Skip to content

[Security] Remove annoying deprecation in UsageTrackingTokenStorage #43235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 29, 2021
Merged

[Security] Remove annoying deprecation in UsageTrackingTokenStorage #43235

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions UPGRADE-5.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,6 @@ Routing
Security
--------

* Deprecate using `UsageTrackingTokenStorage` with tracking enabled without a main request. Use the untracked token
storage (service ID: `security.untracked_token_storage`) instead, or disable usage tracking
completely using `UsageTrackingTokenStorage::disableUsageTracking()`.
* [BC BREAK] Remove method `checkIfCompletelyResolved()` from `PassportInterface`, checking that passport badges are
resolved is up to `AuthenticatorManager`
* Deprecate class `User`, use `InMemoryUser` or your own implementation instead.
Expand Down
1 change: 0 additions & 1 deletion src/Symfony/Component/Security/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ The CHANGELOG for version 5.4 and newer can be found in the security sub-package
* Add `LegacyPasswordAuthenticatedUserInterface` for user classes that use user-provided salts in addition to passwords
* Deprecate all classes in the `Core\Encoder\` sub-namespace, use the `PasswordHasher` component instead
* Deprecate the `SessionInterface $session` constructor argument of `SessionTokenStorage`, inject a `\Symfony\Component\HttpFoundation\RequestStack $requestStack` instead
* Deprecate using `UsageTrackingTokenStorage` without a main request
* Deprecate the `session` service provided by the ServiceLocator injected in `UsageTrackingTokenStorage`, provide a `request_stack` service instead
* Deprecate using `SessionTokenStorage` outside a request context, it will throw a `SessionNotFoundException` in Symfony 6.0
* Randomize CSRF tokens to harden BREACH attacks
Expand Down
2 changes: 0 additions & 2 deletions ...ymfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,8 +101,6 @@ private function shouldTrackUsage(): bool
}

if (!$this->container->get('request_stack')->getMainRequest()) {
trigger_deprecation('symfony/security-core', '5.3', 'Using "%s" (service ID: "security.token_storage") outside the request-response cycle is deprecated, use the "%s" class (service ID: "security.untracked_token_storage") instead or disable usage tracking using "disableUsageTracking()".', __CLASS__, TokenStorage::class);

return false;
}

Expand Down
9 changes: 1 addition & 8 deletions ...ponent/Security/Core/Tests/Authentication/Token/Storage/UsageTrackingTokenStorageTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@

use PHPUnit\Framework\TestCase;
use Psr\Container\ContainerInterface;
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
Expand All @@ -24,8 +23,6 @@

class UsageTrackingTokenStorageTest extends TestCase
{
use ExpectDeprecationTrait;

public function testGetSetToken()
{
$sessionAccess = 0;
Expand Down Expand Up @@ -69,9 +66,6 @@ public function testGetSetToken()
$this->assertSame(1, $sessionAccess);
}

/**
* @group legacy
*/
public function testWithoutMainRequest()
{
$locator = new class(['request_stack' => function () {
Expand All @@ -83,7 +77,6 @@ public function testWithoutMainRequest()
$trackingStorage = new UsageTrackingTokenStorage($tokenStorage, $locator);
$trackingStorage->enableUsageTracking();

$this->expectDeprecation('Since symfony/security-core 5.3: Using "%s" (service ID: "security.token_storage") outside the request-response cycle is deprecated, use the "%s" class (service ID: "security.untracked_token_storage") instead or disable usage tracking using "disableUsageTracking()".');
$trackingStorage->getToken();
$this->assertNull($trackingStorage->getToken());
}
}