Skip to content

Commit fef06f2

Browse files
fabpotfabpot
committed
feature #41247 [Security] Deprecate the old authentication mechanisms (chalasr)
This PR was merged into the 5.3-dev branch. Discussion ---------- [Security] Deprecate the old authentication mechanisms | Q | A | ------------- | --- | Branch? | 5.3 | Bug fix? | no | New feature? | no | Deprecations? | yes/ | Tickets | #39308 | License | MIT | Doc PR | todo Now that the authenticator system proven working well and is considered stable, we can deprecate the old authentication listeners as well as the Guard component (+ integrations). Commits ------- 0bb3964 [Security] Deprecate the old authentication mechanisms
2 parents 4382181 + 0bb3964 commit fef06f2

File tree

190 files changed

+2042
-141
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

190 files changed

+2042
-141
lines changed

UPGRADE-5.3.md

+13
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,15 @@ Security
205205
* Deprecate all classes in the `Core\Encoder\` sub-namespace, use the `PasswordHasher` component instead
206206
* Deprecated voters that do not return a valid decision when calling the `vote` method
207207
* [BC break] Add optional array argument `$badges` to `UserAuthenticatorInterface::authenticateUser()`
208+
* Deprecate `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
209+
`AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
210+
`PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
211+
`AuthenticationFailureEvent` from security-core, use the new authenticator system instead
212+
* Deprecate `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
213+
`BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
214+
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
215+
from security-http, use the new authenticator system instead
216+
* Deprecate the Guard component, use the new authenticator system instead
208217

209218
SecurityBundle
210219
--------------
@@ -218,6 +227,10 @@ SecurityBundle
218227
* Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
219228
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
220229
* Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
230+
* Not setting the `enable_authenticator_manager` config option to `true` is deprecated
231+
* Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead
232+
* Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead
233+
* Deprecate the Guard component integration, use the new authenticator system instead
221234

222235
Serializer
223236
----------

UPGRADE-6.0.md

+13
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,15 @@ Security
293293
`DefaultAuthenticationSuccessHandler`.
294294
* Removed the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName`
295295
* `AccessDecisionManager` now throw an exception when a voter does not return a valid decision.
296+
* Remove `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
297+
`AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
298+
`PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
299+
`AuthenticationFailureEvent` from security-core, use the new authenticator system instead
300+
* Remove `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
301+
`BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
302+
`UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
303+
from security-http, use the new authenticator system instead
304+
* Remove the Guard component, use the new authenticator system instead
296305

297306
SecurityBundle
298307
--------------
@@ -304,6 +313,10 @@ SecurityBundle
304313
* Remove the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
305314
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
306315
* The `security.authorization_checker` and `security.token_storage` services are now private
316+
* Not setting the `enable_authenticator_manager` option to `true` now throws an exception
317+
* Remove the `security.authentication.provider.*` services, use the new authenticator system instead
318+
* Remove the `security.authentication.listener.*` services, use the new authenticator system instead
319+
* Remove the Guard component integration, use the new authenticator system instead
307320

308321
Serializer
309322
----------

src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml

+5
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ services:
88
- container.service_subscriber
99

1010
security:
11+
enable_authenticator_manager: true
12+
1113
providers:
1214
main:
1315
memory:
@@ -30,3 +32,6 @@ security:
3032
form_login:
3133
check_path: /custom/login/check
3234
provider: custom
35+
36+
access_control:
37+
- { path: '^/main/user_profile$', roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

+4
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@ CHANGELOG
1717
* Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
1818
use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
1919
* Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
20+
* Not setting the `enable_authenticator_manager` config option to `true` is deprecated
21+
* Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead
22+
* Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead
23+
* Deprecate the Guard component integration, use the new authenticator system instead
2024

2125
5.2.0
2226
-----

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php

+2
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@
2121
* @author Wouter de Jong <wouter@wouterj.nl>
2222
*
2323
* @internal
24+
*
25+
* @deprecated since Symfony 5.3, use the new authenticator system instead
2426
*/
2527
class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
2628
{

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

+2
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,8 @@ public function load(array $configs, ContainerBuilder $container)
130130
$container->getDefinition('security.authorization_checker')->setArgument(4, false);
131131
$container->getDefinition('security.authorization_checker')->setArgument(5, false);
132132
} else {
133+
trigger_deprecation('symfony/security-bundle', '5.3', 'Not setting the "security.enable_authenticator_manager" config option to true is deprecated.');
134+
133135
$loader->load('security_legacy.php');
134136
}
135137

src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php

+4
Original file line numberDiff line numberDiff line change
@@ -24,8 +24,10 @@
2424
abstract_arg('stateless firewall keys'),
2525
])
2626
->call('setSessionAuthenticationStrategy', [service('security.authentication.session_strategy')])
27+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
2728

2829
->alias(GuardAuthenticatorHandler::class, 'security.authentication.guard_handler')
30+
->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.')
2931

3032
->set('security.authentication.provider.guard', GuardAuthenticationProvider::class)
3133
->abstract()
@@ -36,6 +38,7 @@
3638
abstract_arg('User Checker'),
3739
service('security.password_hasher'),
3840
])
41+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
3942

4043
->set('security.authentication.listener.guard', GuardAuthenticationListener::class)
4144
->abstract()
@@ -48,5 +51,6 @@
4851
param('security.authentication.hide_user_not_found'),
4952
])
5053
->tag('monolog.logger', ['channel' => 'security'])
54+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
5155
;
5256
};

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php

+1
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262

6363
->set('security.authentication.manager', NoopAuthenticationManager::class)
6464
->alias(AuthenticationManagerInterface::class, 'security.authentication.manager')
65+
->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.')
6566

6667
->set('security.firewall.authenticator', AuthenticatorManagerListener::class)
6768
->abstract()

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,6 @@
7373
service('doctrine'),
7474
abstract_arg('user entity class name'),
7575
])
76-
76+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
7777
;
7878
};

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php

+10
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,11 @@
4949
service('security.authentication.manager'),
5050
])
5151
->tag('monolog.logger', ['channel' => 'security'])
52+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
5253

5354
->set('security.authentication.provider.anonymous', AnonymousAuthenticationProvider::class)
5455
->args([abstract_arg('Key')])
56+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
5557

5658
->set('security.authentication.retry_entry_point', RetryAuthenticationEntryPoint::class)
5759
->args([
@@ -161,6 +163,7 @@
161163
->set('security.authentication.listener.form', UsernamePasswordFormAuthenticationListener::class)
162164
->parent('security.authentication.listener.abstract')
163165
->abstract()
166+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
164167

165168
->set('security.authentication.listener.x509', X509AuthenticationListener::class)
166169
->abstract()
@@ -174,6 +177,7 @@
174177
service('event_dispatcher')->nullOnInvalid(),
175178
])
176179
->tag('monolog.logger', ['channel' => 'security'])
180+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
177181

178182
->set('security.authentication.listener.json', UsernamePasswordJsonAuthenticationListener::class)
179183
->abstract()
@@ -191,6 +195,7 @@
191195
])
192196
->call('setTranslator', [service('translator')->ignoreOnInvalid()])
193197
->tag('monolog.logger', ['channel' => 'security'])
198+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
194199

195200
->set('security.authentication.listener.remote_user', RemoteUserAuthenticationListener::class)
196201
->abstract()
@@ -203,6 +208,7 @@
203208
service('event_dispatcher')->nullOnInvalid(),
204209
])
205210
->tag('monolog.logger', ['channel' => 'security'])
211+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
206212

207213
->set('security.authentication.listener.basic', BasicAuthenticationListener::class)
208214
->abstract()
@@ -214,6 +220,7 @@
214220
service('logger')->nullOnInvalid(),
215221
])
216222
->tag('monolog.logger', ['channel' => 'security'])
223+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
217224

218225
->set('security.authentication.provider.dao', DaoAuthenticationProvider::class)
219226
->abstract()
@@ -224,6 +231,7 @@
224231
service('security.password_hasher_factory'),
225232
param('security.authentication.hide_user_not_found'),
226233
])
234+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
227235

228236
->set('security.authentication.provider.ldap_bind', LdapBindAuthenticationProvider::class)
229237
->abstract()
@@ -237,13 +245,15 @@
237245
abstract_arg('search dn'),
238246
abstract_arg('search password'),
239247
])
248+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
240249

241250
->set('security.authentication.provider.pre_authenticated', PreAuthenticatedAuthenticationProvider::class)
242251
->abstract()
243252
->args([
244253
abstract_arg('User Provider'),
245254
abstract_arg('UserChecker'),
246255
])
256+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
247257

248258
->set('security.exception_listener', ExceptionListener::class)
249259
->abstract()

src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.php

+2
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,12 @@
3232
service('security.authentication.session_strategy'),
3333
])
3434
->tag('monolog.logger', ['channel' => 'security'])
35+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
3536

3637
->set('security.authentication.provider.rememberme', RememberMeAuthenticationProvider::class)
3738
->abstract()
3839
->args([abstract_arg('User Checker')])
40+
->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
3941

4042
->set('security.rememberme.token.provider.in_memory', InMemoryTokenProvider::class)
4143

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php

+1
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,7 @@ private function createContainer($sessionStorageOptions)
139139

140140
$config = [
141141
'security' => [
142+
'enable_authenticator_manager' => true,
142143
'providers' => ['some_provider' => ['id' => 'foo']],
143144
'firewalls' => ['some_firewall' => ['security' => false]],
144145
],

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

+131-4
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,127 @@ public function testFirewalls()
127127
$configs[0][2] = strtolower($configs[0][2]);
128128
$configs[2][2] = strtolower($configs[2][2]);
129129

130+
$this->assertEquals([
131+
[
132+
'simple',
133+
'security.user_checker',
134+
'.security.request_matcher.xmi9dcw',
135+
false,
136+
false,
137+
'',
138+
'',
139+
'',
140+
'',
141+
'',
142+
[],
143+
null,
144+
],
145+
[
146+
'secure',
147+
'security.user_checker',
148+
null,
149+
true,
150+
true,
151+
'security.user.provider.concrete.default',
152+
null,
153+
'security.authenticator.form_login.secure',
154+
null,
155+
null,
156+
[
157+
'switch_user',
158+
'x509',
159+
'remote_user',
160+
'form_login',
161+
'http_basic',
162+
'remember_me',
163+
],
164+
[
165+
'parameter' => '_switch_user',
166+
'role' => 'ROLE_ALLOWED_TO_SWITCH',
167+
],
168+
],
169+
[
170+
'host',
171+
'security.user_checker',
172+
'.security.request_matcher.iw4hyjb',
173+
true,
174+
false,
175+
'security.user.provider.concrete.default',
176+
'host',
177+
'security.authenticator.http_basic.host',
178+
null,
179+
null,
180+
[
181+
'http_basic',
182+
],
183+
null,
184+
],
185+
[
186+
'with_user_checker',
187+
'app.user_checker',
188+
null,
189+
true,
190+
false,
191+
'security.user.provider.concrete.default',
192+
'with_user_checker',
193+
'security.authenticator.http_basic.with_user_checker',
194+
null,
195+
null,
196+
[
197+
'http_basic',
198+
],
199+
null,
200+
],
201+
], $configs);
202+
203+
$this->assertEquals([
204+
[],
205+
[
206+
'security.channel_listener',
207+
'security.firewall.authenticator.secure',
208+
'security.authentication.switchuser_listener.secure',
209+
'security.access_listener',
210+
],
211+
[
212+
'security.channel_listener',
213+
'security.context_listener.0',
214+
'security.firewall.authenticator.host',
215+
'security.access_listener',
216+
],
217+
[
218+
'security.channel_listener',
219+
'security.context_listener.1',
220+
'security.firewall.authenticator.with_user_checker',
221+
'security.access_listener',
222+
],
223+
], $listeners);
224+
225+
$this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
226+
}
227+
228+
/**
229+
* @group legacy
230+
*/
231+
public function testLegacyFirewalls()
232+
{
233+
$container = $this->getContainer('legacy_container1');
234+
$arguments = $container->getDefinition('security.firewall.map')->getArguments();
235+
$listeners = [];
236+
$configs = [];
237+
foreach (array_keys($arguments[1]->getValues()) as $contextId) {
238+
$contextDef = $container->getDefinition($contextId);
239+
$arguments = $contextDef->getArguments();
240+
$listeners[] = array_map('strval', $arguments[0]->getValues());
241+
242+
$configDef = $container->getDefinition((string) $arguments[3]);
243+
$configs[] = array_values($configDef->getArguments());
244+
}
245+
246+
// the IDs of the services are case sensitive or insensitive depending on
247+
// the Symfony version. Transform them to lowercase to simplify tests.
248+
$configs[0][2] = strtolower($configs[0][2]);
249+
$configs[2][2] = strtolower($configs[2][2]);
250+
130251
$this->assertEquals([
131252
[
132253
'simple',
@@ -881,15 +1002,21 @@ public function testHashersWithBCrypt()
8811002
]], $container->getDefinition('security.password_hasher_factory')->getArguments());
8821003
}
8831004

884-
public function testRememberMeThrowExceptionsDefault()
1005+
/**
1006+
* @group legacy
1007+
*/
1008+
public function testLegacyRememberMeThrowExceptionsDefault()
8851009
{
886-
$container = $this->getContainer('container1');
1010+
$container = $this->getContainer('legacy_container1');
8871011
$this->assertTrue($container->getDefinition('security.authentication.listener.rememberme.secure')->getArgument(5));
8881012
}
8891013

890-
public function testRememberMeThrowExceptions()
1014+
/**
1015+
* @group legacy
1016+
*/
1017+
public function testLegacyRememberMeThrowExceptions()
8911018
{
892-
$container = $this->getContainer('remember_me_options');
1019+
$container = $this->getContainer('legacy_remember_me_options');
8931020
$service = $container->getDefinition('security.authentication.listener.rememberme.main');
8941021
$this->assertEquals('security.authentication.rememberme.services.persistent.main', $service->getArgument(1));
8951022
$this->assertFalse($service->getArgument(5));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php

+1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<?php
22

33
$container->loadFromExtension('security', [
4+
'enable_authenticator_manager' => true,
45
'access_decision_manager' => [
56
'allow_if_all_abstain' => true,
67
'allow_if_equal_granted_denied' => false,

0 commit comments

Comments
 (0)