symfony · fabpot · Jun 5, 2022 · Apr 17, 2022
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -186,8 +186,8 @@
 use Symfony\Component\RateLimiter\Storage\CacheStorage;
 use Symfony\Component\Routing\Loader\AnnotationDirectoryLoader;
 use Symfony\Component\Routing\Loader\AnnotationFileLoader;
+use Symfony\Component\Security\Core\AuthenticationEvents;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
 use Symfony\Component\Semaphore\PersistingStoreInterface as SemaphoreStoreInterface;
 use Symfony\Component\Semaphore\Semaphore;
@@ -1020,7 +1020,7 @@ private function registerWorkflowConfiguration(array $config, ContainerBuilder $
                    throw new LogicException('Cannot guard workflows as the ExpressionLanguage component is not installed. Try running "composer require symfony/expression-language".');
                }

-                if (!class_exists(Security::class)) {
+                if (!class_exists(AuthenticationEvents::class)) {
                    throw new LogicException('Cannot guard workflows as the Security component is not installed. Try running "composer require symfony/security-core".');
                }


diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -57,7 +57,7 @@
 use Symfony\Component\HttpKernel\Fragment\FragmentUriGeneratorInterface;
 use Symfony\Component\Messenger\Transport\TransportFactory;
 use Symfony\Component\PropertyAccess\PropertyAccessor;
-use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Core\AuthenticationEvents;
 use Symfony\Component\Serializer\Mapping\Loader\AnnotationLoader;
 use Symfony\Component\Serializer\Mapping\Loader\XmlFileLoader;
 use Symfony\Component\Serializer\Mapping\Loader\YamlFileLoader;
@@ -1036,7 +1036,7 @@ public function testTranslator()
            $files,
            '->registerTranslatorConfiguration() finds Form translation resources'
        );
-        $ref = new \ReflectionClass(Security::class);
+        $ref = new \ReflectionClass(AuthenticationEvents::class);
        $this->assertContains(
            strtr(\dirname($ref->getFileName()).'/Resources/translations/security.en.xlf', '/', \DIRECTORY_SEPARATOR),
            $files,

@@ -1,6 +1,11 @@
 CHANGELOG
 =========

+6.2
+---
+
+ * Add the `Security` helper class
+
 6.1
 ---


@@ -17,6 +17,7 @@
 use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
 use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
 use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
+use Symfony\Bundle\SecurityBundle\Security\Security;
 use Symfony\Component\Ldap\Security\LdapUserProvider;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
@@ -33,7 +34,6 @@
 use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
-use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\InMemoryUserChecker;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;

@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Security;
+
+use Psr\Container\ContainerInterface;
+use Symfony\Component\Security\Core\Security as LegacySecurity;
+
+/**
+ * Helper class for commonly-needed security tasks.
+ *
+ * @final
+ */
+class Security extends LegacySecurity
+{
+    public function __construct(ContainerInterface $container)
+    {
+        parent::__construct($container, false);
+    }
+}
@@ -16,11 +16,11 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Component\Security\Http\Util\TargetPathTrait;

 class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
@@ -39,7 +39,7 @@ public function authenticate(Request $request): Passport
    {
        $username = $request->request->get('_username', '');

-        $request->getSession()->set(Security::LAST_USERNAME, $username);
+        $request->getSession()->set(SecurityRequestAttributes::LAST_USERNAME, $username);

        return new Passport(
            new UserBadge($username),

@@ -18,7 +18,7 @@
 use Symfony\Component\Form\FormEvents;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\OptionsResolver\OptionsResolver;
-use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;

 /**
 * Form type for use with the Security component's form-based authentication
@@ -55,18 +55,18 @@ public function buildForm(FormBuilderInterface $builder, array $options)
         * session for an authentication error and last username.
         */
        $builder->addEventListener(FormEvents::PRE_SET_DATA, function (FormEvent $event) use ($request) {
-            if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
-                $error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
+            if ($request->attributes->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {
+                $error = $request->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
            } else {
-                $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);
+                $error = $request->getSession()->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
            }

            if ($error) {
                $event->getForm()->addError(new FormError($error->getMessage()));
            }

