From e36259db5c10d2a15d1a2028681b7341c1cd3e9f Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Fri, 6 Dec 2024 11:20:22 +0100 Subject: [PATCH] [Security] Deprecate `UserInterface` & `TokenInterface`'s `eraseCredentials()` --- UPGRADE-7.3.md | 19 ++++++- .../app/CacheAttributeListener/config.yml | 1 + .../Tests/Functional/app/Security/config.yml | 1 + .../Bundle/SecurityBundle/CHANGELOG.md | 1 + .../Security/Factory/LdapFactoryTrait.php | 7 +++ .../DependencyInjection/SecurityExtension.php | 3 ++ .../Debug/TraceableFirewallListenerTest.php | 4 +- .../AddSessionDomainConstraintPassTest.php | 1 + ...ewallsEventDispatcherTraceablePassTest.php | 1 + ...erGlobalSecurityEventListenersPassTest.php | 5 ++ ...ess_decision_manager_customized_config.php | 1 + ...cess_decision_manager_default_strategy.php | 1 + .../php/access_decision_manager_service.php | 1 + ..._decision_manager_service_and_strategy.php | 1 + ...cess_decision_manager_strategy_service.php | 1 + .../Fixtures/php/argon2i_hasher.php | 1 + .../Fixtures/php/authenticator_manager.php | 1 + .../Fixtures/php/bcrypt_hasher.php | 1 + .../Fixtures/php/container1.php | 1 + .../Fixtures/php/firewall_patterns.php | 1 + .../Fixtures/php/firewall_provider.php | 1 + .../php/firewall_undefined_provider.php | 1 + .../Fixtures/php/listener_provider.php | 1 + .../php/listener_undefined_provider.php | 1 + .../Fixtures/php/logout_clear_site_data.php | 1 + .../Fixtures/php/merge.php | 1 + .../Fixtures/php/merge_import.php | 1 + .../Fixtures/php/migrating_hasher.php | 1 + .../Fixtures/php/no_custom_user_checker.php | 1 + .../Fixtures/php/remember_me_options.php | 1 + .../Fixtures/php/sodium_hasher.php | 1 + ...ess_decision_manager_customized_config.xml | 2 +- ...cess_decision_manager_default_strategy.xml | 2 +- .../xml/access_decision_manager_service.xml | 2 +- ..._decision_manager_service_and_strategy.xml | 2 +- ...cess_decision_manager_strategy_service.xml | 2 +- .../Fixtures/xml/argon2i_hasher.xml | 2 +- .../Fixtures/xml/authenticator_manager.xml | 2 +- .../Fixtures/xml/bcrypt_hasher.xml | 2 +- .../Fixtures/xml/container1.xml | 2 +- ...stom_authenticator_under_own_namespace.xml | 2 +- ...authenticator_under_security_namespace.xml | 2 +- .../custom_provider_under_own_namespace.xml | 2 +- ...stom_provider_under_security_namespace.xml | 2 +- .../Fixtures/xml/firewall_provider.xml | 2 +- .../xml/firewall_undefined_provider.xml | 2 +- .../Fixtures/xml/listener_provider.xml | 2 +- .../xml/listener_undefined_provider.xml | 2 +- .../Fixtures/xml/logout_clear_site_data.xml | 2 +- .../Fixtures/xml/merge.xml | 2 +- .../Fixtures/xml/merge_import.xml | 2 +- .../Fixtures/xml/migrating_hasher.xml | 2 +- .../Fixtures/xml/no_custom_user_checker.xml | 2 +- .../Fixtures/xml/remember_me_options.xml | 2 +- .../Fixtures/xml/sodium_hasher.xml | 2 +- ...ess_decision_manager_customized_config.yml | 1 + ...cess_decision_manager_default_strategy.yml | 1 + .../yml/access_decision_manager_service.yml | 1 + ..._decision_manager_service_and_strategy.yml | 1 + ...cess_decision_manager_strategy_service.yml | 1 + .../Fixtures/yml/argon2i_hasher.yml | 1 + .../Fixtures/yml/authenticator_manager.yml | 1 + .../Fixtures/yml/bcrypt_hasher.yml | 1 + .../Fixtures/yml/container1.yml | 1 + .../Fixtures/yml/firewall_patterns.yml | 1 + .../Fixtures/yml/firewall_provider.yml | 1 + .../yml/firewall_undefined_provider.yml | 1 + .../Fixtures/yml/listener_provider.yml | 1 + .../yml/listener_undefined_provider.yml | 1 + .../Fixtures/yml/logout_clear_site_data.yml | 1 + .../Fixtures/yml/merge.yml | 1 + .../Fixtures/yml/merge_import.yml | 1 + .../Fixtures/yml/migrating_hasher.yml | 1 + .../Fixtures/yml/no_custom_user_checker.yml | 1 + .../Fixtures/yml/remember_me_options.yml | 1 + .../Fixtures/yml/sodium_hasher.yml | 1 + .../SecurityExtensionTest.php | 32 +++++++++++ .../app/AbstractTokenCompareRoles/config.yml | 1 + .../app/AccessToken/config_anonymous.yml | 1 + .../app/AccessToken/config_body_custom.yml | 1 + .../app/AccessToken/config_body_default.yml | 1 + .../Functional/app/AccessToken/config_cas.yml | 1 + .../AccessToken/config_custom_user_loader.yml | 1 + .../app/AccessToken/config_header_custom.yml | 1 + .../app/AccessToken/config_header_default.yml | 1 + .../config_multiple_extractors.yml | 1 + .../app/AccessToken/config_no_extractors.yml | 1 + .../app/AccessToken/config_no_handler.yml | 1 + .../app/AccessToken/config_oidc.yml | 1 + .../app/AccessToken/config_query_custom.yml | 1 + .../app/AccessToken/config_query_default.yml | 1 + .../config_self_contained_token.yml | 1 + .../Functional/app/AliasedEvents/config.yml | 1 + .../app/Authenticator/custom_handlers.yml | 1 + .../Authenticator/firewall_user_provider.yml | 1 + .../Authenticator/implicit_user_provider.yml | 1 + .../multiple_firewall_user_provider.yml | 1 + .../app/Authenticator/multiple_firewalls.yml | 1 + .../app/Authenticator/no_user_provider.yml | 1 + .../Functional/app/Authenticator/security.yml | 1 + .../Functional/app/AutowiringTypes/config.yml | 1 + .../app/CsrfFormLogin/base_config.yml | 1 + .../Functional/app/CsrfFormLogin/config.yml | 1 + .../app/CsrfFormLogin/routes_as_path.yml | 1 + .../app/FirewallEntryPoint/config.yml | 1 + .../FirewallEntryPoint/config_form_login.yml | 1 + .../Tests/Functional/app/JsonLogin/config.yml | 1 + .../app/JsonLogin/custom_handlers.yml | 1 + .../app/JsonLogin/switchuser_stateless.yml | 1 + .../Functional/app/JsonLoginLdap/config.yml | 1 + .../Tests/Functional/app/LoginLink/config.yml | 1 + .../Functional/app/Logout/config_access.yml | 1 + .../app/Logout/config_cookie_clearing.yml | 1 + .../app/Logout/config_csrf_enabled.yml | 1 + .../config.yml | 1 + .../app/MissingUserProvider/config.yml | 1 + .../Functional/app/RememberMe/config.yml | 1 + .../app/RememberMe/config_persistent.yml | 1 + .../app/RememberMe/config_session.yml | 1 + .../app/RememberMe/stateless_config.yml | 1 + .../app/RememberMeCookie/config.yml | 1 + .../Functional/app/SecurityHelper/config.yml | 1 + .../app/SecurityHelper/config_logout_csrf.yml | 1 + .../app/StandardFormLogin/base_config.yml | 1 + .../invalid_ip_access_control.yml | 1 + .../localized_form_failure_handler.yml | 1 + .../StandardFormLogin/localized_routes.yml | 1 + .../localized_routes_with_forward.yml | 1 + .../StandardFormLogin/login_throttling.yml | 1 + .../app/StandardFormLogin/routes_as_path.yml | 1 + .../app/StandardFormLogin/switchuser.yml | 1 + .../Bundle/SecurityBundle/composer.json | 1 + src/Symfony/Component/Ldap/CHANGELOG.md | 6 +++ .../EraseLdapUserCredentialsListener.php | 48 +++++++++++++++++ .../Component/Ldap/Security/LdapUser.php | 14 ++++- .../EraseLdapUserCredentialsListenerTest.php | 53 +++++++++++++++++++ src/Symfony/Component/Ldap/composer.json | 1 + .../Authentication/Token/AbstractToken.php | 7 +++ .../Core/Authentication/Token/NullToken.php | 5 ++ .../Authentication/Token/TokenInterface.php | 3 ++ .../Component/Security/Core/CHANGELOG.md | 2 + .../Token/AbstractTokenTest.php | 7 +++ .../Core/Tests/User/InMemoryUserTest.php | 3 ++ .../Security/Core/User/InMemoryUser.php | 1 + .../Security/Core/User/UserInterface.php | 16 +++--- .../Authentication/AuthenticatorManager.php | 4 ++ .../Component/Security/Http/CHANGELOG.md | 2 + .../AuthenticatorManagerTest.php | 16 ++++-- .../Component/Security/Http/composer.json | 2 +- 149 files changed, 372 insertions(+), 38 deletions(-) create mode 100644 src/Symfony/Component/Ldap/Security/EraseLdapUserCredentialsListener.php create mode 100644 src/Symfony/Component/Ldap/Tests/Security/EraseLdapUserCredentialsListenerTest.php diff --git a/UPGRADE-7.3.md b/UPGRADE-7.3.md index 0a11e920cca18..cb4dc9d1f96eb 100644 --- a/UPGRADE-7.3.md +++ b/UPGRADE-7.3.md @@ -6,7 +6,23 @@ backward compatibility breaks. Minor backward compatibility breaks are prefixed `[BC BREAK]`, make sure your code is compatible with these entries before upgrading. Read more about this in the [Symfony documentation](https://symfony.com/doc/7.3/setup/upgrade_minor.html). -If you're upgrading from a version below 7.1, follow the [7.2 upgrade guide](UPGRADE-7.2.md) first. +If you're upgrading from a version below 7.2, follow the [7.2 upgrade guide](UPGRADE-7.2.md) first. + +Ldap +---- + + * Deprecate `LdapUser::eraseCredentials()`, use `LdapUser::setPassword(null)` instead + +Security +-------- + + * Deprecate `UserInterface::eraseCredentials()` and `TokenInterface::eraseCredentials()`, + use a dedicated DTO or erase credentials on your own e.g. upon `AuthenticationTokenCreatedEvent` instead + +SecurityBundle +-------------- + + * Deprecate the `erase_credentials` config option, erase credentials on your own e.g. upon `AuthenticationTokenCreatedEvent` instead Console ------- @@ -109,3 +125,4 @@ VarDumper * Deprecate `ResourceCaster::castCurl()`, `ResourceCaster::castGd()` and `ResourceCaster::castOpensslX509()` * Mark all casters as `@internal` + * Deprecate the `CompiledClassMetadataFactory` and `CompiledClassMetadataCacheWarmer` classes diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/CacheAttributeListener/config.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/CacheAttributeListener/config.yml index 21890451a1094..9d0a4003f9181 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/CacheAttributeListener/config.yml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/CacheAttributeListener/config.yml @@ -10,6 +10,7 @@ services: public: true security: + erase_credentials: false providers: main: memory: diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml index a223672eb9e12..1960601e1e082 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml @@ -8,6 +8,7 @@ services: - container.service_subscriber security: + erase_credentials: false providers: main: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index ae199536724f0..71d241f1531cf 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -6,6 +6,7 @@ CHANGELOG * Add `Security::isGrantedForUser()` to test user authorization without relying on the session. For example, users not currently logged in, or while processing a message from a message queue * Add encryption support to `OidcTokenHandler` (JWE) + * Deprecate the `erase_credentials` config option, erase credentials on your own e.g. upon `AuthenticationTokenCreatedEvent` instead 7.2 --- diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/LdapFactoryTrait.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/LdapFactoryTrait.php index deccbb3975469..f78f337aed101 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/LdapFactoryTrait.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/LdapFactoryTrait.php @@ -16,6 +16,7 @@ use Symfony\Component\DependencyInjection\Definition; use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\Ldap\Security\CheckLdapCredentialsListener; +use Symfony\Component\Ldap\Security\EraseLdapUserCredentialsListener; use Symfony\Component\Ldap\Security\LdapAuthenticator; /** @@ -42,6 +43,12 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal ->addArgument(new Reference('security.ldap_locator')) ; + if (class_exists(EraseLdapUserCredentialsListener::class && !$container->getParameter('security.authentication.manager.erase_credentials'))) { + $container->setDefinition('security.listener.'.$key.'.'.$firewallName.'erase_ldap_credentials', new Definition(EraseLdapUserCredentialsListener::class)) + ->addTag('kernel.event_subscriber', ['dispatcher' => 'security.event_dispatcher.'.$firewallName]) + ; + } + $ldapAuthenticatorId = 'security.authenticator.'.$key.'.'.$firewallName; $definition = $container->setDefinition($ldapAuthenticatorId, new Definition(LdapAuthenticator::class)) ->setArguments([ diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index f454b9318c183..c3b1d43e6eb46 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -135,6 +135,9 @@ public function load(array $configs, ContainerBuilder $container): void // set some global scalars $container->setParameter('security.access.denied_url', $config['access_denied_url']); + if (true === $config['erase_credentials']) { + trigger_deprecation('symfony/security-bundle', '7.3', 'Setting the "security.erase_credentials" config option to true is deprecated and won\'t have any effect in 8.0, set it to false instead and use your own erasing logic if needed.'); + } $container->setParameter('security.authentication.manager.erase_credentials', $config['erase_credentials']); $container->setParameter('security.authentication.session_strategy.strategy', $config['session_fixation_strategy']); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Debug/TraceableFirewallListenerTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Debug/TraceableFirewallListenerTest.php index cdf53c2007756..d0ecf761401a3 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Debug/TraceableFirewallListenerTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Debug/TraceableFirewallListenerTest.php @@ -103,7 +103,9 @@ public function testOnKernelRequestRecordsAuthenticatorsInfo() [new TraceableAuthenticator($notSupportingAuthenticator), new TraceableAuthenticator($supportingAuthenticator)], $tokenStorage, $dispatcher, - 'main' + 'main', + null, + false ); $listener = new TraceableAuthenticatorManagerListener(new AuthenticatorManagerListener($authenticatorManager)); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php index cf8527589ee2c..077273361225e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php @@ -139,6 +139,7 @@ private function createContainer($sessionStorageOptions) $config = [ 'security' => [ + 'erase_credentials' => false, 'providers' => ['some_provider' => ['id' => 'foo']], 'firewalls' => ['some_firewall' => ['security' => false]], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/MakeFirewallsEventDispatcherTraceablePassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/MakeFirewallsEventDispatcherTraceablePassTest.php index 7cdf96c6a7588..73b6038684c3a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/MakeFirewallsEventDispatcherTraceablePassTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/MakeFirewallsEventDispatcherTraceablePassTest.php @@ -34,6 +34,7 @@ protected function setUp(): void $this->container->registerExtension(new SecurityExtension()); $this->container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]], ]); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPassTest.php index e6567e67d6f7d..fa81e68c2a13c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPassTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPassTest.php @@ -56,6 +56,7 @@ protected function setUp(): void public function testEventIsPropagated(string $configuredEvent, string $registeredEvent) { $this->container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]], ]); @@ -89,6 +90,7 @@ public static function providePropagatedEvents(): array public function testRegisterCustomListener() { $this->container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]], ]); @@ -109,6 +111,7 @@ public function testRegisterCustomListener() public function testRegisterCustomSubscriber() { $this->container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]], ]); @@ -128,6 +131,7 @@ public function testRegisterCustomSubscriber() public function testMultipleFirewalls() { $this->container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true], 'api' => ['pattern' => '/api', 'http_basic' => true]], ]); @@ -157,6 +161,7 @@ public function testMultipleFirewalls() public function testListenerAlreadySpecific() { $this->container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]], ]); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php index 1d0a090f3f589..c2c1d73a40c66 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'access_decision_manager' => [ 'allow_if_all_abstain' => true, 'allow_if_equal_granted_denied' => false, diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php index 1f0adbf3010f1..23db228e8b628 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php index 8f615904ddf0d..d44e0b45598fd 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'access_decision_manager' => [ 'service' => 'app.access_decision_manager', ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php index bd78bdf24d578..e2c6ce5aa39cf 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'access_decision_manager' => [ 'service' => 'app.access_decision_manager', 'strategy' => 'affirmative', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_strategy_service.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_strategy_service.php index 6a435c252fe86..1b695740c9e67 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_strategy_service.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_strategy_service.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'access_decision_manager' => [ 'strategy_service' => 'app.custom_access_decision_strategy', ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php index 341f772e87523..450503d8364dc 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'argon2i', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/authenticator_manager.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/authenticator_manager.php index 3dd4be36ed361..13098a3adfc89 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/authenticator_manager.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/authenticator_manager.php @@ -3,6 +3,7 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge; $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ 'main' => [ 'required_badges' => [CsrfTokenBadge::class, 'RememberMeBadge'], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php index a416b3440d426..c1eb64a6a4bdc 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/bcrypt_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'bcrypt', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php index ea863ca306d75..19328f476716c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'password_hashers' => [ 'JMS\FooBundle\Entity\User1' => 'plaintext', 'JMS\FooBundle\Entity\User2' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_patterns.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_patterns.php index 1b1acdd448b55..08aa0b8769eab 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_patterns.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_patterns.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ 'no_security' => [ 'pattern' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php index 68b8439a7de5a..1f68f4b02a6d9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => [ 'memory' => $memory = [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php index 7c811cae1a4dd..41690c793a2c1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php index 0a6a79f5f208c..df0e3eb93ca40 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php index cc0b776e432c4..d3e265d2ff42e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_clear_site_data.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_clear_site_data.php index 3d02a68bb83df..9170083bd1626 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_clear_site_data.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/logout_clear_site_data.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php index d0bd809579e89..3e51a45763f33 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php @@ -3,6 +3,7 @@ $this->load('merge_import.php'); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php index c85937d6ea2c9..c8bdcd7a87b4d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ 'main' => [ 'form_login' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php index 342ea64805eff..1dbb348d3d2be 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/migrating_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'argon2i', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php index 8559ac7138825..4069325a9b175 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => [ 'memory' => [ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php index cfbef609a18db..f7a36ec191150 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php @@ -1,6 +1,7 @@ loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php index 3ec569ae9a6e2..0e1aec7363c21 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/sodium_hasher.php @@ -3,6 +3,7 @@ $this->load('container1.php'); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'password_hashers' => [ 'JMS\FooBundle\Entity\User7' => [ 'algorithm' => 'sodium', diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml index 012c8dac7b069..e2658ee2234d1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml index 1011f45c4accc..01900bc7c53f1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml index ebc208c057168..ba88b2f581fd5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml index 1f2133ffe02f1..fb9477e0b3e4f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_strategy_service.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_strategy_service.xml index b161ddb5e671c..1cb3fc2974879 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_strategy_service.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_strategy_service.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml index 3dc2c685be321..916dc650217e7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/authenticator_manager.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/authenticator_manager.xml index 54b5189a95dcb..0e7a3feb63f01 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/authenticator_manager.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/authenticator_manager.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge RememberMeBadge diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml index d4c5d3ded1a11..80fad3f4b67c9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml index f54c5064de23b..4774f700180de 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_own_namespace.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_own_namespace.xml index c520645172972..02da8891ea2d3 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_own_namespace.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_own_namespace.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_security_namespace.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_security_namespace.xml index 7bd3790fc0d5f..95ab28c33ccb1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_security_namespace.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_authenticator_under_security_namespace.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_own_namespace.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_own_namespace.xml index e0b1119b522d8..b08404bf0b2dc 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_own_namespace.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_own_namespace.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_security_namespace.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_security_namespace.xml index 647a9b234218b..bd2de8b2107b8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_security_namespace.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/custom_provider_under_security_namespace.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml index e2f0e9865c251..a3a674d9381c8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml index e7f3e6873dfa8..9d873a6f8eaff 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml index 462136c682cc5..7a16c419d00f6 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml index cb82f2cc509f4..36a9ec0f367c4 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_clear_site_data.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_clear_site_data.xml index e0eec6eb46d58..c2553f364f9f8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_clear_site_data.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/logout_clear_site_data.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml index 8caaeeb153e2c..32473a18bba24 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml index e518a7d9acd7a..80a2fae47ebcb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml index a4a9d2010dd71..eaac0019e7e04 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml @@ -12,7 +12,7 @@ - + bcrypt diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml index 2e0e75eabcb37..da122b46bc85a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml @@ -7,7 +7,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml index 767397ada3515..a0963fcc2b338 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml @@ -8,7 +8,7 @@ http://symfony.com/schema/dic/security https://symfony.com/schema/dic/security/security-1.0.xsd"> - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml index fd5cacef7b8a4..7b1817d7b7c21 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml @@ -12,7 +12,7 @@ - + diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml index a8d044f1dec5d..2eb3e1b28c75f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false access_decision_manager: allow_if_all_abstain: true allow_if_equal_granted_denied: false diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml index f7fb5adc2c5d4..89aa51edd9e43 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml index 7ef3d8d93c3ab..257f12c0ab8a6 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false access_decision_manager: service: app.access_decision_manager providers: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml index bd38b21ef3536..c8b35103a0a88 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false access_decision_manager: service: app.access_decision_manager strategy: affirmative diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_strategy_service.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_strategy_service.yml index 5d2afc61d78b6..a5c45f1c86f1b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_strategy_service.