From 74f39b2a23e0e7cb13cdc5a41d632bb6e98fbcaf Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Fri, 16 Jul 2021 10:04:04 +0200 Subject: [PATCH] [Security] Deprecate always_authenticate_before_granting option --- components/security/authentication.rst | 5 +++++ reference/configuration/security.rst | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/components/security/authentication.rst b/components/security/authentication.rst index 9cca9f18d9f..dc93ce931da 100644 --- a/components/security/authentication.rst +++ b/components/security/authentication.rst @@ -302,6 +302,11 @@ request if you have session-based authentication, if ``always_authenticate_befor is enabled or if token is not authenticated before AccessListener is invoked. See ``security.interactive_login`` below if you need to do something when a user *actually* logs in. +.. deprecated:: 5.4 + + The ``always_authenticate_before_granting`` option was deprecated in + Symfony 5.4 and it will be removed in Symfony 6.0. + When a provider attempts authentication but fails (i.e. throws an ``AuthenticationException``), a ``security.authentication.failure`` event is dispatched. You could listen on the ``security.authentication.failure`` event, for example, in order to log diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index e44d2532f02..ae20520c08f 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -58,6 +58,11 @@ always_authenticate_before_granting **type**: ``boolean`` **default**: ``false`` +.. deprecated:: 5.4 + + The ``always_authenticate_before_granting`` option was deprecated in + Symfony 5.4 and it will be removed in Symfony 6.0. + If ``true``, the user is asked to authenticate before each call to the ``isGranted()`` method in services and controllers or ``is_granted()`` from templates.