From 99cf2a3a71bf412d1005c5164a50f1982a619822 Mon Sep 17 00:00:00 2001
From: Wouter de Jong <wouter@wouterj.nl>
Date: Tue, 16 Mar 2021 13:48:48 +0100
Subject: [PATCH] [Security] Disallow passing a UserInterface to Passport

This was deprecated in 5.2, with a warning that support would be dropped in 5.3
(due to the experimental state).
---
 UPGRADE-5.3.md                                     |  1 +
 src/Symfony/Component/Security/CHANGELOG.md        |  1 +
 .../Http/Authenticator/Passport/Passport.php       | 14 ++------------
 .../Passport/SelfValidatingPassport.php            | 14 ++------------
 .../EventListener/UserProviderListenerTest.php     | 12 ------------
 5 files changed, 6 insertions(+), 36 deletions(-)

diff --git a/UPGRADE-5.3.md b/UPGRADE-5.3.md
index 66b029800b203..06dc3f57823e1 100644
--- a/UPGRADE-5.3.md
+++ b/UPGRADE-5.3.md
@@ -91,6 +91,7 @@ Security
    If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing
    them in your own user class, as they are not part of the `InMemoryUser` API
  * Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead
+ * [BC break] Remove support for passing a `UserInterface` implementation to `Passport`, use the `UserBadge` instead.
  * Deprecate `UserInterface::getPassword()`
    If your `getPassword()` method does not return `null` (i.e. you are using password-based authentication),
    you should implement `PasswordAuthenticatedUserInterface`.
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index 5684557e659b8..40db39f449431 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -6,6 +6,7 @@ CHANGELOG
 
  * Deprecate class `User`, use `InMemoryUser` instead
  * Deprecate class `UserChecker`, use `InMemoryUserChecker` or your own implementation instead
+ * [BC break] Remove support for passing a `UserInterface` implementation to `Passport`, use the `UserBadge` instead.
  * Add `PasswordAuthenticatedUserInterface` for user classes that use passwords
  * Add `LegacyPasswordAuthenticatedUserInterface` for user classes that use user-provided salts in addition to passwords
  * Deprecate all classes in the `Core\Encoder\`  sub-namespace, use the `PasswordHasher` component instead
diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php
index 6ae34e7a9f239..e68f0fc1045bb 100644
--- a/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/Passport.php
@@ -32,23 +32,13 @@ class Passport implements UserPassportInterface
     private $attributes = [];
 
     /**
-     * @param UserBadge            $userBadge
      * @param CredentialsInterface $credentials the credentials to check for this authentication, use
      *                                          SelfValidatingPassport if no credentials should be checked
      * @param BadgeInterface[]     $badges
      */
-    public function __construct($userBadge, CredentialsInterface $credentials, array $badges = [])
+    public function __construct(UserBadge $userBadge, CredentialsInterface $credentials, array $badges = [])
     {
-        if ($userBadge instanceof UserInterface) {
-            trigger_deprecation('symfony/security-http', '5.2', 'The 1st argument of "%s" must be an instance of "%s", support for "%s" will be removed in symfony/security-http 5.3.', __CLASS__, UserBadge::class, UserInterface::class);
-
-            $this->user = $userBadge;
-        } elseif ($userBadge instanceof UserBadge) {
-            $this->addBadge($userBadge);
-        } else {
-            throw new \TypeError(sprintf('Argument 1 of "%s" must be an instance of "%s", "%s" given.', __METHOD__, UserBadge::class, get_debug_type($userBadge)));
-        }
-
+        $this->addBadge($userBadge);
         $this->addBadge($credentials);
         foreach ($badges as $badge) {
             $this->addBadge($badge);
diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/SelfValidatingPassport.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/SelfValidatingPassport.php
index ddce4cad0e8fe..ed205346e817b 100644
--- a/src/Symfony/Component/Security/Http/Authenticator/Passport/SelfValidatingPassport.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/Passport/SelfValidatingPassport.php
@@ -26,21 +26,11 @@
 class SelfValidatingPassport extends Passport
 {
     /**
-     * @param UserBadge        $userBadge
      * @param BadgeInterface[] $badges
      */
-    public function __construct($userBadge, array $badges = [])
+    public function __construct(UserBadge $userBadge, array $badges = [])
     {
-        if ($userBadge instanceof UserInterface) {
-            trigger_deprecation('symfony/security-http', '5.2', 'The 1st argument of "%s" must be an instance of "%s", support for "%s" will be removed in symfony/security-http 5.3.', __CLASS__, UserBadge::class, UserInterface::class);
-
-            $this->user = $userBadge;
-        } elseif ($userBadge instanceof UserBadge) {
-            $this->addBadge($userBadge);
-        } else {
-            throw new \TypeError(sprintf('Argument 1 of "%s" must be an instance of "%s", "%s" given.', __METHOD__, UserBadge::class, get_debug_type($userBadge)));
-        }
-
+        $this->addBadge($userBadge);
         foreach ($badges as $badge) {
             $this->addBadge($badge);
         }
diff --git a/src/Symfony/Component/Security/Http/Tests/EventListener/UserProviderListenerTest.php b/src/Symfony/Component/Security/Http/Tests/EventListener/UserProviderListenerTest.php
index 10096573de472..9fb29b3ff1f67 100644
--- a/src/Symfony/Component/Security/Http/Tests/EventListener/UserProviderListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/EventListener/UserProviderListenerTest.php
@@ -61,16 +61,4 @@ public function provideCompletePassports()
     {
         yield [new SelfValidatingPassport(new UserBadge('wouter', function () {}))];
     }
-
-    /**
-     * @group legacy
-     */
-    public function testLegacyUserPassport()
-    {
-        $passport = new SelfValidatingPassport($user = $this->createMock(UserInterface::class));
-        $this->listener->checkPassport(new CheckPassportEvent($this->createMock(AuthenticatorInterface::class), $passport));
-
-        $this->assertFalse($passport->hasBadge(UserBadge::class));
-        $this->assertSame($user, $passport->getUser());
-    }
 }

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/40487.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/40487.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/40487.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/40487.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>