Update security config to use the new authenticator-based system

[rimas-kudelis]

Q	A
Branch?	master
Bug fix?	no
New feature?	no
BC breaks?	no
Deprecations?	no
Related tickets	none
License	MIT

This patch migrates security config to the new authenticator-based system introduced in Symfony 5.1.
Guard-based authentication has been deprecated in Symfony 5.3. Luckily, not much needs to change for us since Sylius didn't have any custom Guard authenticators to begin with.

The patch also drops always_authenticate_before_granting: true from config. This option has been deprecated since Symfony 5.4, and it's unclear why or whether at all it was needed in the first place, and it caused me personally some headache (see symfony/symfony#43375).

Similar PR for Sylius Standard: Sylius/Sylius-Standard#660.

[loic425]

@Zales0123 @lchrusciel
I checked the documentations, and everything seems ok. cf docs links below

• Public access
• JWT configuration

[rimas-kudelis]

BTW i'm not sure about about password hashing config (the three lines with sha512 in the security config). I didn't touch these lines, bet are they really necessary?

[loic425]

BTW i'm not sure about about password hashing config (the three lines with sha512 in the security config). I didn't touch these lines, bet are they really necessary?

Hum... In a Symfony app, that should be auto. I think we can do this in another PR.

[rimas-kudelis]

The lines were added in #12329, so I suppose it has something to do with tests maybe.
But then I guess these lines should go into test/security.yaml instead.

And there's no need to auto explicitly, it's the default anyway, isn't it? Symfony docs don't even mention these options anymore for some reason.

[loic425]

And there's no need to auto explicitly, it's the default anyway, isn't it? Symfony docs don't even mention these options anymore for some reason.

For the auto configuration, it's configured via flex recipe => https://github.com/symfony/recipes/blob/master/symfony/security-bundle/5.3/config/packages/security.yaml

[rimas-kudelis]

So I guess I'll remove these lines in a separate PR then, and we'll see whether tests will still pass? 😁 Does that sound okay?

[Roshyo]

I also agree to remove it in a separate PR

[lchrusciel]

Thanks a lot! However, this config is used only in test env. Perhaps, we should add some recommendation in UPGRADE.md

[lchrusciel]

The base of this pull-request was changed, you need fetch and reset your local branch
if you want to add new commits to this pull request. Reset before you pull, else commits
may become messed-up.

Unless you added new commits (to this branch) locally that you did not push yet,
execute git fetch origin && git reset "chore/update-security-config" to update your local branch.

Feel free to ask for assistance when you get stuck 👍

[rimas-kudelis]

@lchrusciel but this change is specific to Symfony 5.1+. Shouldn't it target master since that's the only place where Symfony 4.4 is no longer supported?

[lchrusciel]

The base of this pull-request was changed, you need fetch and reset your local branch
if you want to add new commits to this pull request. Reset before you pull, else commits
may become messed-up.

Unless you added new commits (to this branch) locally that you did not push yet,
execute git fetch origin && git reset "chore/update-security-config" to update your local branch.

Feel free to ask for assistance when you get stuck 👍

[lchrusciel]

Hey Rimas, my mistake. Thanks for mentioning it

[lchrusciel]

Thanks, Rimas! 🎉

[GSadee]

@rimas-kudelis If I see correctly, you've changed only security.yaml file in the test application in ApiBundle, what about the main application config/packages/security.yaml?

[rimas-kudelis]

@GSadee ouch, that one somehow escaped my attention.