feature #26564 [HttpFoundation] deprecate call to Request::getSession() when Request::hasSession() returns false (fmata)

fabpot · fabpot · commit ceffe76a773c · 2018-03-18T20:19:04.000+01:00
This PR was merged into the 4.1-dev branch. Discussion ---------- [HttpFoundation] deprecate call to Request::getSession() when Request::hasSession() returns false | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | #26539 | License | MIT Commits ------- 4110d57 [HttpFoundation] deprecate call to Request::getSession() when Request::hasSession() returns false
diff --git a/UPGRADE-4.1.md b/UPGRADE-4.1.md
@@ -60,8 +60,8 @@ HttpFoundation
 --------------
 
  * Passing the file size to the constructor of the `UploadedFile` class is deprecated.
-
  * The `getClientSize()` method of the `UploadedFile` class is deprecated. Use `getSize()` instead.
+ * Deprecated `Symfony\Component\HttpFoundation\Request::getSession()` when no session has been set. Use `Symfony\Component\HttpFoundation\Request::hasSession()` instead.
 
 Security
 --------
diff --git a/UPGRADE-5.0.md b/UPGRADE-5.0.md
@@ -59,6 +59,7 @@ HttpFoundation
 
  * The `$size` argument of the `UploadedFile` constructor has been removed.
  * The `getClientSize()` method of the `UploadedFile` class has been removed.
+ * The `getSession()` method of the `Request` class throws an exception when session is null.
 
 Security
 --------
diff --git a/src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php b/src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php
@@ -129,9 +129,7 @@ public function toolbarAction(Request $request, $token)
             throw new NotFoundHttpException('The profiler must be enabled.');
         }
 
-        $session = $request->getSession();
-
-        if (null !== $session && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
+        if ($request->hasSession() && ($session = $request->getSession()) && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
             // keep current flashes for one more request if using AutoExpireFlashBag
             $session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
         }
diff --git a/src/Symfony/Component/HttpFoundation/CHANGELOG.md b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
@@ -10,6 +10,7 @@ CHANGELOG
  * The `get()` method of the `AcceptHeader` class now takes into account the
    `*` and `*/*` default values (if they are present in the Accept HTTP header)
    when looking for items.
+ * deprecated `Request::getSession()` when no session has been set. Use `Request::hasSession()` instead.
 
 4.0.0
 -----
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -725,6 +725,11 @@ public function getSession()
             $this->setSession($session = $session());
         }
 
+        if (null === $session) {
+            @trigger_error(sprintf('Calling "%s()" when no session has been set is deprecated since Symfony 4.1 and will throw an exception in 5.0. Use "hasSession()" instead.', __METHOD__), E_USER_DEPRECATED);
+            // throw new \BadMethodCallException('Session has not been set');
+        }
+
         return $session;
     }
 
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -1491,6 +1491,15 @@ public function testGetSession()
         $this->assertObjectHasAttribute('attributeName', $session);
     }
 
+    /**
+     * @group legacy
+     * @expectedDeprecation Calling "Symfony\Component\HttpFoundation\Request::getSession()" when no session has been set is deprecated since Symfony 4.1 and will throw an exception in 5.0. Use "hasSession()" instead.
+     */
+    public function testGetSessionNullable()
+    {
+        (new Request())->getSession();
+    }
+
     public function testHasPreviousSession()
     {
         $request = new Request();
diff --git a/src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/SessionValueResolver.php b/src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/SessionValueResolver.php
@@ -28,6 +28,10 @@ final class SessionValueResolver implements ArgumentValueResolverInterface
      */
     public function supports(Request $request, ArgumentMetadata $argument)
     {
+        if (!$request->hasSession()) {
+            return false;
+        }
+
         $type = $argument->getType();
         if (SessionInterface::class !== $type && !is_subclass_of($type, SessionInterface::class)) {
             return false;
diff --git a/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php b/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php
@@ -11,7 +11,6 @@
 
 namespace Symfony\Component\Security\Guard\Authenticator;
 
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
@@ -42,7 +41,7 @@ abstract protected function getLoginUrl();
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
     {
-        if ($request->getSession() instanceof SessionInterface) {
+        if ($request->hasSession()) {
             $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -129,9 +129,7 @@ public function toolbarAction(Request $request, $token)`
`129`	`129`	`throw new NotFoundHttpException('The profiler must be enabled.');`
`130`	`130`	`}`
`131`	`131`
`132`		`- $session = $request->getSession();`
`133`		`-`
`134`		`- if (null !== $session && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {`
	`132`	`+ if ($request->hasSession() && ($session = $request->getSession()) && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {`
`135`	`133`	`// keep current flashes for one more request if using AutoExpireFlashBag`
`136`	`134`	`$session->getFlashBag()->setAll($session->getFlashBag()->peekAll());`
`137`	`135`	`}`
Original file line number	Diff line number	Diff line change
`@@ -725,6 +725,11 @@ public function getSession()`
`725`	`725`	`$this->setSession($session = $session());`
`726`	`726`	`}`
`727`	`727`
	`728`	`+ if (null === $session) {`
	`729`	`+ @trigger_error(sprintf('Calling "%s()" when no session has been set is deprecated since Symfony 4.1 and will throw an exception in 5.0. Use "hasSession()" instead.', __METHOD__), E_USER_DEPRECATED);`
	`730`	`+ // throw new \BadMethodCallException('Session has not been set');`
	`731`	`+ }`
	`732`	`+`
`728`	`733`	`return $session;`
`729`	`734`	`}`
`730`	`735`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,6 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Security\Guard\Authenticator;`
`13`	`13`
`14`		`-use Symfony\Component\HttpFoundation\Session\SessionInterface;`
`15`	`14`	`use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;`
`16`	`15`	`use Symfony\Component\HttpFoundation\RedirectResponse;`
`17`	`16`	`use Symfony\Component\HttpFoundation\Request;`
`@@ -42,7 +41,7 @@ abstract protected function getLoginUrl();`
`42`	`41`	`*/`
`43`	`42`	`public function onAuthenticationFailure(Request $request, AuthenticationException $exception)`
`44`	`43`	`{`
`45`		`- if ($request->getSession() instanceof SessionInterface) {`
	`44`	`+ if ($request->hasSession()) {`
`46`	`45`	`$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);`
`47`	`46`	`}`
`48`	`47`