Merge branch '6.4' into 7.0

nicolas-grekas · nicolas-grekas · commit cfd0812d06ff · 2023-07-04T10:27:20.000+02:00
* 6.4:
  [SecurityBundle] Deprecate `Security::*` consts and other cleanups
  [Security] Remove ArgumentValueResolverInterface from UserValueResolver
diff --git a/.github/patch-types.php b/.github/patch-types.php
@@ -24,6 +24,7 @@
             // no break;
         case false !== strpos($file, '/vendor/'):
         case false !== strpos($file, '/src/Symfony/Bridge/PhpUnit/'):
+        case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/ContainerAwareController.php'):
         case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Validation/Article.php'):
         case false !== strpos($file, '/src/Symfony/Component/Cache/Tests/Fixtures/DriverWrapper.php'):
         case false !== strpos($file, '/src/Symfony/Component/Config/Tests/Fixtures/BadFileName.php'):
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -6,6 +6,11 @@ CHANGELOG
 
  * Enabling SecurityBundle and not configuring it is not allowed
 
+6.4
+---
+
+ * Deprecate `Security::ACCESS_DENIED_ERROR`, `AUTHENTICATION_ERROR` and `LAST_USERNAME` constants, use the ones on `SecurityRequestAttributes` instead
+
 6.3
 ---
 
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -91,7 +91,7 @@ public function prepend(ContainerBuilder $container): void
     public function load(array $configs, ContainerBuilder $container): void
     {
         if (!array_filter($configs)) {
-            throw new InvalidArgumentException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));
+            throw new InvalidConfigurationException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));
         }
 
         $mainConfig = $this->getConfiguration($configs, $container);
@@ -184,17 +184,14 @@ public function load(array $configs, ContainerBuilder $container): void
         $container->getDefinition('security.authorization_checker')->setArgument(3, false);
     }
 
-    /**
-     * @throws \InvalidArgumentException if the $strategy is invalid
-     */
     private function createStrategyDefinition(string $strategy, bool $allowIfAllAbstainDecisions, bool $allowIfEqualGrantedDeniedDecisions): Definition
     {
         return match ($strategy) {
             MainConfiguration::STRATEGY_AFFIRMATIVE => new Definition(AffirmativeStrategy::class, [$allowIfAllAbstainDecisions]),
             MainConfiguration::STRATEGY_CONSENSUS => new Definition(ConsensusStrategy::class, [$allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions]),
             MainConfiguration::STRATEGY_UNANIMOUS => new Definition(UnanimousStrategy::class, [$allowIfAllAbstainDecisions]),
             MainConfiguration::STRATEGY_PRIORITY => new Definition(PriorityStrategy::class, [$allowIfAllAbstainDecisions]),
-            default => throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy)),
+            default => throw new InvalidConfigurationException(sprintf('The strategy "%s" is not supported.', $strategy)),
         };
     }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Security.php b/src/Symfony/Bundle/SecurityBundle/Security.php
@@ -16,6 +16,8 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Core\Exception\LogoutException;
 use Symfony\Component\Security\Core\Security as LegacySecurity;
@@ -27,6 +29,17 @@
 use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Contracts\Service\ServiceProviderInterface;
 
+if (class_exists(LegacySecurity::class)) {
+    class_alias(LegacySecurity::class, InternalSecurity::class);
+} else {
+    /**
+     * @internal
+     */
+    class InternalSecurity
+    {
+    }
+}
+
 /**
  * Helper class for commonly-needed security tasks.
  *
@@ -36,15 +49,50 @@
  *
  * @final
  */
-class Security extends LegacySecurity
+class Security extends InternalSecurity implements AuthorizationCheckerInterface
 {
+    /**
+     * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
+     */
     public const ACCESS_DENIED_ERROR = SecurityRequestAttributes::ACCESS_DENIED_ERROR;
+
+    /**
+     * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
+     */
     public const AUTHENTICATION_ERROR = SecurityRequestAttributes::AUTHENTICATION_ERROR;
+
+    /**
+     * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
+     */
     public const LAST_USERNAME = SecurityRequestAttributes::LAST_USERNAME;
 
-    public function __construct(private readonly ContainerInterface $container, private readonly array $authenticators = [])
+    public function __construct(
+        private readonly ContainerInterface $container,
+        private readonly array $authenticators = [],
+    ) {
+    }
+
+    public function getUser(): ?UserInterface
+    {
+        if (!$token = $this->getToken()) {
+            return null;
+        }
+
+        return $token->getUser();
+    }
+
+    /**
+     * Checks if the attributes are granted against the current authentication token and optionally supplied subject.
+     */
+    public function isGranted(mixed $attributes, mixed $subject = null): bool
+    {
+        return $this->container->get('security.authorization_checker')
+            ->isGranted($attributes, $subject);
+    }
+
+    public function getToken(): ?TokenInterface
     {
-        parent::__construct($container, false);
+        return $this->container->get('security.token_storage')->getToken();
     }
 
     public function getFirewallConfig(Request $request): ?FirewallConfig
diff --git a/src/Symfony/Component/Security/Core/Security.php b/src/Symfony/Component/Security/Core/Security.php
@@ -24,19 +24,8 @@
  */
 class Security implements AuthorizationCheckerInterface
 {
-    /**
-     * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::ACCESS_DENIED_ERROR instead
-     */
     public const ACCESS_DENIED_ERROR = '_security.403_error';
-
-    /**
-     * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::AUTHENTICATION_ERROR instead
-     */
     public const AUTHENTICATION_ERROR = '_security.last_error';
-
-    /**
-     * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::LAST_USERNAME instead
-     */
     public const LAST_USERNAME = '_security.last_username';
 
     /**
diff --git a/src/Symfony/Component/Security/Http/Controller/UserValueResolver.php b/src/Symfony/Component/Security/Http/Controller/UserValueResolver.php
@@ -12,7 +12,6 @@
 namespace Symfony\Component\Security\Http\Controller;
 
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpKernel\Controller\ArgumentValueResolverInterface;
 use Symfony\Component\HttpKernel\Controller\ValueResolverInterface;
 use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -25,7 +24,7 @@
  *
  * @author Iltar van der Berg <kjarli@gmail.com>
  */
-final class UserValueResolver implements ArgumentValueResolverInterface, ValueResolverInterface
+final class UserValueResolver implements ValueResolverInterface
 {
     private TokenStorageInterface $tokenStorage;
 

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ public function prepend(ContainerBuilder $container): void`
`91`	`91`	`public function load(array $configs, ContainerBuilder $container): void`
`92`	`92`	`{`
`93`	`93`	`if (!array_filter($configs)) {`
`94`		`- throw new InvalidArgumentException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));`
	`94`	`+ throw new InvalidConfigurationException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`$mainConfig = $this->getConfiguration($configs, $container);`
`@@ -184,17 +184,14 @@ public function load(array $configs, ContainerBuilder $container): void`
`184`	`184`	`$container->getDefinition('security.authorization_checker')->setArgument(3, false);`
`185`	`185`	`}`
`186`	`186`
`187`		`- /**`
`188`		`- * @throws \InvalidArgumentException if the $strategy is invalid`
`189`		`- */`
`190`	`187`	`private function createStrategyDefinition(string $strategy, bool $allowIfAllAbstainDecisions, bool $allowIfEqualGrantedDeniedDecisions): Definition`
`191`	`188`	`{`
`192`	`189`	`return match ($strategy) {`
`193`	`190`	`MainConfiguration::STRATEGY_AFFIRMATIVE => new Definition(AffirmativeStrategy::class, [$allowIfAllAbstainDecisions]),`
`194`	`191`	`MainConfiguration::STRATEGY_CONSENSUS => new Definition(ConsensusStrategy::class, [$allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions]),`
`195`	`192`	`MainConfiguration::STRATEGY_UNANIMOUS => new Definition(UnanimousStrategy::class, [$allowIfAllAbstainDecisions]),`
`196`	`193`	`MainConfiguration::STRATEGY_PRIORITY => new Definition(PriorityStrategy::class, [$allowIfAllAbstainDecisions]),`
`197`		`- default => throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy)),`
	`194`	`+ default => throw new InvalidConfigurationException(sprintf('The strategy "%s" is not supported.', $strategy)),`
`198`	`195`	`};`
`199`	`196`	`}`
`200`	`197`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,6 @@`
`12`	`12`	`namespace Symfony\Component\Security\Http\Controller;`
`13`	`13`
`14`	`14`	`use Symfony\Component\HttpFoundation\Request;`
`15`		`-use Symfony\Component\HttpKernel\Controller\ArgumentValueResolverInterface;`
`16`	`15`	`use Symfony\Component\HttpKernel\Controller\ValueResolverInterface;`
`17`	`16`	`use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;`
`18`	`17`	`use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;`
`@@ -25,7 +24,7 @@`
`25`	`24`	`*`
`26`	`25`	`* @author Iltar van der Berg <[email protected]>`
`27`	`26`	`*/`
`28`		`-final class UserValueResolver implements ArgumentValueResolverInterface, ValueResolverInterface`
	`27`	`+final class UserValueResolver implements ValueResolverInterface`
`29`	`28`	`{`
`30`	`29`	`private TokenStorageInterface $tokenStorage;`
`31`	`30`