Skip to content

Commit 5cc0e1c

Browse files
nicolas-grekasnicolas-grekas
committed
[SecurityBundle] Deprecate Security::* consts and other cleanups
1 parent 06e630c commit 5cc0e1c

File tree

5 files changed

+59
-19
lines changed

5 files changed

+59
-19
lines changed

.github/patch-types.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
// no break;
2525
case false !== strpos($file, '/vendor/'):
2626
case false !== strpos($file, '/src/Symfony/Bridge/PhpUnit/'):
27+
case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/ContainerAwareController.php'):
2728
case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Validation/Article.php'):
2829
case false !== strpos($file, '/src/Symfony/Component/Cache/Tests/Fixtures/DriverWrapper.php'):
2930
case false !== strpos($file, '/src/Symfony/Component/Config/Tests/Fixtures/BadFileName.php'):

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
6.4
5+
---
6+
7+
* Deprecate `Security::ACCESS_DENIED_ERROR`, `AUTHENTICATION_ERROR` and `LAST_USERNAME` constants, use the ones on `SecurityRequestAttributes` instead
8+
49
6.3
510
---
611

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ public function load(array $configs, ContainerBuilder $container)
9898
if (!array_filter($configs)) {
9999
trigger_deprecation('symfony/security-bundle', '6.3', 'Enabling bundle "%s" and not configuring it is deprecated.', SecurityBundle::class);
100100
// uncomment the following line in 7.0
101-
// throw new InvalidArgumentException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));
101+
// throw new InvalidConfigurationException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));
102102
return;
103103
}
104104

@@ -192,17 +192,14 @@ public function load(array $configs, ContainerBuilder $container)
192192
$container->getDefinition('security.authorization_checker')->setArgument(3, false);
193193
}
194194

195-
/**
196-
* @throws \InvalidArgumentException if the $strategy is invalid
197-
*/
198195
private function createStrategyDefinition(string $strategy, bool $allowIfAllAbstainDecisions, bool $allowIfEqualGrantedDeniedDecisions): Definition
199196
{
200197
return match ($strategy) {
201198
MainConfiguration::STRATEGY_AFFIRMATIVE => new Definition(AffirmativeStrategy::class, [$allowIfAllAbstainDecisions]),
202199
MainConfiguration::STRATEGY_CONSENSUS => new Definition(ConsensusStrategy::class, [$allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions]),
203200
MainConfiguration::STRATEGY_UNANIMOUS => new Definition(UnanimousStrategy::class, [$allowIfAllAbstainDecisions]),
204201
MainConfiguration::STRATEGY_PRIORITY => new Definition(PriorityStrategy::class, [$allowIfAllAbstainDecisions]),
205-
default => throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy)),
202+
default => throw new InvalidConfigurationException(sprintf('The strategy "%s" is not supported.', $strategy)),
206203
};
207204
}
208205

src/Symfony/Bundle/SecurityBundle/Security.php

Lines changed: 51 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@
1616
use Symfony\Component\HttpFoundation\Request;
1717
use Symfony\Component\HttpFoundation\Response;
1818
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
19+
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
20+
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
1921
use Symfony\Component\Security\Core\Exception\LogicException;
2022
use Symfony\Component\Security\Core\Exception\LogoutException;
2123
use Symfony\Component\Security\Core\Security as LegacySecurity;
@@ -27,6 +29,17 @@
2729
use Symfony\Component\Security\Http\SecurityRequestAttributes;
2830
use Symfony\Contracts\Service\ServiceProviderInterface;
2931

32+
if (class_exists(LegacySecurity::class)) {
33+
class_alias(LegacySecurity::class, InternalSecurity::class);
34+
} else {
35+
/**
36+
* @internal
37+
*/
38+
class InternalSecurity
39+
{
40+
}
41+
}
42+
3043
/**
3144
* Helper class for commonly-needed security tasks.
3245
*
@@ -36,15 +49,50 @@
3649
*
3750
* @final
3851
*/
39-
class Security extends LegacySecurity
52+
class Security extends InternalSecurity implements AuthorizationCheckerInterface
4053
{
54+
/**
55+
* @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
56+
*/
4157
public const ACCESS_DENIED_ERROR = SecurityRequestAttributes::ACCESS_DENIED_ERROR;
58+
59+
/**
60+
* @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
61+
*/
4262
public const AUTHENTICATION_ERROR = SecurityRequestAttributes::AUTHENTICATION_ERROR;
63+
64+
/**
65+
* @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
66+
*/
4367
public const LAST_USERNAME = SecurityRequestAttributes::LAST_USERNAME;
4468

45-
public function __construct(private readonly ContainerInterface $container, private readonly array $authenticators = [])
69+
public function __construct(
70+
private readonly ContainerInterface $container,
71+
private readonly array $authenticators = [],
72+
) {
73+
}
74+
75+
public function getUser(): ?UserInterface
76+
{
77+
if (!$token = $this->getToken()) {
78+
return null;
79+
}
80+
81+
return $token->getUser();
82+
}
83+
84+
/**
85+
* Checks if the attributes are granted against the current authentication token and optionally supplied subject.
86+
*/
87+
public function isGranted(mixed $attributes, mixed $subject = null): bool
88+
{
89+
return $this->container->get('security.authorization_checker')
90+
->isGranted($attributes, $subject);
91+
}
92+
93+
public function getToken(): ?TokenInterface
4694
{
47-
parent::__construct($container, false);
95+
return $this->container->get('security.token_storage')->getToken();
4896
}
4997

5098
public function getFirewallConfig(Request $request): ?FirewallConfig

src/Symfony/Component/Security/Core/Security.php

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -24,19 +24,8 @@
2424
*/
2525
class Security implements AuthorizationCheckerInterface
2626
{
27-
/**
28-
* @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::ACCESS_DENIED_ERROR instead
29-
*/
3027
public const ACCESS_DENIED_ERROR = '_security.403_error';
31-
32-
/**
33-
* @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::AUTHENTICATION_ERROR instead
34-
*/
3528
public const AUTHENTICATION_ERROR = '_security.last_error';
36-
37-
/**
38-
* @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::LAST_USERNAME instead
39-
*/
4029
public const LAST_USERNAME = '_security.last_username';
4130

4231
/**

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy