symfony · nicolas-grekas · Jul 4, 2023 · Jul 4, 2023
diff --git a/.github/expected-missing-return-types.diff b/.github/expected-missing-return-types.diff
@@ -2389,10 +2389,10 @@ index cecce6c01b..f2e0c7fdf5 100644
      {
          parent::newLine($count);
 diff --git a/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php b/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
-index 6ad89dc522..40020baee7 100644
+index 10bed7d031..e26109851f 100644
 --- a/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
 +++ b/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
-@@ -141,5 +141,5 @@ class NonStringInput extends Input
+@@ -128,5 +128,5 @@ class NonStringInput extends Input
      }
 
 -    public function parse()
@@ -9981,17 +9981,17 @@ index eabfe17bba..5a41823338 100644
      {
          throw new \BadMethodCallException('Cannot add attribute to NullToken.');
 diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
-index 0ec6b1cfb9..2e235a6069 100644
+index 8acc31bca2..25779a31b5 100644
 --- a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
 +++ b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
 @@ -41,5 +41,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
       * @return void
       */
--    public function setToken(TokenInterface $token = null)
-+    public function setToken(TokenInterface $token = null): void
+-    public function setToken(?TokenInterface $token)
++    public function setToken(?TokenInterface $token): void
      {
-         if (1 > \func_num_args()) {
-@@ -64,5 +64,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
+         if ($token) {
+@@ -60,5 +60,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
       * @return void
       */
 -    public function reset()
@@ -10172,23 +10172,16 @@ index a493b00e79..377dcacc09 100644
      {
      }
 diff --git a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
-index e0aef90a14..651578d1f1 100644
+index 13441bc758..e2bc96ff48 100644
 --- a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
 +++ b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
-@@ -55,5 +55,5 @@ class InMemoryUserProvider implements UserProviderInterface
-      * @throws \LogicException
+@@ -53,5 +53,5 @@ class InMemoryUserProvider implements UserProviderInterface
+      * @return void
       */
 -    public function createUser(UserInterface $user)
 +    public function createUser(UserInterface $user): void
      {
          if (!$user instanceof InMemoryUser) {
-@@ -100,5 +100,5 @@ class InMemoryUserProvider implements UserProviderInterface
-      * @throws UserNotFoundException if user whose given username does not exist
-      */
--    private function getUser(string $username): UserInterface
-+    private function getUser(string $username): InMemoryUser
-     {
-         if (!isset($this->users[strtolower($username)])) {
 diff --git a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php
 index 91f21c71d0..95e818392e 100644
 --- a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php

@@ -5,6 +5,7 @@ CHANGELOG
 ---
 
  * Enabling SecurityBundle and not configuring it is not allowed
+ * Remove configuration options `enable_authenticator_manager` and `csrf_token_generator`
 
 6.4
 ---

@@ -65,7 +65,6 @@ public function getConfigTreeBuilder(): TreeBuilder
                 ->end()
                 ->booleanNode('hide_user_not_found')->defaultTrue()->end()
                 ->booleanNode('erase_credentials')->defaultTrue()->end()
-                ->booleanNode('enable_authenticator_manager')->setDeprecated('symfony/security-bundle', '6.2', 'The "%node%" option at "%path%" is deprecated.')->defaultTrue()->end()
                 ->arrayNode('access_decision_manager')
                     ->addDefaultsIfNotSet()
                     ->children()
@@ -216,14 +215,6 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
             ->arrayNode('logout')
                 ->treatTrueLike([])
                 ->canBeUnset()
-                ->beforeNormalization()
-                    ->ifTrue(fn ($v): bool => isset($v['csrf_token_generator']) && !isset($v['csrf_token_manager']))
-                    ->then(function (array $v): array {
-                        $v['csrf_token_manager'] = $v['csrf_token_generator'];
-
-                        return $v;
-                    })
-                ->end()
                 ->beforeNormalization()
                     ->ifTrue(fn ($v): bool => \is_array($v) && (isset($v['csrf_token_manager']) xor isset($v['enable_csrf'])))
                     ->then(function (array $v): array {
@@ -240,13 +231,6 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     ->booleanNode('enable_csrf')->defaultNull()->end()
                     ->scalarNode('csrf_token_id')->defaultValue('logout')->end()
                     ->scalarNode('csrf_parameter')->defaultValue('_csrf_token')->end()
-                    ->scalarNode('csrf_token_generator')
-                        ->setDeprecated(
-                            'symfony/security-bundle',
-                            '6.3',
-                            'The "%node%" option is deprecated. Use "csrf_token_manager" instead.'
-                        )
-                    ->end()
                     ->scalarNode('csrf_token_manager')->end()
                     ->scalarNode('path')->defaultValue('/logout')->end()
                     ->scalarNode('target')->defaultValue('/')->end()