            $event->setData(array_replace((array) $event->getData(), [
-                'username' => $request->getSession()->get(Security::LAST_USERNAME),
+                'username' => $request->getSession()->get(SecurityRequestAttributes::LAST_USERNAME),
            ]));
        });
    }

@@ -14,7 +14,7 @@
 use Psr\Container\ContainerInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Contracts\Service\ServiceSubscriberInterface;
 use Twig\Environment;

@@ -30,15 +30,15 @@ public function __construct(ContainerInterface $container)
    public function loginAction(Request $request)
    {
        // get the login error if there is one
-        if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
-            $error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
+        if ($request->attributes->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {
+            $error = $request->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
        } else {
-            $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);
+            $error = $request->getSession()->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
        }

        return new Response($this->container->get('twig')->render('@FormLogin/Localized/login.html.twig', [
            // last username entered by the user
-            'last_username' => $request->getSession()->get(Security::LAST_USERNAME),
+            'last_username' => $request->getSession()->get(SecurityRequestAttributes::LAST_USERNAME),
            'error' => $error,
        ]));
    }

@@ -15,8 +15,8 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
-use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Contracts\Service\ServiceSubscriberInterface;
 use Twig\Environment;

@@ -32,15 +32,15 @@ public function __construct(ContainerInterface $container)
    public function loginAction(Request $request, UserInterface $user = null)
    {
        // get the login error if there is one
-        if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
-            $error = $request->attributes->get(Security::AUTHENTICATION_ERROR);
+        if ($request->attributes->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {
+            $error = $request->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
        } else {
-            $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);
+            $error = $request->getSession()->get(SecurityRequestAttributes::AUTHENTICATION_ERROR);
        }

        return new Response($this->container->get('twig')->render('@FormLogin/Login/login.html.twig', [
            // last username entered by the user
-            'last_username' => $request->getSession()->get(Security::LAST_USERNAME),
+            'last_username' => $request->getSession()->get(SecurityRequestAttributes::LAST_USERNAME),
            'error' => $error,
        ]));
    }

@@ -0,0 +1,89 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Security;
+
+use PHPUnit\Framework\TestCase;
+use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\Security;
+use Symfony\Component\DependencyInjection\ServiceLocator;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+
+class SecurityTest extends TestCase
+{
+    public function testGetToken()
+    {
+        $token = new UsernamePasswordToken(new InMemoryUser('foo', 'bar'), 'provider');
+        $tokenStorage = $this->createMock(TokenStorageInterface::class);
+
+        $tokenStorage->expects($this->once())
+            ->method('getToken')
+            ->willReturn($token);
+
+        $container = $this->createContainer('security.token_storage', $tokenStorage);
+
+        $security = new Security($container);
+        $this->assertSame($token, $security->getToken());
+    }
+
+    /**
+     * @dataProvider getUserTests
+     */
+    public function testGetUser($userInToken, $expectedUser)
+    {
+        $token = $this->createMock(TokenInterface::class);
+        $token->expects($this->any())
+            ->method('getUser')
+            ->willReturn($userInToken);
+        $tokenStorage = $this->createMock(TokenStorageInterface::class);
+
+        $tokenStorage->expects($this->once())
+            ->method('getToken')
+            ->willReturn($token);
+
+        $container = $this->createContainer('security.token_storage', $tokenStorage);
+
+        $security = new Security($container);
+        $this->assertSame($expectedUser, $security->getUser());
+    }
+
+    public function getUserTests()
+    {
+        yield [null, null];
+
+        $user = new InMemoryUser('nice_user', 'foo');
+        yield [$user, $user];
+    }
+
+    public function testIsGranted()
+    {
+        $authorizationChecker = $this->createMock(AuthorizationCheckerInterface::class);
+
+        $authorizationChecker->expects($this->once())
+            ->method('isGranted')
+            ->with('SOME_ATTRIBUTE', 'SOME_SUBJECT')
+            ->willReturn(true);
+
+        $container = $this->createContainer('security.authorization_checker', $authorizationChecker);
+
+        $security = new Security($container);
+        $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
+    }
+
+    private function createContainer(string $serviceId, object $serviceObject): ContainerInterface
+    {
+        return new ServiceLocator([$serviceId => fn () => $serviceObject]);
+    }
+}
@@ -27,7 +27,7 @@
        "symfony/password-hasher": "^5.4|^6.0",
        "symfony/security-core": "^5.4|^6.0",
        "symfony/security-csrf": "^5.4|^6.0",
-        "symfony/security-http": "^5.4|^6.0"
+        "symfony/security-http": "^6.2"
    },
    "require-dev": {
        "doctrine/annotations": "^1.10.4",

@@ -1,6 +1,11 @@
 CHANGELOG
 =========

+6.2
+---
+
+* Deprecate the `Security` class, use `Symfony\Bundle\SecurityBundle\Security\Security` instead
+
 6.0
 ---


@@ -12,27 +12,55 @@
 namespace Symfony\Component\Security\Core;

 use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\Security as NewSecurityHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;

 /**
 * Helper class for commonly-needed security tasks.
 *
- * @final
+ * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security\Security instead
 */
 class Security implements AuthorizationCheckerInterface
 {
+    /**
+     * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security\Security::ACCESS_DENIED_ERROR instead
+     *
+     * In 7.0, move this constant to the NewSecurityHelper class and make it reference SecurityRequestAttributes:ACCESS_DENIED_ERROR.
+     */
    public const ACCESS_DENIED_ERROR = '_security.403_error';
+
+    /**
+     * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security\Security::AUTHENTICATION_ERROR instead
+     *
+     * In 7.0, move this constant to the NewSecurityHelper class and make it reference SecurityRequestAttributes:AUTHENTICATION_ERROR.
+     */
    public const AUTHENTICATION_ERROR = '_security.last_error';
+
+    /**
+     * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security\Security::LAST_USERNAME instead
+     *
+     * In 7.0, move this constant to the NewSecurityHelper class and make it reference SecurityRequestAttributes:LAST_USERNAME.
+     */
    public const LAST_USERNAME = '_security.last_username';
+
+    /**
+     * @deprecated since Symfony 6.2, use \Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface::MAX_USERNAME_LENGTH instead
+     *
+     *  In 7.0, move this constant to the NewSecurityHelper class and make it reference AuthenticatorInterface:MAX_USERNAME_LENGTH.
+     */
    public const MAX_USERNAME_LENGTH = 4096;

    private ContainerInterface $container;

-    public function __construct(ContainerInterface $container)
+    public function __construct(ContainerInterface $container, bool $triggerDeprecation = true)
    {
        $this->container = $container;
+
+        if ($triggerDeprecation) {
+            trigger_deprecation('symfony/security-core', '6.2', 'The "%s" class is deprecated, use "%s" instead.', __CLASS__, NewSecurityHelper::class);
+        }
    }

    public function getUser(): ?UserInterface

@@ -20,6 +20,9 @@
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\InMemoryUser;

+/**
+ * @group legacy
+ */
 class SecurityTest extends TestCase
 {
    public function testGetToken()
-Original file line number
+Diff line change
@@ -1,6 +1,11 @@
     CHANGELOG
     =========
+.2
+    ---
+    * Deprecate the `Security` class, use `Symfony\Bundle\SecurityBundle\Security\Security` instead
                   chalasr marked this conversation as resolved.
              

          
            Show resolved
            Hide resolved
        

                
  
            
  

  
    
  
    
      

              Uh oh!

              
There was an error while loading. Please reload this page.
 .0
     ---
-          Expand Down