No more support for custom anon/remember tokens based on FQCN #26981
Conversation
| return $token instanceof $this->anonymousClass; | ||
| if (null !== $this->anonymousClass) { | ||
| if ($isAnonymous = ($token instanceof $this->anonymousClass)) { | ||
| @trigger_error(sprintf('Configuring a custom anonymous token class is deprecated as of 4.2 and will not be possible in 5.0. To fix this, please extend the %s instead.', AnonymousToken::class), E_USER_DEPRECATED); |
There was a problem hiding this comment.
...extend the %s instead -> ...extend the %s class instead ? (in other messages too)
| return $token instanceof $this->anonymousClass; | ||
| if (null !== $this->anonymousClass) { | ||
| if ($isAnonymous = ($token instanceof $this->anonymousClass)) { | ||
| @trigger_error(sprintf('Configuring a custom anonymous token class is deprecated as of 4.2 and will not be possible in 5.0. To fix this, please extend the %s instead.', AnonymousToken::class), E_USER_DEPRECATED); |
There was a problem hiding this comment.
In the first occurrence of a Symfony version we add Symfony to not mistake this deprecation message with any other bundle. The format would be:
Configuring a custom anonymous token class is deprecated since Symfony 4.1 and will throw an exception in 5.0. To fix this, extend the %s class instead.
Also, the "...please..." is not necessary. We usually don't put "please" in this kind of messages.
| return $token instanceof $this->anonymousClass; | ||
| if (null !== $this->anonymousClass) { | ||
| if (($isAnonymous = ($token instanceof $this->anonymousClass)) && !$token instanceof AnonymousToken) { | ||
| @trigger_error(sprintf('Configuring a custom anonymous token class is deprecated since Symfony 4.2 and will not be possible in 5.0. To fix this, have the %s class extend the %s class instead.', \get_class($token), AnonymousToken::class), E_USER_DEPRECATED); |
There was a problem hiding this comment.
how about making this check in the constructor with a is_a or somehting like that ?
There was a problem hiding this comment.
You mean checking the type of the string passed into the constructor? I think that's an option
There was a problem hiding this comment.
Yeah, maybe we should have 2 deprecations: trigger one when you pass a custom class in the constructor; and trigger another when you pass a token that doesn't extend AnonymousToken/RememberMeToken.
Early triggering of deprecations makes the upgrade path probably easier.
|
I've moved the deprecation to the constructor, I don't think it's needed runtime as it's the same check. |
|
rebase needed |
|
done |
UPGRADE-4.2.md
Outdated
| @@ -5,3 +5,15 @@ Security | |||
| -------- | |||
|
|
|||
| * Using the `has_role()` function in security expressions is deprecated, use the `is_granted()` function instead. | |||
| * Passing custom class names for to the | |||
There was a problem hiding this comment.
Looks like for should be removed here.
UPGRADE-4.2.md
Outdated
| @@ -5,3 +5,15 @@ Security | |||
| -------- | |||
|
|
|||
| * Using the `has_role()` function in security expressions is deprecated, use the `is_granted()` function instead. | |||
| * Passing custom class names for to the | |||
| `Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define | |||
| custom anonymouse and remember me token classes, is deprecated as of 4.2 and will be | |||
UPGRADE-4.2.md
Outdated
| * Passing custom class names for to the | ||
| `Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define | ||
| custom anonymouse and remember me token classes, is deprecated as of 4.2 and will be | ||
| removed in 5.0. To use custom tokens extend the existing AnonymousToken and RememberMeToken. |
There was a problem hiding this comment.
The "and will be removed in 5.0" should be removed (same in the other paragraph). We decided to remove them all in deprecation as this should be "obvious".
UPGRADE-4.2.md
Outdated
| * Passing custom class names for to the | ||
| `Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define | ||
| custom anonymouse and remember me token classes, is deprecated as of 4.2 and will be | ||
| removed in 5.0. To use custom tokens extend the existing AnonymousToken and RememberMeToken. |
There was a problem hiding this comment.
Can you use the FQCN here instead?
|
|
||
| * Using the `security.authentication.trust_resolver.anonymous_class` and | ||
| `security.authentication.trust_resolver.rememberme_class` parameters to define | ||
| the token classes, is deprecated as of 4.2 and will be removed in 5.0. To use |
There was a problem hiding this comment.
and will be removed in 5.0 to be removed: )
| * Using the `security.authentication.trust_resolver.anonymous_class` and | ||
| `security.authentication.trust_resolver.rememberme_class` parameters to define | ||
| the token classes, is deprecated as of 4.2 and will be removed in 5.0. To use | ||
| custom tokens extend the existing AnonymousToken and RememberMeToken. |
| * Passing custom class names for to the | ||
| `Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define | ||
| custom anonymouse and remember me token classes, is deprecated as of 4.2 and will be | ||
| removed in 5.0. To use custom tokens extend the existing AnonymousToken |
There was a problem hiding this comment.
missing comma after tokens and missing end dot.
| { | ||
| $this->anonymousClass = $anonymousClass; | ||
| $this->rememberMeClass = $rememberMeClass; | ||
|
|
||
| if (null !== $anonymousClass && !is_a($anonymousClass, AnonymousToken::class, true)) { | ||
| @trigger_error(sprintf('Configuring a custom anonymous token class is deprecated since Symfony 4.2 and will not be possible in 5.0. To fix this, have the %s class extend the %s class instead, and remove the %s constructor argument.', $anonymousClass, AnonymousToken::class, self::class), E_USER_DEPRECATED); |
There was a problem hiding this comment.
Same here, the "will be removed" part must be, well, removed.
UPGRADE-4.2.md
Outdated
| @@ -5,3 +5,16 @@ Security | |||
| -------- | |||
|
|
|||
| * Using the `has_role()` function in security expressions is deprecated, use the `is_granted()` function instead. | |||
| * Passing custom class names to the | |||
| `Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define | |||
| custom anonymous and remember me token classes, is deprecated as of 4.2. To | |||
There was a problem hiding this comment.
sorry, forget one thing: we don't need the "as of 4.2" here as the file is specifically for 4.2.
UPGRADE-4.2.md
Outdated
| `Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define | ||
| custom anonymous and remember me token classes, is deprecated as of 4.2. To | ||
| use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken` | ||
| and `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`. |
There was a problem hiding this comment.
as in "and/or", or replace the and by or?
UPGRADE-4.2.md
Outdated
|
|
||
| * Using the `security.authentication.trust_resolver.anonymous_class` and | ||
| `security.authentication.trust_resolver.rememberme_class` parameters to define | ||
| the token classes, is deprecated as of 4.2. To use |
|
|
||
| * Using the `security.authentication.trust_resolver.anonymous_class` and | ||
| `security.authentication.trust_resolver.rememberme_class` parameters to define | ||
| the token classes, is deprecated as of 4.2. To use |
| @@ -6,6 +6,11 @@ CHANGELOG | |||
|
|
|||
| * added the `is_granted()` function in security expressions | |||
| * deprecated the `has_role()` function in security expressions, use `is_granted()` instead | |||
| * Passing custom class names to the | |||
| `Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define | |||
| custom anonymous and remember me token classes, is deprecated as of 4.2. To | |||
There was a problem hiding this comment.
same here as the section if for 4.2 anyway.
| { | ||
| $this->anonymousClass = $anonymousClass; | ||
| $this->rememberMeClass = $rememberMeClass; | ||
|
|
||
| if (null !== $anonymousClass && !is_a($anonymousClass, AnonymousToken::class, true)) { | ||
| @trigger_error(sprintf('Configuring a custom anonymous token class is deprecated since Symfony 4.2. To fix this, have the %s class extend the %s class instead, and remove the %s constructor argument.', $anonymousClass, AnonymousToken::class, self::class), E_USER_DEPRECATED); |
There was a problem hiding this comment.
We try to have only one sentence for deprecations: Configuring a custom anonymous token class is deprecated since Symfony 4.2; have the "%s" class extend the "%s" class instead, and remove the "%s" constructor argument. (note the quotes around class names and parameters).
There was a problem hiding this comment.
That makes sense, I'll update it 👍
There was a problem hiding this comment.
Noticed that the first argument of the sprintf was the wrong one of for the remember me as well, it received the $anonymousClass instead (fixed)
|
Thank you @iltar. |
…on FQCN (Iltar van der Berg) This PR was squashed before being merged into the 4.2-dev branch (closes #26981). Discussion ---------- No more support for custom anon/remember tokens based on FQCN | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | #26940 | License | MIT | Doc PR | ~ This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required _if_ you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes. Commits ------- 860d454 No more support for custom anon/remember tokens based on FQCN
This PR was squashed before being merged into the 5.0-dev branch (closes #32160). Discussion ---------- Removed legacy code and cleanup | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - See symfony/symfony#32074, symfony/symfony#26981 labels: `HttpFoundation`, `Form`, `Security`, `SecurityBundle`, `Validator` Commits ------- 7b99fb45bb Removed legacy code and cleanup
This PR was squashed before being merged into the 5.0-dev branch (closes #32160). Discussion ---------- Removed legacy code and cleanup | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - See #32074, #26981 labels: `HttpFoundation`, `Form`, `Security`, `SecurityBundle`, `Validator` Commits ------- 7b99fb4 Removed legacy code and cleanup
…esolver (jzawadzki) This PR was submitted for the 5.0 branch but it was merged into the 4.3 branch instead (closes #12721). Discussion ---------- Removed constructor parameters from AuthenticationTrustResolver As per symfony/symfony#26981 there are no constructor arguments in `AuthenticationTrustResolver`. Commits ------- f046117 Removed constructor parameters from AuthenticationTrustResolver
This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required if you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes.