From 23975048f88e58d1e1b17a00e7f3f80722237278 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Sun, 21 May 2017 11:46:47 +0200 Subject: [PATCH] [Security] remove deprecated features --- .../DataCollector/SecurityDataCollector.php | 13 +---- src/Symfony/Component/Security/CHANGELOG.md | 4 ++ .../Authentication/Token/AbstractToken.php | 7 +-- .../Token/PreAuthenticatedToken.php | 8 +-- .../Authentication/Token/TokenInterface.php | 4 +- .../Token/UsernamePasswordToken.php | 8 +-- .../Authorization/AccessDecisionManager.php | 14 ----- .../DebugAccessDecisionManager.php | 36 ------------ .../TraceableAccessDecisionManager.php | 17 ------ .../Core/Authorization/Voter/RoleVoter.php | 4 +- .../Component/Security/Core/Role/Role.php | 6 +- .../Core/Role/RoleHierarchyInterface.php | 4 +- .../Security/Core/Role/RoleInterface.php | 37 ------------ .../AbstractFormLoginAuthenticator.php | 33 ----------- .../FormLoginAuthenticatorTest.php | 58 ++----------------- 15 files changed, 32 insertions(+), 221 deletions(-) delete mode 100644 src/Symfony/Component/Security/Core/Authorization/DebugAccessDecisionManager.php delete mode 100644 src/Symfony/Component/Security/Core/Role/RoleInterface.php diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php index 508d98b52f67e..0fcf71a99f358 100644 --- a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php +++ b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php @@ -18,7 +18,6 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\DataCollector\DataCollector; use Symfony\Component\HttpKernel\DataCollector\LateDataCollectorInterface; -use Symfony\Component\Security\Core\Role\RoleInterface; use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager; @@ -111,14 +110,6 @@ public function collect(Request $request, Response $response, \Exception $except // fail silently when the logout URL cannot be generated } - $extractRoles = function ($role) { - if (!$role instanceof RoleInterface && !$role instanceof Role) { - throw new \InvalidArgumentException(sprintf('Roles must be instances of %s or %s (%s given).', RoleInterface::class, Role::class, is_object($role) ? get_class($role) : gettype($role))); - } - - return $role->getRole(); - }; - $this->data = array( 'enabled' => true, 'authenticated' => $token->isAuthenticated(), @@ -126,8 +117,8 @@ public function collect(Request $request, Response $response, \Exception $except 'token_class' => $this->hasVarDumper ? new ClassStub(get_class($token)) : get_class($token), 'logout_url' => $logoutUrl, 'user' => $token->getUsername(), - 'roles' => array_map($extractRoles, $assignedRoles), - 'inherited_roles' => array_map($extractRoles, $inheritedRoles), + 'roles' => array_map(function (Role $role) { return $role->getRole(); }, $assignedRoles), + 'inherited_roles' => array_map(function (Role $role) { return $role->getRole(); }, $inheritedRoles), 'supports_role_hierarchy' => null !== $this->roleHierarchy, ); } diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md index a8ec0d017e026..905c499194b7c 100644 --- a/src/Symfony/Component/Security/CHANGELOG.md +++ b/src/Symfony/Component/Security/CHANGELOG.md @@ -4,6 +4,10 @@ CHANGELOG 4.0.0 ----- + * The `AbstractFormLoginAuthenticator::onAuthenticationSuccess()` was removed. + You should implement this method yourself in your concrete authenticator. + * removed the `AccessDecisionManager::setVoters()` method + * removed the `RoleInterface` * added a sixth `string $context` argument to`LogoutUrlGenerator::registerListener()` 3.3.0 diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php index 0eee6d94a41c6..d8aca92109300 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php @@ -11,7 +11,6 @@ namespace Symfony\Component\Security\Core\Authentication\Token; -use Symfony\Component\Security\Core\Role\RoleInterface; use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\AdvancedUserInterface; @@ -33,7 +32,7 @@ abstract class AbstractToken implements TokenInterface /** * Constructor. * - * @param (RoleInterface|string)[] $roles An array of roles + * @param (Role|string)[] $roles An array of roles * * @throws \InvalidArgumentException */ @@ -42,8 +41,8 @@ public function __construct(array $roles = array()) foreach ($roles as $role) { if (is_string($role)) { $role = new Role($role); - } elseif (!$role instanceof RoleInterface) { - throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or RoleInterface instances, but got %s.', gettype($role))); + } elseif (!$role instanceof Role) { + throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or Role instances, but got %s.', gettype($role))); } $this->roles[] = $role; diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php index 395706cb288d8..2d0a22b025505 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php @@ -24,10 +24,10 @@ class PreAuthenticatedToken extends AbstractToken /** * Constructor. * - * @param string|object $user The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string - * @param mixed $credentials The user credentials - * @param string $providerKey The provider key - * @param (RoleInterface|string)[] $roles An array of roles + * @param string|object $user The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string + * @param mixed $credentials The user credentials + * @param string $providerKey The provider key + * @param (Role|string)[] $roles An array of roles */ public function __construct($user, $credentials, $providerKey, array $roles = array()) { diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php index 4e1dd7b2fc46b..bb5711ee89107 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php @@ -11,7 +11,7 @@ namespace Symfony\Component\Security\Core\Authentication\Token; -use Symfony\Component\Security\Core\Role\RoleInterface; +use