8000 [DX] [Security] Renamed Token#getKey() to getSecret() by wouterj · Pull Request #15141 · symfony/symfony · GitHub
[go: up one dir, main page]

Skip to content

[DX] [Security] Renamed Token#getKey() to getSecret() #15141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions UPGRADE-3.0.md
Original file line number Diff line number Diff line change
Expand Up @@ -593,6 +593,86 @@ UPGRADE FROM 2.x to 3.0

* The `Resources/` directory was moved to `Core/Resources/`

* The `key` settings of `anonymous` and `remember_me` are renamed to `secret`.

Before:

```yaml
security:
# ...
firewalls:
default:
# ...
anonymous: { key: "%secret%" }
remember_me:
key: "%secret%"
```

```xml
<!-- ... -->
<config>
<!-- ... -->

<firewall>
<!-- ... -->

<anonymous key="%secret%"/>
<remember-me key="%secret%"/>
</firewall>
</config>
```

```php
// ...
$container->loadFromExtension('security', array(
// ...
'firewalls' => array(
// ...
'anonymous' => array('key' => '%secret%'),
'remember_me' => array('key' => '%secret%'),
),
));
```

After:

```yaml
security:
# ...
firewalls:
default:
# ...
anonymous: { secret: "%secret%" }
remember_me:
secret: "%secret%"
```

```xml
<!-- ... -->
<config>
<!-- ... -->

<firewall>
<!-- ... -->

<anonymous secret="%secret%"/>
<remember-me secret="%secret%"/>
</firewall>
</config>
```

```php
// ...
$container->loadFromExtension('security', array(
// ...
'firewalls' => array(
// ...
'anonymous' => array('secret' => '%secret%'),
'remember_me' => array('secret' => '%secret%'),
),
));
```

### Translator

* The `Translator::setFallbackLocale()` method has been removed in favor of
Expand Down
8 changes: 7 additions & 1 deletion src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
CHANGELOG
=========

2.8.0
-----

* deprecated the `key` setting of `anonymous` and `remember_me` in favor of the
`secret` setting.

2.6.0
-----

* Added the possibility to override the default success/failure handler
to get the provider key and the options injected
* Deprecated the `security.context` service for the `security.token_storage` and
* Deprecated the `security.context` service for the `security.token_storage` and
`security.authorization_checker` services.

2.4.0
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,8 +285,22 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
->end()
->arrayNode('anonymous')
->canBeUnset()
->beforeNormalization()
->ifTrue(function ($v) { return isset($v['key']); })
->then(function ($v) {
if (isset($v['secret'])) {
throw new \LogicException('Cannot set both key and secret options for security.firewall.anonymous, use only secret instead.');
}

@trigger_error('security.firewall.anonymous.key is deprecated since version 2.8 and will be removed in 3.0. Use security.firewall.anonymous.secret instead.', E_USER_DEPRECATED);

$v['secret'] = $v['key'];

unset($v['key']);
})
->end()
->children()
->scalarNode('key')->defaultValue(uniqid())->end()
->scalarNode('secret')->defaultValue(uniqid())->end()
->end()
->end()
->arrayNode('switch_user')
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$authProviderId = 'security.authentication.provider.rememberme.'.$id;
$container
->setDefinition($authProviderId, new DefinitionDecorator('security.authentication.provider.rememberme'))
->addArgument($config['key'])
->addArgument($config['secret'])
->addArgument($id)
;

Expand All @@ -56,7 +56,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
}

$rememberMeServices = $container->setDefinition($rememberMeServicesId, new DefinitionDecorator($templateId));
$rememberMeServices->replaceArgument(1, $config['key']);
$rememberMeServices->replaceArgument(1, $config['secret']);
$rememberMeServices->replaceArgument(2, $id);

if (isset($config['token_provider'])) {
Expand Down Expand Up @@ -120,10 +120,25 @@ public function getKey()
public function addConfiguration(NodeDefinition $node)
{
$node->fixXmlConfig('user_provider');
$builder = $node->children();
$builder = $node
->beforeNormalization()
->ifTrue(function ($v) { return isset($v['key']); })
->then(function ($v) {
if (isset($v['secret'])) {
throw new \LogicException('Cannot set both key and secret options for remember_me, use only secret instead.');
}

@trigger_error('remember_me.key is deprecated since version 2.8 and will be removed in 3.0. Use remember_me.secret instead.', E_USER_DEPRECATED);

$v['secret'] = $v['key'];

unset($v['key']);
})
->end()
->children();

