diff --git a/.github/expected-missing-return-types.diff b/.github/expected-missing-return-types.diff
index 5f3b6f4a91f56..2545ad099f7a1 100644
--- a/.github/expected-missing-return-types.diff
+++ b/.github/expected-missing-return-types.diff
@@ -2389,10 +2389,10 @@ index cecce6c01b..f2e0c7fdf5 100644
{
parent::newLine($count);
diff --git a/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php b/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
-index 6ad89dc522..40020baee7 100644
+index 10bed7d031..e26109851f 100644
--- a/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
+++ b/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
-@@ -141,5 +141,5 @@ class NonStringInput extends Input
+@@ -128,5 +128,5 @@ class NonStringInput extends Input
}
- public function parse()
@@ -9981,17 +9981,17 @@ index eabfe17bba..5a41823338 100644
{
throw new \BadMethodCallException('Cannot add attribute to NullToken.');
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
-index 0ec6b1cfb9..2e235a6069 100644
+index 8acc31bca2..25779a31b5 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
@@ -41,5 +41,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
* @return void
*/
-- public function setToken(TokenInterface $token = null)
-+ public function setToken(TokenInterface $token = null): void
+- public function setToken(?TokenInterface $token)
++ public function setToken(?TokenInterface $token): void
{
- if (1 > \func_num_args()) {
-@@ -64,5 +64,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
+ if ($token) {
+@@ -60,5 +60,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
* @return void
*/
- public function reset()
@@ -10172,23 +10172,16 @@ index a493b00e79..377dcacc09 100644
{
}
diff --git a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
-index e0aef90a14..651578d1f1 100644
+index 13441bc758..e2bc96ff48 100644
--- a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
+++ b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
-@@ -55,5 +55,5 @@ class InMemoryUserProvider implements UserProviderInterface
- * @throws \LogicException
+@@ -53,5 +53,5 @@ class InMemoryUserProvider implements UserProviderInterface
+ * @return void
*/
- public function createUser(UserInterface $user)
+ public function createUser(UserInterface $user): void
{
if (!$user instanceof InMemoryUser) {
-@@ -100,5 +100,5 @@ class InMemoryUserProvider implements UserProviderInterface
- * @throws UserNotFoundException if user whose given username does not exist
- */
-- private function getUser(string $username): UserInterface
-+ private function getUser(string $username): InMemoryUser
- {
- if (!isset($this->users[strtolower($username)])) {
diff --git a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php
index 91f21c71d0..95e818392e 100644
--- a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
index 41bb87a5db544..4f0821acef087 100644
--- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
---
* Enabling SecurityBundle and not configuring it is not allowed
+ * Remove configuration options `enable_authenticator_manager` and `csrf_token_generator`
6.4
---
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index e982fc1871940..1e4d0d95bf3f2 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -65,7 +65,6 @@ public function getConfigTreeBuilder(): TreeBuilder
->end()
->booleanNode('hide_user_not_found')->defaultTrue()->end()
->booleanNode('erase_credentials')->defaultTrue()->end()
- ->booleanNode('enable_authenticator_manager')->setDeprecated('symfony/security-bundle', '6.2', 'The "%node%" option at "%path%" is deprecated.')->defaultTrue()->end()
->arrayNode('access_decision_manager')
->addDefaultsIfNotSet()
->children()
@@ -216,14 +215,6 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
->arrayNode('logout')
->treatTrueLike([])
->canBeUnset()
- ->beforeNormalization()
- ->ifTrue(fn ($v): bool => isset($v['csrf_token_generator']) && !isset($v['csrf_token_manager']))
- ->then(function (array $v): array {
- $v['csrf_token_manager'] = $v['csrf_token_generator'];
-
- return $v;
- })
- ->end()
->beforeNormalization()
->ifTrue(fn ($v): bool => \is_array($v) && (isset($v['csrf_token_manager']) xor isset($v['enable_csrf'])))
->then(function (array $v): array {
@@ -240,13 +231,6 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
->booleanNode('enable_csrf')->defaultNull()->end()
->scalarNode('csrf_token_id')->defaultValue('logout')->end()
->scalarNode('csrf_parameter')->defaultValue('_csrf_token')->end()
- ->scalarNode('csrf_token_generator')
- ->setDeprecated(
- 'symfony/security-bundle',
- '6.3',
- 'The "%node%" option is deprecated. Use "csrf_token_manager" instead.'
- )
- ->end()
->scalarNode('csrf_token_manager')->end()
->scalarNode('path')->defaultValue('/logout')->end()
->scalarNode('target')->defaultValue('/')->end()
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
index 177fda4feb5a4..fdcdb3a2e8d85 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
@@ -11,8 +11,6 @@
namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
-use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
use Symfony\Component\DependencyInjection\ChildDefinition;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Reference;
@@ -50,23 +48,8 @@ public function getKey(): string
return 'form-login';
}
- public function addConfiguration(NodeDefinition $node): void
- {
- parent::addConfiguration($node);
-
- $node
- ->children()
- ->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
- ->end()
- ;
- }
-
public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
{
- if (isset($config['csrf_token_generator'])) {
- throw new InvalidConfigurationException('The "csrf_token_generator" on "form_login" does not exist, use "enable_csrf" instead.');
- }
-
$authenticatorId = 'security.authenticator.form_login.'.$firewallName;
$options = array_intersect_key($config, $this->options);
$authenticator = $container
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 877454ba5fa3b..8718844202d07 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -54,7 +54,6 @@
use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
use Symfony\Component\Security\Core\Authorization\Strategy\UnanimousStrategy;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
-use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
use Symfony\Component\Security\Core\User\ChainUserChecker;
use Symfony\Component\Security\Core\User\ChainUserProvider;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
@@ -104,11 +103,6 @@ public function load(array $configs, ContainerBuilder $container): void
$loader->load('security.php');
$loader->load('password_hasher.php');
$loader->load('security_listeners.php');
-
- if (!$config['enable_authenticator_manager']) {
- throw new InvalidConfigurationException('"security.enable_authenticator_manager" must be set to "true".');
- }
-
$loader->load('security_authenticator.php');
$loader->load('security_authenticator_access_token.php');
@@ -177,11 +171,6 @@ public function load(array $configs, ContainerBuilder $container): void
$container->registerForAutoconfiguration(VoterInterface::class)
->addTag('security.voter');
-
- // required for compatibility with Symfony 5.4
- $container->getDefinition('security.access_listener')->setArgument(3, false);
- $container->getDefinition('security.authorization_checker')->setArgument(2, false);
- $container->getDefinition('security.authorization_checker')->setArgument(3, false);
}
private function createStrategyDefinition(string $strategy, bool $allowIfAllAbstainDecisions, bool $allowIfEqualGrantedDeniedDecisions): Definition
@@ -666,15 +655,11 @@ private function getUserProvider(ContainerBuilder $container, string $id, array
return $this->createMissingUserProvider($container, $id, $factoryKey);
}
- if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey || 'custom_authenticators' === $factoryKey) {
- if ('custom_authenticators' === $factoryKey) {
- trigger_deprecation('symfony/security-bundle', '5.4', 'Not configuring explicitly the provider for the "%s" firewall is deprecated because it\'s ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $id);
- }
-
+ if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey) {
return 'security.user_providers';
}
- throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $id));
+ throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $factoryKey, $id));
}
private function createMissingUserProvider(ContainerBuilder $container, string $id, string $factoryKey): string
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
index 27cc0ce51e9c3..7ed2738936e45 100644
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -35,7 +35,6 @@
use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
use Symfony\Component\Security\Core\Role\RoleHierarchy;
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
use Symfony\Component\Security\Core\User\ChainUserProvider;
use Symfony\Component\Security\Core\User\InMemoryUserChecker;
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -94,8 +93,6 @@
abstract_arg('authenticators'),
])
->alias(Security::class, 'security.helper')
- ->alias(LegacySecurity::class, 'security.helper')
- ->deprecate('symfony/security-bundle', '6.2', 'The "%alias_id%" service alias is deprecated, use "'.Security::class.'" instead.')
->set('security.user_value_resolver', UserValueResolver::class)
->args([
diff --git a/src/Symfony/Bundle/SecurityBundle/Security.php b/src/Symfony/Bundle/SecurityBundle/Security.php
index 84f8c7c7b6684..43398786ac24f 100644
--- a/src/Symfony/Bundle/SecurityBundle/Security.php
+++ b/src/Symfony/Bundle/SecurityBundle/Security.php
@@ -20,26 +20,13 @@
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\LogicException;
use Symfony\Component\Security\Core\Exception\LogoutException;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
use Symfony\Component\Security\Http\Event\LogoutEvent;
use Symfony\Component\Security\Http\ParameterBagUtils;
-use Symfony\Component\Security\Http\SecurityRequestAttributes;
use Symfony\Contracts\Service\ServiceProviderInterface;
-if (class_exists(LegacySecurity::class)) {
- class_alias(LegacySecurity::class, InternalSecurity::class);
-} else {
- /**
- * @internal
- */
- class InternalSecurity
- {
- }
-}
-
/**
* Helper class for commonly-needed security tasks.
*
@@ -49,23 +36,8 @@ class InternalSecurity
*
* @final
*/
-class Security extends InternalSecurity implements AuthorizationCheckerInterface
+class Security implements AuthorizationCheckerInterface
{
- /**
- * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
- */
- public const ACCESS_DENIED_ERROR = SecurityRequestAttributes::ACCESS_DENIED_ERROR;
-
- /**
- * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
- */
- public const AUTHENTICATION_ERROR = SecurityRequestAttributes::AUTHENTICATION_ERROR;
-
- /**
- * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead
- */
- public const LAST_USERNAME = SecurityRequestAttributes::LAST_USERNAME;
-
public function __construct(
private readonly ContainerInterface $container,
private readonly array $authenticators = [],
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
index 170bce8169c64..cc93d323df7e9 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -30,7 +30,6 @@
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
use Symfony\Component\Security\Core\User\InMemoryUserChecker;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
@@ -38,7 +37,6 @@
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
class SecurityExtensionTest extends TestCase
{
@@ -162,8 +160,6 @@ public function testPerListenerProvider()
public function testMissingProviderForListener()
{
- $this->expectException(InvalidConfigurationException::class);
- $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" authenticator on "ambiguous" firewall is ambiguous as there is more than one registered provider.');
$container = $this->getRawContainer();
$container->loadFromExtension('security', [
'providers' => [
@@ -179,6 +175,9 @@ public function testMissingProviderForListener()
],
]);
+ $this->expectException(InvalidConfigurationException::class);
+ $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" authenticator on "ambiguous" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.');
+
$container->compile();
}
@@ -476,31 +475,6 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders()
$this->assertFalse($container->has(UserProviderInterface::class));
}
- /**
- * @group legacy
- */
- public function testFirewallWithNoUserProviderTriggerDeprecation()
- {
- $container = $this->getRawContainer();
-
- $container->loadFromExtension('security', [
- 'providers' => [
- 'first' => ['id' => 'foo'],
- 'second' => ['id' => 'foo'],
- ],
-
- 'firewalls' => [
- 'some_firewall' => [
- 'custom_authenticator' => 'my_authenticator',
- ],
- ],
- ]);
-
- $this->expectDeprecation('Since symfony/security-bundle 5.4: Not configuring explicitly the provider for the "some_firewall" firewall is deprecated because it\'s ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.');
-
- $container->compile();
- }
-
/**
* @dataProvider acceptableIpsProvider
*/
@@ -878,7 +852,7 @@ public function testNothingDoneWithEmptyConfiguration()
$container->loadFromExtension('security');
- $this->expectException(InvalidArgumentException::class);
+ $this->expectException(InvalidConfigurationException::class);
$this->expectExceptionMessage('Enabling bundle "Symfony\Bundle\SecurityBundle\SecurityBundle" and not configuring it is not allowed.');
$container->compile();
@@ -923,13 +897,6 @@ public function authenticate(Request $request): Passport
{
}
- /**
- * @internal for compatibility with Symfony 5.4
- */
- public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
- {
- }
-
public function createToken(Passport $passport, string $firewallName): TokenInterface
{
}
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
index ca99dbf3eadab..a3f539a59c57a 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
@@ -13,21 +13,6 @@
class AuthenticatorTest extends AbstractWebTestCase
{
- /**
- * @group legacy
- *
- * @dataProvider provideEmails
- */
- public function testLegacyGlobalUserProvider($email)
- {
- $client = $this->createClient(['test_case' => 'Authenticator', 'root_config' => 'implicit_user_provider.yml']);
-
- $client->request('GET', '/profile', [], [], [
- 'HTTP_X-USER-EMAIL' => $email,
- ]);
- $this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());
- }
-
/**
* @dataProvider provideEmails
*/
diff --git a/src/Symfony/Component/Ldap/CHANGELOG.md b/src/Symfony/Component/Ldap/CHANGELOG.md
index eb4df15c95e57..ad134e0fb20c0 100644
