symfony
diff --git a/‎src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php
+2-7Lines changed: 2 additions & 7 deletions b/‎src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php
+2-7Lines changed: 2 additions & 7 deletions
diff --git a/‎src/Symfony/Component/Ldap/Security/LdapAuthenticator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapAuthenticator.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Ldap/Security/LdapAuthenticator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapAuthenticator.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Ldap/Security/LdapBadge.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapBadge.php
+8-2Lines changed: 8 additions & 2 deletions b/‎src/Symfony/Component/Ldap/Security/LdapBadge.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapBadge.php
+8-2Lines changed: 8 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
+20-10Lines changed: 20 additions & 10 deletions b/‎src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
+20-10Lines changed: 20 additions & 10 deletions
diff --git a/‎src/Symfony/Component/Ldap/Tests/Security/LdapBadgeTest.php
Copy file name to clipboard
+42Lines changed: 42 additions & 0 deletions b/‎src/Symfony/Component/Ldap/Tests/Security/LdapBadgeTest.php
Copy file name to clipboard
+42Lines changed: 42 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Ldap/composer.json
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/composer.json
+2-1Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Component/Ldap/composer.json
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/composer.json
+2-1Lines changed: 2 additions & 1 deletion
@@ -17,7 +17,6 @@
 use Symfony\Component\Ldap\LdapInterface;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 use Symfony\Component\Security\Core\Exception\LogicException;
-use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
 use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
 use Symfony\Component\Security\Http\Event\CheckPassportEvent;
@@ -46,9 +45,6 @@ public function onCheckPassport(CheckPassportEvent $event)
 
         /** @var LdapBadge $ldapBadge */
         $ldapBadge = $passport->getBadge(LdapBadge::class);
-        if ($ldapBadge->isResolved()) {
-            return;
-        }
 
         if (!$passport instanceof UserPassportInterface || !$passport->hasBadge(PasswordCredentials::class)) {
             throw new \LogicException(sprintf('LDAP authentication requires a passport containing a user and password credentials, authenticator "%s" does not fulfill these requirements.', \get_class($event->getAuthenticator())));
@@ -70,8 +66,8 @@ public function onCheckPassport(CheckPassportEvent $event)
         }
 
         $user = $passport->getUser();
-        if (!$user instanceof PasswordAuthenticatedUserInterface) {
-            trigger_deprecation('symfony/ldap', '5.3', 'Not implementing the "%s" interface in class "%s" while using password-based authenticators is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user));
+        if (!$user instanceof LdapUser) {
+            return;
         }
 
         /** @var LdapInterface $ldap */
@@ -104,7 +100,6 @@ public function onCheckPassport(CheckPassportEvent $event)
         }
 
         $passwordCredentials->markResolved();
-        $ldapBadge->markResolved();
     }
 
     public static function getSubscribedEvents(): array
 
@@ -60,7 +60,7 @@ public function supports(Request $request): ?bool
     public function authenticate(Request $request): Passport
     {
         $passport = $this->authenticator->authenticate($request);
-        $passport->addBadge(new LdapBadge($this->ldapServiceId, $this->dnString, $this->searchDn, $this->searchPassword, $this->queryString));
+        $passport->addBadge(new LdapBadge($this->ldapServiceId, $this->dnString, $this->searchDn, $this->searchPassword, $this->queryString, true));
 
         return $passport;
     }
 
@@ -24,20 +24,24 @@
  */
 class LdapBadge implements BadgeInterface
 {
-    private $resolved = false;
+    private $resolved = true;
     private $ldapServiceId;
     private $dnString;
     private $searchDn;
     private $searchPassword;
     private $queryString;
 
-    public function __construct(string $ldapServiceId, string $dnString = '{username}', string $searchDn = '', string $searchPassword = '', string $queryString = null)
+    public function __construct(string $ldapServiceId, string $dnString = '{user_identifier}', string $searchDn = '', string $searchPassword = '', string $queryString = null, $resolved = false)
     {
         $this->ldapServiceId = $ldapServiceId;
         $this->dnString = $dnString;
         $this->searchDn = $searchDn;
         $this->searchPassword = $searchPassword;
         $this->queryString = $queryString;
+        $this->resolved = $resolved;
+        if (false === $this->resolved) {
+            trigger_deprecation('symfony/ldap', '5.4', 'Passing false as resolved initial value is deprecated, use true instead.');
+        }
     }
 
     public function getLdapServiceId(): string
@@ -67,6 +71,8 @@ public function getQueryString(): ?string
 
     public function markResolved(): void
     {
+        trigger_deprecation('symfony/ldap', '5.4', 'Calling %s is deprecated.', __METHOD__);
+
         $this->resolved = true;
     }
 
 
@@ -22,6 +22,7 @@
 use Symfony\Component\Ldap\LdapInterface;
 use Symfony\Component\Ldap\Security\CheckLdapCredentialsListener;
 use Symfony\Component\Ldap\Security\LdapBadge;
+use Symfony\Component\Ldap\Security\LdapUser;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -69,9 +70,10 @@ public static function provideShouldNotCheckPassport()
         yield [new TestAuthenticator(), new Passport(new UserBadge('test'), new PasswordCredentials('s3cret'))];
 
         // ldap already resolved
-        $badge = new LdapBadge('app.ldap');
-        $badge->markResolved();
-        yield [new TestAuthenticator(), new Passport(new UserBadge('test'), new PasswordCredentials('s3cret'), [$badge])];
+        $ldapBadge = new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true);
+        $userBadge = new UserBadge('test');
+        $userBadge->setUserLoader(function () { return new InMemoryUser('test', 'pass', ['ROLE_USER']); });
+        yield [new TestAuthenticator(), new Passport($userBadge, new PasswordCredentials('s3cret'), [$ldapBadge])];
     }
 
     public function testPasswordCredentialsAlreadyResolvedThrowsException()
@@ -81,7 +83,7 @@ public function testPasswordCredentialsAlreadyResolvedThrowsException()
 
         $badge = new PasswordCredentials('s3cret');
         $badge->markResolved();
-        $passport = new Passport(new UserBadge('test'), $badge, [new LdapBadge('app.ldap')]);
+        $passport = new Passport(new UserBadge('test'), $badge, [new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true)]);
 
         $listener = $this->createListener();
         $listener->onCheckPassport(new CheckPassportEvent(new TestAuthenticator(), $passport));
@@ -93,7 +95,7 @@ public function testInvalidLdapServiceId()
         $this->expectExceptionMessage('Cannot check credentials using the "not_existing_ldap_service" ldap service, as such service is not found. Did you maybe forget to add the "ldap" service tag to this service?');
 
         $listener = $this->createListener();
-        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('not_existing_ldap_service')));
+        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('not_existing_ldap_service', '{user_identifier}', '', '', null, true)));
     }
 
     /**
@@ -115,7 +117,10 @@ public static function provideWrongPassportData()
         }
 
         // no password credentials
-        yield [new SelfValidatingPassport(new UserBadge('test'), [new LdapBadge('app.ldap')])];
+        yield [new SelfValidatingPassport(
+            new UserBadge('test'),
+            [new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true)]
+        )];
     }
 
     /**
@@ -129,7 +134,7 @@ public function testLegacyWrongPassport()
         // no user passport
         $passport = $this->createMock(PassportInterface::class);
         $passport->expects($this->any())->method('hasBadge')->with(LdapBadge::class)->willReturn(true);
-        $passport->expects($this->any())->method('getBadge')->with(LdapBadge::class)->willReturn(new LdapBadge('app.ldap'));
+        $passport->expects($this->any())->method('getBadge')->with(LdapBadge::class)->willReturn(new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true));
 
         $listener = $this->createListener();
         $listener->onCheckPassport(new CheckPassportEvent(new TestAuthenticator(), $passport));
@@ -156,6 +161,9 @@ public function testBindFailureShouldThrowAnException()
         $listener->onCheckPassport($this->createEvent());
     }
 
+    /**
+     * @group legacy
+     */
     public function testQueryForDn()
     {
         $collection = new class([new Entry('')]) extends \ArrayObject implements CollectionInterface {
@@ -183,7 +191,7 @@ public function toArray(): array
         $this->ldap->expects($this->once())->method('query')->with('{username}', 'wouter_test')->willReturn($query);
 
         $listener = $this->createListener();
-        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test')));
+        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test', true)));
     }
 
     public function testEmptyQueryResultShouldThrowAnException()
@@ -211,14 +219,16 @@ public function testEmptyQueryResultShouldThrowAnException()
         $this->ldap->expects($this->once())->method('query')->willReturn($query);
 
         $listener = $this->createListener();
-        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test')));
+        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test', true)));
     }
 
     private function createEvent($password = 's3cr3t', $ldapBadge = null)
     {
+        $ldapUser = new LdapUser(new Entry('cn=Wouter,dc=example,dc=com'), 'Wouter', null, ['ROLE_USER']);
+
         return new CheckPassportEvent(
             new TestAuthenticator(),
-            new Passport(new UserBadge('Wouter', function () { return new InMemoryUser('Wouter', null, ['ROLE_USER']); }), new PasswordCredentials($password), [$ldapBadge ?? new LdapBadge('app.ldap')])
+            new Passport(new UserBadge('Wouter', function () use ($ldapUser) { return $ldapUser; }), new PasswordCredentials($password), [$ldapBadge ?? new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true)])
         );
     }
 
 
@@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Security;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
+use Symfony\Component\Ldap\Security\LdapBadge;
+
+final class LdapBadgeTest extends TestCase
+{
+    use ExpectDeprecationTrait;
+
+    /**
+     * @group legacy
+     */
+    public function testDeprecationOnResolvedInitialValue()
+    {
+        $this->expectDeprecation('Since symfony/ldap 5.4: Passing false as resolved initial value is deprecated, use true instead.');
+
+        new LdapBadge('foo');
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testDeprecationOnMarkAsResolved()
+    {
+        $this->expectDeprecation('Since symfony/ldap 5.4: Calling Symfony\Component\Ldap\Security\LdapBadge::markResolved is deprecated.');
+
+        $sut = new LdapBadge('foo', '{user_identifier}', '', '', null, true);
+        $sut->markResolved();
+    }
+}
@@ -23,7 +23,8 @@
         "ext-ldap": "*"
     },
     "require-dev": {
-        "symfony/security-core": "^5.3|^6.0"
+        "symfony/security-core": "^5.3|^6.0",
+        "symfony/security-http": "^5.4"
     },
     "conflict": {
         "symfony/options-resolver": "<4.4",
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ public function supports(Request $request): ?bool`
`60`	`60`	`public function authenticate(Request $request): Passport`
`61`	`61`	`{`
`62`	`62`	`$passport = $this->authenticator->authenticate($request);`
`63`		`- $passport->addBadge(new LdapBadge($this->ldapServiceId, $this->dnString, $this->searchDn, $this->searchPassword, $this->queryString));`
	`63`	`+ $passport->addBadge(new LdapBadge($this->ldapServiceId, $this->dnString, $this->searchDn, $this->searchPassword, $this->queryString, true));`
`64`	`64`
`65`	`65`	`return $passport;`
`66`	`66`	`}`