diff --git a/UPGRADE-5.4.md b/UPGRADE-5.4.md index c39d485d1e6d3..080d46e83123a 100644 --- a/UPGRADE-5.4.md +++ b/UPGRADE-5.4.md @@ -70,6 +70,8 @@ Security * Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener` * Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator` and `HttpBasicAuthenticator` should be used instead + * Deprecate `AbstractRememberMeServices`, `PersistentTokenBasedRememberMeServices`, `RememberMeServicesInterface`, + `TokenBasedRememberMeServices`, use the remember me handler alternatives instead * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3 * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions) * Deprecate not returning an `UserInterface` from `Token::getUser()` diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md index 6e01f09d45441..27bc7cfeb27ac 100644 --- a/UPGRADE-6.0.md +++ b/UPGRADE-6.0.md @@ -211,6 +211,8 @@ Security * Remove the `$authenticationEntryPoint` argument of `ChannelListener` * Remove `RetryAuthenticationEntryPoint`, this code was inlined in the `ChannelListener` * Remove `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, the `FormLoginAuthenticator` and `HttpBasicAuthenticator` should be used instead. + * Remove `AbstractRememberMeServices`, `PersistentTokenBasedRememberMeServices`, `RememberMeServicesInterface`, + `TokenBasedRememberMeServices`, use the remember me handler alternatives instead * Remove `AnonymousToken` * Remove `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions) * Restrict the return type of `Token::getUser()` to `UserInterface` (removing `string|\Stringable`) diff --git a/src/Symfony/Component/Security/Http/CHANGELOG.md b/src/Symfony/Component/Security/Http/CHANGELOG.md index 147ed9adc1dc8..10710157a5b40 100644 --- a/src/Symfony/Component/Security/Http/CHANGELOG.md +++ b/src/Symfony/Component/Security/Http/CHANGELOG.md @@ -8,6 +8,8 @@ CHANGELOG * Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener` * Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator` and `HttpBasicAuthenticator` should be used instead + * Deprecate `AbstractRememberMeServices`, `PersistentTokenBasedRememberMeServices`, `RememberMeServicesInterface`, + `TokenBasedRememberMeServices`, use the remember me handler alternatives instead * Deprecate the `$authManager` argument of `AccessListener` * Deprecate not setting the `$exceptionOnNoToken` argument of `AccessListener` to `false` * Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead diff --git a/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php b/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php index ad04e54285f26..b97558f346d00 100644 --- a/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php @@ -16,10 +16,14 @@ use Symfony\Component\Security\Http\Event\LogoutEvent; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated.', RememberMeLogoutListener::class); + /** * @author Wouter de Jong * * @final + * + * @deprecated since Symfony 5.4 */ class RememberMeLogoutListener implements EventSubscriberInterface { diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php index 2b82aa1a4b22b..b1f089ffd9611 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php @@ -387,8 +387,13 @@ public static function handleUnserializeCallback(string $class) throw new \ErrorException('Class not found: '.$class, 0x37313bc); } + /** + * @deprecated since Symfony 5.4 + */ public function setRememberMeServices(RememberMeServicesInterface $rememberMeServices) { + trigger_deprecation('symfony/security-http', '5.4', 'Method "%s()" is deprecated, use the new remember me handlers instead.', __METHOD__); + $this->rememberMeServices = $rememberMeServices; } } diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index 42452f15b5343..f18a4c2f969bd 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -26,10 +26,14 @@ use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface; use Symfony\Component\Security\Http\ParameterBagUtils; +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" instead.', AbstractRememberMeServices::class, AbstractRememberMeHandler::class); + /** * Base class implementing the RememberMeServicesInterface. * * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.4, use {@see AbstractRememberMeHandler} instead */ abstract class AbstractRememberMeServices implements RememberMeServicesInterface, LogoutHandlerInterface { diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php index dc60806c4e9eb..2bf9d3c6a968a 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -21,12 +21,16 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\CookieTheftException; +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" instead.', PersistentTokenBasedRememberMeServices::class, PersistentRememberMeHandler::class); + /** * Concrete implementation of the RememberMeServicesInterface which needs * an implementation of TokenProviderInterface for providing remember-me * capabilities. * * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.4, use {@see PersistentRememberMeHandler} instead */ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices { diff --git a/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php b/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php