From 24e042c23d7e50828517806c58a055990416f028 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Wed, 30 Jun 2021 09:34:09 +0200 Subject: [PATCH] [Security] add union types --- .../Core/Authentication/Token/AbstractToken.php | 17 ++++------------- .../Authentication/Token/AnonymousToken.php | 7 +++---- .../Core/Authentication/Token/NullToken.php | 6 ++++-- .../Token/PreAuthenticatedToken.php | 6 ++---- .../Authentication/Token/SwitchUserToken.php | 10 ++++++---- .../Authentication/Token/TokenInterface.php | 8 ++------ .../Token/UsernamePasswordToken.php | 9 +-------- .../Authorization/AccessDecisionManager.php | 12 +++++------- .../AccessDecisionManagerInterface.php | 2 +- .../Core/Authorization/AuthorizationChecker.php | 2 +- .../AuthorizationCheckerInterface.php | 3 +-- .../TraceableAccessDecisionManager.php | 6 ++---- .../Authorization/Voter/AuthenticatedVoter.php | 2 +- .../Authorization/Voter/ExpressionVoter.php | 4 ++-- .../Core/Authorization/Voter/RoleVoter.php | 2 +- .../Core/Authorization/Voter/TraceableVoter.php | 2 +- .../Security/Core/Authorization/Voter/Voter.php | 11 ++++------- .../Core/Authorization/Voter/VoterInterface.php | 2 +- .../Component/Security/Core/Event/VoteEvent.php | 4 ++-- .../Core/Exception/AccessDeniedException.php | 10 ++-------- .../Component/Security/Core/Security.php | 5 +---- .../Security/Core/User/ChainUserProvider.php | 8 +------- .../Core/Validator/Constraints/UserPassword.php | 2 +- .../Constraints/UserPasswordValidator.php | 15 ++++++--------- .../Security/Csrf/CsrfTokenManager.php | 12 ++++++------ .../Security/Guard/AuthenticatorInterface.php | 8 ++------ .../Guard/PasswordAuthenticatedInterface.php | 4 +--- .../Guard/Token/PreAuthenticationGuardToken.php | 5 ++--- .../Passport/Credentials/CustomCredentials.php | 9 ++++----- .../Http/Authenticator/Passport/Passport.php | 9 ++------- .../EventListener/CheckCredentialsListener.php | 9 +-------- .../EventListener/PasswordMigratingListener.php | 9 +-------- .../Security/Http/Firewall/ContextListener.php | 2 +- .../Component/Security/Http/HttpUtils.php | 10 +++------- .../Security/Http/Tests/HttpUtilsTest.php | 7 ------- 35 files changed, 78 insertions(+), 161 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php index 0316634a3bae3..507e0d48276d9 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php @@ -93,12 +93,8 @@ public function getUser() /** * {@inheritdoc} */ - public function setUser($user) + public function setUser(string|\Stringable|UserInterface $user) { - if (!($user instanceof UserInterface || $user instanceof \Stringable || \is_string($user))) { - throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.'); - } - if (null === $this->user) { $changed = false; } elseif ($this->user instanceof UserInterface) { @@ -233,12 +229,7 @@ public function getAttribute(string $name) return $this->attributes[$name]; } - /** - * Sets an attribute. - * - * @param mixed $value The attribute value - */ - public function setAttribute(string $name, $value) + public function setAttribute(string $name, mixed $value) { $this->attributes[$name] = $value; } @@ -267,9 +258,9 @@ final public function serialize(): string /** * @internal */ - final public function unserialize($serialized) + final public function unserialize(string $serialized) { - $this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized)); + $this->__unserialize(unserialize($serialized)); } private function hasUserChanged(UserInterface $user): bool diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php index db94766d3f166..4f3c74383a225 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php @@ -23,11 +23,10 @@ class AnonymousToken extends AbstractToken private $secret; /** - * @param string $secret A secret used to make sure the token is created by the app and not by a malicious client - * @param string|\Stringable|UserInterface $user - * @param string[] $roles + * @param string $secret A secret used to make sure the token is created by the app and not by a malicious client + * @param string[] $roles */ - public function __construct(string $secret, $user, array $roles = []) + public function __construct(string $secret, string|\Stringable|UserInterface $user, array $roles = []) { parent::__construct($roles); diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php index eb0e74dfc4350..a046ea4a7a54d 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Authentication\Token; +use Symfony\Component\Security\Core\User\UserInterface; + /** * @author Wouter de Jong */ @@ -36,7 +38,7 @@ public function getUser() return ''; } - public function setUser($user) + public function setUser(string|\Stringable|UserInterface $user) { throw new \BadMethodCallException('Cannot set user on a NullToken.'); } @@ -87,7 +89,7 @@ public function getAttribute(string $name) return null; } - public function setAttribute(string $name, $value) + public function setAttribute(string $name, mixed $value) { throw new \BadMethodCallException('Cannot add attribute to NullToken.'); } diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php index 95a4d2d780cb0..6ddee9699aed7 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php @@ -24,11 +24,9 @@ class PreAuthenticatedToken extends AbstractToken private $firewallName; /** - * @param string|\Stringable|UserInterface $user - * @param mixed $credentials - * @param string[] $roles + * @param string[] $roles */ - public function __construct($user, $credentials, string $firewallName, array $roles = []) + public function __construct(string|\Stringable|UserInterface $user, mixed $credentials, string $firewallName, array $roles = []) { parent::__construct($roles); diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php index ccccb5b51c04b..a6e96c2ae3301 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Authentication\Token; +use Symfony\Component\Security\Core\User\UserInterface; + /** * Token representing a user who temporarily impersonates another one. * @@ -22,13 +24,13 @@ class SwitchUserToken extends UsernamePasswordToken private $originatedFromUri; /** - * @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method - * @param mixed $credentials This usually is the password of the user - * @param string|null $originatedFromUri The URI where was the user at the switch + * @param $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method + * @param $credentials This usually is the password of the user + * @param $originatedFromUri The URI where was the user at the switch * * @throws \InvalidArgumentException */ - public function __construct($user, $credentials, string $firewallName, array $roles, TokenInterface $originalToken, string $originatedFromUri = null) + public function __construct(string|\Stringable|UserInterface $user, mixed $credentials, string $firewallName, array $roles, TokenInterface $originalToken, string $originatedFromUri = null) { parent::__construct($user, $credentials, $firewallName, $roles); diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php index 8347124453dec..e6ab18d6f9d3d 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php @@ -59,11 +59,9 @@ public function getUser(); * The user can be a UserInterface instance, or an object implementing * a __toString method or the username as a regular string. * - * @param string|\Stringable|UserInterface $user - * * @throws \InvalidArgumentException */ - public function setUser($user); + public function setUser(string|\Stringable|UserInterface $user); /** * Returns whether the user is authenticated or not. @@ -114,10 +112,8 @@ public function getAttribute(string $name); /** * Sets an attribute. - * - * @param mixed $value The attribute value */ - public function setAttribute(string $name, $value); + public function setAttribute(string $name, mixed $value); /** * Returns all the necessary state of the object for serialization purposes. diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php index 8228f6773955d..9af221610270d 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php @@ -23,14 +23,7 @@ class UsernamePasswordToken extends AbstractToken private $credentials; private $firewallName; - /** - * @param string|\Stringable|UserInterface $user The username (like a nickname, email address, etc.) or a UserInterface instance - * @param mixed $credentials - * @param string[] $roles - * - * @throws \InvalidArgumentException - */ - public function __construct($user, $credentials, string $firewallName, array $roles = []) + public function __construct(string|\Stringable|UserInterface $user, mixed $credentials, string $firewallName, array $roles = []) { parent::__construct($roles); diff --git a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php index 82f9e0ae827d3..8da482d3bfbac 100644 --- a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php +++ b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php @@ -59,10 +59,8 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA * * {@inheritdoc} */ - public function decide(TokenInterface $token, array $attributes, $object = null/*, bool $allowMultipleAttributes = false*/) + public function decide(TokenInterface $token, array $attributes, mixed $object = null, bool $allowMultipleAttributes = false) { - $allowMultipleAttributes = 3 < \func_num_args() && func_get_arg(3); - // Special case for AccessListener, do not remove the right side of the condition before 6.0 if (\count($attributes) > 1 && !$allowMultipleAttributes) { throw new InvalidArgumentException(sprintf('Passing more than one Security attribute to "%s()" is not supported.', __METHOD__)); @@ -77,7 +75,7 @@ public function decide(TokenInterface $token, array $attributes, $object = null/ * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - private function decideAffirmative(TokenInterface $token, array $attributes, $object = null): bool + private function decideAffirmative(TokenInterface $token, array $attributes, mixed $object = null): bool { $deny = 0; foreach ($this->voters as $voter) { @@ -115,7 +113,7 @@ private function decideAffirmative(TokenInterface $token, array $attributes, $ob * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - private function decideConsensus(TokenInterface $token, array $attributes, $object = null): bool + private function decideConsensus(TokenInterface $token, array $attributes, mixed $object = null): bool { $grant = 0; $deny = 0; @@ -152,7 +150,7 @@ private function decideConsensus(TokenInterface $token, array $attributes, $obje * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - private function decideUnanimous(TokenInterface $token, array $attributes, $object = null): bool + private function decideUnanimous(TokenInterface $token, array $attributes, mixed $object = null): bool { $grant = 0; foreach ($this->voters as $voter) { @@ -186,7 +184,7 @@ private function decideUnanimous(TokenInterface $token, array $attributes, $obje * If all voters abstained from voting, the decision will be based on the * allowIfAllAbstainDecisions property value (defaults to false). */ - private function decidePriority(TokenInterface $token, array $attributes, $object = null) + private function decidePriority(TokenInterface $token, array $attributes, mixed $object = null) { foreach ($this->voters as $voter) { $result = $voter->vote($token, $object, $attributes); diff --git a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php index 7a2ebc459e7dd..ae34d1e318c71 100644 --- a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php +++ b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php @@ -28,5 +28,5 @@ interface AccessDecisionManagerInterface * * @return bool true if the access is granted, false otherwise */ - public function decide(TokenInterface $token, array $attributes, $object = null); + public function decide(TokenInterface $token, array $attributes, mixed $object = null); } diff --git a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php index c51551a0d5807..0103bb0cab092 100644 --- a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php +++ b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php @@ -46,7 +46,7 @@ public function __construct(TokenStorageInterface $tokenStorage, AuthenticationM * * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true */ - final public function isGranted($attribute, $subject = null): bool + final public function isGranted(mixed $attribute, mixed $subject = null): bool { if (null === ($token = $this->tokenStorage->getToken())) { if ($this->exceptionOnNoToken) { diff --git a/src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php b/src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php index f60c80b76a7ee..97e53cb820761 100644 --- a/src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php +++ b/src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php @@ -22,9 +22,8 @@ interface AuthorizationCheckerInterface * Checks if the attribute is granted against the current authentication token and optionally supplied subject. * * @param mixed $attribute A single attribute to vote on (can be of any type, string and instance of Expression are supported by the core) - * @param mixed $subject * * @return bool */ - public function isGranted($attribute, $subject = null); + public function isGranted(mixed $attribute, mixed $subject = null); } diff --git a/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php b/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php index 3b5004edf2fcd..1f997d056cb91 100644 --- a/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php +++ b/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php @@ -47,10 +47,8 @@ public function __construct(AccessDecisionManagerInterface $manager) /** * {@inheritdoc} - * - * @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array */ - public function decide(TokenInterface $token, array $attributes, $object = null/*, bool $allowMultipleAttributes = false*/): bool + public function decide(TokenInterface $token, array $attributes, mixed $object = null, bool $allowMultipleAttributes = false): bool { $currentDecisionLog = [ 'attributes' => $attributes, @@ -60,7 +58,7 @@ public function decide(TokenInterface $token, array $attributes, $object = null/ $this->currentLog[] = &$currentDecisionLog; - $result = $this->manager->decide($token, $attributes, $object, 3 < \func_num_args() && func_get_arg(3)); + $result = $this->manager->decide($token, $attributes, $object, $allowMultipleAttributes); $currentDecisionLog['result'] = $result; diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php index fd6a65f2bc8d4..b16d88f2a295b 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php @@ -44,7 +44,7 @@ public function __construct(AuthenticationTrustResolverInterface $authentication /** * {@inheritdoc} */ - public function vote(TokenInterface $token, $subject, array $attributes) + public function vote(TokenInterface $token, mixed $subject, array $attributes) { if ($attributes === [self::PUBLIC_ACCESS]) { return VoterInterface::ACCESS_GRANTED; diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php index f02c42460ec37..1db0f875a42cc 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php @@ -42,7 +42,7 @@ public function __construct(ExpressionLanguage $expressionLanguage, Authenticati /** * {@inheritdoc} */ - public function vote(TokenInterface $token, $subject, array $attributes) + public function vote(TokenInterface $token, mixed $subject, array $attributes) { $result = VoterInterface::ACCESS_ABSTAIN; $variables = null; @@ -64,7 +64,7 @@ public function vote(TokenInterface $token, $subject, array $attributes) return $result; } - private function getVariables(TokenInterface $token, $subject): array + private function getVariables(TokenInterface $token, mixed $subject): array { $roleNames = $token->getRoleNames(); diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php index cd5a243bda050..3060922b7f081 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php @@ -30,7 +30,7 @@ public function __construct(string $prefix = 'ROLE_') /** * {@inheritdoc} */ - public function vote(TokenInterface $token, $subject, array $attributes) + public function vote(TokenInterface $token, mixed $subject, array $attributes) { $result = VoterInterface::ACCESS_ABSTAIN; $roles = $this->extractRoles($token); diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/TraceableVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/TraceableVoter.php index bdbdb84bf5ddf..c1f23ed28f069 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/TraceableVoter.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/TraceableVoter.php @@ -33,7 +33,7 @@ public function __construct(VoterInterface $voter, EventDispatcherInterface $eve $this->eventDispatcher = $eventDispatcher; } - public function vote(TokenInterface $token, $subject, array $attributes) + public function vote(TokenInterface $token, mixed $subject, array $attributes) { $result = $this->voter->vote($token, $subject, $attributes); diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php index 49ec770e223eb..748a4da2fe9c6 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php @@ -24,7 +24,7 @@ abstract class Voter implements VoterInterface /** * {@inheritdoc} */ - public function vote(TokenInterface $token, $subject, array $attributes) + public function vote(TokenInterface $token, mixed $subject, array $attributes) { // abstain vote by default in case none of the attributes are supported $vote = self::ACCESS_ABSTAIN; @@ -57,20 +57,17 @@ public function vote(TokenInterface $token, $subject, array $attributes) /** * Determines if the attribute and subject are supported by this voter. * - * @param string $attribute An attribute - * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type + * @param $subject The subject to secure, e.g. an object the user wants to access or any other PHP type * * @return bool True if the attribute and subject are supported, false otherwise */ - abstract protected function supports(string $attribute, $subject); + abstract protected function supports(string $attribute, mixed $subject); /** * Perform a single access check operation on a given attribute, subject and token. * It is safe to assume that $attribute and $subject already passed the "supports()" method check. * - * @param mixed $subject - * * @return bool */ - abstract protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token); + abstract protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token); } diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php b/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php index a50af88ee63e4..7e401c3ff3c57 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php @@ -35,5 +35,5 @@ interface VoterInterface * * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED */ - public function vote(TokenInterface $token, $subject, array $attributes); + public function vote(TokenInterface $token, mixed $subject, array $attributes); } diff --git a/src/Symfony/Component/Security/Core/Event/VoteEvent.php b/src/Symfony/Component/Security/Core/Event/VoteEvent.php index 78ac2f900ba48..ef2756fc92da0 100644 --- a/src/Symfony/Component/Security/Core/Event/VoteEvent.php +++ b/src/Symfony/Component/Security/Core/Event/VoteEvent.php @@ -28,7 +28,7 @@ final class VoteEvent extends Event private $attributes; private $vote; - public function __construct(VoterInterface $voter, $subject, array $attributes, int $vote) + public function __construct(VoterInterface $voter, mixed $subject, array $attributes, int $vote) { $this->voter = $voter; $this->subject = $subject; @@ -41,7 +41,7 @@ public function getVoter(): VoterInterface return $this->voter; } - public function getSubject() + public function getSubject(): mixed { return $this->subject; } diff --git a/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php b/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php index 0e59dc4077a91..2eb38e79f71db 100644 --- a/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php +++ b/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php @@ -34,10 +34,7 @@ public function getAttributes() return $this->attributes; } - /** - * @param array|string $attributes - */ - public function setAttributes($attributes) + public function setAttributes(array|string $attributes) { $this->attributes = (array) $attributes; } @@ -50,10 +47,7 @@ public function getSubject() return $this->subject; } - /** - * @param mixed $subject - */ - public function setSubject($subject) + public function setSubject(mixed $subject) { $this->subject = $subject; } diff --git a/src/Symfony/Component/Security/Core/Security.php b/src/Symfony/Component/Security/Core/Security.php index 72e87ea416bfe..0703546db2ae6 100644 --- a/src/Symfony/Component/Security/Core/Security.php +++ b/src/Symfony/Component/Security/Core/Security.php @@ -55,11 +55,8 @@ public function getUser(): ?UserInterface /** * Checks if the attributes are granted against the current authentication token and optionally supplied subject. - * - * @param mixed $attributes - * @param mixed $subject */ - public function isGranted($attributes, $subject = null): bool + public function isGranted(mixed $attributes, mixed $subject = null): bool { return $this->container->get('security.authorization_checker') ->isGranted($attributes, $subject); diff --git a/src/Symfony/Component/Security/Core/User/ChainUserProvider.php b/src/Symfony/Component/Security/Core/User/ChainUserProvider.php index a0931460fdc60..fb65868476a60 100644 --- a/src/Symfony/Component/Security/Core/User/ChainUserProvider.php +++ b/src/Symfony/Component/Security/Core/User/ChainUserProvider.php @@ -126,16 +126,10 @@ public function supportsClass(string $class) } /** - * @param PasswordAuthenticatedUserInterface $user - * * {@inheritdoc} */ - public function upgradePassword($user, string $newEncodedPassword): void + public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newEncodedPassword): void { - if (!$user instanceof PasswordAuthenticatedUserInterface) { - trigger_deprecation('symfony/security-core', '5.3', 'The "%s::upgradePassword()" method expects an instance of "%s" as first argument, the "%s" class should implement it.', PasswordUpgraderInterface::class, PasswordAuthenticatedUserInterface::class, get_debug_type($user)); - } - foreach ($this->providers as $provider) { if ($provider instanceof PasswordUpgraderInterface) { try { diff --git a/src/Symfony/Component/Security/Core/Validator/Constraints/UserPassword.php b/src/Symfony/Component/Security/Core/Validator/Constraints/UserPassword.php index f9de213906159..7094ca98f5ce8 100644 --- a/src/Symfony/Component/Security/Core/Validator/Constraints/UserPassword.php +++ b/src/Symfony/Component/Security/Core/Validator/Constraints/UserPassword.php @@ -23,7 +23,7 @@ class UserPassword extends Constraint public $message = 'This value should be the user\'s current password.'; public $service = 'security.validator.user_password'; - public function __construct(array $options = null, string $message = null, string $service = null, array $groups = null, $payload = null) + public function __construct(array $options = null, string $message = null, string $service = null, array $groups = null, mixed $payload = null) { parent::__construct($options, $groups, $payload); diff --git a/src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php b/src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php index bf273f2fa0fde..7fb653c46deea 100644 --- a/src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php +++ b/src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php @@ -28,15 +28,8 @@ class UserPasswordValidator extends ConstraintValidator private $tokenStorage; private $hasherFactory; - /** - * @param PasswordHasherFactoryInterface $hasherFactory - */ - public function __construct(TokenStorageInterface $tokenStorage, $hasherFactory) + public function __construct(TokenStorageInterface $tokenStorage, PasswordHasherFactoryInterface $hasherFactory) { - if ($hasherFactory instanceof EncoderFactoryInterface) { - trigger_deprecation('symfony/security-core', '5.3', 'Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.', EncoderFactoryInterface::class, __CLASS__, PasswordHasherFactoryInterface::class); - } - $this->tokenStorage = $tokenStorage; $this->hasherFactory = $hasherFactory; } @@ -44,7 +37,7 @@ public function __construct(TokenStorageInterface $tokenStorage, $hasherFactory) /** * {@inheritdoc} */ - public function validate($password, Constraint $constraint) + public function validate(mixed $password, Constraint $constraint) { if (!$constraint instanceof UserPassword) { throw new UnexpectedTypeException($constraint, UserPassword::class); @@ -56,6 +49,10 @@ public function validate($password, Constraint $constraint) return; } + if (!\is_string($password)) { + throw new UnexpectedTypeException($password, 'string'); + } + $user = $this->tokenStorage->getToken()->getUser(); if (!$user instanceof UserInterface) { diff --git a/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php b/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php index 3e7454e793d28..dcc6fa01e7e84 100644 --- a/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php +++ b/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php @@ -31,13 +31,13 @@ class CsrfTokenManager implements CsrfTokenManagerInterface private $namespace; /** - * @param string|RequestStack|callable|null $namespace - * * null: generates a namespace using $_SERVER['HTTPS'] - * * string: uses the given string - * * RequestStack: generates a namespace using the current main request - * * callable: uses the result of this callable (must return a string) + * @param $namespace + * * null: generates a namespace using $_SERVER['HTTPS'] + * * string: uses the given string + * * RequestStack: generates a namespace using the current main request + * * callable: uses the result of this callable (must return a string) */ - public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null) + public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, string|RequestStack|callable $namespace = null) { $this->generator = $generator ?? new UriSafeTokenGenerator(); $this->storage = $storage ?? new NativeSessionTokenStorage(); diff --git a/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php b/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php index 699fd3e979083..d64350fa0c6c6 100644 --- a/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php +++ b/src/Symfony/Component/Security/Guard/AuthenticatorInterface.php @@ -74,13 +74,11 @@ public function getCredentials(Request $request); * You may throw an AuthenticationException if you wish. If you return * null, then a UserNotFoundException is thrown for you. * - * @param mixed $credentials - * * @throws AuthenticationException * * @return UserInterface|null */ - public function getUser($credentials, UserProviderInterface $userProvider); + public function getUser(mixed $credentials, UserProviderInterface $userProvider); /** * Returns true if the credentials are valid. @@ -90,13 +88,11 @@ public function getUser($credentials, UserProviderInterface $userProvider); * * The *credentials* are the return value from getCredentials() * - * @param mixed $credentials - * * @return bool * * @throws AuthenticationException */ - public function checkCredentials($credentials, UserInterface $user); + public function checkCredentials(mixed $credentials, UserInterface $user); /** * Create an authenticated token for the given user. diff --git a/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php b/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php index deebad31d55a9..4eb86e738b434 100644 --- a/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php +++ b/src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php @@ -22,8 +22,6 @@ interface PasswordAuthenticatedInterface { /** * Returns the clear-text password contained in credentials if any. - * - * @param mixed $credentials The user credentials */ - public function getPassword($credentials): ?string; + public function getPassword(mixed $credentials): ?string; } diff --git a/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php b/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php index d9738f049b491..e2dbeeb9f25b0 100644 --- a/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php +++ b/src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php @@ -32,10 +32,9 @@ class PreAuthenticationGuardToken extends AbstractToken implements GuardTokenInt private $guardProviderKey; /** - * @param mixed $credentials - * @param string $guardProviderKey Unique key that bind this token to a specific AuthenticatorInterface + * @param $guardProviderKey Unique key that bind this token to a specific AuthenticatorInterface */ - public function __construct($credentials, string $guardProviderKey) + public function __construct(mixed $credentials, string $guardProviderKey) { $this->credentials = $credentials; $this->guardProviderKey = $guardProviderKey; diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/Credentials/CustomCredentials.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/Credentials/CustomCredentials.php index 81a3695b85c78..128009e4debd4 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/Passport/Credentials/CustomCredentials.php +++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/Credentials/CustomCredentials.php @@ -28,12 +28,11 @@ class CustomCredentials implements CredentialsInterface private $resolved = false; /** - * @param callable $customCredentialsChecker the check function. If this function does not return `true`, a - * BadCredentialsException is thrown. You may also throw a more - * specific exception in the function. - * @param $credentials + * @param $customCredentialsChecker The check function. If this function does not return `true`, a + * BadCredentialsException is thrown. You may also throw a more + * specific exception in the function. */ - public function __construct(callable $customCredentialsChecker, $credentials) + public function __construct(callable $customCredentialsChecker, mixed $credentials) { $this->customCredentialsChecker = $customCredentialsChecker; $this->credentials = $credentials; diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php index 273ac8328040c..d3e47308390fc 100644 --- a/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php +++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php @@ -59,20 +59,15 @@ public function getUser(): UserInterface return $this->user; } - /** - * @param mixed $value - */ - public function setAttribute(string $name, $value): void + public function setAttribute(string $name, mixed $value): void { $this->attributes[$name] = $value; } /** - * @param mixed $default - * * @return mixed */ - public function getAttribute(string $name, $default = null) + public function getAttribute(string $name, mixed $default = null) { return $this->attributes[$name] ?? $default; } diff --git a/src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php b/src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php index d215a8f389e48..527abe0cd211a 100644 --- a/src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php @@ -35,15 +35,8 @@ class CheckCredentialsListener implements EventSubscriberInterface { private $hasherFactory; - /** - * @param PasswordHasherFactoryInterface $hasherFactory - */ - public function __construct($hasherFactory) + public function __construct(PasswordHasherFactoryInterface $hasherFactory) { - if ($hasherFactory instanceof EncoderFactoryInterface) { - trigger_deprecation('symfony/security-core', '5.3', 'Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.', EncoderFactoryInterface::class, __CLASS__, PasswordHasherFactoryInterface::class); - } - $this->hasherFactory = $hasherFactory; } diff --git a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php index 2c667230079a8..96c97fd228733 100644 --- a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php @@ -30,15 +30,8 @@ class PasswordMigratingListener implements EventSubscriberInterface { private $hasherFactory; - /** - * @param PasswordHasherFactoryInterface $hasherFactory - */ - public function __construct($hasherFactory) + public function __construct(PasswordHasherFactoryInterface $hasherFactory) { - if ($hasherFactory instanceof EncoderFactoryInterface) { - trigger_deprecation('symfony/security-core', '5.3', 'Passing a "%s" instance to the "%s" constructor is deprecated, use "%s" instead.', EncoderFactoryInterface::class, __CLASS__, PasswordHasherFactoryInterface::class); - } - $this->hasherFactory = $hasherFactory; } diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php index de38c190f895b..021cb61704192 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php @@ -317,7 +317,7 @@ private function safelyUnserialize(string $serializedToken) /** * @internal */ - public static function handleUnserializeCallback($class) + public static function handleUnserializeCallback(string $class) { throw new \ErrorException('Class not found: '.$class, 0x37313bc); } diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index 9b96832bbbbd4..135b66fb453dc 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -33,18 +33,14 @@ class HttpUtils private $secureDomainRegexp; /** - * @param UrlMatcherInterface|RequestMatcherInterface $urlMatcher The URL or Request matcher - * @param string|null $domainRegexp A regexp the target of HTTP redirections must match, scheme included - * @param string|null $secureDomainRegexp A regexp the target of HTTP redirections must match when the scheme is "https" + * @param $domainRegexp A regexp the target of HTTP redirections must match, scheme included + * @param $secureDomainRegexp A regexp the target of HTTP redirections must match when the scheme is "https" * * @throws \InvalidArgumentException */ - public function __construct(UrlGeneratorInterface $urlGenerator = null, $urlMatcher = null, string $domainRegexp = null, string $secureDomainRegexp = null) + public function __construct(UrlGeneratorInterface $urlGenerator = null, UrlMatcherInterface|RequestMatcherInterface $urlMatcher = null, string $domainRegexp = null, string $secureDomainRegexp = null) { $this->urlGenerator = $urlGenerator; - if (null !== $urlMatcher && !$urlMatcher instanceof UrlMatcherInterface && !$urlMatcher instanceof RequestMatcherInterface) { - throw new \InvalidArgumentException('Matcher must either implement UrlMatcherInterface or RequestMatcherInterface.'); - } $this->urlMatcher = $urlMatcher; $this->domainRegexp = $domainRegexp; $this->secureDomainRegexp = $secureDomainRegexp; diff --git a/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php b/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php index 4d07f0a100026..e4fa637ddb15c 100644 --- a/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php +++ b/src/Symfony/Component/Security/Http/Tests/HttpUtilsTest.php @@ -282,13 +282,6 @@ public function testCheckPathWithoutRouteParam() $this->assertFalse($utils->checkRequestPath($this->getRequest(), 'path/index.html')); } - public function testUrlMatcher() - { - $this->expectException(\InvalidArgumentException::class); - $this->expectExceptionMessage('Matcher must either implement UrlMatcherInterface or RequestMatcherInterface'); - new HttpUtils($this->getUrlGenerator(), new \stdClass()); - } - public function testGenerateUriRemovesQueryString() { $utils = new HttpUtils($this->getUrlGenerator('/foo/bar'));