Skip to content

Commit

Permalink
[SecurityBundle] Deprecate auto picking the first provider
Browse files Browse the repository at this point in the history 
when no provider is explicitly configured on a firewall
  • Loading branch information
@ogizanagi
ogizanagi committed Sep 30, 2017
1 parent 09afa64 commit 2d1e334
Show file tree
Hide file tree
Showing 14 changed files with 71 additions and 15 deletions.
4 changes: 4 additions & 0 deletions UPGRADE-3.4.md
View file
Expand Up @@ -316,6 +316,10 @@ SecurityBundle

* Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0.
Use another authentication system like `http_basic` instead.

* Not configuring explicitly the provider on a firewall is ambiguous when there is more than one registered provider.
Using the first configured provider is deprecated since 3.4 and will throw an exception on 4.0.
Explicitly configure the provider to use on your firewalls.

Translation
-----------
Expand Down
4 changes: 4 additions & 0 deletions UPGRADE-4.0.md
View file
Expand Up @@ -693,6 +693,10 @@ SecurityBundle

* Removed the HTTP digest authentication system. The `HttpDigestFactory` class
has been removed. Use another authentication system like `http_basic` instead.

* Not configuring explicitly the provider on a firewall is ambiguous when there is more than one registered provider.
The first configured provider is not used anymore and an exception is thrown instead.
Explicitly configure the provider to use on your firewalls.

Serializer
----------
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
View file
Expand Up @@ -17,6 +17,7 @@ CHANGELOG
* deprecated command `acl:set` along with `SetAclCommand` class
* deprecated command `init:acl` along with `InitAclCommand` class
* Added support for the new Argon2i password encoder
* deprecated auto picking the first registered provider when no configured provider on a firewall and ambiguous

3.3.0
-----
Expand Down
4 changes: 4 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
View file
Expand Up @@ -359,6 +359,10 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
$defaultProvider = $providerIds[$normalizedName];
} else {
$defaultProvider = reset($providerIds);

if (count($providerIds) > 1) {
@trigger_error(sprintf('Firewall "%s" has no "provider" set but multiple providers exist. Using the first configured provider (%s) is deprecated since 3.4 and will throw an exception in 4.0, set the "provider" key on the firewall instead.', $id, key($providerIds)), E_USER_DEPRECATED);
}
}

$config->replaceArgument(5, $defaultProvider);
Expand Down
5 changes: 4 additions & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
View file
Expand Up @@ -60,8 +60,9 @@
),

'firewalls' => array(
'simple' => array('pattern' => '/login', 'security' => false),
'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
'provider' => 'default',
'http_basic' => true,
'form_login' => true,
'anonymous' => true,
Expand All @@ -74,6 +75,7 @@
'logout_on_user_change' => true,
),
'host' => array(
'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
Expand All @@ -82,6 +84,7 @@
'logout_on_user_change' => true,
),
'with_user_checker' => array(
'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
Expand Down
5 changes: 4 additions & 1 deletion ...fony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
View file
Expand Up @@ -61,8 +61,9 @@
),

'firewalls' => array(
'simple' => array('pattern' => '/login', 'security' => false),
'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
'provider' => 'default',
'http_basic' => true,
'http_digest' => array('secret' => 'TheSecret'),
'form_login' => true,
Expand All @@ -75,13 +76,15 @@
'user_checker' => null,
),
'host' => array(
'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
'anonymous' => true,
'http_basic' => true,
),
'with_user_checker' => array(
'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
Expand Down
5 changes: 4 additions & 1 deletion ...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
View file
Expand Up @@ -61,8 +61,9 @@
),

'firewalls' => array(
'simple' => array('pattern' => '/login', 'security' => false),
'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
'provider' => 'default',
'http_basic' => true,
'http_digest' => array('secret' => 'TheSecret'),
'form_login' => true,
Expand All @@ -76,6 +77,7 @@
'logout_on_user_change' => true,
),
'host' => array(
'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
Expand All @@ -84,6 +86,7 @@
'logout_on_user_change' => true,
),
'with_user_checker' => array(
'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
Expand Down
8 changes: 4 additions & 4 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
View file
Expand Up @@ -43,9 +43,9 @@
<chain providers="service, basic" />
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" pattern="/login" security="false" provider="default" />

