bug #16493 [Security] Renamed key to secret Part 2 (WouterJ)

fabpot · fabpot · commit 456e55846d94 · 2015-11-09T22:34:05.000+01:00
This PR was merged into the 2.8 branch. Discussion ---------- [Security] Renamed key to secret Part 2 Anonymous and RememberMe were already changed in #15141 This PR renames 2 more occurences of key in the Security: AnonymousAuthenticationListener and the Digest entry point. | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Commits ------- 55f59d5 Renamed key to secret
diff --git a/UPGRADE-3.0.md b/UPGRADE-3.0.md
@@ -601,7 +601,8 @@ UPGRADE FROM 2.x to 3.0
 
  * The `Resources/` directory was moved to `Core/Resources/`
 
- * The `key` settings of `anonymous` and `remember_me` are renamed to `secret`.
+ * The `key` settings of `anonymous`, `remember_me` and `http_digest` are
+   renamed to `secret`.
 
    Before:
 
@@ -614,6 +615,8 @@ UPGRADE FROM 2.x to 3.0
                anonymous: { key: "%secret%" }
                remember_me:
                    key: "%secret%"
+               http_digest:
+                   key: "%secret%"
    ```
 
    ```xml
@@ -626,6 +629,7 @@ UPGRADE FROM 2.x to 3.0
 
            <anonymous key="%secret%"/>
            <remember-me key="%secret%"/>
+           <http-digest key="%secret%"/>
        </firewall>
    </config>
    ```
@@ -638,6 +642,7 @@ UPGRADE FROM 2.x to 3.0
            // ...
            'anonymous' => array('key' => '%secret%'),
            'remember_me' => array('key' => '%secret%'),
+           'http_digest' => array('key' => '%secret%'),
        ),
    ));
    ```
@@ -653,6 +658,8 @@ UPGRADE FROM 2.x to 3.0
                anonymous: { secret: "%secret%" }
                remember_me:
                    secret: "%secret%"
+               http_digest:
+                   secret: "%secret%"
    ```
 
    ```xml
@@ -665,6 +672,7 @@ UPGRADE FROM 2.x to 3.0
 
            <anonymous secret="%secret%"/>
            <remember-me secret="%secret%"/>
+           <http-digest secret="%secret%"/>
        </firewall>
    </config>
    ```
@@ -677,6 +685,7 @@ UPGRADE FROM 2.x to 3.0
            // ...
            'anonymous' => array('secret' => '%secret%'),
            'remember_me' => array('secret' => '%secret%'),
+           'http_digest' => array('secret' => '%secret%'),
        ),
    ));
   ```
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -4,8 +4,8 @@ CHANGELOG
 2.8.0
 -----
 
- * deprecated the `key` setting of `anonymous` and `remember_me` in favor of the
-   `secret` setting.
+ * deprecated the `key` setting of `anonymous`, `remember_me` and `http_digest`
+   in favor of the `secret` setting.
 
 2.6.0
 -----
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php
@@ -58,10 +58,26 @@ public function getKey()
     public function addConfiguration(NodeDefinition $node)
     {
         $node
+            ->beforeNormalization()
+                ->ifTrue(function ($v) { return isset($v['key']); })
+                ->then(function ($v) {
+                    if (isset($v['secret'])) {
+                        throw new \LogicException('Cannot set both key and secret options for http_digest, use only secret instead.');
+                    }
+
+                    @trigger_error('http_digest.key is deprecated since version 2.8 and will be removed in 3.0. Use http_digest.secret instead.', E_USER_DEPRECATED);
+
+                    $v['secret'] = $v['key'];
+
+                    unset($v['key']);
+
+                    return $v;
+                })
+            ->end()
             ->children()
                 ->scalarNode('provider')->end()
                 ->scalarNode('realm')->defaultValue('Secured Area')->end()
-                ->scalarNode('key')->isRequired()->cannotBeEmpty()->end()
+                ->scalarNode('secret')->isRequired()->cannotBeEmpty()->end()
             ->end()
         ;
     }
@@ -76,7 +92,7 @@ protected function createEntryPoint($container, $id, $config, $defaultEntryPoint
         $container
             ->setDefinition($entryPointId, new DefinitionDecorator('security.authentication.digest_entry_point'))
             ->addArgument($config['realm'])
-            ->addArgument($config['key'])
+            ->addArgument($config['secret'])
         ;
 
         return $entryPointId;
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
@@ -64,7 +64,7 @@
         'simple' => array('pattern' => '/login', 'security' => false),
         'secure' => array('stateless' => true,
             'http_basic' => true,
-            'http_digest' => array('key' => 'TheKey'),
+            'http_digest' => array('secret' => 'TheSecret'),
             'form_login' => true,
             'anonymous' => true,
             'switch_user' => true,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
@@ -49,7 +49,7 @@
 
         <firewall name="secure" stateless="true">
             <http-basic />
-            <http-digest key="TheKey" />
+            <http-digest secret="TheSecret" />
             <form-login />
             <anonymous />
             <switch-user />
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
@@ -47,7 +47,7 @@ security:
             stateless: true
             http_basic: true
             http_digest:
-                key: TheKey
+                secret: TheSecret
             form_login: true
             anonymous: true
             switch_user: true
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -4,8 +4,8 @@ CHANGELOG
 2.8.0
 -----
 
- * deprecated `getKey()` of the `AnonymousToken`, `RememberMeToken` and `AbstractRememberMeServices` classes
-   in favor of `getSecret()`.
+ * deprecated `getKey()` of the `AnonymousToken`, `RememberMeToken`,
+   `AbstractRememberMeServices` and `DigestAuthenticationEntryPoint` classes in favor of `getSecret()`.
  * deprecated `Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface`, use
    `Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface` instead
  * deprecated `Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface`, use
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/AnonymousAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/AnonymousAuthenticationProviderTest.php
@@ -33,7 +33,7 @@ public function testAuthenticateWhenTokenIsNotSupported()
     /**
      * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
      */
-    public function testAuthenticateWhenKeyIsNotValid()
+    public function testAuthenticateWhenSecretIsNotValid()
     {
         $provider = $this->getProvider('foo');
 
@@ -48,19 +48,19 @@ public function testAuthenticate()
         $this->assertSame($token, $provider->authenticate($token));
     }
 
-    protected function getSupportedToken($key)
+    protected function getSupportedToken($secret)
     {
         $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken', array('getSecret'), array(), '', false);
         $token->expects($this->any())
               ->method('getSecret')
-              ->will($this->returnValue($key))
+              ->will($this->returnValue($secret))
         ;
 
         return $token;
     }
 
-    protected function getProvider($key)
+    protected function getProvider($secret)
     {
-        return new AnonymousAuthenticationProvider($key);
+        return new AnonymousAuthenticationProvider($secret);
     }
 }
diff --git a/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/src/Symfony/Component/Security/Http/EntryPoint/DigestAuthenticationEntryPoint.php
@@ -24,15 +24,15 @@
  */
 class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterface
 {
-    private $key;
+    private $secret;
     private $realmName;
     private $nonceValiditySeconds;
     private $logger;
 
-    public function __construct($realmName, $key, $nonceValiditySeconds = 300, LoggerInterface $logger = null)
+    public function __construct($realmName, $secret, $nonceValiditySeconds = 300, LoggerInterface $logger = null)
     {
         $this->realmName = $realmName;
-        $this->key = $key;
+        $this->secret = $secret;
         $this->nonceValiditySeconds = $nonceValiditySeconds;
         $this->logger = $logger;
     }
@@ -43,7 +43,7 @@ public function __construct($realmName, $key, $nonceValiditySeconds = 300, Logge
     public function start(Request $request, AuthenticationException $authException = null)
     {
         $expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000;
-        $signatureValue = md5($expiryTime.':'.$this->key);
+        $signatureValue = md5($expiryTime.':'.$this->secret);
         $nonceValue = $expiryTime.':'.$signatureValue;
         $nonceValueBase64 = base64_encode($nonceValue);
 
@@ -65,11 +65,21 @@ public function start(Request $request, AuthenticationException $authException =
     }
 
     /**
-     * @return string
+     * @deprecated Since version 2.8, to be removed in 3.0. Use getSecret() instead.
      */
     public function getKey()
     {
-        return $this->key;
+        @trigger_error(__method__.'() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead.', E_USER_DEPRECATED);
+
+        return $this->getSecret();
+    }
+
+    /**
+     * @return string
+     */
+    public function getSecret()
+    {
+        return $this->secret;
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php
@@ -27,14 +27,14 @@
 class AnonymousAuthenticationListener implements ListenerInterface
 {
     private $tokenStorage;
-    private $key;
+    private $secret;
     private $authenticationManager;
     private $logger;
 
-    public function __construct(TokenStorageInterface $tokenStorage, $key, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null)
+    public function __construct(TokenStorageInterface $tokenStorage, $secret, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null)
     {
         $this->tokenStorage = $tokenStorage;
-        $this->key = $key;
+        $this->secret = $secret;
         $this->authenticationManager = $authenticationManager;
         $this->logger = $logger;
     }
@@ -51,7 +51,7 @@ public function handle(GetResponseEvent $event)
         }
 
         try {
-            $token = new AnonymousToken($this->key, 'anon.', array());
+            $token = new AnonymousToken($this->secret, 'anon.', array());
             if (null !== $this->authenticationManager) {
                 $token = $this->authenticationManager->authenticate($token);
             }
diff --git a/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php b/src/Symfony/Component/Security/Http/Tests/EntryPoint/DigestAuthenticationEntryPointTest.php
@@ -23,7 +23,7 @@ public function testStart()
 
         $authenticationException = new AuthenticationException('TheAuthenticationExceptionMessage');
 
-        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheKey');
+        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheSecret');
         $response = $entryPoint->start($request, $authenticationException);
 
         $this->assertEquals(401, $response->getStatusCode());
@@ -34,7 +34,7 @@ public function testStartWithNoException()
     {
         $request = $this->getMock('Symfony\Component\HttpFoundation\Request');
 
-        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheKey');
+        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheSecret');
         $response = $entryPoint->start($request);
 
         $this->assertEquals(401, $response->getStatusCode());
@@ -47,7 +47,7 @@ public function testStartWithNonceExpiredException()
 
         $nonceExpiredException = new NonceExpiredException('TheNonceExpiredExceptionMessage');
 
-        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheKey');
+        $entryPoint = new DigestAuthenticationEntryPoint('TheRealmName', 'TheSecret');
         $response = $entryPoint->start($request, $nonceExpiredException);
 
         $this->assertEquals(401, $response->getStatusCode());

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public function testAuthenticateWhenTokenIsNotSupported()`
`33`	`33`	`/**`
`34`	`34`	`* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException`
`35`	`35`	`*/`
`36`		`- public function testAuthenticateWhenKeyIsNotValid()`
	`36`	`+ public function testAuthenticateWhenSecretIsNotValid()`
`37`	`37`	`{`
`38`	`38`	`$provider = $this->getProvider('foo');`
`39`	`39`
`@@ -48,19 +48,19 @@ public function testAuthenticate()`
`48`	`48`	`$this->assertSame($token, $provider->authenticate($token));`
`49`	`49`	`}`
`50`	`50`
`51`		`- protected function getSupportedToken($key)`
	`51`	`+ protected function getSupportedToken($secret)`
`52`	`52`	`{`
`53`	`53`	`$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken', array('getSecret'), array(), '', false);`
`54`	`54`	`$token->expects($this->any())`
`55`	`55`	`->method('getSecret')`
`56`		`- ->will($this->returnValue($key))`
	`56`	`+ ->will($this->returnValue($secret))`
`57`	`57`	`;`
`58`	`58`
`59`	`59`	`return $token;`
`60`	`60`	`}`
`61`	`61`
`62`		`- protected function getProvider($key)`
	`62`	`+ protected function getProvider($secret)`
`63`	`63`	`{`
`64`		`- return new AnonymousAuthenticationProvider($key);`
	`64`	`+ return new AnonymousAuthenticationProvider($secret);`
`65`	`65`	`}`
`66`	`66`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,14 +27,14 @@`
`27`	`27`	`class AnonymousAuthenticationListener implements ListenerInterface`
`28`	`28`	`{`
`29`	`29`	`private $tokenStorage;`
`30`		`- private $key;`
	`30`	`+ private $secret;`
`31`	`31`	`private $authenticationManager;`
`32`	`32`	`private $logger;`
`33`	`33`
`34`		`- public function __construct(TokenStorageInterface $tokenStorage, $key, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null)`
	`34`	`+ public function __construct(TokenStorageInterface $tokenStorage, $secret, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null)`
`35`	`35`	`{`
`36`	`36`	`$this->tokenStorage = $tokenStorage;`
`37`		`- $this->key = $key;`
	`37`	`+ $this->secret = $secret;`
`38`	`38`	`$this->authenticationManager = $authenticationManager;`
`39`	`39`	`$this->logger = $logger;`
`40`	`40`	`}`
`@@ -51,7 +51,7 @@ public function handle(GetResponseEvent $event)`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`try {`
`54`		`- $token = new AnonymousToken($this->key, 'anon.', array());`
	`54`	`+ $token = new AnonymousToken($this->secret, 'anon.', array());`
`55`	`55`	`if (null !== $this->authenticationManager) {`
`56`	`56`	`$token = $this->authenticationManager->authenticate($token);`
`57`	`57`	`}`