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_strategy_service.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false access_decision_manager: strategy_service: app.custom_access_decision_strategy providers: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml index 1079d6e5f8efc..e507cdc46597b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + erase_credentials: false password_hashers: JMS\FooBundle\Entity\User7: algorithm: argon2i diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/authenticator_manager.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/authenticator_manager.yml index 34113fb910b18..d8f1d32e732b5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/authenticator_manager.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/authenticator_manager.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false firewalls: main: required_badges: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml index 8e8397486d68e..93feda1c12d74 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/bcrypt_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + erase_credentials: false password_hashers: JMS\FooBundle\Entity\User7: algorithm: bcrypt diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml index a3123867d8fea..0ee9b577e4bc9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false password_hashers: JMS\FooBundle\Entity\User1: plaintext JMS\FooBundle\Entity\User2: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_patterns.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_patterns.yml index f57fe7131c43f..d01be044a95e0 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_patterns.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_patterns.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false firewalls: no_security: pattern: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml index 11c329aa8e2fe..0ea4cfcf8c887 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml index ec2664054009c..8d048590a35b8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml index 652f23b5f0425..92142af8341f2 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml index 1916df4c2e7ca..2e3417874535f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_clear_site_data.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_clear_site_data.yml index f5e6b83436d63..14add74bfa299 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_clear_site_data.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/logout_clear_site_data.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: id: foo diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml index 60c0bbea558e7..73b5b713b1d77 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge.yml @@ -2,6 +2,7 @@ imports: - { resource: merge_import.yml } security: + erase_credentials: false providers: default: { id: foo } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml index 4f8db0a09f7b4..ab474b39782d0 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/merge_import.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false firewalls: main: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml index 8657b1ee744ad..4a6a09ecb0dd7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/migrating_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + erase_credentials: false password_hashers: JMS\FooBundle\Entity\User7: algorithm: argon2i diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml index 8b7b2e9296cbb..c1da06d20ea49 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml index a521c8c6a803d..c5608cb0cd10c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/remember_me_options.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false providers: default: id: foo diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml index 955a0b2a2059c..7a704ec372bf2 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/sodium_hasher.yml @@ -2,6 +2,7 @@ imports: - { resource: container1.yml } security: + erase_credentials: false password_hashers: JMS\FooBundle\Entity\User7: algorithm: sodium diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php index d0f3549ab8f09..6c70f8de585e3 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php @@ -46,6 +46,7 @@ public function testInvalidCheckPath() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -74,6 +75,7 @@ public function testFirewallWithInvalidUserProvider() $extension->addUserProviderFactory(new DummyProvider()); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'my_foo' => ['foo' => []], ], @@ -97,6 +99,7 @@ public function testDisableRoleHierarchyVoter() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -121,6 +124,7 @@ public function testSwitchUserNotStatelessOnStatelessFirewall() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -143,6 +147,7 @@ public function testPerListenerProvider() { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -163,6 +168,7 @@ public function testMissingProviderForListener() { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -186,6 +192,7 @@ public function testPerListenerProviderWithRememberMeAndAnonymous() { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -210,6 +217,7 @@ public function testRegisterRequestMatchersWithAllowIfExpression() $rawExpression = "'foo' == 'bar' or 1 in [1, 3, 3]"; $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -253,6 +261,7 @@ public function testRegisterAccessControlWithSpecifiedRequestMatcherService() $container->set($requestMatcherId, $requestMatcher); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -287,6 +296,7 @@ public function testRegisterAccessControlWithRequestMatcherAndAdditionalOptionsT $container->set($requestMatcherId, $requestMatcher); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -322,6 +332,7 @@ public function testRegisterAccessControlWithSpecifiedAttributes() { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -357,6 +368,7 @@ public function testRegisterAccessControlWithSpecifiedRoute() { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -392,6 +404,7 @@ public function testRegisterAccessControlWithSpecifiedAttributesThrowsException( { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -416,6 +429,7 @@ public function testRemovesExpressionCacheWarmerDefinitionIfNoExpressions() { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -436,6 +450,7 @@ public function testRegisterTheUserProviderAlias() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -458,6 +473,7 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -484,6 +500,7 @@ public function testAcceptableAccessControlIps($ips) $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -509,6 +526,7 @@ public function testCustomRememberMeHandler() $container->register('custom_remember_me', \stdClass::class); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ 'default' => [ 'remember_me' => ['service' => 'custom_remember_me'], @@ -529,6 +547,7 @@ public function testSecretRememberMeHasher() $container->register('custom_remember_me', \stdClass::class); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ 'default' => [ 'remember_me' => ['secret' => 'very'], @@ -577,6 +596,7 @@ public function testSwitchUserWithSeveralDefinedProvidersButNoFirewallRootProvid { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'first' => ['id' => 'foo'], 'second' => ['id' => 'bar'], @@ -601,6 +621,7 @@ public function testInvalidAccessControlWithEmptyRow() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -626,6 +647,7 @@ public function testValidAccessControlWithEmptyRow() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'default' => ['id' => 'foo'], ], @@ -670,6 +692,7 @@ public function testEntryPointRequired(array $firewall, string $messageRegex) { $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'first' => ['id' => 'users'], ], @@ -702,6 +725,7 @@ public function testConfigureCustomAuthenticator(array $firewall, array $expecte $container = $this->getRawContainer(); $container->register(TestAuthenticator::class); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'providers' => [ 'first' => ['id' => 'users'], ], @@ -735,6 +759,7 @@ public function testCompilesWithoutSessionListenerWithStatelessFirewallWithAuthe $firewallId = 'stateless_firewall'; $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ $firewallId => [ 'pattern' => '/.*', @@ -755,6 +780,7 @@ public function testCompilesWithSessionListenerWithStatefulllFirewallWithAuthent $firewallId = 'statefull_firewall'; $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ $firewallId => [ 'pattern' => '/.*', @@ -778,6 +804,7 @@ public function testUserCheckerWithAuthenticatorManager(array $config, string $e $container->register(TestUserChecker::class); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ 'main' => array_merge([ 'pattern' => '/.*', @@ -807,6 +834,7 @@ public function testConfigureCustomFirewallListener() $extension->addAuthenticatorFactory(new TestFirewallListenerFactory()); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ 'main' => [ 'custom_listener' => true, @@ -828,6 +856,7 @@ public function testClearSiteDataLogoutListenerEnabled() $firewallId = 'logout_firewall'; $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ $firewallId => [ 'logout' => [ @@ -850,6 +879,7 @@ public function testClearSiteDataLogoutListenerDisabled() $firewallId = 'logout_firewall'; $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => [ $firewallId => [ 'logout' => [ @@ -881,6 +911,7 @@ public function testCustomHasherWithMigrateFrom() $container = $this->getRawContainer(); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'password_hashers' => [ 'legacy' => 'md5', 'App\User' => [ @@ -914,6 +945,7 @@ public function testAuthenticatorsDecoration() $container->register(TestAuthenticator::class); $container->loadFromExtension('security', [ + 'erase_credentials' => false, 'firewalls' => ['main' => ['custom_authenticator' => TestAuthenticator::class]], ]); $container->compile(); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml index 88fa7a98eb42f..dda7149897beb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml @@ -8,6 +8,7 @@ services: class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\ArrayUserProvider security: + erase_credentials: false password_hashers: \Symfony\Component\Security\Core\User\UserInterface: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_anonymous.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_anonymous.yml index ae177caf8b3bf..cd34ef7fe9c19 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_anonymous.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_anonymous.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_custom.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_custom.yml index 9c6a203331611..4399a492f57c8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_custom.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_custom.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_default.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_default.yml index c1a7a8e7b6ba8..4585435bddd21 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_default.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_body_default.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_cas.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_cas.yml index 2cd2abc566c05..5f991d000cb4f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_cas.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_cas.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_custom_user_loader.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_custom_user_loader.yml index 2027656b4d83c..fa9f6ed76ab7a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_custom_user_loader.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_custom_user_loader.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_custom.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_custom.yml index befc881f3fb94..3e5dddcffa984 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_custom.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_custom.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_default.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_default.yml index 8dea7ec2ab8da..b62bc5ab7772f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_default.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_header_default.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_multiple_extractors.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_multiple_extractors.yml index a90114f80ac72..da2030df79466 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_multiple_extractors.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_multiple_extractors.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_extractors.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_extractors.yml index 41f1d96e5108b..6d65662069d4a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_extractors.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_extractors.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_handler.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_handler.yml index f3895738680af..893e9ab88b85d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_handler.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_no_handler.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_oidc.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_oidc.yml index 94b46501544dd..acd7083d1aec8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_oidc.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_oidc.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_custom.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_custom.yml index b41be357482ae..01cf8ce56c8f1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_custom.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_custom.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_default.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_default.yml index 16256e32c9e69..3ecd408f67d3d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_default.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_query_default.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_self_contained_token.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_self_contained_token.yml index 8143698fdec1a..bcb7a5086b501 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_self_contained_token.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AccessToken/config_self_contained_token.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AliasedEvents/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AliasedEvents/config.yml index 290804e61cbe6..15961070dddcb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AliasedEvents/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AliasedEvents/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false providers: dummy: memory: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/custom_handlers.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/custom_handlers.yml index df25ce3fa602d..e489d5e91df7c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/custom_handlers.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/custom_handlers.yml @@ -3,6 +3,7 @@ imports: - { resource: ./security.yml } security: + erase_credentials: false firewalls: firewall1: pattern: /firewall1 diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml index 4fb5ce880aacd..15099b4faf4e3 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/firewall_user_provider.yml @@ -3,6 +3,7 @@ imports: - { resource: ./security.yml } security: + erase_credentials: false firewalls: api: pattern: / diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml index 1cb8b0c6786e7..bcb9dc216f8cd 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/implicit_user_provider.yml @@ -3,6 +3,7 @@ imports: - { resource: ./security.yml } security: + erase_credentials: false firewalls: api: pattern: / diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewall_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewall_user_provider.yml index 2630fd00b475f..0364a09ac46d8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewall_user_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewall_user_provider.yml @@ -3,6 +3,7 @@ imports: - { resource: ./security.yml } security: + erase_credentials: false firewalls: main: pattern: ^/main diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewalls.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewalls.yml index b424be8438419..f1cf61de7b71c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewalls.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/multiple_firewalls.yml @@ -3,6 +3,7 @@ imports: - { resource: ./security.yml } security: + erase_credentials: false firewalls: firewall1: pattern: /firewall1 diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/no_user_provider.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/no_user_provider.yml index 6be03adad7283..6dc82c1377ad8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/no_user_provider.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/no_user_provider.yml @@ -6,6 +6,7 @@ services: - true security: + erase_credentials: false firewalls: api: pattern: / diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/security.