[Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener #19307
Conversation
|
👍 Status: Reviewed |
|
So it looks like we are missing tests for this statement. Can we add one? |
|
@xabbuh : Hmm, I'm kind of confused by your comment, because I guess it's not the scope of this PR to add a test case for the Would it be enough to mock the I'm not sure about the point of such a test, considering the fact a regression is very unlikely to happen. Appart from proving the deprecation was triggered before, which we can obviously observe by looking at the code. 😕 Anyway, I've added a successful digest authentication test case, which will trigger the deprecation without this fix. But I guess the test case itself has to be backported to 2.7, so should not be part of this very same PR. Let me know how to proceed. |
|
I think adding the test in 2.8 is fine. This class is rarely used/useful anyway. |
…igestAuthenticationListener Also adds a simple DigestAuthenticationListener test case.
|
@fabpot : Fine. Thanks for the answer. I'll squash my commits then. |
|
Thank you @ogizanagi. |
…ryPoint::getKey() in DigestAuthenticationListener (Maxime STEINHAUSSER) This PR was squashed before being merged into the 2.8 branch (closes #19307). Discussion ---------- [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Fix the following deprecation triggered by Symfony when using the `http_digest` authentication: <details> <summary>Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint::getKey() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead. </summary> > DigestAuthenticationEntryPoint::getKey() (called from DigestAuthenticationListener.php at line 81) DigestAuthenticationListener::handle() (called from classes.php at line 2622) Firewall::onKernelRequest() call_user_func() (called from WrappedListener.php at line 61) WrappedListener::__invoke() call_user_func() (called from classes.php at line 1858) EventDispatcher::doDispatch() (called from classes.php at line 1773) EventDispatcher::dispatch() (called from TraceableEventDispatcher.php at line 140) TraceableEventDispatcher::dispatch() (called from HttpKernel.php at line 125) HttpKernel::handleRaw() (called from HttpKernel.php at line 64) HttpKernel::handle() (called from ContainerAwareHttpKernel.php at line 69) ContainerAwareHttpKernel::handle() (called from Kernel.php at line 193) Kernel::handle() (called from app_dev.php at line 36) </details> Refs: #16493 Commits ------- 880a392 [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
Fix the following deprecation triggered by Symfony when using the
http_digestauthentication:Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint::getKey() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead.
Refs: #16493