Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[DX] [Security] Renamed Token#getKey() to getSecret() #15141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

[DX] [Security] Renamed Token#getKey() to getSecret() #15141

wants to merge 5 commits into from

Conversation

wouterj
Copy link
Member

@wouterj wouterj commented Jun 29, 2015

There are 2 very vague parameter names in the authentication process: $providerKey and $key. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:

Token providerKey key
AnonymousToken - yes
PreAuth...Token yes -
RememberMeToken yes yes
UsernamePasswordToken yes -

Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that $key has a Security task (while $providerKey doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.

So here is our suggestion: Rename $key to $secret. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).

Tl;dr: $key and $providerKey are too general names, let's improve DX by renaming them. This PR tackles $key by renaming it to $secret.

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? yes
Tests pass? yes
Fixed tickets -
License MIT
Doc PR -

My excuse for the completely unrelated branch name

@wouterj wouterj changed the title [Security] Renamed {Anonymous,RememberMe}Token#getKey() to getSecret() [DX] [Security] Renamed Token#getKey() to getSecret() Jun 29, 2015
@stof
Copy link
Member

stof commented Jun 29, 2015

you need to bump the min requirement of symfony/security-core in symfony/security-http

@wouterj
Copy link
Member Author

wouterj commented Jun 29, 2015

Thanks @stof, done :)

@stof
Copy link
Member

stof commented Jul 1, 2015

👍

@fabpot
Copy link
Member

fabpot commented Jul 1, 2015

Thank you @wouterj.

@fabpot fabpot closed this Jul 1, 2015
fabpot added a commit that referenced this pull request Jul 1, 2015
@fabpot
feature #15141 [DX] [Security] Renamed Token#getKey() to getSecret() …
fc6ed5b 
…(WouterJ)

This PR was squashed before being merged into the 2.8 branch (closes #15141).

Discussion
----------

[DX] [Security] Renamed Token#getKey() to getSecret()

There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:

| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -

Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.

So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).

**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | yes
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

*My excuse for the completely unrelated branch name*

Commits
-------

24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
@wouterj wouterj deleted the phpdoc_security branch July 1, 2015 23:05
@wouterj wouterj mentioned this pull request Jul 5, 2015
Closed
@SongoQ SongoQ mentioned this pull request Oct 6, 2015
Merged
xabbuh added a commit to symfony/symfony-docs that referenced this pull request Oct 8, 2015
@xabbuh
minor #5761 [DX] [Security] Renamed key to secret (SongoQ)
5faa84c 
This PR was merged into the 2.8 branch.

Discussion
----------

[DX] [Security] Renamed key to secret

| Q             | A
| ------------- | ---
| Doc fix?      | no
| New docs?  | yes symfony/symfony#15141
| Applies to    | 2.8+
| Fixed tickets | n/a

Commits
-------

18c7f04 Remember me, Renamed key to secret
@stof stof mentioned this pull request Oct 8, 2015
Merged
fabpot added a commit that referenced this pull request Oct 11, 2015
@fabpot
bug #16176 Fix the BC layer for the key->secret renaming for remember…
f5da7aa 
…_me (stof)

This PR was merged into the 2.8 branch.

Discussion
----------

Fix the BC layer for the key->secret renaming for remember_me

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony/symfony-docs#5765
| License       | MIT
| Doc PR        | n/a

There was a mistake in #15141 removing the configuration entirely.

Commits
-------

f52b3a0 Fix the BC layer for the key->secret renaming for remember_me
fabpot added a commit to symfony/security-bundle that referenced this pull request Oct 11, 2015
@fabpot
bug #16176 Fix the BC layer for the key->secret renaming for remember…
77cbde9 
…_me (stof)

This PR was merged into the 2.8 branch.

Discussion
----------

Fix the BC layer for the key->secret renaming for remember_me

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony/symfony-docs#5765
| License       | MIT
| Doc PR        | n/a

There was a mistake in symfony/symfony#15141 removing the configuration entirely.

Commits
-------

f52b3a0 Fix the BC layer for the key->secret renaming for remember_me
@wouterj wouterj mentioned this pull request Nov 7, 2015
Merged
fabpot added a commit that referenced this pull request Nov 9, 2015
@fabpot
bug #16493 [Security] Renamed key to secret Part 2 (WouterJ)
456e558 
This PR was merged into the 2.8 branch.

Discussion
----------

[Security] Renamed key to secret Part 2

Anonymous and RememberMe were already changed in #15141 This PR renames 2 more occurences of key in the Security: AnonymousAuthenticationListener and the Digest entry point.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | yes
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

Commits
-------

55f59d5 Renamed key to secret
@fabpot fabpot mentioned this pull request Nov 16, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wouterj @stof @fabpot