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/security.yml index 484760a536f60..65680aaee2342 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/security.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Authenticator/security.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml index 2045118e1b9f1..57cfa8b0d4941 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AutowiringTypes/config.yml @@ -7,6 +7,7 @@ services: class: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AutowiringBundle\AutowiredServices autowire: true security: + erase_credentials: false providers: dummy: memory: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml index 9f84b66ee67c1..95f5b91ce769e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/base_config.yml @@ -15,6 +15,7 @@ services: - { name: container.service_subscriber } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml index 98ba0eb5326ad..31f6c93c22bf7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./base_config.yml } security: + erase_credentials: false firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml index d481e6d2b7150..4bd57649ee7bb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/routes_as_path.yml @@ -2,6 +2,7 @@ imports: - { resource: ./config.yml } security: + erase_credentials: false firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml index 9d6b4caee1707..9b17ec2d9ec91 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml @@ -23,6 +23,7 @@ services: logger: { class: Psr\Log\NullLogger } security: + erase_credentials: false firewalls: secure: pattern: ^/secure/ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml index 8763b08110b4e..596be24a471d7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml @@ -2,6 +2,7 @@ imports: - { resource: ./config.yml } security: + erase_credentials: false firewalls: secure: pattern: ^/ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml index 022263a978e6d..6863e77c70f83 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml @@ -6,6 +6,7 @@ framework: serializer: ~ security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml index f1f1a93ab0c0b..5b5dcc38ddb83 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml index 84a0493e050b2..c4233cdc0184f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml @@ -2,6 +2,7 @@ imports: - { resource: ./config.yml } security: + erase_credentials: false providers: in_memory: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml index 71e107b126e54..219a48bedac7e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml @@ -12,6 +12,7 @@ services: protocol_version: 3 referrals: false security: + erase_credentials: false providers: ldap: ldap: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LoginLink/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LoginLink/config.yml index 7feaca0cb88ce..fb089cbe89a2b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LoginLink/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LoginLink/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false providers: in_memory: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_access.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_access.yml index 2542c89319588..fc5a4c976b1c1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_access.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_access.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml index c901fb6ed0147..87c9df61b476b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_cookie_clearing.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_csrf_enabled.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_csrf_enabled.yml index b980795deece8..ce20d7c37a318 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_csrf_enabled.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Logout/config_csrf_enabled.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml index c92abc9b88c33..1ec417daae756 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/MissingUserProvider/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/MissingUserProvider/config.yml index 501a673b4fdea..ea8e129d3ea7b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/MissingUserProvider/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/MissingUserProvider/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false firewalls: default: http_basic: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml index 696a9041e8035..f260a8106eebb 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml index a529c217f2255..308aaceacc22b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_persistent.yml @@ -4,6 +4,7 @@ services: arguments: ['@kernel'] security: + erase_credentials: false firewalls: default: remember_me: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml index 411de7211ebce..ef191f6ab5537 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/config_session.yml @@ -1,4 +1,5 @@ security: + erase_credentials: false firewalls: default: remember_me: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml index 2a21c54c0b206..f043e2f3f34b1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMe/stateless_config.yml @@ -9,6 +9,7 @@ framework: cookie_samesite: lax security: + erase_credentials: false firewalls: default: stateless: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml index b6f7ccfeeb09d..af5c5b0d4edb9 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml index 3837eb5d08190..474b55aa5bacf 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml @@ -25,6 +25,7 @@ services: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator: ~ security: + erase_credentials: false providers: main: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config_logout_csrf.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config_logout_csrf.yml index c397abb9b1aa3..dde568220c162 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config_logout_csrf.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config_logout_csrf.yml @@ -25,6 +25,7 @@ services: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator: ~ security: + erase_credentials: false providers: main: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml index 4260d8aa5545d..44f2ea13680ea 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml @@ -6,6 +6,7 @@ parameters: env(APP_IPS): '127.0.0.1, ::1' security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml index 6b57da1eab294..d2259937d0413 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/invalid_ip_access_control.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/default.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml index f1cddb0e7f92a..01c539fb0c058 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_form_failure_handler.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/default.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml index 83ceaaac81a7c..dac8c01d3375a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/default.yml } security: + erase_credentials: false password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml index 12d90d8835858..40436c312de81 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/localized_routes_with_forward.yml @@ -2,6 +2,7 @@ imports: - { resource: ./localized_routes.yml } security: + erase_credentials: false firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml index 90e276f02d026..e37fe2c974925 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/login_throttling.yml @@ -7,6 +7,7 @@ framework: rate_limiter: ~ security: + erase_credentials: false firewalls: default: login_throttling: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml index fc31d7743a947..e607db619f75f 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routes_as_path.yml @@ -2,6 +2,7 @@ imports: - { resource: ./base_config.yml } security: + erase_credentials: false firewalls: default: form_login: diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml index bd6f56d2c74da..5ac0b3eec2614 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser.yml @@ -2,6 +2,7 @@ imports: - { resource: ./base_config.yml } security: + erase_credentials: false providers: in_memory: memory: diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index fa5cb52ff04b5..5f93b5e4cba75 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -22,6 +22,7 @@ "symfony/clock": "^6.4|^7.0", "symfony/config": "^6.4|^7.0", "symfony/dependency-injection": "^6.4.11|^7.1.4", + "symfony/deprecation-contracts": "^2.5|^3", "symfony/event-dispatcher": "^6.4|^7.0", "symfony/http-kernel": "^6.4|^7.0", "symfony/http-foundation": "^6.4|^7.0", diff --git a/src/Symfony/Component/Ldap/CHANGELOG.md b/src/Symfony/Component/Ldap/CHANGELOG.md index efdb4722f7d6c..a14b98cf6e7fd 100644 --- a/src/Symfony/Component/Ldap/CHANGELOG.md +++ b/src/Symfony/Component/Ldap/CHANGELOG.md @@ -1,6 +1,12 @@ CHANGELOG ========= +7.3 +--- + + * Deprecate `LdapUser::eraseCredentials()`, use `LdapUser::setPassword(null)` instead + * Add `EraseLdapUserCredentialsListener` + 7.2 --- diff --git a/src/Symfony/Component/Ldap/Security/EraseLdapUserCredentialsListener.php b/src/Symfony/Component/Ldap/Security/EraseLdapUserCredentialsListener.php new file mode 100644 index 0000000000000..d10ba401278d1 --- /dev/null +++ b/src/Symfony/Component/Ldap/Security/EraseLdapUserCredentialsListener.php @@ -0,0 +1,48 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Ldap\Security; + +use Psr\Container\ContainerInterface; +use Symfony\Component\EventDispatcher\EventSubscriberInterface; +use Symfony\Component\Ldap\Exception\InvalidCredentialsException; +use Symfony\Component\Ldap\Exception\InvalidSearchCredentialsException; +use Symfony\Component\Ldap\LdapInterface; +use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; +use Symfony\Component\Security\Core\Exception\LogicException; +use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials; +use Symfony\Component\Security\Http\Event\AuthenticationTokenCreatedEvent; +use Symfony\Component\Security\Http\Event\CheckPassportEvent; + +/** + * Erases credentials from LdapUser instances upon successful authentication. + * + * @author Robin Chalas + */ +class EraseLdapUserCredentialsListener implements EventSubscriberInterface +{ + public function onAuthenticationSuccess(AuthenticationSuccessEvent $event): void + { + $user = $event->getAuthenticationToken()->getUser(); + + if (!$user instanceof LdapUser) { + return; + } + + $user->setPassword(null); + } + + public static function getSubscribedEvents(): array + { + return [AuthenticationSuccessEvent::class => ['onAuthenticationSuccess', 256]]; + } +} diff --git a/src/Symfony/Component/Ldap/Security/LdapUser.php b/src/Symfony/Component/Ldap/Security/LdapUser.php index a28320f8c4fc0..d930cb7ac2d1b 100644 --- a/src/Symfony/Component/Ldap/Security/LdapUser.php +++ b/src/Symfony/Component/Ldap/Security/LdapUser.php @@ -62,6 +62,8 @@ public function getUserIdentifier(): string public function eraseCredentials(): void { + trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, call "setPassword(null)" instead.', __METHOD__)); + $this->password = null; } @@ -70,7 +72,7 @@ public function getExtraFields(): array return $this->extraFields; } - public function setPassword(#[\SensitiveParameter] string $password): void + public function setPassword(#[\SensitiveParameter] ?string $password): void { $this->password = $password; } @@ -95,4 +97,14 @@ public function isEqualTo(UserInterface $user): bool return true; } + + public function __serialize(): array + { + return [$this->entry, $this->identifier, null, $this->roles, $this->extraFields]; + } + + public function __unserialize(array $data): void + { + [$this->entry, $this->identifier, $this->password, $this->roles, $this->extraFields] = $data; + } } diff --git a/src/Symfony/Component/Ldap/Tests/Security/EraseLdapUserCredentialsListenerTest.php b/src/Symfony/Component/Ldap/Tests/Security/EraseLdapUserCredentialsListenerTest.php new file mode 100644 index 0000000000000..6d132c7660909 --- /dev/null +++ b/src/Symfony/Component/Ldap/Tests/Security/EraseLdapUserCredentialsListenerTest.php @@ -0,0 +1,53 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Ldap\Tests\Security; + +use PHPUnit\Framework\MockObject\MockObject; +use PHPUnit\Framework\TestCase; +use Psr\Container\ContainerInterface; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Ldap\Adapter\CollectionInterface; +use Symfony\Component\Ldap\Adapter\QueryInterface; +use Symfony\Component\Ldap\Entry; +use Symfony\Component\Ldap\Exception\InvalidCredentialsException; +use Symfony\Component\Ldap\LdapInterface; +use Symfony\Component\Ldap\Security\CheckLdapCredentialsListener; +use Symfony\Component\Ldap\Security\EraseLdapUserCredentialsListener; +use Symfony\Component\Ldap\Security\LdapBadge; +use Symfony\Component\Ldap\Security\LdapUser; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; +use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent; +use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; +use Symfony\Component\Security\Core\User\InMemoryUser; +use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; +use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; +use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials; +use Symfony\Component\Security\Http\Authenticator\Passport\Passport; +use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; +use Symfony\Component\Security\Http\Event\CheckPassportEvent; +use Symfony\Contracts\Service\ServiceLocatorTrait; + +class EraseLdapUserCredentialsListenerTest extends TestCase +{ + public function testPasswordIsErasedOnAuthenticationSuccess() + { + $user = new LdapUser(new Entry(''), 'chalasr', 'password'); + $listener = new EraseLdapUserCredentialsListener(); + + $listener->onAuthenticationSuccess(new AuthenticationSuccessEvent(new UsernamePasswordToken($user, 'main'))); + + $this->assertSame(null, $user->getPassword()); + } +} diff --git a/src/Symfony/Component/Ldap/composer.json b/src/Symfony/Component/Ldap/composer.json index 5ed2995736e11..2867afa5457e3 100644 --- a/src/Symfony/Component/Ldap/composer.json +++ b/src/Symfony/Component/Ldap/composer.json @@ -18,6 +18,7 @@ "require": { "php": ">=8.2", "ext-ldap": "*", + "symfony/deprecation-contracts": "^2.5|^3", "symfony/options-resolver": "^6.4|^7.0" }, "require-dev": { diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php index 67d992ce4e2c3..c8f9267da54b2 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php @@ -58,8 +58,15 @@ public function setUser(UserInterface $user): void $this->user = $user; } + /** + * Removes sensitive information from the token. + * + * @deprecated since Symfony 7.3 + */ public function eraseCredentials(): void { + trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__)); + if ($this->getUser() instanceof UserInterface) { $this->getUser()->eraseCredentials(); } diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php index 9c2e48921ecf6..1c60357c016db 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php @@ -43,6 +43,11 @@ public function getUserIdentifier(): string return ''; } + /** + * Removes sensitive information from the token. + * + * @deprecated since Symfony 7.3 + */ public function eraseCredentials(): void { } diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php index 1e67b1e5e0513..8fb58c161788c 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php @@ -56,6 +56,9 @@ public function setUser(UserInterface $user): void; /** * Removes sensitive information from the token. + * + * @deprecated since Symfony 7.3, use a dedicated DTO instead or implement your + * own erasing logic instead */ public function eraseCredentials(): void; diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md index 3cc738ce5b93c..b3d13372e9f0b 100644 --- a/src/Symfony/Component/Security/Core/CHANGELOG.md +++ b/src/Symfony/Component/Security/Core/CHANGELOG.md @@ -7,6 +7,8 @@ CHANGELOG * Add `UserAuthorizationChecker::isGrantedForUser()` to test user authorization without relying on the session. For example, users not currently logged in, or while processing a message from a message queue. * Add `OfflineTokenInterface` to mark tokens that do not represent the currently logged-in user + * Deprecate `UserInterface::eraseCredentials()` and `TokenInterface::eraseCredentials()`, + use a dedicated DTO or erase credentials on your own e.g. upon `AuthenticationTokenCreatedEvent` instead 7.2 --- diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php index cc1357a14a968..33b652063fff2 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php @@ -12,12 +12,15 @@ namespace Symfony\Component\Security\Core\Tests\Authentication\Token; use PHPUnit\Framework\TestCase; +use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait; use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; use Symfony\Component\Security\Core\User\InMemoryUser; use Symfony\Component\Security\Core\User\UserInterface; class AbstractTokenTest extends TestCase { + use ExpectDeprecationTrait; + /** * @dataProvider provideUsers */ @@ -33,6 +36,9 @@ public static function provideUsers() yield [new InMemoryUser('fabien', null), 'fabien']; } + /** + * @group legacy + */ public function testEraseCredentials() { $token = new ConcreteToken(['ROLE_FOO']); @@ -40,6 +46,7 @@ public function testEraseCredentials() $user = $this->createMock(UserInterface::class); $user->expects($this->once())->method('eraseCredentials'); $token->setUser($user); + $this->expectDeprecation('The Symfony\Component\Security\Core\User\UserInterface::eraseCredentials method is deprecated (since Symfony 7.3, use a dedicated DTO instead or implement your own erasing logic instead).'); $token->eraseCredentials(); } diff --git a/src/Symfony/Component/Security/Core/Tests/User/InMemoryUserTest.php b/src/Symfony/Component/Security/Core/Tests/User/InMemoryUserTest.php index 0e64bce54bb69..4537b1f650331 100644 --- a/src/Symfony/Component/Security/Core/Tests/User/InMemoryUserTest.php +++ b/src/Symfony/Component/Security/Core/Tests/User/InMemoryUserTest.php @@ -53,6 +53,9 @@ public function testIsEnabled() $this->assertFalse($user->isEnabled()); } + /** + * @group legacy + */ public function testEraseCredentials() { $user = new InMemoryUser('fabien', 'superpass'); diff --git a/src/Symfony/Component/Security/Core/User/InMemoryUser.php b/src/Symfony/Component/Security/Core/User/InMemoryUser.php index b14bc077b9dc1..bfaae97fab70b 100644 --- a/src/Symfony/Component/Security/Core/User/InMemoryUser.php +++ b/src/Symfony/Component/Security/Core/User/InMemoryUser.php @@ -76,6 +76,7 @@ public function isEnabled(): bool public function eraseCredentials(): void { + trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__)); } public function isEqualTo(UserInterface $user): bool diff --git a/src/Symfony/Component/Security/Core/User/UserInterface.php b/src/Symfony/Component/Security/Core/User/UserInterface.php index e6078399d685b..9bee95c9a1871 100644 --- a/src/Symfony/Component/Security/Core/User/UserInterface.php +++ b/src/Symfony/Component/Security/Core/User/UserInterface.php @@ -46,18 +46,22 @@ interface UserInterface */ public function getRoles(): array; + /** + * Returns the identifier for this user (e.g. username or email address). + * + * @return non-empty-string + */ + public function getUserIdentifier(): string; + /** * Removes sensitive data from the user. * * This is important if, at any given point, sensitive information like * the plain-text password is stored on this object. + * + * @deprecated since Symfony 7.3, use a dedicated DTO instead or implement your + * own erasing logic instead */ public function eraseCredentials(): void; - /** - * Returns the identifier for this user (e.g. username or email address). - * - * @return non-empty-string - */ - public function getUserIdentifier(): string; } diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php index 6db5a63f8be5f..9e533c7bc5c99 100644 --- a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php +++ b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php @@ -59,6 +59,9 @@ public function __construct( private bool $hideUserNotFoundExceptions = true, private array $requiredBadges = [], ) { + if ($eraseCredentials) { + trigger_deprecation('symfony/security-http', '7.3', sprintf('Passing true as "$eraseCredentials" argument to "%s::__construct()" is deprecated and won\'t have any effect in 8.0, pass "false" instead and use your own erasing logic if needed.', __CLASS__)); + } } /** @@ -198,6 +201,7 @@ private function executeAuthenticator(AuthenticatorInterface $authenticator, Req // announce the authentication token $authenticatedToken = $this->eventDispatcher->dispatch(new AuthenticationTokenCreatedEvent($authenticatedToken, $passport))->getAuthenticatedToken(); + // @deprecated since Symfony 7.3, remove the if statement in 8.0 if (true === $this->eraseCredentials) { $authenticatedToken->eraseCredentials(); } diff --git a/src/Symfony/Component/Security/Http/CHANGELOG.md b/src/Symfony/Component/Security/Http/CHANGELOG.md index 8f6902f29c0e0..335401f9787d9 100644 --- a/src/Symfony/Component/Security/Http/CHANGELOG.md +++ b/src/Symfony/Component/Security/Http/CHANGELOG.md @@ -5,6 +5,8 @@ CHANGELOG --- * Add encryption support to `OidcTokenHandler` (JWE) + * Deprecate passing `true` for the `$eraseCredentials` parameter of `AuthenticatorManager::__construct()`, erase credentials + on your own e.g. upon `AuthenticationTokenCreatedEvent` instead. Passing it won't thave any effect in 8.0. 7.2 --- diff --git a/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticatorManagerTest.php b/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticatorManagerTest.php index a6d090768ceff..44d1a7c562ca1 100644 --- a/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticatorManagerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticatorManagerTest.php @@ -15,6 +15,7 @@ use PHPUnit\Framework\TestCase; use Psr\Log\AbstractLogger; use Psr\Log\LoggerInterface; +use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait; use Symfony\Component\EventDispatcher\EventDispatcher; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; @@ -38,6 +39,8 @@ class AuthenticatorManagerTest extends TestCase { + use ExpectDeprecationTrait; + private MockObject&TokenStorageInterface $tokenStorage; private EventDispatcher $eventDispatcher; private Request $request; @@ -161,7 +164,7 @@ public function testRequiredBadgeMissing() $authenticator->expects($this->once())->method('onAuthenticationFailure')->with($this->anything(), $this->callback(fn ($exception) => 'Authentication failed; Some badges marked as required by the firewall config are not available on the passport: "'.CsrfTokenBadge::class.'".' === $exception->getMessage())); - $manager = $this->createManager([$authenticator], 'main', true, [CsrfTokenBadge::class]); + $manager = $this->createManager([$authenticator], 'main', false, [CsrfTokenBadge::class]); $manager->authenticateRequest($this->request); } @@ -177,11 +180,12 @@ public function testAllRequiredBadgesPresent() $authenticator->expects($this->once())->method('onAuthenticationSuccess'); - $manager = $this->createManager([$authenticator], 'main', true, [CsrfTokenBadge::class]); + $manager = $this->createManager([$authenticator], 'main', false, [CsrfTokenBadge::class]); $manager->authenticateRequest($this->request); } /** + * @group legacy * @dataProvider provideEraseCredentialsData */ public function testEraseCredentials($eraseCredentials) @@ -195,6 +199,10 @@ public function testEraseCredentials($eraseCredentials) $this->token->expects($eraseCredentials ? $this->once() : $this->never())->method('eraseCredentials'); + if ($eraseCredentials) { + $this->expectDeprecation('Since symfony/security-http 7.3: Passing true as "$eraseCredentials" argument to "Symfony\Component\Security\Http\Authentication\AuthenticatorManager::__construct()" is deprecated and won\'t have any effect in 8.0, pass "false" instead and use your own erasing logic if needed.'); + } + $manager = $this->createManager([$authenticator], 'main', $eraseCredentials); $manager->authenticateRequest($this->request); } @@ -365,7 +373,7 @@ public function log($level, $message, array $context = []): void } }; - $manager = $this->createManager([$authenticator], 'main', true, [], $logger); + $manager = $this->createManager([$authenticator], 'main', false, [], $logger); $response = $manager->authenticateRequest($this->request); $this->assertSame($this->response, $response); $this->assertStringContainsString($authenticator::class, $logger->logContexts[0]['authenticator']); @@ -384,7 +392,7 @@ private static function createDummySupportsAuthenticator(?bool $supports = true) return new DummySupportsAuthenticator($supports); } - private function createManager($authenticators, $firewallName = 'main', $eraseCredentials = true, array $requiredBadges = [], ?LoggerInterface $logger = null) + private function createManager($authenticators, $firewallName = 'main', $eraseCredentials = false, array $requiredBadges = [], ?LoggerInterface $logger = null) { return new AuthenticatorManager($authenticators, $this->tokenStorage, $this->eventDispatcher, $firewallName, $logger, $eraseCredentials, true, $requiredBadges); } diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json index 9a443fe8ce621..77f6af87395ec 100644 --- a/src/Symfony/Component/Security/Http/composer.json +++ b/src/Symfony/Component/Security/Http/composer.json @@ -22,7 +22,7 @@ "symfony/http-kernel": "^6.4|^7.0", "symfony/polyfill-mbstring": "~1.0", "symfony/property-access": "^6.4|^7.0", - "symfony/security-core": "^7.2", + "symfony/security-core": "^7.3", "symfony/service-contracts": "^2.5|^3" }, "require-dev": { pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy