Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 98cee18

Browse files
fabpotfabpot
committed
Merge branch '5.4' into 6.0
* 5.4: [Security] Deprecated build-in authentication entry points
2 parents 4f07259 + 7f63fff commit 98cee18

13 files changed

+142
-50
lines changed

UPGRADE-5.4.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,8 @@ Messenger
4343
SecurityBundle
4444
--------------
4545

46+
* Deprecate `security.authentication.basic_entry_point` and `security.authentication.retry_entry_point` services, the logic is moved into the
47+
`HttpBasicAuthenticator` and `ChannelListener` respectively
4648
* Deprecate not setting `$authenticatorManagerEnabled` to `true` in `SecurityDataCollector` and `DebugFirewallCommand`
4749
* Deprecate `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of
4850
`AuthenticatorFactoryInterface` and `SecurityExtension::addAuthenticatorFactory()`
@@ -64,6 +66,10 @@ SecurityBundle
6466
Security
6567
--------
6668

69+
* Deprecate the `$authenticationEntryPoint` argument of `ChannelListener`, and add `$httpPort` and `$httpsPort` arguments
70+
* Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener`
71+
* Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator`
72+
and `HttpBasicAuthenticator` should be used instead
6773
* Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
6874
* Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
6975
* Deprecate not returning an `UserInterface` from `Token::getUser()`

UPGRADE-6.0.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -214,6 +214,9 @@ Routing
214214
Security
215215
--------
216216

217+
* Remove the `$authenticationEntryPoint` argument of `ChannelListener`
218+
* Remove `RetryAuthenticationEntryPoint`, this code was inlined in the `ChannelListener`
219+
* Remove `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, the `FormLoginAuthenticator` and `HttpBasicAuthenticator` should be used instead.
217220
* Remove `AnonymousToken`
218221
* Remove `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
219222
* Restrict the return type of `Token::getUser()` to `UserInterface` (removing `string|\Stringable`)
@@ -390,6 +393,8 @@ Security
390393
SecurityBundle
391394
--------------
392395

396+
* Remove `security.authentication.basic_entry_point` and `security.authentication.retry_entry_point` services,
397+
the logic is moved into the `HttpBasicAuthenticator` and `ChannelListener` respectively
393398
* Remove `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of
394399
`AuthenticatorFactoryInterface` and `SecurityExtension::addAuthenticatorFactory()`
395400
* Add `AuthenticatorFactoryInterface::getPriority()` which replaces `SecurityFactoryInterface::getPosition()`.

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ CHANGELOG
1616
5.4
1717
---
1818

19+
* Deprecate `security.authentication.basic_entry_point` and `security.authentication.retry_entry_point` services, the logic is moved into the
20+
`HttpBasicAuthenticator` and `ChannelListener` respectively
1921
* Deprecate `FirewallConfig::allowsAnonymous()` and the `allows_anonymous` from the data collector data, there will be no anonymous concept as of version 6.
2022
* Deprecate not setting `$authenticatorManagerEnabled` to `true` in `SecurityDataCollector` and `DebugFirewallCommand`
2123
* Deprecate `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,19 +32,22 @@
3232
return static function (ContainerConfigurator $container) {
3333
$container->services()
3434

35+
->set('security.authentication.basic_entry_point', BasicAuthenticationEntryPoint::class)
36+
->deprecate('symfony/security-bundle', '5.4', 'The "%service_id%" service is deprecated, the logic is contained in the authenticators.')
37+
3538
->set('security.authentication.retry_entry_point', RetryAuthenticationEntryPoint::class)
39+
->deprecate('symfony/security-bundle', '5.4', 'The "%service_id%" service is deprecated, the logic is integrated directly in "security.channel_listener".')
3640
->args([
3741
inline_service('int')->factory([service('router.request_context'), 'getHttpPort']),
3842
inline_service('int')->factory([service('router.request_context'), 'getHttpsPort']),
3943
])
4044

41-
->set('security.authentication.basic_entry_point', BasicAuthenticationEntryPoint::class)
42-
4345
->set('security.channel_listener', ChannelListener::class)
4446
->args([
4547
service('security.access_map'),
46-
service('security.authentication.retry_entry_point'),
4748
service('logger')->nullOnInvalid(),
49+
inline_service('int')->factory([service('router.request_context'), 'getHttpPort']),
50+
inline_service('int')->factory([service('router.request_context'), 'getHttpsPort']),
4851
])
4952
->tag('monolog.logger', ['channel' => 'security'])
5053

src/Symfony/Component/Security/Http/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,10 @@ CHANGELOG
1111
5.4
1212
---
1313

14+
* Deprecate the `$authenticationEntryPoint` argument of `ChannelListener`, and add `$httpPort` and `$httpsPort` arguments
15+
* Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener`
16+
* Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator`
17+
and `HttpBasicAuthenticator` should be used instead
1418
* Deprecate the `$authManager` argument of `AccessListener`
1519
* Deprecate not setting the `$exceptionOnNoToken` argument of `AccessListener` to `false`
1620
* Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead

src/Symfony/Component/Security/Http/EntryPoint/BasicAuthenticationEntryPoint.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,16 @@
1414
use Symfony\Component\HttpFoundation\Request;
1515
use Symfony\Component\HttpFoundation\Response;
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
17+
use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
18+
19+
trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use the new security system with "%s" instead.', BasicAuthenticationEntryPoint::class, HttpBasicAuthenticator::class);
1720

1821
/**
1922
* BasicAuthenticationEntryPoint starts an HTTP Basic authentication.
2023
*
2124
* @author Fabien Potencier <[email protected]>
25+
*
26+
* @deprecated since Symfony 5.4
2227
*/
2328
class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
2429
{

src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,17 @@
1414
use Symfony\Component\HttpFoundation\Request;
1515
use Symfony\Component\HttpKernel\HttpKernelInterface;
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
17+
use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
1718
use Symfony\Component\Security\Http\HttpUtils;
1819

20+
trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use the new security system with "%s" instead.', FormAuthenticationEntryPoint::class, FormLoginAuthenticator::class);
21+
1922
/**
2023
* FormAuthenticationEntryPoint starts an authentication via a login form.
2124
*
2225
* @author Fabien Potencier <[email protected]>
26+
*
27+
* @deprecated since Symfony 5.4
2328
*/
2429
class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
2530
{

src/Symfony/Component/Security/Http/EntryPoint/RetryAuthenticationEntryPoint.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,18 @@
1414
use Symfony\Component\HttpFoundation\RedirectResponse;
1515
use Symfony\Component\HttpFoundation\Request;
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
17+
use Symfony\Component\Security\Http\Firewall\ChannelListener;
18+
19+
trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" directly (and optionally configure the HTTP(s) ports there).', RetryAuthenticationEntryPoint::class, ChannelListener::class);
1720

1821
/**
1922
* RetryAuthenticationEntryPoint redirects URL based on the configured scheme.
2023
*
2124
* This entry point is not intended to work with HTTP post requests.
2225
*
2326
* @author Fabien Potencier <[email protected]>
27+
*
28+
* @deprecated since Symfony 5.4
2429
*/
2530
class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface
2631
{

src/Symfony/Component/Security/Http/Firewall/ChannelListener.php

Lines changed: 46 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\Security\Http\Firewall;
1313

1414
use Psr\Log\LoggerInterface;
15+
use Symfony\Component\HttpFoundation\RedirectResponse;
1516
use Symfony\Component\HttpFoundation\Request;
1617
use Symfony\Component\HttpKernel\Event\RequestEvent;
1718
use Symfony\Component\Security\Http\AccessMapInterface;
@@ -28,14 +29,31 @@
2829
class ChannelListener extends AbstractListener
2930
{
3031
private $map;
31-
private $authenticationEntryPoint;
32+
private $authenticationEntryPoint = null;
3233
private $logger;
34+
private $httpPort;
35+
private $httpsPort;
3336

34-
public function __construct(AccessMapInterface $map, AuthenticationEntryPointInterface $authenticationEntryPoint, LoggerInterface $logger = null)
37+
public function __construct(AccessMapInterface $map, /*LoggerInterface*/ $logger = null, /*int*/ $httpPort = 80, /*int*/ $httpsPort = 443)
3538
{
39+
if ($logger instanceof AuthenticationEntryPointInterface) {
40+
trigger_deprecation('symfony/security-http', '5.4', 'The "$authenticationEntryPoint" argument of "%s()" is deprecated.', __METHOD__);
41+
42+
$this->authenticationEntryPoint = $logger;
43+
$nrOfArgs = \func_num_args();
44+
$logger = $nrOfArgs > 2 ? func_get_arg(2) : null;
45+
$httpPort = $nrOfArgs > 3 ? func_get_arg(3) : 80;
46+
$httpPort = $nrOfArgs > 4 ? func_get_arg(4) : 443;
47+
}
48+
49+
if (null !== $logger && !$logger instanceof LoggerInterface) {
50+
throw new \TypeError(sprintf('Argument "$logger" of "%s()" must be instance of "%s", "%s" given.', __METHOD__, LoggerInterface::class, get_debug_type($logger)));
51+
}
52+
3653
$this->map = $map;
37-
$this->authenticationEntryPoint = $authenticationEntryPoint;
3854
$this->logger = $logger;
55+
$this->httpPort = $httpPort;
56+
$this->httpsPort = $httpsPort;
3957
}
4058

4159
/**
@@ -74,8 +92,31 @@ public function authenticate(RequestEvent $event)
7492
{
7593
$request = $event->getRequest();
7694

77-
$response = $this->authenticationEntryPoint->start($request);
95+
$event->setResponse($this->createRedirectResponse($request));
96+
}
97+
98+
private function createRedirectResponse(Request $request): RedirectResponse
99+
{
100+
if (null !== $this->authenticationEntryPoint) {
101+
return $this->authenticationEntryPoint->start($request);
102+
}
103+
104+
$scheme = $request->isSecure() ? 'http' : 'https';
105+
if ('http' === $scheme && 80 != $this->httpPort) {
106+
$port = ':'.$this->httpPort;
107+
} elseif ('https' === $scheme && 443 != $this->httpsPort) {
108+
$port = ':'.$this->httpsPort;
109+
} else {
110+
$port = '';
111+
}
112+
113+
$qs = $request->getQueryString();
114+
if (null !== $qs) {
115+
$qs = '?'.$qs;
116+
}
117+
118+
$url = $scheme.'://'.$request->getHost().$port.$request->getBaseUrl().$request->getPathInfo().$qs;
78119

79-
$event->setResponse($response);
120+
return new RedirectResponse($url, 301);
80121
}
81122
}

src/Symfony/Component/Security/Http/Tests/EntryPoint/BasicAuthenticationEntryPointTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1717
use Symfony\Component\Security\Http\EntryPoint\BasicAuthenticationEntryPoint;
1818

19+
/**
20+
* @group legacy
21+
*/
1922
class BasicAuthenticationEntryPointTest extends TestCase
2023
{
2124
public function testStart()

src/Symfony/Component/Security/Http/Tests/EntryPoint/FormAuthenticationEntryPointTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@
1919
use Symfony\Component\Security\Http\EntryPoint\FormAuthenticationEntryPoint;
2020
use Symfony\Component\Security\Http\HttpUtils;
2121

22+
/**
23+
* @group legacy
24+
*/
2225
class FormAuthenticationEntryPointTest extends TestCase
2326
{
2427
public function testStart()

src/Symfony/Component/Security/Http/Tests/EntryPoint/RetryAuthenticationEntryPointTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616
use Symfony\Component\HttpFoundation\Request;
1717
use Symfony\Component\Security\Http\EntryPoint\RetryAuthenticationEntryPoint;
1818

19+
/**
20+
* @group legacy
21+
*/
1922
class RetryAuthenticationEntryPointTest extends TestCase
2023
{
2124
/**

0 commit comments

Comments
 (0)