Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fda7e0a

Browse files
wouterjwouterj
committed
Deprecated is_*() expression functions
is_granted() should be used instead with the correct attributes
1 parent 6c522a7 commit fda7e0a

File tree

6 files changed

+87
-12
lines changed

6 files changed

+87
-12
lines changed

UPGRADE-5.1.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,21 @@ Routing
5959
* Deprecated `RouteCollectionBuilder` in favor of `RoutingConfigurator`.
6060
* Added argument `$priority` to `RouteCollection::add()`
6161

62+
Security
63+
--------
64+
65+
* The `is_anonymous()`, `is_remember_me()`, `is_authenticated()` and `is_fully_authenticated()` expression functions are removed. Use `is_granted()` with the correct attribute instead:
66+
67+
Before:
68+
```
69+
is_remember_me() or is_anonymous()
70+
```
71+
72+
After:
73+
```
74+
is_granted('IS_REMEMBERED') or is_granted('IS_ANONYMOUS')
75+
```
76+
6277
Yaml
6378
----
6479

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,5 +50,5 @@ security:
5050
- { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
5151
- { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
5252
- { path: ^/highly_protected_resource$, roles: IS_ADMIN }
53-
- { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
53+
- { path: ^/protected-via-expression$, allow_if: "(is_granted('IS_ANONYMOUS') and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
5454
- { path: .*, roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Bundle/SecurityBundle/composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"symfony/config": "^4.4|^5.0",
2222
"symfony/dependency-injection": "^4.4|^5.0",
2323
"symfony/http-kernel": "^5.0",
24-
"symfony/security-core": "^4.4|^5.0",
24+
"symfony/security-core": "^5.1",
2525
"symfony/security-csrf": "^4.4|^5.0",
2626
"symfony/security-guard": "^4.4|^5.0",
2727
"symfony/security-http": "^5.1"

src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ CHANGELOG
66

77
* Added access decision strategy to override access decisions by voter service priority
88
* Added `IS_ANONYMOUS`, `IS_REMEMBERED`, `IS_IMPERSONATOR`
9+
* Deprecated `is_anonymous()`, `is_remember_me()`, `is_authenticated()` and `is_fully_authenticated()` in favor of `is_granted(attribute)`
910

1011
5.0.0
1112
-----

src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,12 @@ public function getFunctions()
2525
{
2626
return [
2727
new ExpressionFunction('is_anonymous', function () {
28+
@trigger_error("is_anonymous() is deprecated since version 5.1 and will be removed in 6.0. Use is_granted('IS_ANONYMOUS') instead.", E_USER_DEPRECATED);
29+
2830
return '$trust_resolver->isAnonymous($token)';
2931
}, function (array $variables) {
32+
@trigger_error("is_anonymous() is deprecated since version 5.1 and will be removed in 6.0. Use is_granted('IS_ANONYMOUS') instead.", E_USER_DEPRECATED);
33+
3034
return $variables['trust_resolver']->isAnonymous($variables['token']);
3135
}),
3236

@@ -37,8 +41,12 @@ public function getFunctions()
3741
}),
3842

3943
new ExpressionFunction('is_fully_authenticated', function () {
44+
@trigger_error("is_fully_authenticated() is deprecated since version 5.1 and will be removed in 6.0. Use is_granted('IS_AUTHENTICATED_FULLY') instead.", E_USER_DEPRECATED);
45+
4046
return '$trust_resolver->isFullFledged($token)';
4147
}, function (array $variables) {
48+
@trigger_error("is_fully_authenticated() is deprecated since version 5.1 and will be removed in 6.0. Use is_granted('IS_AUTHENTICATED_FULLY') instead.", E_USER_DEPRECATED);
49+
4250
return $variables['trust_resolver']->isFullFledged($variables['token']);
4351
}),
4452

@@ -49,8 +57,12 @@ public function getFunctions()
4957
}),
5058

5159
new ExpressionFunction('is_remember_me', function () {
60+
@trigger_error("is_remember_me() is deprecated since version 5.1 and will be removed in 6.0. Use is_granted('IS_REMEMBERED') instead.", E_USER_DEPRECATED);
61+
5262
return '$trust_resolver->isRememberMe($token)';
5363
}, function (array $variables) {
64+
@trigger_error("is_remember_me() is deprecated since version 5.1 and will be removed in 6.0. Use is_granted('IS_REMEMBERED') instead.", E_USER_DEPRECATED);
65+
5466
return $variables['trust_resolver']->isRememberMe($variables['token']);
5567
}),
5668
];

src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php

Lines changed: 57 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\Security\Core\Tests\Authorization;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1516
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
1617
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
1718
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
@@ -21,11 +22,14 @@
2122
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
2223
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
2324
use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
25+
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
2426
use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
2527
use Symfony\Component\Security\Core\User\User;
2628

2729
class ExpressionLanguageTest extends TestCase
2830
{
31+
use ExpectDeprecationTrait;
32+
2933
/**
3034
* @dataProvider provider
3135
*/
@@ -35,7 +39,7 @@ public function testIsAuthenticated($token, $expression, $result)
3539
$trustResolver = new AuthenticationTrustResolver();
3640
$tokenStorage = new TokenStorage();
3741
$tokenStorage->setToken($token);
38-
$accessDecisionManager = new AccessDecisionManager([new RoleVoter()]);
42+
$accessDecisionManager = new AccessDecisionManager([new RoleVoter(), new AuthenticatedVoter($trustResolver)]);
3943
$authChecker = new AuthorizationChecker($tokenStorage, $this->getMockBuilder(AuthenticationManagerInterface::class)->getMock(), $accessDecisionManager);
4044

4145
$context = [];
@@ -51,36 +55,79 @@ public function provider()
5155
$roles = ['ROLE_USER', 'ROLE_ADMIN'];
5256
$user = new User('username', 'password', $roles);
5357

58+
$anonymousToken = new AnonymousToken('firewall', 'anon.');
59+
$rememberMeToken = new RememberMeToken($user, 'providerkey', 'firewall');
60+
$usernamePasswordToken = new UsernamePasswordToken('username', 'password', 'providerkey', $roles);
61+
62+
return [
63+
[$anonymousToken, "is_granted('IS_AUTHENTICATED_ANONYMOUSLY')", true],
64+
[$anonymousToken, "is_granted('IS_AUTHENTICATED_FULLY')", false],
65+
[$anonymousToken, "is_granted('IS_ANONYMOUS')", true],
66+
[$anonymousToken, "is_granted('IS_REMEMBERED')", false],
67+
[$anonymousToken, "is_granted('ROLE_USER')", false],
68+
[$anonymousToken, 'is_authenticated()', false],
69+
70+
[$rememberMeToken, "is_granted('IS_AUTHENTICATED_ANONYMOUSLY')", true],
71+
[$rememberMeToken, "is_granted('IS_AUTHENTICATED_FULLY')", false],
72+
[$rememberMeToken, "is_granted('IS_ANONYMOUS')", false],
73+
[$rememberMeToken, "is_granted('IS_REMEMBERED')", true],
74+
[$rememberMeToken, "is_granted('ROLE_FOO')", false],
75+
[$rememberMeToken, "is_granted('ROLE_USER')", true],
76+
[$rememberMeToken, 'is_authenticated()', true],
77+
78+
[$usernamePasswordToken, "is_granted('IS_AUTHENTICATED_ANONYMOUSLY')", true],
79+
[$usernamePasswordToken, "is_granted('IS_AUTHENTICATED_FULLY')", true],
80+
[$usernamePasswordToken, "is_granted('IS_ANONYMOUS')", false],
81+
[$usernamePasswordToken, "is_granted('IS_REMEMBERED')", false],
82+
[$usernamePasswordToken, "is_granted('ROLE_FOO')", false],
83+
[$usernamePasswordToken, "is_granted('ROLE_USER')", true],
84+
[$usernamePasswordToken, 'is_authenticated()', true],
85+
];
86+
}
87+
88+
/**
89+
* @dataProvider provideLegacyIsAuthenticated
90+
* @group legacy
91+
*/
92+
public function testLegacyIsAuthenticated($token, $expr, $expected)
93+
{
94+
$expressionLanguage = new ExpressionLanguage();
95+
96+
$context = [];
97+
$context['trust_resolver'] = new AuthenticationTrustResolver();
98+
$context['token'] = $token;
99+
100+
$this->expectDeprecation($expr.' is deprecated since version 5.1 and will be removed in 6.0. Use is_granted(\'%s\') instead.');
101+
102+
$this->assertEquals($expected, $expressionLanguage->evaluate($expr, $context));
103+
}
104+
105+
public function provideLegacyIsAuthenticated()
106+
{
107+
$roles = ['ROLE_USER', 'ROLE_ADMIN'];
108+
$user = new User('username', 'password', $roles);
109+
54110
$noToken = null;
55111
$anonymousToken = new AnonymousToken('firewall', 'anon.');
56112
$rememberMeToken = new RememberMeToken($user, 'providerkey', 'firewall');
57113
$usernamePasswordToken = new UsernamePasswordToken('username', 'password', 'providerkey', $roles);
58114

59115
return [
60116
[$noToken, 'is_anonymous()', false],
61-
[$noToken, 'is_authenticated()', false],
62117
[$noToken, 'is_fully_authenticated()', false],
63118
[$noToken, 'is_remember_me()', false],
64119

65120
[$anonymousToken, 'is_anonymous()', true],
66-
[$anonymousToken, 'is_authenticated()', false],
67121
[$anonymousToken, 'is_fully_authenticated()', false],
68122
[$anonymousToken, 'is_remember_me()', false],
69-
[$anonymousToken, "is_granted('ROLE_USER')", false],
70123

71124
[$rememberMeToken, 'is_anonymous()', false],
72-
[$rememberMeToken, 'is_authenticated()', true],
73125
[$rememberMeToken, 'is_fully_authenticated()', false],
74126
[$rememberMeToken, 'is_remember_me()', true],
75-
[$rememberMeToken, "is_granted('ROLE_FOO')", false],
76-
[$rememberMeToken, "is_granted('ROLE_USER')", true],
77127

78128
[$usernamePasswordToken, 'is_anonymous()', false],
79-
[$usernamePasswordToken, 'is_authenticated()', true],
80129
[$usernamePasswordToken, 'is_fully_authenticated()', true],
81130
[$usernamePasswordToken, 'is_remember_me()', false],
82-
[$usernamePasswordToken, "is_granted('ROLE_FOO')", false],
83-
[$usernamePasswordToken, "is_granted('ROLE_USER')", true],
84131
];
85132
}
86133
}

0 commit comments

Comments
 (0)