feature #24446 [Security] Remove GuardAuthenticatorInterface (chalasr)

This PR was merged into the 4.0-dev branch.

Discussion
----------

[Security] Remove GuardAuthenticatorInterface

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | yes
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | symfony/symfony-docs#8485

Removes BC layers for #16835.

Commits
-------

3408152 [Security][Guard] Remove GuardAuthenticatorInterface

src/Symfony/Component/Security/CHANGELOG.md

@@ -11,6 +11,8 @@ CHANGELOG
  * removed support for voters that don't implement the `VoterInterface`
  * added a sixth `string $context` argument to `LogoutUrlGenerator::registerListener()`
  * removed HTTP digest authentication
+ * removed `GuardAuthenticatorInterface` in favor of `AuthenticatorInterface`
+ * removed `AbstractGuardAuthenticator::supports()`
 
 3.4.0
 -----

src/Symfony/Component/Security/Guard/AbstractGuardAuthenticator.php

@@ -11,7 +11,6 @@
 
 namespace Symfony\Component\Security\Guard;
 
-use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
 
@@ -22,18 +21,6 @@
  */
 abstract class AbstractGuardAuthenticator implements AuthenticatorInterface
 {
-    /**
-     * {@inheritdoc}
-     *
-     * @deprecated since version 3.4, to be removed in 4.0
-     */
-    public function supports(Request $request)
-    {
-        @trigger_error(sprintf('The "%s()" method is deprecated since version 3.4 and will be removed in 4.0. Implement the "%s::supports()" method in class "%s" instead.', __METHOD__, AuthenticatorInterface::class, get_class($this)), E_USER_DEPRECATED);
-
-        return true;
-    }
-
     /**
      * Shortcut to create a PostAuthenticationGuardToken for you, if you don't really
      * care about which authenticated token you're using.

src/Symfony/Component/Security/Guard/AuthenticatorInterface.php

@@ -12,6 +12,13 @@
 namespace Symfony\Component\Security\Guard;
 
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 
 /**
  * The interface for all "guard" authenticators.
@@ -23,7 +30,7 @@
  * @author Ryan Weaver <ryan@knpuniversity.com>
  * @author Amaury Leroux de Lens <amaury@lerouxdelens.com>
  */
-interface AuthenticatorInterface extends GuardAuthenticatorInterface
+interface AuthenticatorInterface extends AuthenticationEntryPointInterface
 {
     /**
      * Does the authenticator support the given Request?
@@ -60,4 +67,104 @@ public function supports(Request $request);
      * @throws \UnexpectedValueException If null is returned
      */
     public function getCredentials(Request $request);
+
+    /**
+     * Return a UserInterface object based on the credentials.
+     *
+     * The *credentials* are the return value from getCredentials()
+     *
+     * You may throw an AuthenticationException if you wish. If you return
+     * null, then a UsernameNotFoundException is thrown for you.
+     *
+     * @param mixed                 $credentials
+     * @param UserProviderInterface $userProvider
+     *
+     * @throws AuthenticationException
+     *
+     * @return UserInterface|null
+     */
+    public function getUser($credentials, UserProviderInterface $userProvider);
+
+    /**
+     * Returns true if the credentials are valid.
+     *
+     * If any value other than true is returned, authentication will
+     * fail. You may also throw an AuthenticationException if you wish
+     * to cause authentication to fail.
+     *
+     * The *credentials* are the return value from getCredentials()
+     *
+     * @param mixed         $credentials
+     * @param UserInterface $user
+     *
+     * @return bool
+     *
+     * @throws AuthenticationException
+     */
+    public function checkCredentials($credentials, UserInterface $user);
+
+    /**
+     * Create an authenticated token for the given user.
+     *
+     * If you don't care about which token class is used or don't really
+     * understand what a "token" is, you can skip this method by extending
+     * the AbstractGuardAuthenticator class from your authenticator.
+     *
+     * @see AbstractGuardAuthenticator
+     *
+     * @param UserInterface $user
+     * @param string        $providerKey The provider (i.e. firewall) key
+     *
+     * @return GuardTokenInterface
+     */
+    public function createAuthenticatedToken(UserInterface $user, $providerKey);
+
+    /**
+     * Called when authentication executed, but failed (e.g. wrong username password).
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the login page or a 403 response.
+     *
+     * If you return null, the request will continue, but the user will
+     * not be authenticated. This is probably not what you want to do.
+     *
+     * @param Request                 $request
+     * @param AuthenticationException $exception
+     *
+     * @return Response|null
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception);
+
+    /**
+     * Called when authentication executed and was successful!
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the last page they visited.
+     *
+     * If you return null, the current request will continue, and the user
+     * will be authenticated. This makes sense, for example, with an API.
+     *
+     * @param Request        $request
+     * @param TokenInterface $token
+     * @param string         $providerKey The provider (i.e. firewall) key
+     *
+     * @return Response|null
+     */
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey);
+
+    /**
+     * Does this method support remember me cookies?
+     *
+     * Remember me cookie will be set if *all* of the following are met:
+     *  A) This method returns true
+     *  B) The remember_me key under your firewall is configured
+     *  C) The "remember me" functionality is activated. This is usually
+     *      done by having a _remember_me checkbox in your form, but
+     *      can be configured by the "always_remember_me" and "remember_me_parameter"
+     *      parameters under the "remember_me" firewall key
+     *  D) The onAuthenticationSuccess method returns a Response object
+     *
+     * @return bool
+     */
+    public function supportsRememberMe();
 }

src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php

@@ -15,10 +15,9 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
-use Symfony\Component\Security\Guard\GuardAuthenticatorInterface;
+use Symfony\Component\Security\Guard\AuthenticatorInterface;
 use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
-use Symfony\Component\Security\Guard\AuthenticatorInterface;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
@@ -94,7 +93,7 @@ public function handle(GetResponseEvent $event)
         }
     }
 
-    private function executeGuardAuthenticator($uniqueGuardKey, GuardAuthenticatorInterface $guardAuthenticator, GetResponseEvent $event)
+    private function executeGuardAuthenticator($uniqueGuardKey, AuthenticatorInterface $guardAuthenticator, GetResponseEvent $event)
     {
         $request = $event->getRequest();
         try {
@@ -103,27 +102,14 @@ private function executeGuardAuthenticator($uniqueGuardKey, GuardAuthenticatorIn
             }
 
             // abort the execution of the authenticator if it doesn't support the request
-            if ($guardAuthenticator instanceof AuthenticatorInterface) {
-                if (!$guardAuthenticator->supports($request)) {
-                    return;
-                }
-                // as there was a support for given request,
-                // authenticator is expected to give not-null credentials.
-                $credentialsCanBeNull = false;
-            } else {
-                // deprecated since version 3.4, to be removed in 4.0
-                $credentialsCanBeNull = true;
+            if (!$guardAuthenticator->supports($request)) {
+                return;
             }
 
             // allow the authenticator to fetch authentication info from the request
             $credentials = $guardAuthenticator->getCredentials($request);
 
             if (null === $credentials) {
-                // deprecated since version 3.4, to be removed in 4.0
-                if ($credentialsCanBeNull) {
-                    return;
-                }
-
                 throw new \UnexpectedValueException(sprintf('The return value of "%s::getCredentials()" must not be null. Return false from "%s::supports()" instead.', get_class($guardAuthenticator), get_class($guardAuthenticator)));
             }
 
@@ -196,7 +182,7 @@ public function setRememberMeServices(RememberMeServicesInterface $rememberMeSer
      * @param TokenInterface         $token
      * @param Response               $response
      */
-    private function triggerRememberMe(GuardAuthenticatorInterface $guardAuthenticator, Request $request, TokenInterface $token, Response $response = null)
+    private function triggerRememberMe(AuthenticatorInterface $guardAuthenticator, Request $request, TokenInterface $token, Response $response = null)
     {
         if (null === $this->rememberMeServices) {
             if (null !== $this->logger) {

src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php

@@ -70,7 +70,7 @@ public function authenticateWithToken(TokenInterface $token, Request $request)
      *
      * @return null|Response
      */
-    public function handleAuthenticationSuccess(TokenInterface $token, Request $request, GuardAuthenticatorInterface $guardAuthenticator, $providerKey)
+    public function handleAuthenticationSuccess(TokenInterface $token, Request $request, AuthenticatorInterface $guardAuthenticator, $providerKey)
     {
         $response = $guardAuthenticator->onAuthenticationSuccess($request, $token, $providerKey);
 
@@ -97,7 +97,7 @@ public function handleAuthenticationSuccess(TokenInterface $token, Request $requ
      *
      * @return Response|null
      */
-    public function authenticateUserAndHandleSuccess(UserInterface $user, Request $request, GuardAuthenticatorInterface $authenticator, $providerKey)
+    public function authenticateUserAndHandleSuccess(UserInterface $user, Request $request, AuthenticatorInterface $authenticator, $providerKey)
     {
         // create an authenticated token for the User
         $token = $authenticator->createAuthenticatedToken($user, $providerKey);
@@ -119,7 +119,7 @@ public function authenticateUserAndHandleSuccess(UserInterface $user, Request $r
      *
      * @return null|Response
      */
-    public function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, GuardAuthenticatorInterface $guardAuthenticator, $providerKey)
+    public function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, AuthenticatorInterface $guardAuthenticator, $providerKey)
     {
         $token = $this->tokenStorage->getToken();
         if ($token instanceof PostAuthenticationGuardToken && $providerKey === $token->getProviderKey()) {