From 5cc0e1cbb1056200a31910884d219a7657065c52 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 4 Jul 2023 10:16:29 +0200 Subject: [PATCH] [SecurityBundle] Deprecate `Security::*` consts and other cleanups --- .github/patch-types.php | 1 + .../Bundle/SecurityBundle/CHANGELOG.md | 5 ++ .../DependencyInjection/SecurityExtension.php | 7 +-- .../Bundle/SecurityBundle/Security.php | 54 +++++++++++++++++-- .../Component/Security/Core/Security.php | 11 ---- 5 files changed, 59 insertions(+), 19 deletions(-) diff --git a/.github/patch-types.php b/.github/patch-types.php index da7f508219140..7cf5d80d64345 100644 --- a/.github/patch-types.php +++ b/.github/patch-types.php @@ -24,6 +24,7 @@ // no break; case false !== strpos($file, '/vendor/'): case false !== strpos($file, '/src/Symfony/Bridge/PhpUnit/'): + case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/ContainerAwareController.php'): case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Validation/Article.php'): case false !== strpos($file, '/src/Symfony/Component/Cache/Tests/Fixtures/DriverWrapper.php'): case false !== strpos($file, '/src/Symfony/Component/Config/Tests/Fixtures/BadFileName.php'): diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index 99b9b94ea3db8..89b5130493c22 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -1,6 +1,11 @@ CHANGELOG ========= +6.4 +--- + + * Deprecate `Security::ACCESS_DENIED_ERROR`, `AUTHENTICATION_ERROR` and `LAST_USERNAME` constants, use the ones on `SecurityRequestAttributes` instead + 6.3 --- diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 8c52a645ea215..17a869516ef10 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -98,7 +98,7 @@ public function load(array $configs, ContainerBuilder $container) if (!array_filter($configs)) { trigger_deprecation('symfony/security-bundle', '6.3', 'Enabling bundle "%s" and not configuring it is deprecated.', SecurityBundle::class); // uncomment the following line in 7.0 - // throw new InvalidArgumentException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class)); + // throw new InvalidConfigurationException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class)); return; } @@ -192,9 +192,6 @@ public function load(array $configs, ContainerBuilder $container) $container->getDefinition('security.authorization_checker')->setArgument(3, false); } - /** - * @throws \InvalidArgumentException if the $strategy is invalid - */ private function createStrategyDefinition(string $strategy, bool $allowIfAllAbstainDecisions, bool $allowIfEqualGrantedDeniedDecisions): Definition { return match ($strategy) { @@ -202,7 +199,7 @@ private function createStrategyDefinition(string $strategy, bool $allowIfAllAbst MainConfiguration::STRATEGY_CONSENSUS => new Definition(ConsensusStrategy::class, [$allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions]), MainConfiguration::STRATEGY_UNANIMOUS => new Definition(UnanimousStrategy::class, [$allowIfAllAbstainDecisions]), MainConfiguration::STRATEGY_PRIORITY => new Definition(PriorityStrategy::class, [$allowIfAllAbstainDecisions]), - default => throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy)), + default => throw new InvalidConfigurationException(sprintf('The strategy "%s" is not supported.', $strategy)), }; } diff --git a/src/Symfony/Bundle/SecurityBundle/Security.php b/src/Symfony/Bundle/SecurityBundle/Security.php index d5cd800e020a8..84f8c7c7b6684 100644 --- a/src/Symfony/Bundle/SecurityBundle/Security.php +++ b/src/Symfony/Bundle/SecurityBundle/Security.php @@ -16,6 +16,8 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; use Symfony\Component\Security\Core\Exception\LogicException; use Symfony\Component\Security\Core\Exception\LogoutException; use Symfony\Component\Security\Core\Security as LegacySecurity; @@ -27,6 +29,17 @@ use Symfony\Component\Security\Http\SecurityRequestAttributes; use Symfony\Contracts\Service\ServiceProviderInterface; +if (class_exists(LegacySecurity::class)) { + class_alias(LegacySecurity::class, InternalSecurity::class); +} else { + /** + * @internal + */ + class InternalSecurity + { + } +} + /** * Helper class for commonly-needed security tasks. * @@ -36,15 +49,50 @@ * * @final */ -class Security extends LegacySecurity +class Security extends InternalSecurity implements AuthorizationCheckerInterface { + /** + * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead + */ public const ACCESS_DENIED_ERROR = SecurityRequestAttributes::ACCESS_DENIED_ERROR; + + /** + * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead + */ public const AUTHENTICATION_ERROR = SecurityRequestAttributes::AUTHENTICATION_ERROR; + + /** + * @deprecated since Symfony 6.4, use SecurityRequestAttributes::ACCESS_DENIED_ERROR instead + */ public const LAST_USERNAME = SecurityRequestAttributes::LAST_USERNAME; - public function __construct(private readonly ContainerInterface $container, private readonly array $authenticators = []) + public function __construct( + private readonly ContainerInterface $container, + private readonly array $authenticators = [], + ) { + } + + public function getUser(): ?UserInterface + { + if (!$token = $this->getToken()) { + return null; + } + + return $token->getUser(); + } + + /** + * Checks if the attributes are granted against the current authentication token and optionally supplied subject. + */ + public function isGranted(mixed $attributes, mixed $subject = null): bool + { + return $this->container->get('security.authorization_checker') + ->isGranted($attributes, $subject); + } + + public function getToken(): ?TokenInterface { - parent::__construct($container, false); + return $this->container->get('security.token_storage')->getToken(); } public function getFirewallConfig(Request $request): ?FirewallConfig diff --git a/src/Symfony/Component/Security/Core/Security.php b/src/Symfony/Component/Security/Core/Security.php index 97f1c8ce1f568..bb2576a7ab9dc 100644 --- a/src/Symfony/Component/Security/Core/Security.php +++ b/src/Symfony/Component/Security/Core/Security.php @@ -24,19 +24,8 @@ */ class Security implements AuthorizationCheckerInterface { - /** - * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::ACCESS_DENIED_ERROR instead - */ public const ACCESS_DENIED_ERROR = '_security.403_error'; - - /** - * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::AUTHENTICATION_ERROR instead - */ public const AUTHENTICATION_ERROR = '_security.last_error'; - - /** - * @deprecated since Symfony 6.2, use \Symfony\Bundle\SecurityBundle\Security::LAST_USERNAME instead - */ public const LAST_USERNAME = '_security.last_username'; /** pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy