symfony · fabpot · Dec 31, 2017 · Dec 20, 2017
diff --git a/UPGRADE-4.1.md b/UPGRADE-4.1.md
@@ -18,6 +18,8 @@ SecurityBundle
 --------------
 
  * The `logout_on_user_change` firewall option is deprecated and will be removed in 5.0.
+ * The `SecurityUserValueResolver` class is deprecated and will be removed in 5.0, use
+   `Symfony\Component\Security\Http\Controller\UserValueResolver` instead.
 
 Translation
 -----------

diff --git a/UPGRADE-5.0.md b/UPGRADE-5.0.md
@@ -17,6 +17,7 @@ SecurityBundle
 --------------
 
  * The `logout_on_user_change` firewall option has been removed.
+ * The `SecurityUserValueResolver` class has been removed.
 
 Translation
 -----------

diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -5,6 +5,8 @@ CHANGELOG
 -----
 
  * The `logout_on_user_change` firewall option is deprecated and will be removed in 5.0.
+ * deprecated `SecurityUserValueResolver`, use
+   `Symfony\Component\Security\Http\Controller\UserValueResolver` instead.
 
 4.0.0
 -----

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -13,6 +13,7 @@
 
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface;
+use Symfony\Bundle\SecurityBundle\SecurityUserValueResolver;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Console\Application;
 use Symfony\Component\DependencyInjection\Alias;
@@ -27,6 +28,7 @@
 use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder;
+use Symfony\Component\Security\Http\Controller\UserValueResolver;
 
 /**
  * SecurityExtension.
@@ -111,6 +113,10 @@ public function load(array $configs, ContainerBuilder $container)
             $container->getDefinition('security.command.user_password_encoder')->replaceArgument(1, array_keys($config['encoders']));
         }
 
+        if (!class_exists(UserValueResolver::class)) {
+            $container->getDefinition('security.user_value_resolver')->setClass(SecurityUserValueResolver::class);
+        }
+
         $container->registerForAutoconfiguration(VoterInterface::class)
             ->addTag('security.voter');
     }

diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -39,7 +39,7 @@
         </service>
         <service id="Symfony\Component\Security\Core\Security" alias="security.helper" />
 
-        <service id="security.user_value_resolver" class="Symfony\Bundle\SecurityBundle\SecurityUserValueResolver">
+        <service id="security.user_value_resolver" class="Symfony\Component\Security\Http\Controller\UserValueResolver">
             <argument type="service" id="security.token_storage" />
             <tag name="controller.argument_value_resolver" priority="40" />
         </service>

diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityUserValueResolver.php b/src/Symfony/Bundle/SecurityBundle/SecurityUserValueResolver.php
@@ -17,11 +17,16 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Controller\UserValueResolver;
+
+@trigger_error(sprintf('The "%s" class is deprecated since version 4.1 and will be removed in 5.0, use "%s" instead.', SecurityUserValueResolver::class, UserValueResolver::class), E_USER_DEPRECATED);
 
 /**
  * Supports the argument type of {@see UserInterface}.
  *
  * @author Iltar van der Berg <[email protected]>
+ *
+ * @deprecated since version 4.1, to be removed in 5.0. Use {@link UserValueResolver} instead
  */
 final class SecurityUserValueResolver implements ArgumentValueResolverInterface
 {

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/SecurityUserValueResolverTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/SecurityUserValueResolverTest.php
@@ -21,6 +21,9 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 
+/**
+ * @group legacy
+ */
 class SecurityUserValueResolverTest extends TestCase
 {
     public function testResolveNoToken()

diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
 -----
 
  * The `ContextListener::setLogoutOnUserChange()` method is deprecated and will be removed in 5.0.
+ * added `UserValueResolver`.
 
