Skip to content

Commit 9d06fe2

Browse files
xabbuhxabbuh
committed
deprecate the $secret argument of the PersistentRememberMeHandler constructor
1 parent 0383b06 commit 9d06fe2

File tree

6 files changed

+51
-5
lines changed

6 files changed

+51
-5
lines changed

UPGRADE-6.3.md

+5
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,11 @@ Messenger
5656
`Symfony\Component\Messenger\Transport\InMemory\InMemoryTransport` and
5757
`Symfony\Component\Messenger\Transport\InMemory\InMemoryTransportFactory`
5858

59+
Security
60+
--------
61+
62+
* Deprecate passing a secret as the 2nd argument to the constructor of `Symfony\Component\Security\Http\RememberMe\PersistentRememberMeHandler`
63+
5964
SecurityBundle
6065
--------------
6166

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_remember_me.php

-1
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,6 @@
5050
->abstract()
5151
->args([
5252
abstract_arg('token provider'),
53-
param('kernel.secret'),
5453
abstract_arg('user provider'),
5554
service('request_stack'),
5655
abstract_arg('options'),

src/Symfony/Bundle/SecurityBundle/composer.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
"symfony/password-hasher": "^5.4|^6.0",
2828
"symfony/security-core": "^6.2",
2929
"symfony/security-csrf": "^5.4|^6.0",
30-
"symfony/security-http": "^6.2.6"
30+
"symfony/security-http": "^6.3"
3131
},
3232
"require-dev": {
3333
"doctrine/annotations": "^1.10.4|^2",

src/Symfony/Component/Security/Http/CHANGELOG.md

+5
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
6.3
5+
---
6+
7+
* Deprecate passing a secret as the 2nd argument to the constructor of `Symfony\Component\Security\Http\RememberMe\PersistentRememberMeHandler`
8+
49
6.2
510
---
611

src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php

+38-1
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,45 @@ final class PersistentRememberMeHandler extends AbstractRememberMeHandler
3535
private TokenProviderInterface $tokenProvider;
3636
private ?TokenVerifierInterface $tokenVerifier;
3737

38-
public function __construct(TokenProviderInterface $tokenProvider, #[\SensitiveParameter] string $secret, UserProviderInterface $userProvider, RequestStack $requestStack, array $options, LoggerInterface $logger = null, TokenVerifierInterface $tokenVerifier = null)
38+
/**
39+
* @param UserProviderInterface $userProvider
40+
* @param RequestStack $requestStack
41+
* @param array $options
42+
* @param LoggerInterface|null $logger
43+
* @param TokenVerifierInterface|null $tokenVerifier
44+
*/
45+
public function __construct(TokenProviderInterface $tokenProvider, #[\SensitiveParameter] $userProvider, $requestStack, $options, $logger = null, $tokenVerifier = null)
3946
{
47+
if (\is_string($userProvider)) {
48+
trigger_deprecation('symfony/security-http', '6.3', 'Calling "%s()" with the secret as the second argument is deprecated. The argument will be dropped in 7.0.', __CLASS__);
49+
50+
$userProvider = $requestStack;
51+
$requestStack = $options;
52+
$options = $logger;
53+
$logger = $tokenVerifier;
54+
$tokenVerifier = \func_num_args() > 6 ? func_get_arg(6) : null;
55+
}
56+
57+
if (!$userProvider instanceof UserProviderInterface) {
58+
throw new \TypeError(sprintf('Argument 2 passed to "%s()" must an instance of "%s", "%s" given.', __CLASS__, UserProviderInterface::class, get_debug_type($userProvider)));
59+
}
60+
61+
if (!$requestStack instanceof RequestStack) {
62+
throw new \TypeError(sprintf('Argument 3 passed to "%s()" must an instance of "%s", "%s" given.', __CLASS__, RequestStack::class, get_debug_type($userProvider)));
63+
}
64+
65+
if (!\is_array($options)) {
66+
throw new \TypeError(sprintf('Argument 4 passed to "%s()" must an array, "%s" given.', __CLASS__, get_debug_type($userProvider)));
67+
}
68+
69+
if (null !== $logger && !$logger instanceof LoggerInterface) {
70+
throw new \TypeError(sprintf('Argument 5 passed to "%s()" must an instance of "%s", "%s" given.', __CLASS__, LoggerInterface::class, get_debug_type($userProvider)));
71+
}
72+
73+
if (null !== $tokenVerifier && !$tokenVerifier instanceof TokenVerifierInterface) {
74+
throw new \TypeError(sprintf('Argument 6 passed to "%s()" must an instance of "%s", "%s" given.', __CLASS__, TokenVerifierInterface::class, get_debug_type($userProvider)));
75+
}
76+
4077
parent::__construct($userProvider, $requestStack, $options, $logger);
4178

4279
if (!$tokenVerifier && $tokenProvider instanceof TokenVerifierInterface) {

src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ protected function setUp(): void
4242
$this->requestStack = new RequestStack();
4343
$this->request = Request::create('/login');
4444
$this->requestStack->push($this->request);
45-
$this->handler = new PersistentRememberMeHandler($this->tokenProvider, 'secret', $this->userProvider, $this->requestStack, []);
45+
$this->handler = new PersistentRememberMeHandler($this->tokenProvider, $this->userProvider, $this->requestStack, []);
4646
}
4747

4848
public function testCreateRememberMeCookie()
@@ -104,7 +104,7 @@ public function testConsumeRememberMeCookieValid()
104104
public function testConsumeRememberMeCookieValidByValidatorWithoutUpdate()
105105
{
106106
$verifier = $this->createMock(TokenVerifierInterface::class);
107-
$handler = new PersistentRememberMeHandler($this->tokenProvider, 'secret', $this->userProvider, $this->requestStack, [], null, $verifier);
107+
$handler = new PersistentRememberMeHandler($this->tokenProvider, $this->userProvider, $this->requestStack, [], null, $verifier);
108108

109109
$persistentToken = new PersistentToken(InMemoryUser::class, 'wouter', 'series1', 'tokenvalue', new \DateTime('30 seconds'));
110110

0 commit comments

Comments
 (0)