Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit d4e33ca

Browse filesBrowse files
wouterjwouterj
committed
[Security] Deprecate "always authenticate" and "exception on no token"
1 parent cdcf696 commit d4e33ca
Copy full SHA for d4e33ca

File tree

12 files changed

+92
-14
lines changed
Filter options

12 files changed

+92
-14
lines changed

‎UPGRADE-5.4.md

Copy file name to clipboardExpand all lines: UPGRADE-5.4.md
+14Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,17 @@ HttpKernel
1111
----------
1212

1313
* Deprecate `AbstractTestSessionListener::getSession` inject a session in the request instead
14+
15+
SecurityBundle
16+
--------------
17+
18+
* Deprecate the `always_authenticate_before_granting` option
19+
20+
Security
21+
--------
22+
23+
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
24+
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker` (this is the default
25+
behavior when using `enable_authenticator_manager: true`)
26+
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
27+
(this is the default behavior when using `enable_authenticator_manager: true`)

‎UPGRADE-6.0.md

Copy file name to clipboardExpand all lines: UPGRADE-6.0.md
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,8 @@ Routing
194194
Security
195195
--------
196196

197+
* Remove the 4th and 5th argument of `AuthorizationChecker`
198+
* Remove the 5th argument of `AccessListener`
197199
* Remove class `User`, use `InMemoryUser` or your own implementation instead.
198200
If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing them
199201
in your own user class as they are not part of the `InMemoryUser` API
@@ -313,6 +315,7 @@ Security
313315
SecurityBundle
314316
--------------
315317

318+
* Remove the `always_authenticate_before_granting` option
316319
* Remove the `UserPasswordEncoderCommand` class and the corresponding `user:encode-password` command,
317320
use `UserPasswordHashCommand` and `user:hash-password` instead
318321
* Remove the `security.encoder_factory.generic` service, the `security.encoder_factory` and `Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface` aliases,

‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate the `always_authenticate_before_granting` option
8+
49
5.3
510
---
611

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+4-1Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,10 @@ public function getConfigTreeBuilder()
9090
->defaultValue(SessionAuthenticationStrategy::MIGRATE)
9191
->end()
9292
->booleanNode('hide_user_not_found')->defaultTrue()->end()
93-
->booleanNode('always_authenticate_before_granting')->defaultFalse()->end()
93+
->booleanNode('always_authenticate_before_granting')
94+
->defaultFalse()
95+
->setDeprecated('symfony/security-bundle', '5.4', 'The "%node%" at path "%path%" is deprecated and will always be "false" in 6.0.')
96+
->end()
9497
->booleanNode('erase_credentials')->defaultTrue()->end()
9598
->booleanNode('enable_authenticator_manager')->defaultFalse()->info('Enables the new Symfony Security system based on Authenticators, all used authenticators must support this before enabling this.')->end()
9699
->arrayNode('access_decision_manager')

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -635,6 +635,9 @@ public function provideEntryPointRequiredData()
635635
];
636636
}
637637

638+
/**
639+
* @group legacy
640+
*/
638641
public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticatorManager()
639642
{
640643
$this->expectException(InvalidConfigurationException::class);

‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
+7Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,13 @@ class AuthorizationChecker implements AuthorizationCheckerInterface
3434

3535
public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager, bool $alwaysAuthenticate = false, bool $exceptionOnNoToken = true)
3636
{
37+
if (false !== $alwaysAuthenticate) {
38+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 4th argument of "%s" to "false" is deprecated.', __METHOD__);
39+
}
40+
if (false !== $exceptionOnNoToken) {
41+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 5th argument of "%s" to "false" is deprecated.', __METHOD__);
42+
}
43+
3744
$this->tokenStorage = $tokenStorage;
3845
$this->authenticationManager = $authenticationManager;
3946
$this->accessDecisionManager = $accessDecisionManager;

‎src/Symfony/Component/Security/Core/CHANGELOG.md

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/CHANGELOG.md
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
8+
5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker`
9+
410
5.3
511
---
612

‎src/Symfony/Component/Security/Core/Tests/Authorization/AuthorizationCheckerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authorization/AuthorizationCheckerTest.php
+16-4Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,9 @@ protected function setUp(): void
3636
$this->authorizationChecker = new AuthorizationChecker(
3737
$this->tokenStorage,
3838
$this->authenticationManager,
39-
$this->accessDecisionManager
39+
$this->accessDecisionManager,
40+
false,
41+
false
4042
);
4143
}
4244

@@ -71,13 +73,23 @@ public function testVoteAuthenticatesTokenIfNecessary()
7173
$this->assertSame($newToken, $this->tokenStorage->getToken());
7274
}
7375

74-
public function testVoteWithoutAuthenticationToken()
76+
/**
77+
* @group legacy
78+
*/
79+
public function testLegacyVoteWithoutAuthenticationToken()
7580
{
81+
$authorizationChecker = new AuthorizationChecker(
82+
$this->tokenStorage,
83+
$this->authenticationManager,
84+
$this->accessDecisionManager
85+
);
86+
7687
$this->expectException(AuthenticationCredentialsNotFoundException::class);
77-
$this->authorizationChecker->isGranted('ROLE_FOO');
88+
89+
$authorizationChecker->isGranted('ROLE_FOO');
7890
}
7991

80-
public function testVoteWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse()
92+
public function testVoteWithoutAuthenticationToken()
8193
{
8294
$authorizationChecker = new AuthorizationChecker($this->tokenStorage, $this->authenticationManager, $this->accessDecisionManager, false, false);
8395

‎src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public function testIsAuthenticated($token, $expression, $result)
3737
$tokenStorage = new TokenStorage();
3838
$tokenStorage->setToken($token);
3939
$accessDecisionManager = new AccessDecisionManager([new RoleVoter(), new AuthenticatedVoter($trustResolver)]);
40-
$authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager);
40+
$authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager, false, false);
4141

4242
$context = [];
4343
$context['auth_checker'] = $authChecker;

‎src/Symfony/Component/Security/Http/CHANGELOG.md

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/CHANGELOG.md
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
5.4
5+
---
6+
7+
* Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
8+
49
5.3
510
---
611

‎src/Symfony/Component/Security/Http/Firewall/AccessListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/AccessListener.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,10 @@ class AccessListener extends AbstractListener
4040

4141
public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionManagerInterface $accessDecisionManager, AccessMapInterface $map, AuthenticationManagerInterface $authManager, bool $exceptionOnNoToken = true)
4242
{
43+
if (false !== $exceptionOnNoToken) {
44+
trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 5th argument of "%s" to "false" is deprecated.', __METHOD__);
45+
}
46+
4347
$this->tokenStorage = $tokenStorage;
4448
$this->accessDecisionManager = $accessDecisionManager;
4549
$this->map = $map;

‎src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
+24-8Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,9 @@ public function testHandleWhenTheAccessDecisionManagerDecidesToRefuseAccess()
7171
$tokenStorage,
7272
$accessDecisionManager,
7373
$accessMap,
74-
$this->createMock(AuthenticationManagerInterface::class)
74+
$this->createMock(AuthenticationManagerInterface::class),
75+
false,
76+
false
7577
);
7678

7779
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
@@ -135,7 +137,9 @@ public function testHandleWhenTheTokenIsNotAuthenticated()
135137
$tokenStorage,
136138
$accessDecisionManager,
137139
$accessMap,
138-
$authManager
140+
$authManager,
141+
false,
142+
false
139143
);
140144

141145
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
@@ -170,7 +174,9 @@ public function testHandleWhenThereIsNoAccessMapEntryMatchingTheRequest()
170174
$tokenStorage,
171175
$this->createMock(AccessDecisionManagerInterface::class),
172176
$accessMap,
173-
$this->createMock(AuthenticationManagerInterface::class)
177+
$this->createMock(AuthenticationManagerInterface::class),
178+
false,
179+
false
174180
);
175181

176182
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
@@ -198,15 +204,20 @@ public function testHandleWhenAccessMapReturnsEmptyAttributes()
198204
$tokenStorage,
199205
$this->createMock(AccessDecisionManagerInterface::class),
200206
$accessMap,
201-
$this->createMock(AuthenticationManagerInterface::class)
207+
$this->createMock(AuthenticationManagerInterface::class),
208+
false,
209+
false
202210
);
203211

204212
$event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
205213

206214
$listener(new LazyResponseEvent($event));
207215
}
208216

209-
public function testHandleWhenTheSecurityTokenStorageHasNoToken()
217+
/**
218+
* @group legacy
219+
*/
220+
public function testLegacyHandleWhenTheSecurityTokenStorageHasNoToken()
210221
{
211222
$this->expectException(AuthenticationCredentialsNotFoundException::class);
212223
$tokenStorage = $this->createMock(TokenStorageInterface::class);
@@ -236,7 +247,7 @@ public function testHandleWhenTheSecurityTokenStorageHasNoToken()
236247
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
237248
}
238249

239-
public function testHandleWhenTheSecurityTokenStorageHasNoTokenAndExceptionOnTokenIsFalse()
250+
public function testHandleWhenTheSecurityTokenStorageHasNoToken()
240251
{
241252
$this->expectException(AccessDeniedException::class);
242253
$tokenStorage = new TokenStorage();
@@ -260,13 +271,14 @@ public function testHandleWhenTheSecurityTokenStorageHasNoTokenAndExceptionOnTok
260271
$accessDecisionManager,
261272
$accessMap,
262273
$this->createMock(AuthenticationManagerInterface::class),
274+
false,
263275
false
264276
);
265277

266278
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
267279
}
268280

269-
public function testHandleWhenPublicAccessIsAllowedAndExceptionOnTokenIsFalse()
281+
public function testHandleWhenPublicAccessIsAllowed()
270282
{
271283
$tokenStorage = new TokenStorage();
272284
$request = new Request();
@@ -289,6 +301,7 @@ public function testHandleWhenPublicAccessIsAllowedAndExceptionOnTokenIsFalse()
289301
$accessDecisionManager,
290302
$accessMap,
291303
$this->createMock(AuthenticationManagerInterface::class),
304+
false,
292305
false
293306
);
294307

@@ -320,6 +333,7 @@ public function testHandleWhenPublicAccessWhileAuthenticated()
320333
$accessDecisionManager,
321334
$accessMap,
322335
$this->createMock(AuthenticationManagerInterface::class),
336+
false,
323337
false
324338
);
325339

@@ -355,7 +369,9 @@ public function testHandleMWithultipleAttributesShouldBeHandledAsAnd()
355369
$tokenStorage,
356370
$accessDecisionManager,
357371
$accessMap,
358-
$this->createMock(AuthenticationManagerInterface::class)
372+
$this->createMock(AuthenticationManagerInterface::class),
373+
false,
374+
false
359375
);
360376

361377
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.