--- a/src/Symfony/Component/Ldap/CHANGELOG.md
+++ b/src/Symfony/Component/Ldap/CHANGELOG.md
@@ -1,6 +1,11 @@
CHANGELOG
=========
+7.0
+---
+
+ * Remove `{username}` parameter, use `{user_identifier}` instead
+
6.2
---
diff --git a/src/Symfony/Component/Ldap/Security/LdapBadge.php b/src/Symfony/Component/Ldap/Security/LdapBadge.php
index 2f8b1d7bd307d..f51ff4ee8cf6b 100644
--- a/src/Symfony/Component/Ldap/Security/LdapBadge.php
+++ b/src/Symfony/Component/Ldap/Security/LdapBadge.php
@@ -34,18 +34,10 @@ class LdapBadge implements BadgeInterface
public function __construct(string $ldapServiceId, string $dnString = '{user_identifier}', string $searchDn = '', string $searchPassword = '', string $queryString = null)
{
$this->ldapServiceId = $ldapServiceId;
- $dnString = str_replace('{username}', '{user_identifier}', $dnString, $replaceCount);
- if ($replaceCount > 0) {
- trigger_deprecation('symfony/ldap', '6.2', 'Using "{username}" parameter in LDAP configuration is deprecated, consider using "{user_identifier}" instead.');
- }
$this->dnString = $dnString;
$this->searchDn = $searchDn;
$this->searchPassword = $searchPassword;
- $queryString = str_replace('{username}', '{user_identifier}', $queryString ?? '', $replaceCount);
- if ($replaceCount > 0) {
- trigger_deprecation('symfony/ldap', '6.2', 'Using "{username}" parameter in LDAP configuration is deprecated, consider using "{user_identifier}" instead.');
- }
- $this->queryString = $queryString;
+ $this->queryString = $queryString ?? '';
}
public function getLdapServiceId(): string
diff --git a/src/Symfony/Component/Ldap/Security/LdapUser.php b/src/Symfony/Component/Ldap/Security/LdapUser.php
index abc293ac90132..1cc750677e495 100644
--- a/src/Symfony/Component/Ldap/Security/LdapUser.php
+++ b/src/Symfony/Component/Ldap/Security/LdapUser.php
@@ -62,14 +62,6 @@ public function getSalt(): ?string
return null;
}
- /**
- * @internal for compatibility with Symfony 5.4
- */
- public function getUsername(): string
- {
- return $this->getUserIdentifier();
- }
-
public function getUserIdentifier(): string
{
return $this->identifier;
diff --git a/src/Symfony/Component/Ldap/Security/LdapUserProvider.php b/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
index eef59c28308a3..4d9f2f6e44075 100644
--- a/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
+++ b/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
@@ -59,14 +59,6 @@ public function __construct(LdapInterface $ldap, string $baseDn, string $searchD
$this->extraFields = $extraFields;
}
- /**
- * @internal for compatibility with Symfony 5.4
- */
- public function loadUserByUsername(string $username): UserInterface
- {
- return $this->loadUserByIdentifier($username);
- }
-
public function loadUserByIdentifier(string $identifier): UserInterface
{
try {
@@ -76,11 +68,7 @@ public function loadUserByIdentifier(string $identifier): UserInterface
}
$identifier = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER);
- $query = str_replace('{username}', '{user_identifier}', $this->defaultSearch, $replaceCount);
- if ($replaceCount > 0) {
- trigger_deprecation('symfony/ldap', '6.2', 'Using "{username}" parameter in LDAP configuration is deprecated, consider using "{user_identifier}" instead.');
- }
- $query = str_replace('{user_identifier}', $identifier, $query);
+ $query = str_replace('{user_identifier}', $identifier, $this->defaultSearch);
$search = $this->ldap->query($this->baseDn, $query, ['filter' => 0 == \count($this->extraFields) ? '*' : $this->extraFields]);
$entries = $search->execute();
diff --git a/src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php b/src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
index 495072ca6816b..00731d03557cb 100644
--- a/src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
+++ b/src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
@@ -30,7 +30,6 @@
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
use Symfony\Component\Security\Http\Event\CheckPassportEvent;
use Symfony\Contracts\Service\ServiceLocatorTrait;
@@ -127,49 +126,6 @@ public function testBindFailureShouldThrowAnException()
$listener->onCheckPassport($this->createEvent());
}
- /**
- * @group legacy
- *
- * @dataProvider queryForDnProvider
- */
- public function testLegacyQueryForDn(string $dnString, string $queryString)
- {
- $collection = new class([new Entry('')]) extends \ArrayObject implements CollectionInterface {
- public function toArray(): array
- {
- return $this->getArrayCopy();
- }
- };
-
- $query = $this->createMock(QueryInterface::class);
- $query->expects($this->once())->method('execute')->willReturn($collection);
-
- $this->ldap
- ->method('bind')
- ->willReturnCallback(function (...$args) {
- static $series = [
- ['elsa', 'test1234A$'],
- ['', 's3cr3t'],
- ];
-
- $this->assertSame(array_shift($series), $args);
- })
- ;
- $this->ldap->expects($this->any())->method('escape')->with('Wouter', '', LdapInterface::ESCAPE_FILTER)->willReturn('wouter');
- $this->ldap->expects($this->once())->method('query')->with('{user_identifier}', 'wouter_test')->willReturn($query);
-
- $listener = $this->createListener();
- $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', $dnString, 'elsa', 'test1234A$', $queryString)));
- }
-
- public static function queryForDnProvider(): iterable
- {
- yield ['{username}', '{username}_test'];
- yield ['{user_identifier}', '{username}_test'];
- yield ['{username}', '{user_identifier}_test'];
- yield ['{user_identifier}', '{user_identifier}_test'];
- }
-
public function testQueryForDn()
{
$collection = new class([new Entry('')]) extends \ArrayObject implements CollectionInterface {
@@ -257,13 +213,6 @@ public function authenticate(Request $request): Passport
{
}
- /**
- * @internal for compatibility with Symfony 5.4
- */
- public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
- {
- }
-
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
}
diff --git a/src/Symfony/Component/Ldap/composer.json b/src/Symfony/Component/Ldap/composer.json
index 2867afa5457e3..5ed2995736e11 100644
--- a/src/Symfony/Component/Ldap/composer.json
+++ b/src/Symfony/Component/Ldap/composer.json
@@ -18,7 +18,6 @@
"require": {
"php": ">=8.2",
"ext-ldap": "*",
- "symfony/deprecation-contracts": "^2.5|^3",
"symfony/options-resolver": "^6.4|^7.0"
},
"require-dev": {
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
index 0ec6b1cfb972b..8acc31bca2c8e 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
@@ -40,12 +40,8 @@ public function getToken(): ?TokenInterface
/**
* @return void
*/
- public function setToken(TokenInterface $token = null)
+ public function setToken(?TokenInterface $token)
{
- if (1 > \func_num_args()) {
- trigger_deprecation('symfony/security-core', '6.2', 'Calling "%s()" without any arguments is deprecated, pass null explicitly instead.', __METHOD__);
- }
-
if ($token) {
// ensure any initializer is called
$this->getToken();
diff --git a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
index 3827f8b91ee38..c748697c494f9 100644
--- a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
+++ b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
@@ -24,17 +24,10 @@
*/
class AuthorizationChecker implements AuthorizationCheckerInterface
{
- private TokenStorageInterface $tokenStorage;
- private AccessDecisionManagerInterface $accessDecisionManager;
-
- public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionManagerInterface $accessDecisionManager, bool $exceptionOnNoToken = false)
- {
- if ($exceptionOnNoToken) {
- throw new \LogicException(sprintf('Argument $exceptionOnNoToken of "%s()" must be set to "false".', __METHOD__));
- }
-
- $this->tokenStorage = $tokenStorage;
- $this->accessDecisionManager = $accessDecisionManager;
+ public function __construct(
+ private TokenStorageInterface $tokenStorage,
+ private AccessDecisionManagerInterface $accessDecisionManager,
+ ) {
}
final public function isGranted(mixed $attribute, mixed $subject = null): bool
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/TokenStorageTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/TokenStorageTest.php
index 5b260b50a18c7..26d20ae4a92fa 100644
--- a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/TokenStorageTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/TokenStorageTest.php
@@ -12,31 +12,12 @@
namespace Symfony\Component\Security\Core\Tests\Authentication\Token\Storage;
use PHPUnit\Framework\TestCase;
-use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\User\InMemoryUser;
class TokenStorageTest extends TestCase
{
- use ExpectDeprecationTrait;
-
- /**
- * @group legacy
- */
- public function testGetSetTokenLegacy()
- {
- $tokenStorage = new TokenStorage();
- $token = new UsernamePasswordToken(new InMemoryUser('username', 'password'), 'provider');
- $tokenStorage->setToken($token);
- $this->assertSame($token, $tokenStorage->getToken());
-
- $this->expectDeprecation('Since symfony/security-core 6.2: Calling "Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage::setToken()" without any arguments is deprecated, pass null explicitly instead.');
-
- $tokenStorage->setToken();
- $this->assertNull($tokenStorage->getToken());
- }
-
public function testGetSetToken()
{
$tokenStorage = new TokenStorage();
diff --git a/src/Symfony/Component/Security/Core/Tests/SecurityTest.php b/src/Symfony/Component/Security/Core/Tests/SecurityTest.php
deleted file mode 100644
index 00436895df05d..0000000000000
--- a/src/Symfony/Component/Security/Core/Tests/SecurityTest.php
+++ /dev/null
@@ -1,98 +0,0 @@
-
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Symfony\Component\Security\Core\Tests;
-
-use PHPUnit\Framework\TestCase;
-use Psr\Container\ContainerInterface;
-use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
-use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
-use Symfony\Component\Security\Core\Security;
-use Symfony\Component\Security\Core\User\InMemoryUser;
-
-/**
- * @group legacy
- */
-class SecurityTest extends TestCase
-{
- public function testGetToken()
- {
- $token = new UsernamePasswordToken(new InMemoryUser('foo', 'bar'), 'provider');
- $tokenStorage = $this->createMock(TokenStorageInterface::class);
-
- $tokenStorage->expects($this->once())
- ->method('getToken')
- ->willReturn($token);
-
- $container = $this->createContainer('security.token_storage', $tokenStorage);
-
- $security = new Security($container);
- $this->assertSame($token, $security->getToken());
- }
-
- /**
- * @dataProvider getUserTests
- */
- public function testGetUser($userInToken, $expectedUser)
- {
- $token = $this->createMock(TokenInterface::class);
- $token->expects($this->any())
- ->method('getUser')
- ->willReturn($userInToken);
- $tokenStorage = $this->createMock(TokenStorageInterface::class);
-
- $tokenStorage->expects($this->once())
- ->method('getToken')
- ->willReturn($token);
-
- $container = $this->createContainer('security.token_storage', $tokenStorage);
-
- $security = new Security($container);
- $this->assertSame($expectedUser, $security->getUser());
- }
-
- public static function getUserTests()
- {
- yield [null, null];
-
- $user = new InMemoryUser('nice_user', 'foo');
- yield [$user, $user];
- }
-
- public function testIsGranted()
- {
- $authorizationChecker = $this->createMock(AuthorizationCheckerInterface::class);
-
- $authorizationChecker->expects($this->once())
- ->method('isGranted')
- ->with('SOME_ATTRIBUTE', 'SOME_SUBJECT')
- ->willReturn(true);
-
- $container = $this->createContainer('security.authorization_checker', $authorizationChecker);
-
- $security = new Security($container);
- $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
- }
-
- private function createContainer($serviceId, $serviceObject)
- {
- $container = $this->createMock(ContainerInterface::class);
-
- $container->expects($this->atLeastOnce())
- ->method('get')
- ->with($serviceId)
- ->willReturn($serviceObject);
-
- return $container;
- }
-}
diff --git a/src/Symfony/Component/Security/Core/User/ChainUserProvider.php b/src/Symfony/Component/Security/Core/User/ChainUserProvider.php
index 47ebbc1a8e339..045697fb76eba 100644
--- a/src/Symfony/Component/Security/Core/User/ChainUserProvider.php
+++ b/src/Symfony/Component/Security/Core/User/ChainUserProvider.php
@@ -46,14 +46,6 @@ public function getProviders(): array
return $this->providers;
}
- /**
- * @internal for compatibility with Symfony 5.4
- */
- public function loadUserByUsername(string $username): UserInterface
- {
- return $this->loadUserByIdentifier($username);
- }
-
public function loadUserByIdentifier(string $identifier): UserInterface
{
foreach ($this->providers as $provider) {
diff --git a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
index e0aef90a14147..13441bc758511 100644
--- a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
+++ b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
@@ -51,13 +51,11 @@ public function __construct(array $users = [])
* Adds a new User to the provider.
*
* @return void
- *
- * @throws \LogicException
*/
public function createUser(UserInterface $user)
{
if (!$user instanceof InMemoryUser) {
- trigger_deprecation('symfony/security-core', '6.3', 'Passing users that are not instance of "%s" to "%s" is deprecated, "%s" given.', InMemoryUser::class, __METHOD__, get_debug_type($user));
+ throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
}
$userIdentifier = strtolower($user->getUserIdentifier());
@@ -93,13 +91,11 @@ public function supportsClass(string $class): bool
}
/**
- * Returns the user by given username.
- *
- * @return InMemoryUser change return type on 7.0
+ * Returns the user by given user.
*
* @throws UserNotFoundException if user whose given username does not exist
*/
- private function getUser(string $username): UserInterface
+ private function getUser(string $username): InMemoryUser
{
if (!isset($this->users[strtolower($username)])) {
$ex = new UserNotFoundException(sprintf('Username "%s" does not exist.', $username));
diff --git a/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
index 3eaafc7aebb93..990903c8ae8b6 100644
--- a/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
@@ -148,8 +148,8 @@ private function getCredentials(\stdClass $data): array
try {
$credentials['username'] = $this->propertyAccessor->getValue($data, $this->options['username_path']);
- if (!\is_string($credentials['username'])) {
- throw new BadRequestHttpException(sprintf('The key "%s" must be a string.', $this->options['username_path']));
+ if (!\is_string($credentials['username']) || '' === $credentials['username']) {
+ throw new BadRequestHttpException(sprintf('The key "%s" must be a non-empty string.', $this->options['username_path']));
}
} catch (AccessException $e) {
throw new BadRequestHttpException(sprintf('The key "%s" must be provided.', $this->options['username_path']), $e);
@@ -159,17 +159,13 @@ private function getCredentials(\stdClass $data): array
$credentials['password'] = $this->propertyAccessor->getValue($data, $this->options['password_path']);
$this->propertyAccessor->setValue($data, $this->options['password_path'], null);
- if (!\is_string($credentials['password'])) {
- throw new BadRequestHttpException(sprintf('The key "%s" must be a string.', $this->options['password_path']));
+ if (!\is_string($credentials['password']) || '' === $credentials['password']) {
+ throw new BadRequestHttpException(sprintf('The key "%s" must be a non-empty string.', $this->options['password_path']));
}
} catch (AccessException $e) {
throw new BadRequestHttpException(sprintf('The key "%s" must be provided.', $this->options['password_path']), $e);
}
- if ('' === $credentials['username'] || '' === $credentials['password']) {
- trigger_deprecation('symfony/security', '6.2', 'Passing an empty string as username or password parameter is deprecated.');
- }
-
return $credentials;
}
}
diff --git a/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php b/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php
index 5421301ef2fbe..5a9c08d61071c 100644
--- a/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php
@@ -33,12 +33,6 @@ public function __construct(UserInterface $user, string $firewallName, array $ro
$this->setUser($user);
$this->firewallName = $firewallName;
-
- // required for compatibility with Symfony 5.4
- if (method_exists($this, 'setAuthenticated')) {
- // this token is meant to be used after authentication success, so it is always authenticated
- $this->setAuthenticated(true, false);
- }
}
/**
diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
index 015f942900d23..556811c0f51f6 100644
--- a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
@@ -35,45 +35,8 @@ final class PersistentRememberMeHandler extends AbstractRememberMeHandler
private TokenProviderInterface $tokenProvider;
private ?TokenVerifierInterface $tokenVerifier;
- /**
- * @param UserProviderInterface $userProvider
- * @param RequestStack $requestStack
- * @param array $options
- * @param LoggerInterface|null $logger
- * @param TokenVerifierInterface|null $tokenVerifier
- */
- public function __construct(TokenProviderInterface $tokenProvider, #[\SensitiveParameter] $userProvider, $requestStack, $options, $logger = null, $tokenVerifier = null)
+ public function __construct(TokenProviderInterface $tokenProvider, UserProviderInterface $userProvider, RequestStack $requestStack, array $options, LoggerInterface $logger = null, TokenVerifierInterface $tokenVerifier = null)
{
- if (\is_string($userProvider)) {
- trigger_deprecation('symfony/security-http', '6.3', 'Calling "%s()" with the secret as the second argument is deprecated. The argument will be dropped in 7.0.', __CLASS__);
-
- $userProvider = $requestStack;
- $requestStack = $options;
- $options = $logger;
- $logger = $tokenVerifier;
- $tokenVerifier = \func_num_args() > 6 ? func_get_arg(6) : null;
- }
-
- if (!$userProvider instanceof UserProviderInterface) {
- throw new \TypeError(sprintf('Argument 2 passed to "%s()" must be an instance of "%s", "%s" given.', __CLASS__, UserProviderInterface::class, get_debug_type($userProvider)));
- }
-
- if (!$requestStack instanceof RequestStack) {
- throw new \TypeError(sprintf('Argument 3 passed to "%s()" must be an instance of "%s", "%s" given.', __CLASS__, RequestStack::class, get_debug_type($userProvider)));
- }
-
- if (!\is_array($options)) {
- throw new \TypeError(sprintf('Argument 4 passed to "%s()" must be an array, "%s" given.', __CLASS__, get_debug_type($userProvider)));
- }
-
- if (null !== $logger && !$logger instanceof LoggerInterface) {
- throw new \TypeError(sprintf('Argument 5 passed to "%s()" must be an instance of "%s", "%s" given.', __CLASS__, LoggerInterface::class, get_debug_type($userProvider)));
- }
-
- if (null !== $tokenVerifier && !$tokenVerifier instanceof TokenVerifierInterface) {
- throw new \TypeError(sprintf('Argument 6 passed to "%s()" must be an instance of "%s", "%s" given.', __CLASS__, TokenVerifierInterface::class, get_debug_type($userProvider)));
- }
-
parent::__construct($userProvider, $requestStack, $options, $logger);
if (!$tokenVerifier && $tokenProvider instanceof TokenVerifierInterface) {
diff --git a/src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php b/src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php
index 5350dd4a04935..677811e0c2b67 100644
--- a/src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php
@@ -12,7 +12,6 @@
namespace Symfony\Component\Security\Http\Tests\Authenticator;
use PHPUnit\Framework\TestCase;
-use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
@@ -27,8 +26,6 @@
class JsonLoginAuthenticatorTest extends TestCase
{
- use ExpectDeprecationTrait;
-
private $userProvider;
/** @var JsonLoginAuthenticator */
private $authenticator;
@@ -119,35 +116,22 @@ public static function provideInvalidAuthenticateData()
yield [$request, 'The key "password" must be provided'];
$request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], '{"username": 1, "password": "foo"}');
- yield [$request, 'The key "username" must be a string.'];
+ yield [$request, 'The key "username" must be a non-empty string.'];
+
+ $request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], '{"username": "", "password": "foo"}');
+ yield [$request, 'The key "username" must be a non-empty string.'];
$request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], '{"username": "dunglas", "password": 1}');
- yield [$request, 'The key "password" must be a string.'];
+ yield [$request, 'The key "password" must be a non-empty string.'];
+
+ $request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], '{"username": "dunglas", "password": ""}');
+ yield [$request, 'The key "password" must be a non-empty string.'];
$username = str_repeat('x', UserBadge::MAX_USERNAME_LENGTH + 1);
$request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], sprintf('{"username": "%s", "password": "foo"}', $username));
yield [$request, 'Username too long.', BadCredentialsException::class];
}
- /**
- * @dataProvider provideEmptyAuthenticateData
- *
- * @group legacy
- */
- public function testAuthenticationForEmptyCredentialDeprecation($request)
- {
- $this->expectDeprecation('Since symfony/security 6.2: Passing an empty string as username or password parameter is deprecated.');
- $this->setUpAuthenticator();
-
- $this->authenticator->authenticate($request);
- }
-
- public static function provideEmptyAuthenticateData()
- {
- $request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], '{"username": "", "password": "notempty"}');
- yield [$request];
- }
-
public function testAuthenticationFailureWithoutTranslator()
{
$this->setUpAuthenticator();
diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json
index b90b2721e57b6..c1195da0d68f0 100644
--- a/src/Symfony/Component/Security/Http/composer.json
+++ b/src/Symfony/Component/Security/Http/composer.json
@@ -17,7 +17,6 @@
],
"require": {
"php": ">=8.2",
- "symfony/deprecation-contracts": "^2.5|^3",
"symfony/security-core": "^6.4|^7.0",
"symfony/http-foundation": "^6.4|^7.0",
"symfony/http-kernel": "^6.4|^7.0",
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy