diff --git a/UPGRADE-8.0.md b/UPGRADE-8.0.md
index 1a0fb23c89891..225039362f4ae 100644
--- a/UPGRADE-8.0.md
+++ b/UPGRADE-8.0.md
@@ -388,6 +388,7 @@ Security
* Remove callable firewall listeners support, extend `AbstractListener` or implement `FirewallListenerInterface` instead
* Remove `AbstractListener::__invoke`
* Remove `LazyFirewallContext::__invoke()`
+ * Remove `RememberMeToken::getSecret()`
SecurityBundle
--------------
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
index dfbe20ec972e3..e9bca72036686 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
@@ -21,8 +21,6 @@
*/
class RememberMeToken extends AbstractToken
{
- private ?string $secret = null;
-
/**
* @throws \InvalidArgumentException
*/
@@ -32,11 +30,6 @@ public function __construct(
) {
parent::__construct($user->getRoles());
- if (\func_num_args() > 2) {
- trigger_deprecation('symfony/security-core', '7.2', 'The "$secret" argument of "%s()" is deprecated.', __METHOD__);
- $this->secret = func_get_arg(2);
- }
-
if (!$firewallName) {
throw new InvalidArgumentException('$firewallName must not be empty.');
}
@@ -49,25 +42,14 @@ public function getFirewallName(): string
return $this->firewallName;
}
- /**
- * @deprecated since Symfony 7.2
- */
- public function getSecret(): string
- {
- trigger_deprecation('symfony/security-core', '7.2', 'The "%s()" method is deprecated.', __METHOD__);
-
- return $this->secret ??= base64_encode(random_bytes(8));
- }
-
public function __serialize(): array
{
- // $this->firewallName should be kept at index 1 for compatibility with payloads generated before Symfony 8
- return [$this->secret, $this->firewallName, parent::__serialize()];
+ return [null, $this->firewallName, parent::__serialize()];
}
public function __unserialize(array $data): void
{
- [$this->secret, $this->firewallName, $parentData] = $data;
+ [, $this->firewallName, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md
index 29f220137931c..5d48dfa6bdbe7 100644
--- a/src/Symfony/Component/Security/Core/CHANGELOG.md
+++ b/src/Symfony/Component/Security/Core/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
8.0
---
+ * Remove `RememberMeToken::getSecret()`
* Remove `UserInterface::eraseCredentials()` and `TokenInterface::eraseCredentials()`,
erase credentials e.g. using `__serialize()` instead
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php
index b0cdbaf18c657..07f7674e0f0a3 100644
--- a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php
@@ -27,17 +27,6 @@ public function testConstructor()
$this->assertSame($user, $token->getUser());
}
- /**
- * @group legacy
- */
- public function testSecret()
- {
- $user = $this->getUser();
- $token = new RememberMeToken($user, 'fookey', 'foo');
-
- $this->assertEquals('foo', $token->getSecret());
- }
-
protected function getUser($roles = ['ROLE_FOO'])
{
$user = $this->createMock(UserInterface::class);
diff --git a/src/Symfony/Component/Security/Core/composer.json b/src/Symfony/Component/Security/Core/composer.json
index 2cb894cf4fd57..fdee3efa5061d 100644
--- a/src/Symfony/Component/Security/Core/composer.json
+++ b/src/Symfony/Component/Security/Core/composer.json
@@ -17,7 +17,6 @@
],
"require": {
"php": ">=8.4",
- "symfony/deprecation-contracts": "^2.5|^3",
"symfony/event-dispatcher-contracts": "^2.5|^3",
"symfony/password-hasher": "^7.4|^8.0",
"symfony/service-contracts": "^2.5|^3"
diff --git a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
index c695be084861b..380bf7b21b773 100644
--- a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
@@ -43,34 +43,12 @@
*/
class RememberMeAuthenticator implements InteractiveAuthenticatorInterface
{
- private string $secret;
- private TokenStorageInterface $tokenStorage;
- private string $cookieName;
- private ?LoggerInterface $logger;
-
- /**
- * @param TokenStorageInterface $tokenStorage
- * @param string $cookieName
- * @param ?LoggerInterface $logger
- */
public function __construct(
private RememberMeHandlerInterface $rememberMeHandler,
- #[\SensitiveParameter] TokenStorageInterface|string $tokenStorage,
- string|TokenStorageInterface $cookieName,
- LoggerInterface|string|null $logger = null,
+ private TokenStorageInterface $tokenStorage,
+ private string $cookieName,
+ private ?LoggerInterface $logger = null,
) {
- if (\is_string($tokenStorage)) {
- trigger_deprecation('symfony/security-http', '7.2', 'The "$secret" argument of "%s()" is deprecated.', __METHOD__);
-
- $this->secret = $tokenStorage;
- $tokenStorage = $cookieName;
- $cookieName = $logger;
- $logger = \func_num_args() > 4 ? func_get_arg(4) : null;
- }
-
- $this->tokenStorage = $tokenStorage;
- $this->cookieName = $cookieName;
- $this->logger = $logger;
}
public function supports(Request $request): ?bool
@@ -109,10 +87,6 @@ public function authenticate(Request $request): Passport
public function createToken(Passport $passport, string $firewallName): TokenInterface
{
- if (isset($this->secret)) {
- return new RememberMeToken($passport->getUser(), $firewallName, $this->secret);
- }
-
return new RememberMeToken($passport->getUser(), $firewallName);
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy