symfony · ogizanagi · Sep 26, 2017 · Sep 26, 2017
diff --git a/UPGRADE-3.4.md b/UPGRADE-3.4.md
@@ -270,6 +270,13 @@ Profiler
 
  * The `profiler.matcher` option has been deprecated.
 
+Security
+--------
+
+ * Deprecated the HTTP digest authentication: `NonceExpiredException`, 
+   `DigestAuthenticationListener` and `DigestAuthenticationEntryPoint` will be 
+   removed in 4.0. Use another authentication system like `http_basic` instead.
+
 SecurityBundle
 --------------
 
@@ -290,6 +297,9 @@ SecurityBundle
  * Added `logout_on_user_change` to the firewall options. This config item will
    trigger a logout when the user has changed. Should be set to true to avoid
    deprecations in the configuration.
+
+ * Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0.
+   Use another authentication system like `http_basic` instead.
 
 Translation
 -----------

diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
@@ -652,6 +652,10 @@ Security
  * Calling `ContextListener::setLogoutOnUserChange(false)` won't have any
    effect anymore.
 
+ * Removed the HTTP digest authentication system. The `NonceExpiredException`,
+   `DigestAuthenticationListener` and `DigestAuthenticationEntryPoint` classes
+   have been removed. Use another authentication system like `http_basic` instead.
+
 SecurityBundle
 --------------
 
@@ -672,6 +676,9 @@ SecurityBundle
 
  * The firewall option `logout_on_user_change` is now always true, which will
    trigger a logout if the user changes between requests.
+
+ * Removed the HTTP digest authentication system. The `HttpDigestFactory` class
+   has been removed. Use another authentication system like `http_basic` instead.
 
 Serializer
 ----------

diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -9,6 +9,7 @@ CHANGELOG
  * made the first `UserPasswordEncoderCommand::_construct()` argument mandatory
  * `UserPasswordEncoderCommand` does not extend `ContainerAwareCommand` anymore
  * removed support for voters that don't implement the `VoterInterface`
+ * removed HTTP digest authentication
 
 3.4.0
 -----
@@ -25,6 +26,7 @@ CHANGELOG
  * Added `logout_on_user_change` to the firewall options. This config item will
    trigger a logout when the user has changed. Should be set to true to avoid
    deprecations in the configuration.
+ * deprecated HTTP digest authentication
 
 3.3.0
 -----

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
@@ -26,8 +26,6 @@
 
         <service id="security.authentication.basic_entry_point" class="Symfony\Component\Security\Http\EntryPoint\BasicAuthenticationEntryPoint" />
 
-        <service id="security.authentication.digest_entry_point" class="Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint" />
-
         <service id="security.channel_listener" class="Symfony\Component\Security\Http\Firewall\ChannelListener">
             <tag name="monolog.logger" channel="security" />
             <argument type="service" id="security.access_map" />
@@ -180,15 +178,6 @@
             <argument type="service" id="logger" on-invalid="null" />
         </service>
 
-        <service id="security.authentication.listener.digest" class="Symfony\Component\Security\Http\Firewall\DigestAuthenticationListener" abstract="true">
-            <tag name="monolog.logger" channel="security" />
-            <argument type="service" id="security.token_storage" />
-            <argument /> <!-- User Provider -->
-            <argument /> <!-- Provider-shared Key -->
-            <argument /> <!-- Entry Point -->
-            <argument type="service" id="logger" on-invalid="null" />
-        </service>
-
         <service id="security.authentication.provider.dao" class="Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider" abstract="true">
             <argument /> <!-- User Provider -->
             <argument /> <!-- User Checker -->

diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php
@@ -20,7 +20,6 @@
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FormLoginLdapFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpBasicFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpBasicLdapFactory;
-use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpDigestFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\X509Factory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RemoteUserFactory;
@@ -47,7 +46,6 @@ public function build(ContainerBuilder $container)
         $extension->addSecurityListenerFactory(new JsonLoginFactory());
         $extension->addSecurityListenerFactory(new HttpBasicFactory());
         $extension->addSecurityListenerFactory(new HttpBasicLdapFactory());
-        $extension->addSecurityListenerFactory(new HttpDigestFactory());
         $extension->addSecurityListenerFactory(new RememberMeFactory());
         $extension->addSecurityListenerFactory(new X509Factory());
         $extension->addSecurityListenerFactory(new RemoteUserFactory());

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -111,7 +111,6 @@ public function testFirewalls()
                     'remote_user',
                     'form_login',
                     'http_basic',
-                    'http_digest',
                     'remember_me',
                     'anonymous',
                 ),
@@ -165,7 +164,6 @@ public function testFirewalls()
                 'security.authentication.listener.remote_user.secure',
                 'security.authentication.listener.form.secure',
                 'security.authentication.listener.basic.secure',
-                'security.authentication.listener.digest.secure',
                 'security.authentication.listener.rememberme.secure',
                 'security.authentication.listener.anonymous.secure',
                 'security.authentication.switchuser_listener.secure',

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
@@ -64,7 +64,6 @@
         'simple' => array('pattern' => '/login', 'security' => false),
         'secure' => array('stateless' => true,
             'http_basic' => true,
-            'http_digest' => array('secret' => 'TheSecret'),
             'form_login' => true,
             'anonymous' => true,
             'switch_user' => true,

diff --git a/...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php b/...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php
@@ -15,7 +15,6 @@
         'secure' => array(
             'stateless' => true,
             'http_basic' => true,
-            'http_digest' => array('secret' => 'TheSecret'),
             'form_login' => true,
             'anonymous' => true,
             'switch_user' => true,

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
@@ -49,7 +49,6 @@
 
         <firewall name="secure" stateless="true">
             <http-basic />
-            <http-digest secret="TheSecret" />
             <form-login />
             <anonymous />
             <switch-user />

diff --git a/...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml b/...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml
@@ -15,7 +15,6 @@
 
         <firewall name="secure" stateless="true">
             <http-basic />
-            <http-digest secret="TheSecret" />
             <form-login />
             <anonymous />
             <switch-user />

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
@@ -46,8 +46,6 @@ security:
         secure:
             stateless: true
             http_basic: true
-            http_digest:
-                secret: TheSecret
             form_login: true
             anonymous: true
             switch_user: true

diff --git a/...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml b/...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml
@@ -10,8 +10,6 @@ security:
         secure:
             stateless: true
             http_basic: true
-            http_digest:
-                secret: TheSecret
             form_login: true
             anonymous: true
             switch_user: true

diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -10,6 +10,7 @@ CHANGELOG
  * removed the `RoleInterface`
  * removed support for voters that don't implement the `VoterInterface`
  * added a sixth `string $context` argument to `LogoutUrlGenerator::registerListener()`
+ * removed HTTP digest authentication
 
 3.4.0
 -----
@@ -20,6 +21,7 @@ CHANGELOG
    property will trigger a deprecation when the user has changed. As of 4.0
    the user will always be logged out when the user has changed between
    requests.
+ * deprecated HTTP digest authentication
 
 3.3.0
 -----

diff --git a/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php b/src/Symfony/Component/Security/Core/Exception/NonceExpiredException.php
diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ar.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ar.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>رمز الموقع غير صحيح.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>انتهت صلاحية(digest nonce).</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>لا يوجد معرف للدخول يدعم الرمز المستخدم للدخول.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.az.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.az.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Yanlış CSRF nişanı.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>Dərləmə istifadə müddəti bitib.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>Doğrulama nişanını dəstəkləyəcək provayder tapılmadı.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.bg.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.bg.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Невалиден CSRF токен.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>Digest nonce е изтекъл.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>Не е открит провайдър, който да поддържа този токен за автентикация.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.ca.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.ca.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Token CSRF no vàlid.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>El vector d'inicialització (digest nonce) ha expirat.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>No s'ha trobat un proveïdor d'autenticació que suporti el token d'autenticació.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.cs.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.cs.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Neplatný CSRF token.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>Platnost inicializačního vektoru (digest nonce) vypršela.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>Poskytovatel pro ověřovací token nebyl nalezen.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.da.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.da.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Ugyldigt CSRF token.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>Digest nonce er udløbet.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>Ingen godkendelsesudbyder er fundet til understøttelsen af godkendelsestoken.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.de.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.de.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Ungültiges CSRF-Token.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>Digest nonce ist abgelaufen.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>Es wurde kein Authentifizierungs-Provider gefunden, der das Authentifizierungs-Token unterstützt.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.el.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.el.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Μη έγκυρο CSRF token.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>Το digest nonce έχει λήξει.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>Δε βρέθηκε κάποιος πάροχος πιστοποίησης που να υποστηρίζει το token πιστοποίησης.</target>

diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.en.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.en.xlf
@@ -30,10 +30,6 @@
                 <source>Invalid CSRF token.</source>
                 <target>Invalid CSRF token.</target>
             </trans-unit>
-            <trans-unit id="8">
-                <source>Digest nonce has expired.</source>
-                <target>Digest nonce has expired.</target>
-            </trans-unit>
             <trans-unit id="9">
                 <source>No authentication provider found to support the authentication token.</source>
                 <target>No authentication provider found to support the authentication token.</target>