index e03c2f3fd9be6..239cad7225e1c 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php +++ b/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php @@ -15,6 +15,8 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" interface is deprecated, use "%s" instead.', RememberMeServicesInterface::class, RememberMeHandlerInterface::class); + /** * Interface that needs to be implemented by classes which provide remember-me * capabilities. @@ -26,6 +28,8 @@ * @author Johannes M. Schmitt * * @method logout(Request $request, Response $response, TokenInterface $token) + * + * @deprecated since Symfony 5.4, use {@see RememberMeHandlerInterface} instead */ interface RememberMeServicesInterface { diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php index 21725fe7ef00b..2fa5966d8a6c9 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php @@ -18,11 +18,15 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; +trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" instead.', TokenBasedRememberMeServices::class, SignatureRememberMeHandler::class); + /** * Concrete implementation of the RememberMeServicesInterface providing * remember-me capabilities without requiring a TokenProvider. * * @author Johannes M. Schmitt + * + * @deprecated since Symfony 5.4, use {@see SignatureRememberMeHandler} instead */ class TokenBasedRememberMeServices extends AbstractRememberMeServices { diff --git a/src/Symfony/Component/Security/Http/Tests/EventListener/RememberMeLogoutListenerTest.php b/src/Symfony/Component/Security/Http/Tests/EventListener/RememberMeLogoutListenerTest.php index 8818cfceb90e4..4e13262bc2944 100644 --- a/src/Symfony/Component/Security/Http/Tests/EventListener/RememberMeLogoutListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/EventListener/RememberMeLogoutListenerTest.php @@ -17,6 +17,9 @@ use Symfony\Component\Security\Http\EventListener\RememberMeLogoutListener; use Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices; +/** + * @group legacy + */ class RememberMeLogoutListenerTest extends TestCase { public function testOnLogoutDoesNothingIfNoToken() diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php index 32a5ca2573673..b59cc7d0e7e2e 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php @@ -242,6 +242,9 @@ public function testIfTokenIsNotDeauthenticated() $this->assertSame($goodRefreshedUser, $tokenStorage->getToken()->getUser()); } + /** + * @group legacy + */ public function testRememberMeGetsCanceledIfTokenIsDeauthenticated() { $tokenStorage = new TokenStorage(); diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php index c55de1f086a51..1cfec9bdca5eb 100644 --- a/src/Symfony/Component/Security/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php +++ b/src/Symfony/Component/Security/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php @@ -21,6 +21,9 @@ use Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; +/** + * @group legacy + */ class AbstractRememberMeServicesTest extends TestCase { public function testGetRememberMeParameter() diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php index fd0bc9196ee8e..75b5b0cb303e0 100644 --- a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php +++ b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php @@ -28,6 +28,9 @@ use Symfony\Component\Security\Http\RememberMe\PersistentTokenBasedRememberMeServices; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; +/** + * @group legacy + */ class PersistentTokenBasedRememberMeServicesTest extends TestCase { public static function setUpBeforeClass(): void diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php index 75b3e31a6afde..ad2429ddcbdad 100644 --- a/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php @@ -19,7 +19,6 @@ use Symfony\Component\HttpKernel\Event\ResponseEvent; use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\KernelEvents; -use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Http\RememberMe\ResponseListener; class ResponseListenerTest extends TestCase @@ -29,7 +28,7 @@ public function testRememberMeCookieIsSentWithResponse() $cookie = new Cookie('rememberme', null, 0, '/', null, false, true, false, null); $request = $this->getRequest([ - RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie, + ResponseListener::COOKIE_ATTR_NAME => $cookie, ]); $response = $this->getResponse(); @@ -44,7 +43,7 @@ public function testRememberMeCookieIsNotSendWithResponseForSubRequests() $cookie = new Cookie('rememberme', null, 0, '/', null, false, true, false, null); $request = $this->getRequest([ - RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie, + ResponseListener::COOKIE_ATTR_NAME => $cookie, ]); $response = $this->getResponse(); diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php index 1253c2d0cd71a..ff774506f2a43 100644 --- a/src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php +++ b/src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php @@ -23,6 +23,9 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices; +/** + * @group legacy + */ class TokenBasedRememberMeServicesTest extends TestCase { public function testAutoLoginReturnsNullWhenNoCookie()