feature #43835 [SecurityBundle] Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider (lyrixx)

fabpot · fabpot · commit fcfcc326536f · 2021-10-30T10:34:37.000+02:00
This PR was merged into the 5.4 branch. Discussion ---------- [SecurityBundle] Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | | License | MIT | Doc PR | not needed I guess Commits ------- a2c9a44 [SecurityBundle] Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider
diff --git a/UPGRADE-5.4.md b/UPGRADE-5.4.md
@@ -139,6 +139,7 @@ Security
  * Deprecate `AuthenticatorInterface::createAuthenticatedToken()`, use `AuthenticatorInterface::createToken()` instead
  * Deprecate `PassportInterface`, `UserPassportInterface` and `PassportTrait`, use `Passport` instead.
    As such, the return type declaration of `AuthenticatorInterface::authenticate()` will change to `Passport` in 6.0
+ * Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider
 
    Before:
    ```php
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -430,6 +430,7 @@ SecurityBundle
  * Remove the `security.authentication.provider.*` services, use the new authenticator system instead
  * Remove the `security.authentication.listener.*` services, use the new authenticator system instead
  * Remove the Guard component integration, use the new authenticator system instead
+ * Remove the default provider for custom_authenticators when there is more than one registered provider
 
 Serializer
 ----------
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -17,6 +17,7 @@ CHANGELOG
  * Deprecate the `always_authenticate_before_granting` option
  * Display the roles of the logged-in user in the Web Debug Toolbar
  * Add the `security.access_decision_manager.strategy_service` option
+ * Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider
 
 5.3
 ---
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -703,6 +703,10 @@ private function getUserProvider(ContainerBuilder $container, string $id, array
         }
 
         if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey || 'custom_authenticators' === $factoryKey) {
+            if ('custom_authenticators' === $factoryKey) {
+                trigger_deprecation('symfony/security-bundle', '5.4', 'Not configuring explicitly the provider for the "%s" listener on "%s" firewall is deprecated because it\'s ambiguous as there is more than one registered provider.', $factoryKey, $id);
+            }
+
             return 'security.user_providers';
         }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -12,6 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\FrameworkExtension;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FirewallListenerFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
@@ -44,6 +45,8 @@
 
 class SecurityExtensionTest extends TestCase
 {
+    use ExpectDeprecationTrait;
+
     public function testInvalidCheckPath()
     {
         $this->expectException(InvalidConfigurationException::class);
@@ -373,6 +376,33 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders()
         $this->assertFalse($container->has(UserProviderInterface::class));
     }
 
+    /**
+     * @group legacy
+     */
+    public function testFirewallWithNoUserProviderTriggerDeprecation()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+
+            'providers' => [
+                'first' => ['id' => 'foo'],
+                'second' => ['id' => 'foo'],
+            ],
+
+            'firewalls' => [
+                'some_firewall' => [
+                    'custom_authenticator' => 'my_authenticator',
+                ],
+            ],
+        ]);
+
+        $this->expectDeprecation('Since symfony/security-bundle 5.4: Not configuring explicitly the provider for the "custom_authenticators" listener on "some_firewall" firewall is deprecated because it\'s ambiguous as there is more than one registered provider.');
+
+        $container->compile();
+    }
+
     /**
      * @dataProvider sessionConfigurationProvider
      * @group legacy

Original file line number	Diff line number	Diff line change
`@@ -703,6 +703,10 @@ private function getUserProvider(ContainerBuilder $container, string $id, array`
`703`	`703`	`}`
`704`	`704`
`705`	`705`	`if ('remember_me' === $factoryKey \|\| 'anonymous' === $factoryKey \|\| 'custom_authenticators' === $factoryKey) {`
	`706`	`+ if ('custom_authenticators' === $factoryKey) {`
	`707`	`+ trigger_deprecation('symfony/security-bundle', '5.4', 'Not configuring explicitly the provider for the "%s" listener on "%s" firewall is deprecated because it\'s ambiguous as there is more than one registered provider.', $factoryKey, $id);`
	`708`	`+ }`
	`709`	`+`
`706`	`710`	`return 'security.user_providers';`
`707`	`711`	`}`
`708`	`712`