<firewall name="secure" stateless="true">
<firewall name="secure" stateless="true" provider="default">
<http-basic />
<form-login />
<anonymous />
Expand All @@ -57,12 +57,12 @@
<remember-me secret="TheSecret"/>
</firewall>

<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" logout-on-user-change="true">
<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" logout-on-user-change="true" provider="default">
<anonymous />
<http-basic />
</firewall>

<firewall name="with_user_checker" logout-on-user-change="true">
<firewall name="with_user_checker" logout-on-user-change="true" provider="default">
<anonymous />
<http-basic />
<user-checker>app.user_checker</user-checker>
Expand Down
8 changes: 4 additions & 4 deletions ...fony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
View file
Expand Up @@ -44,9 +44,9 @@
<chain providers="service, basic" />
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" pattern="/login" security="false" provider="default" />

<firewall name="secure" stateless="true">
<firewall name="secure" stateless="true" provider="default">
<http-basic />
<http-digest secret="TheSecret" />
<form-login />
Expand All @@ -59,12 +59,12 @@
<remember-me secret="TheSecret"/>
</firewall>

<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST">
<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" provider="default">
<anonymous />
<http-basic />
</firewall>

<firewall name="with_user_checker">
<firewall name="with_user_checker" provider="default">
<anonymous />
<http-basic />
<user-checker>app.user_checker</user-checker>
Expand Down
8 changes: 4 additions & 4 deletions ...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
View file
Expand Up @@ -45,9 +45,9 @@
<chain providers="service, basic" />
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" pattern="/login" security="false" provider="default" />

<firewall name="secure" stateless="true">
<firewall name="secure" stateless="true" provider="default">
<http-basic />
<http-digest secret="TheSecret" />
<form-login />
Expand All @@ -60,12 +60,12 @@
<remember-me secret="TheSecret"/>
</firewall>

<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" logout-on-user-change="true">
<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" logout-on-user-change="true" provider="default">
<anonymous />
<http-basic />
</firewall>

<firewall name="with_user_checker" logout-on-user-change="true">
<firewall name="with_user_checker" logout-on-user-change="true" provider="default">
<anonymous />
<http-basic />
<user-checker>app.user_checker</user-checker>
Expand Down
3 changes: 3 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
View file
Expand Up @@ -43,6 +43,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
provider: default
stateless: true
http_basic: true
form_login: true
Expand All @@ -56,6 +57,7 @@ security:
user_checker: ~

host:
provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
Expand All @@ -64,6 +66,7 @@ security:
logout_on_user_change: true

with_user_checker:
provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
Expand Down
3 changes: 3 additions & 0 deletions ...fony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
View file
Expand Up @@ -44,6 +44,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
provider: default
stateless: true
http_basic: true
http_digest:
Expand All @@ -59,13 +60,15 @@ security:
user_checker: ~

host:
provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
anonymous: true
http_basic: true

with_user_checker:
provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
Expand Down
3 changes: 3 additions & 0 deletions ...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
View file
Expand Up @@ -44,6 +44,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
provider: default
stateless: true
http_basic: true
http_digest:
Expand All @@ -59,6 +60,7 @@ security:
user_checker: ~

host:
provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
Expand All @@ -67,6 +69,7 @@ security:
logout_on_user_change: true

with_user_checker:
provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
Expand Down
25 changes: 25 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
View file
Expand Up @@ -148,6 +148,31 @@ public function testDeprecationForUserLogout()
$container->compile();
}

/**
* @group legacy
* @expectedDeprecation Firewall "default" has no "provider" set but multiple providers exist. Using the first configured provider (first) is deprecated since 3.4 and will throw an exception in 4.0, set the "provider" key on the firewall instead.
*/
public function testDeprecationForAmbiguousProvider()
{
$container = $this->getRawContainer();

$container->loadFromExtension('security', array(
'providers' => array(
'first' => array('id' => 'foo'),
'second' => array('id' => 'bar'),
),

'firewalls' => array(
'default' => array(
'http_basic' => null,
'logout_on_user_change' => true,
),
),
));

$container->compile();
}

protected function getRawContainer()
{
$container = new ContainerBuilder();
Expand Down

0 comments on commit 2d1e334

Please sign in to comment.