bug #36832 [Security] Improved upgrade path for custom remember me services (wouterj)

nicolas-grekas · nicolas-grekas · commit c268915352df · 2020-05-16T13:32:52.000+02:00
This PR was merged into the 5.1-dev branch. Discussion ---------- [Security] Improved upgrade path for custom remember me services | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | - | Deprecations? | - | Tickets | #36806 (comment) | License | MIT | Doc PR | This improves the upgrade path for custom remember me services now `LogoutHandlerInterface` has been deprecated. As suggested in #36806 (comment), the `logout()` method should be added to the `RememberMeServicesInterface` in Symfony 6. This patch allows developers to write a custom class implementing only `RememberMeServicesInterface` with a `logout()` method. Requiring them to implement `LogoutHandlerInterface` will mean they have to maintain 2 version of the class to support both Symfony 5.1+ and 6.0. Commits ------- c49d00f Added deprecation for RememberMe services without logout() method
diff --git a/UPGRADE-5.1.md b/UPGRADE-5.1.md
@@ -167,6 +167,7 @@ Security
 
  * Deprecated `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead.
  * Deprecated `DefaultLogoutSuccessHandler` in favor of `DefaultLogoutListener`.
+ * Deprecated `RememberMeServicesInterface` implementations without a `logout(Request $request, Response $response, TokenInterface $token)` method.
 
 Yaml
 ----
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -113,6 +113,7 @@ Security
  * Removed `ROLE_PREVIOUS_ADMIN` role in favor of `IS_IMPERSONATOR` attribute
  * Removed `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead.
  * Removed `DefaultLogoutSuccessHandler` in favor of `DefaultLogoutListener`.
+ * Added a `logout(Request $request, Response $response, TokenInterface $token)` method to the `RememberMeServicesInterface`.
 
 Yaml
 ----
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -11,6 +11,7 @@ CHANGELOG
  * Deprecated `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface` in favor of listening on the `LogoutEvent`.
  * Added experimental new security using `Http\Authenticator\AuthenticatorInterface`, `Http\Authentication\AuthenticatorManager` and `Http\Firewall\AuthenticatorManagerListener`.
  * Added `CustomUserMessageAccountStatusException` to be used when extending `UserCheckerInterface`
+ * Deprecated `RememberMeServicesInterface` implementations without `logout(Request $request, Response $response, TokenInterface $token)` method, this method will be required in Symfony 6.0.
 
 5.0.0
 -----
diff --git a/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php b/src/Symfony/Component/Security/Http/EventListener/RememberMeLogoutListener.php
@@ -14,7 +14,7 @@
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Http\Event\LogoutEvent;
-use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
+use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
 
 /**
  * @author Wouter de Jong <wouter@wouterj.nl>
@@ -25,13 +25,21 @@ class RememberMeLogoutListener implements EventSubscriberInterface
 {
     private $rememberMeServices;
 
-    public function __construct(LogoutHandlerInterface $rememberMeServices)
+    public function __construct(RememberMeServicesInterface $rememberMeServices)
     {
+        if (!method_exists($rememberMeServices, 'logout')) {
+            trigger_deprecation('symfony/security-core', '5.1', '"%s" should implement the "logout(Request $request, Response $response, TokenInterface $token)" method, this method will be added to the "%s" in version 6.0.', \get_class($rememberMeServices), RememberMeServicesInterface::class);
+        }
+
         $this->rememberMeServices = $rememberMeServices;
     }
 
     public function onLogout(LogoutEvent $event): void
     {
+        if (!method_exists($this->rememberMeServices, 'logout')) {
+            return;
+        }
+
         if (null === $event->getResponse()) {
             throw new LogicException(sprintf('No response was set for this logout action. Make sure the DefaultLogoutListener or another listener has set the response before "%s" is called.', __CLASS__));
         }
diff --git a/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php b/src/Symfony/Component/Security/Http/RememberMe/RememberMeServicesInterface.php
@@ -24,6 +24,8 @@
  * - PersistentTokenBasedRememberMeServices (requires a TokenProvider)
  *
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * @method logout(Request $request, Response $response, TokenInterface $token)
  */
 interface RememberMeServicesInterface
 {

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@`
`14`	`14`	`use Symfony\Component\EventDispatcher\EventSubscriberInterface;`
`15`	`15`	`use Symfony\Component\Security\Core\Exception\LogicException;`
`16`	`16`	`use Symfony\Component\Security\Http\Event\LogoutEvent;`
`17`		`-use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;`
	`17`	`+use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;`
`18`	`18`
`19`	`19`	`/**`
`20`	`20`	`* @author Wouter de Jong <[email protected]>`
`@@ -25,13 +25,21 @@ class RememberMeLogoutListener implements EventSubscriberInterface`
`25`	`25`	`{`
`26`	`26`	`private $rememberMeServices;`
`27`	`27`
`28`		`- public function __construct(LogoutHandlerInterface $rememberMeServices)`
	`28`	`+ public function __construct(RememberMeServicesInterface $rememberMeServices)`
`29`	`29`	`{`
	`30`	`+ if (!method_exists($rememberMeServices, 'logout')) {`
	`31`	`+ trigger_deprecation('symfony/security-core', '5.1', '"%s" should implement the "logout(Request $request, Response $response, TokenInterface $token)" method, this method will be added to the "%s" in version 6.0.', \get_class($rememberMeServices), RememberMeServicesInterface::class);`
	`32`	`+ }`
	`33`	`+`
`30`	`34`	`$this->rememberMeServices = $rememberMeServices;`
`31`	`35`	`}`
`32`	`36`
`33`	`37`	`public function onLogout(LogoutEvent $event): void`
`34`	`38`	`{`
	`39`	`+ if (!method_exists($this->rememberMeServices, 'logout')) {`
	`40`	`+ return;`
	`41`	`+ }`
	`42`	`+`
`35`	`43`	`if (null === $event->getResponse()) {`
`36`	`44`	`throw new LogicException(sprintf('No response was set for this logout action. Make sure the DefaultLogoutListener or another listener has set the response before "%s" is called.', __CLASS__));`
`37`	`45`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,8 @@`
`24`	`24`	`* - PersistentTokenBasedRememberMeServices (requires a TokenProvider)`
`25`	`25`	`*`
`26`	`26`	`* @author Johannes M. Schmitt <[email protected]>`
	`27`	`+ *`
	`28`	`+ * @method logout(Request $request, Response $response, TokenInterface $token)`
`27`	`29`	`*/`
`28`	`30`	`interface RememberMeServicesInterface`
`29`	`31`	`{`