container->getDefinition('security.password_hasher_factory')->getArguments());
8821003
}
8831004

884-
public function testRememberMeThrowExceptionsDefault()
1005+
/**
1006+
* @group legacy
1007+
*/
1008+
public function testLegacyRememberMeThrowExceptionsDefault()
8851009
{
886-
$container = $this->getContainer('container1');
1010+
$container = $this->getContainer('legacy_container1');
8871011
$this->assertTrue($container->getDefinition('security.authentication.listener.rememberme.secure')->getArgument(5));
8881012
}
8891013

890-
public function testRememberMeThrowExceptions()
1014+
/**
1015+
* @group legacy
1016+
*/
1017+
public function testLegacyRememberMeThrowExceptions()
8911018
{
892-
$container = $this->getContainer('remember_me_options');
1019+
$container = $this->getContainer('legacy_remember_me_options');
8931020
$service = $container->getDefinition('security.authentication.listener.rememberme.main');
8941021
$this->assertEquals('security.authentication.rememberme.services.persistent.main', $service->getArgument(1));
8951022
$this->assertFalse($service->getArgument(5));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<?php
22

33
$container->loadFromExtension('security', [
4+
'enable_authenticator_manager' => true,
45
'access_decision_manager' => [
56
'allow_if_all_abstain' => true,
67
'allow_if_equal_granted_denied' => false,

0 commit comments

Comments
 (0)
0