 4.0.0
 -----

diff --git a/src/Symfony/Component/Security/Http/Controller/UserValueResolver.php b/src/Symfony/Component/Security/Http/Controller/UserValueResolver.php
@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Controller;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Controller\ArgumentValueResolverInterface;
+use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * Supports the argument type of {@see UserInterface}.
+ *
+ * @author Iltar van der Berg <[email protected]>
+ */
+final class UserValueResolver implements ArgumentValueResolverInterface
+{
+    private $tokenStorage;
+
+    public function __construct(TokenStorageInterface $tokenStorage)
+    {
+        $this->tokenStorage = $tokenStorage;
+    }
+
+    public function supports(Request $request, ArgumentMetadata $argument)
+    {
+        // only security user implementations are supported
+        if (UserInterface::class !== $argument->getType()) {
+            return false;
+        }
+
+        $token = $this->tokenStorage->getToken();
+        if (!$token instanceof TokenInterface) {
+            return false;
+        }
+
+        $user = $token->getUser();
+
+        // in case it's not an object we cannot do anything with it; E.g. "anon."
+        return $user instanceof UserInterface;
+    }
+
+    public function resolve(Request $request, ArgumentMetadata $argument)
+    {
+        yield $this->tokenStorage->getToken()->getUser();
+    }
+}
diff --git a/src/Symfony/Component/Security/Http/Tests/Controller/UserValueResolverTest.php b/src/Symfony/Component/Security/Http/Tests/Controller/UserValueResolverTest.php
@@ -0,0 +1,101 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Tests\Controller;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Controller\ArgumentResolver;
+use Symfony\Component\HttpKernel\Controller\ArgumentResolver\DefaultValueResolver;
+use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Controller\UserValueResolver;
+
+class UserValueResolverTest extends TestCase
+{
+    public function testResolveNoToken()
+    {
+        $tokenStorage = new TokenStorage();
+        $resolver = new UserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', UserInterface::class, false, false, null);
+
+        $this->assertFalse($resolver->supports(Request::create('/'), $metadata));
+    }
+
+    public function testResolveNoUser()
+    {
+        $mock = $this->getMockBuilder(UserInterface::class)->getMock();
+        $token = $this->getMockBuilder(TokenInterface::class)->getMock();
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $resolver = new UserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', get_class($mock), false, false, null);
+
+        $this->assertFalse($resolver->supports(Request::create('/'), $metadata));
+    }
+
+    public function testResolveWrongType()
+    {
+        $tokenStorage = new TokenStorage();
+        $resolver = new UserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', null, false, false, null);
+
+        $this->assertFalse($resolver->supports(Request::create('/'), $metadata));
+    }
+
+    public function testResolve()
+    {
+        $user = $this->getMockBuilder(UserInterface::class)->getMock();
+        $token = $this->getMockBuilder(TokenInterface::class)->getMock();
+        $token->expects($this->any())->method('getUser')->willReturn($user);
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $resolver = new UserValueResolver($tokenStorage);
+        $metadata = new ArgumentMetadata('foo', UserInterface::class, false, false, null);
+
+        $this->assertTrue($resolver->supports(Request::create('/'), $metadata));
+        $this->assertSame(array($user), iterator_to_array($resolver->resolve(Request::create('/'), $metadata)));
+    }
+
+    public function testIntegration()
+    {
+        $user = $this->getMockBuilder(UserInterface::class)->getMock();
+        $token = $this->getMockBuilder(TokenInterface::class)->getMock();
+        $token->expects($this->any())->method('getUser')->willReturn($user);
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $argumentResolver = new ArgumentResolver(null, array(new UserValueResolver($tokenStorage)));
+        $this->assertSame(array($user), $argumentResolver->getArguments(Request::create('/'), function (UserInterface $user) {}));
+    }
+
+    public function testIntegrationNoUser()
+    {
+        $token = $this->getMockBuilder(TokenInterface::class)->getMock();
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+
+        $argumentResolver = new ArgumentResolver(null, array(new UserValueResolver($tokenStorage), new DefaultValueResolver()));
+        $this->assertSame(array(null), $argumentResolver->getArguments(Request::create('/'), function (UserInterface $user = null) {}));
+    }
+}
+
+abstract class DummyUser implements UserInterface
+{
+}
+
+abstract class DummySubUser extends DummyUser
+{
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,6 +17,7 @@ SecurityBundle @@
     --------------
      * The `logout_on_user_change` firewall option has been removed.
+     * The `SecurityUserValueResolver` class has been removed.
     Translation
     -----------
@@ Expand Down @@