Symfony\Component\Security\Core\Role\Role; /** * TokenInterface is the interface for the user authentication information. @@ -33,7 +33,7 @@ public function __toString(); /** * Returns the user roles. * - * @return RoleInterface[] An array of RoleInterface instances + * @return Role[] An array of Role instances */ public function getRoles(); diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php index 980a8139939c7..50a7519d89100 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php @@ -24,10 +24,10 @@ class UsernamePasswordToken extends AbstractToken /** * Constructor. * - * @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method - * @param string $credentials This usually is the password of the user - * @param string $providerKey The provider key - * @param (RoleInterface|string)[] $roles An array of roles + * @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method + * @param string $credentials This usually is the password of the user + * @param string $providerKey The provider key + * @param (Role|string)[] $roles An array of roles * * @throws \InvalidArgumentException */ diff --git a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php index 431597940dd9a..96900da87fa2b 100644 --- a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php +++ b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php @@ -52,20 +52,6 @@ public function __construct($voters = array(), $strategy = self::STRATEGY_AFFIRM $this->allowIfEqualGrantedDeniedDecisions = (bool) $allowIfEqualGrantedDeniedDecisions; } - /** - * Configures the voters. - * - * @param VoterInterface[] $voters An array of VoterInterface instances - * - * @deprecated since version 3.3, to be removed in 4.0. Pass the voters to the constructor instead. - */ - public function setVoters(array $voters) - { - @trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0. Pass the voters to the constructor instead.', __METHOD__), E_USER_DEPRECATED); - - $this->voters = $voters; - } - /** * {@inheritdoc} */ diff --git a/src/Symfony/Component/Security/Core/Authorization/DebugAccessDecisionManager.php b/src/Symfony/Component/Security/Core/Authorization/DebugAccessDecisionManager.php deleted file mode 100644 index aaf04a4fb00cc..0000000000000 --- a/src/Symfony/Component/Security/Core/Authorization/DebugAccessDecisionManager.php +++ /dev/null @@ -1,36 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Authorization; - -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; - -class_exists(TraceableAccessDecisionManager::class); - -if (false) { - /** - * This is a placeholder for the old class, that got renamed; this is not a BC break since the class is internal, this - * placeholder is here just to help backward compatibility with older SecurityBundle versions. - * - * @deprecated The DebugAccessDecisionManager class has been renamed and is deprecated since version 3.3 and will be removed in 4.0. Use the TraceableAccessDecisionManager class instead. - * - * @internal - */ - class DebugAccessDecisionManager implements AccessDecisionManagerInterface - { - /** - * {@inheritdoc} - */ - public function decide(TokenInterface $token, array $attributes, $object = null) - { - } - } -} diff --git a/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php b/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php index 1e3ed546c8aee..8430c861a96fa 100644 --- a/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php +++ b/src/Symfony/Component/Security/Core/Authorization/TraceableAccessDecisionManager.php @@ -60,23 +60,6 @@ public function decide(TokenInterface $token, array $attributes, $object = null) return $result; } - /** - * {@inheritdoc} - * - * @deprecated since version 3.3, to be removed in 4.0. Pass voters to the decorated AccessDecisionManager instead. - */ - public function setVoters(array $voters) - { - @trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0. Pass voters to the decorated AccessDecisionManager instead.', __METHOD__), E_USER_DEPRECATED); - - if (!method_exists($this->manager, 'setVoters')) { - return; - } - - $this->voters = $voters; - $this->manager->setVoters($voters); - } - /** * @return string */ diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php index d5f31760793d8..047224e50349a 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php @@ -12,7 +12,7 @@ namespace Symfony\Component\Security\Core\Authorization\Voter; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Role\RoleInterface; +use Symfony\Component\Security\Core\Role\Role; /** * RoleVoter votes if any attribute starts with a given prefix. @@ -42,7 +42,7 @@ public function vote(TokenInterface $token, $subject, array $attributes) $roles = $this->extractRoles($token); foreach ($attributes as $attribute) { - if ($attribute instanceof RoleInterface) { + if ($attribute instanceof Role) { $attribute = $attribute->getRole(); } diff --git a/src/Symfony/Component/Security/Core/Role/Role.php b/src/Symfony/Component/Security/Core/Role/Role.php index 7cb4698ea84a2..d2e25d9958ccc 100644 --- a/src/Symfony/Component/Security/Core/Role/Role.php +++ b/src/Symfony/Component/Security/Core/Role/Role.php @@ -16,7 +16,7 @@ * * @author Fabien Potencier */ -class Role implements RoleInterface +class Role { private $role; @@ -31,7 +31,9 @@ public function __construct($role) } /** - * {@inheritdoc} + * Returns a string representation of the role. + * + * @return string */ public function getRole() { diff --git a/src/Symfony/Component/Security/Core/Role/RoleHierarchyInterface.php b/src/Symfony/Component/Security/Core/Role/RoleHierarchyInterface.php index c994009cb4b40..1a86db9901603 100644 --- a/src/Symfony/Component/Security/Core/Role/RoleHierarchyInterface.php +++ b/src/Symfony/Component/Security/Core/Role/RoleHierarchyInterface.php @@ -24,9 +24,9 @@ interface RoleHierarchyInterface * Reachable roles are the roles directly assigned but also all roles that * are transitively reachable from them in the role hierarchy. * - * @param RoleInterface[] $roles An array of directly assigned roles + * @param Role[] $roles An array of directly assigned roles * - * @return RoleInterface[] An array of all reachable roles + * @return Role[] An array of all reachable roles */ public function getReachableRoles(array $roles); } diff --git a/src/Symfony/Component/Security/Core/Role/RoleInterface.php b/src/Symfony/Component/Security/Core/Role/RoleInterface.php deleted file mode 100644 index a0621baa6b4be..0000000000000 --- a/src/Symfony/Component/Security/Core/Role/RoleInterface.php +++ /dev/null @@ -1,37 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Role; - -/** - * RoleInterface represents a role granted to a user. - * - * A role must either have a string representation or it needs to be explicitly - * supported by at least one AccessDecisionManager. - * - * @author Fabien Potencier - * - * @deprecated The RoleInterface is deprecated since version 3.3 and will be removed in 4.0. Extend the Symfony\Component\Security\Core\Role\Role class instead. - */ -interface RoleInterface -{ - /** - * Returns the role. - * - * This method returns a string representation whenever possible. - * - * When the role cannot be represented with sufficient precision by a - * string, it should return null. - * - * @return string|null A string representation of the role, or null - */ - public function getRole(); -} diff --git a/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php b/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php index f99900b175ef4..4496969139e78 100644 --- a/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php +++ b/src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php @@ -15,7 +15,6 @@ use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Http\Util\TargetPathTrait; @@ -55,38 +54,6 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio return new RedirectResponse($url); } - /** - * Override to change what happens after successful authentication. - * - * @param Request $request - * @param TokenInterface $token - * @param string $providerKey - * - * @return RedirectResponse - */ - public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) - { - @trigger_error(sprintf('The AbstractFormLoginAuthenticator::onAuthenticationSuccess() implementation was deprecated in Symfony 3.1 and will be removed in Symfony 4.0. You should implement this method yourself in %s and remove getDefaultSuccessRedirectUrl().', get_class($this)), E_USER_DEPRECATED); - - if (!method_exists($this, 'getDefaultSuccessRedirectUrl')) { - throw new \Exception(sprintf('You must implement onAuthenticationSuccess() or getDefaultSuccessRedirectUrl() in %s.', get_class($this))); - } - - $targetPath = null; - - // if the user hit a secure page and start() was called, this was - // the URL they were on, and probably where you want to redirect to - if ($request->getSession() instanceof SessionInterface) { - $targetPath = $this->getTargetPath($request->getSession(), $providerKey); - } - - if (!$targetPath) { - $targetPath = $this->getDefaultSuccessRedirectUrl(); - } - - return new RedirectResponse($targetPath); - } - public function supportsRememberMe() { return true; diff --git a/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php b/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php index 77d7194280c1b..1789b95d8c4ed 100644 --- a/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php +++ b/src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php @@ -13,6 +13,7 @@ use PHPUnit\Framework\TestCase; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; @@ -51,59 +52,6 @@ public function testAuthenticationFailureWithSession() $this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl()); } - /** - * @group legacy - */ - public function testAuthenticationSuccessWithoutSession() - { - $token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface') - ->disableOriginalConstructor() - ->getMock(); - - $redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithoutSession, $token, 'providerkey'); - - $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse); - $this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl()); - } - - /** - * @group legacy - */ - public function testAuthenticationSuccessWithSessionButEmpty() - { - $token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->requestWithSession->getSession() - ->expects($this->once()) - ->method('get') - ->will($this->returnValue(null)); - - $redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey'); - - $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse); - $this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl()); - } - - /** - * @group legacy - */ - public function testAuthenticationSuccessWithSessionAndTarget() - { - $token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface') - ->disableOriginalConstructor() - ->getMock(); - $this->requestWithSession->getSession() - ->expects($this->once()) - ->method('get') - ->will($this->returnValue(self::CUSTOM_SUCCESS_URL)); - - $redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey'); - - $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse); - $this->assertEquals(self::CUSTOM_SUCCESS_URL, $redirectResponse->getTargetUrl()); - } - public function testRememberMe() { $doSupport = $this->authenticator->supportsRememberMe(); @@ -156,6 +104,10 @@ class TestFormLoginAuthenticator extends AbstractFormLoginAuthenticator private $loginUrl; private $defaultSuccessRedirectUrl; + public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) + { + } + /** * @param mixed $defaultSuccessRedirectUrl *