$builder
->scalarNode('key')->isRequired()->cannotBeEmpty()->end()
->scalarNode('secret')->isRequired()->cannotBeEmpty()->end()
->scalarNode('token_provider')->end()
->arrayNode('user_providers')
->beforeNormalization()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -410,15 +410,15 @@ private function createAuthenticationListeners($container, $id, $firewall, &$aut
$listenerId = 'security.authentication.listener.anonymous.'.$id;
$container
->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.anonymous'))
->replaceArgument(1, $firewall['anonymous']['key'])
->replaceArgument(1, $firewall['anonymous']['secret'])
;

$listeners[] = new Reference($listenerId);

$providerId = 'security.authentication.provider.anonymous.'.$id;
$container
->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.anonymous'))
->replaceArgument(0, $firewall['anonymous']['key'])
->replaceArgument(0, $firewall['anonymous']['secret'])
;

$authenticationProviders[] = $providerId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
'x509' => true,
'remote_user' => true,
'logout' => true,
'remember_me' => array('key' => 'TheKey'),
'remember_me' => array('secret' => 'TheSecret'),
),
'host' => array(
'pattern' => '/test',
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php

$container->loadFromExtension('security', array(
'providers' => array(
'default' => array('id' => 'foo'),
Expand All @@ -8,7 +9,7 @@
'main' => array(
'form_login' => true,
'remember_me' => array(
'key' => 'TheyKey',
'secret' => 'TheSecret',
'catch_exceptions' => false,
'token_provider' => 'token_provider_id',
),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
<x509 />
<remote-user />
<logout />
<remember-me key="TheyKey"/>
<remember-me secret="TheSecret"/>
</firewall>

<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
</sec:providers>
<sec:firewall name="main">
<sec:form-login/>
<sec:remember-me key="TheKey" catch-exceptions="false" token-provider="token_provider_id" />
<sec:remember-me secret="TheSecret" catch-exceptions="false" token-provider="token_provider_id" />
</sec:firewall>
</sec:config>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ security:
remote_user: true
logout: true
remember_me:
key: TheKey
secret: TheSecret
host:
pattern: /test
host: foo\.example\.org
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ security:
main:
form_login: true
remember_me:
key: TheKey
secret: TheSecret
catch_exceptions: false
token_provider: token_provider_id
6 changes: 6 additions & 0 deletions src/Symfony/Component/Security/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
CHANGELOG
=========

2.8.0
-----

* deprecated `getKey()` of the `AnonymousToken`, `RememberMeToken` and `AbstractRememberMeServices` classes
in favor of `getSecret()`.

2.7.0
-----

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,22 @@
*/
class AnonymousAuthenticationProvider implements AuthenticationProviderInterface
{
private $key;
/**
* Used to determine if the token is created by the application
* instead of a malicious client.
*
* @var string
*/
private $secret;

/**
* Constructor.
*
* @param string $key The key shared with the authentication token
* @param string $secret The secret shared with the AnonymousToken
*/
public function __construct($key)
public function __construct($secret)
{
$this->key = $key;
$this->secret = $secret;
}

/**
Expand All @@ -43,7 +49,7 @@ public function authenticate(TokenInterface $token)
return;
}

if ($this->key !== $token->getKey()) {
if ($this->secret !== $token->getSecret()) {
throw new BadCredentialsException('The Token does not contain the expected key.');
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,20 @@
class RememberMeAuthenticationProvider implements AuthenticationProviderInterface
{
private $userChecker;
private $key;
private $secret;
private $providerKey;

/**
* Constructor.
*
* @param UserCheckerInterface $userChecker An UserCheckerInterface interface
* @param string $key A key
* @param string $providerKey A provider key
* @param string $secret A secret
* @param string $providerKey A provider secret
*/
public function __construct(UserCheckerInterface $userChecker, $key, $providerKey)
public function __construct(UserCheckerInterface $userChecker, $secret, $providerKey)
{
$this->userChecker = $userChecker;
$this->key = $key;
$this->secret = $secret;
$this->providerKey = $providerKey;
}

Expand All @@ -45,14 +45,14 @@ public function authenticate(TokenInterface $token)
return;
}

if ($this->key !== $token->getKey()) {
throw new BadCredentialsException('The presented key does not match.');
if ($this->secret !== $token->getSecret()) {
throw new BadCredentialsException('The presented secret does not match.');
}

$user = $token->getUser();
$this->userChecker->checkPreAuth($user);

$authenticatedToken = new RememberMeToken($user, $this->providerKey, $this->key);
$authenticatedToken = new RememberMeToken($user, $this->providerKey, $this->secret);
$authenticatedToken->setAttributes($token->getAttributes());

return $authenticatedToken;
Expand Down
Loading
0