Permalink
Browse files

feature #28693 [Security] Deprecate simple_preauth and simple_form in…

… favor of Guard (chalasr)

This PR was merged into the 4.2-dev branch.

Discussion
----------

[Security] Deprecate simple_preauth and simple_form in favor of Guard

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | yes
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

Commits
-------

5093b9f [Security] Deprecate simple_preauth and simple_form in favor of Guard
  • Loading branch information...
fabpot committed Oct 3, 2018
2 parents 97aab08 + 5093b9f commit 7cc7c716acd27d2245fa3365547484ade7695052
Showing with 176 additions and 42 deletions.
  1. +7 −0 UPGRADE-4.2.md
  2. +7 −0 UPGRADE-5.0.md
  3. +2 −0 src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
  4. +6 −0 src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
  5. +7 −1 src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php
  6. +9 −0 ...ony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimplePreAuthenticationFactory.php
  7. +4 −0 src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
  8. +2 −2 src/Symfony/Bundle/SecurityBundle/SecurityBundle.php
  9. +44 −24 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
  10. +0 −5 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
  11. +21 −0 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/simple_auth.php
  12. +0 −5 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
  13. +21 −0 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/simple_auth.xml
  14. +0 −5 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
  15. +12 −0 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/simple_auth.yml
  16. +3 −0 src/Symfony/Component/Security/CHANGELOG.md
  17. +4 −0 src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
  18. +2 −0 src/Symfony/Component/Security/Core/Authentication/SimpleAuthenticatorInterface.php
  19. +3 −0 ...ymfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php
  20. +4 −0 src/Symfony/Component/Security/Http/Authentication/SimpleAuthenticationHandler.php
  21. +2 −0 src/Symfony/Component/Security/Http/Authentication/SimpleFormAuthenticatorInterface.php
  22. +2 −0 src/Symfony/Component/Security/Http/Authentication/SimplePreAuthenticatorInterface.php
  23. +4 −0 src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php
  24. +4 −0 src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php
  25. +3 −0 src/Symfony/Component/Security/Http/Tests/Authentication/SimpleAuthenticationHandlerTest.php
  26. +3 −0 src/Symfony/Component/Security/Http/Tests/Firewall/SimplePreAuthenticationListenerTest.php
View
@@ -186,6 +186,9 @@ Security
use custom tokens, extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
* Accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated.
* `SimpleAuthenticatorInterface`, `SimpleFormAuthenticatorInterface`, `SimplePreAuthenticatorInterface`,
`SimpleAuthenticationProvider`, `SimpleAuthenticationHandler`, `SimpleFormAuthenticationListener` and
`SimplePreAuthenticationListener` have been deprecated. Use Guard instead.
SecurityBundle
--------------
@@ -196,6 +199,10 @@ SecurityBundle
`security.authentication.trust_resolver.rememberme_class` parameters to define
the token classes is deprecated. To use
custom tokens extend the existing AnonymousToken and RememberMeToken.
* The `simple_form` and `simple_preauth` authentication listeners have been deprecated,
use Guard instead.
* The `SimpleFormFactory` and `SimplePreAuthenticationFactory` classes have been deprecated,
use Guard instead.
Serializer
----------
View
@@ -160,6 +160,9 @@ Security
the 3rd one must be either a `LogoutListener` instance or `null`.
* The `AuthenticationTrustResolver` constructor arguments have been removed.
* A user object that is not an instance of `UserInterface` cannot be accessed from `Security::getUser()` anymore and returns `null` instead.
* `SimpleAuthenticatorInterface`, `SimpleFormAuthenticatorInterface`, `SimplePreAuthenticatorInterface`,
`SimpleAuthenticationProvider`, `SimpleAuthenticationHandler`, `SimpleFormAuthenticationListener` and
`SimplePreAuthenticationListener` have been removed. Use Guard instead.
SecurityBundle
--------------
@@ -171,6 +174,10 @@ SecurityBundle
now throws a `\TypeError`, pass a `LogoutListener` instance instead.
* The `security.authentication.trust_resolver.anonymous_class` parameter has been removed.
* The `security.authentication.trust_resolver.rememberme_class` parameter has been removed.
* The `simple_form` and `simple_preauth` authentication listeners have been removed,
use Guard instead.
* The `SimpleFormFactory` and `SimplePreAuthenticationFactory` classes have been removed,
use Guard instead.
Serializer
----------
@@ -13,6 +13,8 @@ CHANGELOG
* Added `json_login_ldap` authentication provider to use LDAP authentication with a REST API.
* Made remember-me cookies inherit their default config from `framework.session.cookie_*`
and added an "auto" mode to their "secure" config option to make them secure on HTTPS automatically.
