Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 56b95da

Browse filesBrowse files
xabbuhxabbuh
committed
remove the user FQCN from remember me cookies
1 parent d97d8a1 commit 56b95da
Copy full SHA for 56b95da

15 files changed

+39-179Lines changed: 39 additions & 179 deletions
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎UPGRADE-8.0.md‎

Copy file name to clipboardExpand all lines: UPGRADE-8.0.md
+2Lines changed: 2 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -361,6 +361,8 @@ Routing
361361
Security
362362
--------
363363

364+
* Remove `PersistentTokenInterface::getClass()` and `RememberMeDetails::getUserFqcn()`
365+
* Remove the user FQCN from the remember-me cookie
364366
* Remove `UserInterface::eraseCredentials()` and `TokenInterface::eraseCredentials()`;
365367
erase credentials e.g. using `__serialize()` instead:
366368

Collapse file

‎src/Symfony/Component/Security/Core/Authentication/RememberMe/InMemoryTokenProvider.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/RememberMe/InMemoryTokenProvider.php
-2Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,10 @@ public function updateToken(string $series, #[\SensitiveParameter] string $token
3838
}
3939

4040
$token = new PersistentToken(
41-
$this->tokens[$series]->getClass(false),
4241
$this->tokens[$series]->getUserIdentifier(),
4342
$series,
4443
$tokenValue,
4544
$lastUsed,
46-
false
4745
);
4846
$this->tokens[$series] = $token;
4947
}
Collapse file

‎src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentToken.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentToken.php
+4-66Lines changed: 4 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -18,61 +18,14 @@
1818
*/
1919
final class PersistentToken implements PersistentTokenInterface
2020
{
21-
private ?string $class = null;
22-
private string $userIdentifier;
23-
private string $series;
24-
private string $tokenValue;
2521
private \DateTimeImmutable $lastUsed;
2622

27-
/**
28-
* @param string $userIdentifier
29-
* @param string $series
30-
* @param string $tokenValue
31-
* @param \DateTimeInterface $lastUsed
32-
*/
3323
public function __construct(
34-
$userIdentifier,
35-
$series,
36-
#[\SensitiveParameter] $tokenValue,
37-
#[\SensitiveParameter] $lastUsed,
24+
private string $userIdentifier,
25+
private string $series,
26+
#[\SensitiveParameter] private string $tokenValue,
27+
\DateTimeInterface $lastUsed,
3828
) {
39-
if (\func_num_args() > 4) {
40-
if (\func_num_args() < 6 || func_get_arg(5)) {
41-
trigger_deprecation('symfony/security-core', '7.4', 'Passing a user FQCN to %s() is deprecated. The user class will be removed from the remember-me cookie in 8.0.', __CLASS__, __NAMESPACE__);
42-
}
43-
44-
if (!\is_string($userIdentifier)) {
45-
throw new \TypeError(\sprintf('Argument 1 passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($userIdentifier)));
46-
}
47-
48-
$this->class = $userIdentifier;
49-
$userIdentifier = $series;
50-
$series = $tokenValue;
51-
$tokenValue = $lastUsed;
52-
53-
if (\func_num_args() <= 4) {
54-
throw new \TypeError(\sprintf('Argument 5 passed to "%s()" must be an instance of "%s", the argument is missing.', __METHOD__, \DateTimeInterface::class));
55-
}
56-
57-
$lastUsed = func_get_arg(4);
58-
}
59-
60-
if (!\is_string($userIdentifier)) {
61-
throw new \TypeError(\sprintf('The $userIdentifier argument passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($userIdentifier)));
62-
}
63-
64-
if (!\is_string($series)) {
65-
throw new \TypeError(\sprintf('The $series argument passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($series)));
66-
}
67-
68-
if (!\is_string($tokenValue)) {
69-
throw new \TypeError(\sprintf('The $tokenValue argument passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($tokenValue)));
70-
}
71-
72-
if (!$lastUsed instanceof \DateTimeInterface) {
73-
throw new \TypeError(\sprintf('The $lastUsed argument passed to "%s()" must be an instance of "%s", "%s" given.', __METHOD__, \DateTimeInterface::class, get_debug_type($lastUsed)));
74-
}
75-
7629
if ('' === $userIdentifier) {
7730
throw new \InvalidArgumentException('$userIdentifier must not be empty.');
7831
}
@@ -83,24 +36,9 @@ public function __construct(
8336
throw new \InvalidArgumentException('$tokenValue must not be empty.');
8437
}
8538

86-
$this->userIdentifier = $userIdentifier;
87-
$this->series = $series;
88-
$this->tokenValue = $tokenValue;
8939
$this->lastUsed = \DateTimeImmutable::createFromInterface($lastUsed);
9040
}
9141

92-
/**
93-
* @deprecated since Symfony 7.4
94-
*/
95-
public function getClass(bool $triggerDeprecation = true): string
96-
{
97-
if ($triggerDeprecation) {
98-
trigger_deprecation('symfony/security-core', '7.4', 'The "%s()" method is deprecated: the user class will be removed from the remember-me cookie in 8.0.', __METHOD__);
99-
}
100-
101-
return $this->class ?? '';
102-
}
103-
10442
public function getUserIdentifier(): string
10543
{
10644
return $this->userIdentifier;
Collapse file

‎src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentTokenInterface.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentTokenInterface.php
-7Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -19,13 +19,6 @@
1919
*/
2020
interface PersistentTokenInterface
2121
{
22-
/**
23-
* Returns the class of the user.
24-
*
25-
* @deprecated since Symfony 7.4, the user class will be removed from the remember-me cookie in 8.0
26-
*/
27-
public function getClass(): string;
28-
2922
/**
3023
* Returns the series.
3124
*/
Collapse file

‎src/Symfony/Component/Security/Core/CHANGELOG.md‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/CHANGELOG.md
+2Lines changed: 2 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@ CHANGELOG
44
8.0
55
---
66

7+
* Remove `PersistentTokenInterface::getClass()`
8+
* Remove the user FQCN from the remember-me cookie
79
* Remove `RememberMeToken::getSecret()`
810
* Remove `UserInterface::eraseCredentials()` and `TokenInterface::eraseCredentials()`,
911
erase credentials e.g. using `__serialize()` instead
Collapse file

‎src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/CacheTokenVerifierTest.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/CacheTokenVerifierTest.php
+4-4Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,22 +21,22 @@ class CacheTokenVerifierTest extends TestCase
2121
public function testVerifyCurrentToken()
2222
{
2323
$verifier = new CacheTokenVerifier(new ArrayAdapter());
24-
$token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);
24+
$token = new PersistentToken('user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
2525
$this->assertTrue($verifier->verifyToken($token, 'value'));
2626
}
2727

2828
public function testVerifyFailsInvalidToken()
2929
{
3030
$verifier = new CacheTokenVerifier(new ArrayAdapter());
31-
$token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);
31+
$token = new PersistentToken('user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
3232
$this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
3333
}
3434

3535
public function testVerifyOutdatedToken()
3636
{
3737
$verifier = new CacheTokenVerifier(new ArrayAdapter());
38-
$outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);
39-
$newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable(), false);
38+
$outdatedToken = new PersistentToken('user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
39+
$newToken = new PersistentToken('user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable());
4040
$verifier->updateExistingToken($outdatedToken, 'newvalue', new \DateTimeImmutable());
4141
$this->assertTrue($verifier->verifyToken($newToken, 'value'));
4242
}
Collapse file

‎src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/InMemoryTokenProviderTest.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/InMemoryTokenProviderTest.php
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ public function testCreateNewToken()
2222
{
2323
$provider = new InMemoryTokenProvider();
2424

25-
$token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable(), false);
25+
$token = new PersistentToken('foo', 'foo', 'foo', new \DateTimeImmutable());
2626
$provider->createNewToken($token);
2727

2828
$this->assertSame($provider->loadTokenBySeries('foo'), $token);
@@ -38,7 +38,7 @@ public function testUpdateToken()
3838
{
3939
$provider = new InMemoryTokenProvider();
4040

41-
$token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable(), false);
41+
$token = new PersistentToken('foo', 'foo', 'foo', new \DateTimeImmutable());
4242
$provider->createNewToken($token);
4343
$provider->updateToken('foo', 'newFoo', $lastUsed = new \DateTime());
4444
$token = $provider->loadTokenBySeries('foo');
@@ -51,7 +51,7 @@ public function testDeleteToken()
5151
{
5252
$provider = new InMemoryTokenProvider();
5353

54-
$token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable(), false);
54+
$token = new PersistentToken('foo', 'foo', 'foo', new \DateTimeImmutable());
5555
$provider->createNewToken($token);
5656
$provider->deleteTokenBySeries('foo');
5757

Collapse file

‎src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/PersistentTokenTest.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/PersistentTokenTest.php
-10Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@
1111

1212
namespace Symfony\Component\Security\Core\Tests\Authentication\RememberMe;
1313

14-
use PHPUnit\Framework\Attributes\Group;
15-
use PHPUnit\Framework\Attributes\IgnoreDeprecations;
1614
use PHPUnit\Framework\TestCase;
1715
use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
1816

@@ -36,12 +34,4 @@ public function testDateTime()
3634

3735
$this->assertEquals($lastUsed, $token->getLastUsed());
3836
}
39-
40-
#[IgnoreDeprecations]
41-
#[Group('legacy')]
42-
public function testClassDeprecation()
43-
{
44-
$token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', new \DateTimeImmutable());
45-
$this->assertSame('fooclass', $token->getClass());
46-
}
4737
}
Collapse file

‎src/Symfony/Component/Security/Http/CHANGELOG.md‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ CHANGELOG
44
8.0
55
---
66

7+
* Remove `RememberMeDetails::getUserFqcn()`
78
* Remove callable firewall listeners support, extend `AbstractListener` or implement `FirewallListenerInterface` instead
89
* Remove `AbstractListener::__invoke`
910
* Throw a `BadCredentialsException` when passing an empty string as `$userIdentifier` argument to `UserBadge` constructor
Collapse file

‎src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php‎

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
-2Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -93,11 +93,9 @@ public function consumeRememberMeCookie(RememberMeDetails $rememberMeDetails): U
9393
}
9494

9595
return parent::consumeRememberMeCookie(new RememberMeDetails(
96-
method_exists($token, 'getClass') ? $token->getClass(false) : '',
9796
$token->getUserIdentifier(),
9897
$expires,
9998
$token->getLastUsed()->getTimestamp().':'.$series.':'.$tokenValue.':'.(method_exists($token, 'getClass') ? $token->getClass(false) : ''),
100-
false
10199
));
102100
}
103101

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.