[Security] Deprecate onAuthenticationSuccess() #18135
Conversation
0db1655 to
20f7447
Compare
| public function checkCredentials($credentials, UserInterface $user) | ||
| { | ||
| } | ||
| } |
There was a problem hiding this comment.
looks like there is now one additional newline
20f7447 to
009c6a6
Compare
| @@ -72,6 +77,8 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio | |||
| */ | |||
| public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) | |||
| { | |||
| @trigger_error(sprintf('The AbstractFormLoginAuthenticator::onAuthenticationSuccess() implementation was deprecated in Symfony 3.1 and will be removed in Symfony 4.0. You should implement this method yourself in %s and remove getDefaultSuccessRedirectUrl().', get_class($this)), E_USER_DEPRECATED); | |||
|
|
|||
| // if the user hit a secure page and start() was called, this was | |||
009c6a6 to
6188f9e
Compare
|
Comments done! Thanks guys :) |
6188f9e to
7cd1a13
Compare
|
Comments made - the failure seems unrelated Status: Needs review |
| * @return string | ||
| */ | ||
| abstract protected function getDefaultSuccessRedirectUrl(); | ||
| protected function getDefaultSuccessRedirectUrl() |
There was a problem hiding this comment.
As this one was abstract, it was always implemented, so this code is never going to be executed, right?
There was a problem hiding this comment.
It will get executed if the user doesn't implement onAuthenticationSuccess or getDefaultSuccessRedirectURL(). In that case, this would be called here: 87. Since onAuthenticationSuccess is still implemented for BC, new users might not initially implement either, since there no interface/abstract method forces them to. It catches that case.
Also, deprecations are hard :).
There was a problem hiding this comment.
Not sure I understand. Currently, the getDefaultSuccessRedirectUrl() method is abstract which means that nobody can use the AbstractFormLoginAuthenticator class without implementing it. In the wild, there is no code without a concrete implementation of this method. So, making it concrete now won't change anything as your code will always be overridden by user code, right?
There was a problem hiding this comment.
I agree with @fabpot. I guess we should remove the method here. Then we can check below if the method exists, trigger a deprecation in that case and optionally call it (not sure right now if that is needed for backwards compatibility).
There was a problem hiding this comment.
Ok, I've removed it :). The problem is purely for new users of this class: they technically won't be required at a PHP-level to implement getDefaultSuccessRedirectUrl or onAuthenticationSuccess. I was just trying to avoid an ugly "method not found" call. I've actually still handled this, with an if statement check.
|
Thank you @weaverryan. |
|
@weaverryan I am confused, this PR seems to show that the Guard component is part of Symfony but I don't see it in any of the branches. The only way to get to it is through https://github.com/symfony/security-guard. Can this be used directly from a Symfony component or do I need to source it from security-guard repo? Also, in order to get this change I would have to use "symfony/security-guard": "dev-master", when will this make it into the 3.0 branch? |
|
Deprecations are only done in development versions. This means that this change will be first available in the release of Symfony 3.1. The other part of your question I did not understand. You can use Guard as a stand-alone component, but it is also part of the |
|
Hello. It looks like you forgot to add a not in the UPGRADE-3.1.md file |
Because of the new
TargetPathTrait, implementingonAuthenticationSuccessyourself is quite easy. I think we should just remove it. This also will fix #18027.Thanks!