* Deprecated the `simple_form` and `simple_preauth` authentication listeners, use Guard instead.
* Deprecated the `SimpleFormFactory` and `SimplePreAuthenticationFactory` classes, use Guard instead.
4.1.0
-----
@@ -12,6 +12,8 @@
namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SimpleFormFactory;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SimplePreAuthenticationFactory;
use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
@@ -265,6 +267,10 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
->canBeUnset()
;
if ($factory instanceof SimplePreAuthenticationFactory || $factory instanceof SimpleFormFactory) {
$factoryNode->setDeprecated(sprintf('The "%s" security listener is deprecated Symfony 4.2, use Guard instead.', $name));
}
if ($factory instanceof AbstractFactory) {
$abstractFactoryKeys[] = $name;
}
@@ -18,14 +18,20 @@
/**
* @author Jordi Boggiano <j.boggiano@seld.be>
*
* @deprecated since Symfony 4.2, use Guard instead.
*/
class SimpleFormFactory extends FormLoginFactory
{
public function __construct()
public function __construct(bool $triggerDeprecation = true)
{
parent::__construct();
$this->addOption('authenticator', null);
if ($triggerDeprecation) {
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', __CLASS__), E_USER_DEPRECATED);
}
}
public function getKey()
@@ -18,9 +18,18 @@
/**
* @author Jordi Boggiano <j.boggiano@seld.be>
*
* @deprecated since Symfony 4.2, use Guard instead.
*/
class SimplePreAuthenticationFactory implements SecurityFactoryInterface
{
public function __construct(bool $triggerDeprecation = true)
{
if ($triggerDeprecation) {
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', __CLASS__), E_USER_DEPRECATED);
}
}
public function getPosition()
{
return 'pre_auth';
@@ -114,6 +114,7 @@
parent="security.authentication.listener.abstract"
public="false"
abstract="true">
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
</service>
<service id="security.authentication.simple_success_failure_handler" class="Symfony\Component\Security\Http\Authentication\SimpleAuthenticationHandler" abstract="true">
@@ -122,6 +123,7 @@
<argument type="service" id="security.authentication.success_handler" />
<argument type="service" id="security.authentication.failure_handler" />
<argument type="service" id="logger" on-invalid="null" />
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
</service>
<service id="security.authentication.listener.simple_preauth" class="Symfony\Component\Security\Http\Firewall\SimplePreAuthenticationListener" abstract="true">
@@ -133,6 +135,7 @@
<argument type="service" id="logger" on-invalid="null" />
<argument type="service" id="event_dispatcher" on-invalid="null"/>
<argument type="service" id="security.authentication.trust_resolver" />
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
</service>
<service id="security.authentication.listener.x509" class="Symfony\Component\Security\Http\Firewall\X509AuthenticationListener" abstract="true">
@@ -201,6 +204,7 @@
<argument /> <!-- User Provider -->
<argument /> <!-- Provider-shared Key -->
<argument>null</argument> <!-- UserChecker -->
<deprecated>The "%service_id%" service is deprecated since Symfony 4.2.</deprecated>
</service>
<service id="security.authentication.provider.pre_authenticated" class="Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider" abstract="true">
@@ -54,8 +54,8 @@ public function build(ContainerBuilder $container)
$extension->addSecurityListenerFactory(new RememberMeFactory());
$extension->addSecurityListenerFactory(new X509Factory());
$extension->addSecurityListenerFactory(new RemoteUserFactory());
$extension->addSecurityListenerFactory(new SimplePreAuthenticationFactory());
$extension->addSecurityListenerFactory(new SimpleFormFactory());
$extension->addSecurityListenerFactory(new SimplePreAuthenticationFactory(false));
$extension->addSecurityListenerFactory(new SimpleFormFactory(false));
$extension->addSecurityListenerFactory(new GuardAuthenticationFactory());
$extension->addUserProviderFactory(new InMemoryFactory());
@@ -147,23 +147,6 @@ public function testFirewalls()
),
null,
),
array(
'simple_auth',
'security.user_checker',
null,
true,
false,
'security.user.provider.concrete.default',
'simple_auth',
'security.authentication.form_entry_point.simple_auth',
null,
null,
array(
'simple_form',
'anonymous',
),
null,
),
), $configs);
$this->assertEquals(array(
@@ -193,13 +176,6 @@ public function testFirewalls()
'security.authentication.listener.anonymous.with_user_checker',
'security.access_listener',
),
array(
'security.channel_listener',
'security.context_listener.2',
'security.authentication.listener.simple_form.simple_auth',
'security.authentication.listener.anonymous.simple_auth',
'security.access_listener',
),
), $listeners);
$this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
@@ -475,6 +451,50 @@ public function testFirewallListenerWithProvider()
$this->addToAssertionCount(1);
}
/**
* @group legacy