@@ -11,8 +11,6 @@
 
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
-use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
@@ -50,23 +48,8 @@ public function getKey(): string
         return 'form-login';
     }
 
-    public function addConfiguration(NodeDefinition $node): void
-    {
-        parent::addConfiguration($node);
-
-        $node
-            ->children()
-                ->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
-            ->end()
-        ;
-    }
-
     public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
     {
-        if (isset($config['csrf_token_generator'])) {
-            throw new InvalidConfigurationException('The "csrf_token_generator" on "form_login" does not exist, use "enable_csrf" instead.');
-        }
-
         $authenticatorId = 'security.authenticator.form_login.'.$firewallName;
         $options = array_intersect_key($config, $this->options);
         $authenticator = $container

@@ -54,7 +54,6 @@
 use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\UnanimousStrategy;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
-use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\User\ChainUserChecker;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
@@ -104,11 +103,6 @@ public function load(array $configs, ContainerBuilder $container): void
         $loader->load('security.php');
         $loader->load('password_hasher.php');
         $loader->load('security_listeners.php');
-
-        if (!$config['enable_authenticator_manager']) {
-            throw new InvalidConfigurationException('"security.enable_authenticator_manager" must be set to "true".');
-        }
-
         $loader->load('security_authenticator.php');
         $loader->load('security_authenticator_access_token.php');
 
@@ -177,11 +171,6 @@ public function load(array $configs, ContainerBuilder $container): void
 
         $container->registerForAutoconfiguration(VoterInterface::class)
             ->addTag('security.voter');
-
-        // required for compatibility with Symfony 5.4
-        $container->getDefinition('security.access_listener')->setArgument(3, false);
-        $container->getDefinition('security.authorization_checker')->setArgument(2, false);
-        $container->getDefinition('security.authorization_checker')->setArgument(3, false);
     }
 
     private function createStrategyDefinition(string $strategy, bool $allowIfAllAbstainDecisions, bool $allowIfEqualGrantedDeniedDecisions): Definition
@@ -666,15 +655,11 @@ private function getUserProvider(ContainerBuilder $container, string $id, array
             return $this->createMissingUserProvider($container, $id, $factoryKey);
         }
 
-        if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey || 'custom_authenticators' === $factoryKey) {
-            if ('custom_authenticators' === $factoryKey) {
-                trigger_deprecation('symfony/security-bundle', '5.4', 'Not configuring explicitly the provider for the "%s" firewall is deprecated because it\'s ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $id);
-            }
-
+        if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey) {
             return 'security.user_providers';
         }
 
-        throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $id));
+        throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $factoryKey, $id));
     }
 
     private function createMissingUserProvider(ContainerBuilder $container, string $id, string $factoryKey): string

@@ -35,7 +35,6 @@
 use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\InMemoryUserChecker;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -94,8 +93,6 @@
                 abstract_arg('authenticators'),
             ])
         ->alias(Security::class, 'security.helper')
-        ->alias(LegacySecurity::class, 'security.helper')
-            ->deprecate('symfony/security-bundle', '6.2', 'The "%alias_id%" service alias is deprecated, use "'.Security::class.'" instead.')
 
         ->set('security.user_value_resolver', UserValueResolver::class)
             ->args([

@@ -20,26 +20,13 @@
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Core\Exception\LogoutException;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
 use Symfony\Component\Security\Http\Event\LogoutEvent;
 use Symfony\Component\Security\Http\ParameterBagUtils;
-use Symfony\Component\Security\Http\SecurityRequestAttributes;
 use Symfony\Contracts\Service\ServiceProviderInterface;
 
