[Security] Rename PersistentTokenInterface::getUsername() to getUserIdentifier()

wouterj · wouterj · commit 08dcf39c8e94 · 2021-03-28T18:49:58.000+02:00
diff --git a/UPGRADE-5.3.md b/UPGRADE-5.3.md
@@ -183,6 +183,7 @@ Security
  * Deprecate `TokenInterface::getUsername()` in favor of `TokenInterface::getUserIdentifier()`
  * Deprecate `UserProviderInterface::loadUserByUsername()` in favor of `UserProviderInterface::loadUserByIdentifier()`
  * Deprecate `UsernameNotFoundException` in favor of `UserNotFoundException` and `getUsername()`/`setUsername()` in favor of `getUserIdentifier()`/`setUserIdentifier()`
+ * Deprecate `PersistentTokenInterface::getUsername()` in favor of `PersistentTokenInterface::getUserIdentifier()`
  * Deprecate calling `PasswordUpgraderInterface::upgradePassword()` with a `UserInterface` instance that does not implement `PasswordAuthenticatedUserInterface`
  * Deprecate calling methods `hashPassword()`, `isPasswordValid()` and `needsRehash()` on `UserPasswordHasherInterface` with a `UserInterface` instance that does not implement `PasswordAuthenticatedUserInterface`
  * Deprecate all classes in the `Core\Encoder\`  sub-namespace, use the `PasswordHasher` component instead
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -271,6 +271,7 @@ Security
  * Remove `TokenInterface::getUsername()` in favor of `TokenInterface::getUserIdentifier()`
  * Remove `UserProviderInterface::loadUserByUsername()` in favor of `UserProviderInterface::loadUserByIdentifier()`
  * Remove `UsernameNotFoundException` in favor of `UserNotFoundException` and `getUsername()`/`setUsername()` in favor of `getUserIdentifier()`/`setUserIdentifier()`
+ * Remove `PersistentTokenInterface::getUsername()` in favor of `PersistentTokenInterface::getUserIdentifier()`
  * Calling `PasswordUpgraderInterface::upgradePassword()` with a `UserInterface` instance that
    does not implement `PasswordAuthenticatedUserInterface` now throws a `\TypeError`.
  * Calling methods `hashPassword()`, `isPasswordValid()` and `needsRehash()` on `UserPasswordHasherInterface`
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 5.3
 ---
 
+ * Deprecate `PersistentTokenInterface::getUsername()` in favor of `PersistentTokenInterface::getUserIdentifier()`
  * Deprecate `UsernameNotFoundException` in favor of `UserNotFoundException` and `getUsername()`/`setUsername()` in favor of `getUserIdentifier()`/`setUserIdentifier()`
  * Deprecate `UserProviderInterface::loadUserByUsername()` in favor of `UserProviderInterface::loadUserByIdentifier()`
  * Deprecate `TokenInterface::getUsername()` in favor of `TokenInterface::getUserIdentifier()`
diff --git a/src/Symfony/Component/Security/Core/Authentication/RememberMe/InMemoryTokenProvider.php b/src/Symfony/Component/Security/Core/Authentication/RememberMe/InMemoryTokenProvider.php
@@ -45,7 +45,7 @@ public function updateToken(string $series, string $tokenValue, \DateTime $lastU
 
         $token = new PersistentToken(
             $this->tokens[$series]->getClass(),
-            $this->tokens[$series]->getUsername(),
+            method_exists($this->tokens[$series], 'getUserIdentifier') ? $this->tokens[$series]->getUserIdentifier() : $this->tokens[$series]->getUsername(),
             $series,
             $tokenValue,
             $lastUsed
diff --git a/src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentToken.php b/src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentToken.php
@@ -19,18 +19,18 @@
 final class PersistentToken implements PersistentTokenInterface
 {
     private $class;
-    private $username;
+    private $userIdentifier;
     private $series;
     private $tokenValue;
     private $lastUsed;
 
-    public function __construct(string $class, string $username, string $series, string $tokenValue, \DateTime $lastUsed)
+    public function __construct(string $class, string $userIdentifier, string $series, string $tokenValue, \DateTime $lastUsed)
     {
         if (empty($class)) {
             throw new \InvalidArgumentException('$class must not be empty.');
         }
-        if ('' === $username) {
-            throw new \InvalidArgumentException('$username must not be empty.');
+        if ('' === $userIdentifier) {
+            throw new \InvalidArgumentException('$userIdentifier must not be empty.');
         }
         if (empty($series)) {
             throw new \InvalidArgumentException('$series must not be empty.');
@@ -40,7 +40,7 @@ public function __construct(string $class, string $username, string $series, str
         }
 
         $this->class = $class;
-        $this->username = $username;
+        $this->userIdentifier = $userIdentifier;
         $this->series = $series;
         $this->tokenValue = $tokenValue;
         $this->lastUsed = $lastUsed;
@@ -59,7 +59,14 @@ public function getClass(): string
      */
     public function getUsername(): string
     {
-        return $this->username;
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, use getUserIdentifier() instead.', __METHOD__);
+
+        return $this->userIdentifier;
+    }
+
+    public function getUserIdentifier(): string
+    {
+        return $this->userIdentifier;
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentTokenInterface.php b/src/Symfony/Component/Security/Core/Authentication/RememberMe/PersistentTokenInterface.php
@@ -15,6 +15,8 @@
  * Interface to be implemented by persistent token classes (such as
  * Doctrine entities representing a remember-me token).
  *
+ * @method string getUserIdentifier() returns the identifier used to authenticate (e.g. their e-mailaddress or username)
+ *
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  */
 interface PersistentTokenInterface
@@ -26,13 +28,6 @@ interface PersistentTokenInterface
      */
     public function getClass();
 
-    /**
-     * Returns the username.
-     *
-     * @return string
-     */
-    public function getUsername();
-
     /**
      * Returns the series.
      *
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/PersistentTokenTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/RememberMe/PersistentTokenTest.php
@@ -12,19 +12,33 @@
 namespace Symfony\Component\Security\Core\Tests\Authentication\RememberMe;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
 
 class PersistentTokenTest extends TestCase
 {
+    use ExpectDeprecationTrait;
+
     public function testConstructor()
     {
         $lastUsed = new \DateTime();
         $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', $lastUsed);
 
         $this->assertEquals('fooclass', $token->getClass());
-        $this->assertEquals('fooname', $token->getUsername());
+        $this->assertEquals('fooname', $token->getUserIdentifier());
         $this->assertEquals('fooseries', $token->getSeries());
         $this->assertEquals('footokenvalue', $token->getTokenValue());
         $this->assertSame($lastUsed, $token->getLastUsed());
     }
+
+    /**
+     * @group legacy
+     */
+    public function testLegacyGetUsername()
+    {
+        $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', new \DateTime());
+
+        $this->expectDeprecation('Since symfony/security-core 5.3: Method "Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken::getUsername()" is deprecated, use getUserIdentifier() instead.');
+        $this->assertEquals('fooname', $token->getUsername());
+    }
 }
diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -94,7 +94,15 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
         );
 
         $userProvider = $this->getUserProvider($persistentToken->getClass());
-        $userIdentifier = $persistentToken->getUsername();
+        // @deprecated since 5.3, change to $persistentToken->getUserIdentifier() in 6.0
+        if (method_exists($persistentToken, 'getUserIdentifier')) {
+            $userIdentifier = $persistentToken->getUserIdentifier();
+        } else {
+            trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier()" in persistent token "%s" is deprecated. This method will replace "loadUserByUsername()" in Symfony 6.0.', get_debug_type($persistentToken));
+
+            $userIdentifier = $persistentToken->getUsername();
+        }
+
         // @deprecated since 5.3, change to $userProvider->loadUserByIdentifier() in 6.0
         if (method_exists($userProvider, 'loadUserByIdentifier')) {
             return $userProvider->loadUserByIdentifier($userIdentifier);
