Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Deprecated the AdvancedUserInterface #23508
referenced this pull request
Aug 16, 2017
except for my minor comments regarding the changelog
I'm sorry to come late in the game with this question, but what's the purpose of this change? What's the expected benefit? Every new deprecation has a clear downside: it is asking users to, someday, change their code. That's a cost for sure. What's the other side of the balance that justifies this?
To be honest, I really don't know this part of Symfony, so I don't expect to understand your answer :)
@nicolas-grekas long story short: this particular part in Symfony is domain logic, rather than infrastructure.
// comes with public function isAccountNonExpired(); public function isAccountNonLocked(); public function isCredentialsNonExpired(); public function isEnabled();
Those 4 "states" can be reused by an application, but usually does not. In addition to that, the code that everyone uses by default, has all kind of exceptions programmed for the advanced user interface.
This kind of logic does (in my opinion), not belong in the core framework. If you don't use the AdvancedUserInterface, Security will still work, but will still contain the domain logic in all the core framework classes.
Symfony by default comes with 1 user class:
So to sum it up:
As far as I can tell, the AdvancedUserInterface is based on a subset of methods from the Spring user: https://docs.spring.io/spring-security/site/docs/2.0.7.RELEASE/apidocs/org/springframework/security/userdetails/UserDetails.html (much as other parts, like the SecurityContext were based on). I feel that Symfony does not need this by default.
If this PR comes through:
If you have any questions, I'll be happy to answer