-if (class_exists(LegacySecurity::class)) {
-    class_alias(LegacySecurity::class, InternalSecurity::class);
-} else {
-    /**
-     * @internal
-     */
-    class InternalSecurity
-    {
-    }
-}
-
 /**
  * Helper class for commonly-needed security tasks.
  *
@@ -49,23 +36,8 @@ class InternalSecurity
  *
  * @final
  */
-class Security extends InternalSecurity implements AuthorizationCheckerInterface
+class Security implements AuthorizationCheckerInterface
 {
-    /**
-     * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
-     */
-    public const ACCESS_DENIED_ERROR = SecurityRequestAttributes::ACCESS_DENIED_ERROR;
-
-    /**
-     * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
-     */
-    public const AUTHENTICATION_ERROR = SecurityRequestAttributes::AUTHENTICATION_ERROR;
-
-    /**
-     * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
-     */
-    public const LAST_USERNAME = SecurityRequestAttributes::LAST_USERNAME;
-
     public function __construct(
         private readonly ContainerInterface $container,
         private readonly array $authenticators = [],

@@ -30,15 +30,13 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\User\InMemoryUserChecker;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
 
 class SecurityExtensionTest extends TestCase
 {
@@ -162,8 +160,6 @@ public function testPerListenerProvider()
 
     public function testMissingProviderForListener()
     {
-        $this->expectException(InvalidConfigurationException::class);
-        $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" authenticator on "ambiguous" firewall is ambiguous as there is more than one registered provider.');
         $container = $this->getRawContainer();
         $container->loadFromExtension('security', [
             'providers' => [
@@ -179,6 +175,9 @@ public function testMissingProviderForListener()
             ],
         ]);
 
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" authenticator on "ambiguous" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.');
+
         $container->compile();
     }
 
@@ -476,31 +475,6 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders()
         $this->assertFalse($container->has(UserProviderInterface::class));
     }
 
-    /**
-     * @group legacy
-     */
-    public function testFirewallWithNoUserProviderTriggerDeprecation()
-    {
-        $container = $this->getRawContainer();
-
-        $container->loadFromExtension('security', [
-            'providers' => [
-                'first' => ['id' => 'foo'],
-                'second' => ['id' => 'foo'],
-            ],
-
-            'firewalls' => [
-                'some_firewall' => [
-                    'custom_authenticator' => 'my_authenticator',
-                ],
-            ],
-        ]);
-
-        $this->expectDeprecation('Since symfony/security-bundle 5.4: Not configuring explicitly the provider for the "some_firewall" firewall is deprecated because it\'s ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.');
-
-        $container->compile();
-    }
-
     /**
      * @dataProvider acceptableIpsProvider
      */
@@ -878,7 +852,7 @@ public function testNothingDoneWithEmptyConfiguration()
 
         $container->loadFromExtension('security');
 
-        $this->expectException(InvalidArgumentException::class);
+        $this->expectException(InvalidConfigurationException::class);
         $this->expectExceptionMessage('Enabling bundle "Symfony\Bundle\SecurityBundle\SecurityBundle" and not configuring it is not allowed.');
 
         $container->compile();
@@ -923,13 +897,6 @@ public function authenticate(Request $request): Passport
     {
     }
 
-    /**
-     * @internal for compatibility with Symfony 5.4
-     */
-    public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
-    {
-    }
-
     public function createToken(Passport $passport, string $firewallName): TokenInterface
     {
     }

@@ -13,21 +13,6 @@
 
 class AuthenticatorTest extends AbstractWebTestCase
 {
-    /**
-     * @group legacy
-     *
-     * @dataProvider provideEmails
-     */
-    public function testLegacyGlobalUserProvider($email)
-    {
-        $client = $this->createClient(['test_case' => 'Authenticator', 'root_config' => 'implicit_user_provider.yml']);
-
-        $client->request('GET', '/profile', [], [], [
-            'HTTP_X-USER-EMAIL' => $email,
-        ]);
-        $this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());
-    }
-
     /**
      * @dataProvider provideEmails
      */

diff --git a/src/Symfony/Component/Ldap/CHANGELOG.md b/src/Symfony/Component/Ldap/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+7.0
+---
+
+ * Remove `{username}` parameter, use `{user_identifier}` instead
+
 6.2
 ---
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,7 @@ CHANGELOG @@
     ---
      * Enabling SecurityBundle and not configuring it is not allowed
+     * Remove configuration options `enable_authenticator_manager` and `csrf_token_generator`
 .4
     ---
@@ Expand Down @@