* @expectedDeprecation The "simple_form" security listener is deprecated Symfony 4.2, use Guard instead.
*/
public function testSimpleAuth()
{
$container = $this->getContainer('simple_auth');
$arguments = $container->getDefinition('security.firewall.map')->getArguments();
$listeners = array();
$configs = array();
foreach (array_keys($arguments[1]->getValues()) as $contextId) {
$contextDef = $container->getDefinition($contextId);
$arguments = $contextDef->getArguments();
$listeners[] = array_map('strval', $arguments['index_0']->getValues());
$configDef = $container->getDefinition((string) $arguments['index_3']);
$configs[] = array_values($configDef->getArguments());
}
$this->assertSame(array(array(
'simple_auth',
'security.user_checker',
null,
true,
false,
'security.user.provider.concrete.default',
'simple_auth',
'security.authentication.form_entry_point.simple_auth',
null,
null,
array('simple_form', 'anonymous',
),
null,
)), $configs);
$this->assertSame(array(array(
'security.channel_listener',
'security.context_listener.0',
'security.authentication.listener.simple_form.simple_auth',
'security.authentication.listener.anonymous.simple_auth',
'security.access_listener',
)), $listeners);
}
protected function getContainer($file)
{
$file .= '.'.$this->getFileExtension();
@@ -87,11 +87,6 @@
'anonymous' => true,
'http_basic' => true,
),
'simple_auth' => array(
'provider' => 'default',
'anonymous' => true,
'simple_form' => array('authenticator' => 'simple_authenticator'),
),
),
'access_control' => array(
@@ -0,0 +1,21 @@
<?php
$container->loadFromExtension('security', array(
'providers' => array(
'default' => array(
'memory' => array(
'users' => array(
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
),
),
),
),
'firewalls' => array(
'simple_auth' => array(
'provider' => 'default',
'anonymous' => true,
'simple_form' => array('authenticator' => 'simple_authenticator'),
),
),
));
@@ -68,11 +68,6 @@
<user-checker>app.user_checker</user-checker>
</firewall>
<firewall name="simple_auth" provider="default">
<anonymous />
<simple-form authenticator="simple_authenticator" />
</firewall>
<role id="ROLE_ADMIN">ROLE_USER</role>
<role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
<role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://symfony.com/schema/dic/security"
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
<sec:config>
<sec:provider name="default">
<sec:memory>
<sec:user name="foo" password="foo" roles="ROLE_USER" />
</sec:memory>
</sec:provider>
<sec:firewall name="simple_auth">
<sec:simple_form authenticator="simple_authenticator"/>
<sec:anonymous/>
</sec:firewall>
</sec:config>
</container>
@@ -70,11 +70,6 @@ security:
http_basic: ~
user_checker: app.user_checker
simple_auth:
provider: default
anonymous: ~
simple_form: { authenticator: simple_authenticator }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
@@ -0,0 +1,12 @@
security:
providers:
default:
memory:
users:
foo: { password: foo, roles: ROLE_USER }
firewalls:
simple_auth:
provider: default
anonymous: ~
simple_form: { authenticator: simple_authenticator }
@@ -13,6 +13,9 @@ CHANGELOG
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
* allow passing null as $filter in LdapUserProvider to get the default filter
* accessing the user object that is not an instance of `UserInterface` from `Security::getUser()` is deprecated
* Deprecated `SimpleAuthenticatorInterface`, `SimpleFormAuthenticatorInterface`,
`SimplePreAuthenticatorInterface`, `SimpleAuthenticationProvider`, `SimpleAuthenticationHandler`,
`SimpleFormAuthenticationListener` and `SimplePreAuthenticationListener`. Use Guard instead.
4.1.0
-----
@@ -19,8 +19,12 @@
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', SimpleAuthenticationProvider::class), E_USER_DEPRECATED);
/**
* @author Jordi Boggiano <j.boggiano@seld.be>
*
* @deprecated since Symfony 4.2, use Guard instead.
*/
class SimpleAuthenticationProvider implements AuthenticationProviderInterface
{
@@ -16,6 +16,8 @@
/**
* @author Jordi Boggiano <j.boggiano@seld.be>
*
* @deprecated since Symfony 4.2, use Guard instead.
*/
interface SimpleAuthenticatorInterface
{
@@ -17,6 +17,9 @@
use Symfony\Component\Security\Core\Exception\LockedException;
use Symfony\Component\Security\Core\User\UserChecker;
/**
* @group legacy
*/
class SimpleAuthenticationProviderTest extends TestCase
{
/**
@@ -18,6 +18,8 @@
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
@trigger_error(sprintf('The "%s" class is deprecated since Symfony 4.2, use Guard instead.', SimpleAuthenticationHandler::class), E_USER_DEPRECATED);
/**
* Class to proxy authentication success/failure handlers.
*
@@ -26,6 +28,8 @@
* the default handlers are triggered.
*
* @author Jordi Boggiano <j.boggiano@seld.be>
*
* @deprecated since Symfony 4.2, use Guard instead.
*/
class SimpleAuthenticationHandler implements AuthenticationFailureHandlerInterface, AuthenticationSuccessHandlerInterface
{
Oops, something went wrong.

0 comments on commit 7cc7c71

Please sign in to comment.