From f972780ba1fbb58fbc56ab24a54ec827dca96924 Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Fri, 30 Jul 2021 11:37:32 +0200 Subject: [PATCH] [Security] Deprecate remaining `LogoutHandlerInterface` implementations --- UPGRADE-5.4.md | 2 ++ UPGRADE-6.0.md | 2 ++ src/Symfony/Component/Security/Http/CHANGELOG.md | 2 ++ .../Security/Http/Logout/CookieClearingLogoutHandler.php | 5 +++++ .../Security/Http/Logout/CsrfTokenClearingLogoutHandler.php | 5 +++++ .../Component/Security/Http/Logout/SessionLogoutHandler.php | 5 +++++ .../Http/Tests/Logout/CookieClearingLogoutHandlerTest.php | 3 +++ .../Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php | 3 +++ .../Security/Http/Tests/Logout/SessionLogoutHandlerTest.php | 3 +++ 9 files changed, 30 insertions(+) diff --git a/UPGRADE-5.4.md b/UPGRADE-5.4.md index eca17fa0181e4..54f41b746e496 100644 --- a/UPGRADE-5.4.md +++ b/UPGRADE-5.4.md @@ -45,3 +45,5 @@ Security * Deprecate `TokenInterface:isAuthenticated()` and `setAuthenticated()` methods without replacement. Security tokens won't have an "authenticated" flag anymore, so they will always be considered authenticated * Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead + * Deprecate `CookieClearingLogoutHandler`, `SessionLogoutHandler` and `CsrfTokenClearingLogoutHandler`. + Use `CookieClearingLogoutListener`, `SessionLogoutListener` and `CsrfTokenClearingLogoutListener` instead diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md index 4667082741c33..57f1e455fe0a7 100644 --- a/UPGRADE-6.0.md +++ b/UPGRADE-6.0.md @@ -326,6 +326,8 @@ Security * Remove `TokenInterface:isAuthenticated()` and `setAuthenticated()` methods without replacement. Security tokens won't have an "authenticated" flag anymore, so they will always be considered authenticated * Remove `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead + * Remove `CookieClearingLogoutHandler`, `SessionLogoutHandler` and `CsrfTokenClearingLogoutHandler`. + Use `CookieClearingLogoutListener`, `SessionLogoutListener` and `CsrfTokenClearingLogoutListener` instead SecurityBundle -------------- diff --git a/src/Symfony/Component/Security/Http/CHANGELOG.md b/src/Symfony/Component/Security/Http/CHANGELOG.md index aff91a3f7cccc..2b14bda5a8ca0 100644 --- a/src/Symfony/Component/Security/Http/CHANGELOG.md +++ b/src/Symfony/Component/Security/Http/CHANGELOG.md @@ -6,6 +6,8 @@ CHANGELOG * Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false` * Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead + * Deprecate `CookieClearingLogoutHandler`, `SessionLogoutHandler` and `CsrfTokenClearingLogoutHandler`. + Use `CookieClearingLogoutListener`, `SessionLogoutListener` and `CsrfTokenClearingLogoutListener` instead 5.3 --- diff --git a/src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php b/src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php index 4647cb321336c..2adb5b3f17d73 100644 --- a/src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php +++ b/src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php @@ -14,11 +14,16 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Http\EventListener\CookieClearingLogoutListener; + +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" instead.', CookieClearingLogoutHandler::class, CookieClearingLogoutListener::class); /** * This handler clears the passed cookies when a user logs out. * * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.4, use {@link CookieClearingLogoutListener} instead */ class CookieClearingLogoutHandler implements LogoutHandlerInterface { diff --git a/src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php b/src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php index ad6b888aad562..2678da73a6300 100644 --- a/src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php +++ b/src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php @@ -15,9 +15,14 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Csrf\TokenStorage\ClearableTokenStorageInterface; +use Symfony\Component\Security\Http\EventListener\CsrfTokenClearingLogoutListener; + +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" instead.', CsrfTokenClearingLogoutHandler::class, CsrfTokenClearingLogoutListener::class); /** * @author Christian Flothmann + * + * @deprecated since Symfony 5.4, use {@link CsrfTokenClearingLogoutListener} instead */ class CsrfTokenClearingLogoutHandler implements LogoutHandlerInterface { diff --git a/src/Symfony/Component/Security/Http/Logout/SessionLogoutHandler.php b/src/Symfony/Component/Security/Http/Logout/SessionLogoutHandler.php index d4f7cbe7cb8df..09e4ea004be0b 100644 --- a/src/Symfony/Component/Security/Http/Logout/SessionLogoutHandler.php +++ b/src/Symfony/Component/Security/Http/Logout/SessionLogoutHandler.php @@ -14,11 +14,16 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Http\EventListener\SessionLogoutListener; + +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" instead.', SessionLogoutHandler::class, SessionLogoutListener::class); /** * Handler for clearing invalidating the current session. * * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.4, use {@link SessionLogoutListener} instead */ class SessionLogoutHandler implements LogoutHandlerInterface { diff --git a/src/Symfony/Component/Security/Http/Tests/Logout/CookieClearingLogoutHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Logout/CookieClearingLogoutHandlerTest.php index 88b8288008cb3..f9bcc99acc5c2 100644 --- a/src/Symfony/Component/Security/Http/Tests/Logout/CookieClearingLogoutHandlerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Logout/CookieClearingLogoutHandlerTest.php @@ -19,6 +19,9 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Logout\CookieClearingLogoutHandler; +/** + * @group legacy + */ class CookieClearingLogoutHandlerTest extends TestCase { public function testLogout() diff --git a/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php index 492fd46c7ac94..a11d265041717 100644 --- a/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php @@ -21,6 +21,9 @@ use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage; use Symfony\Component\Security\Http\Logout\CsrfTokenClearingLogoutHandler; +/** + * @group legacy + */ class CsrfTokenClearingLogoutHandlerTest extends TestCase { private $session; diff --git a/src/Symfony/Component/Security/Http/Tests/Logout/SessionLogoutHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Logout/SessionLogoutHandlerTest.php index 60551abdd7569..182a18bda0cc0 100644 --- a/src/Symfony/Component/Security/Http/Tests/Logout/SessionLogoutHandlerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Logout/SessionLogoutHandlerTest.php @@ -18,6 +18,9 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Logout\SessionLogoutHandler; +/** + * @group legacy + */ class SessionLogoutHandlerTest extends TestCase { public function testLogout()