Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit016074c

Browse files
committed
feature#42510 [Security] Deprecate remaining anonymous checks (wouterj)
This PR was merged into the 5.4 branch.Discussion----------[Security] Deprecate remaining anonymous checks| Q | A| ------------- | ---| Branch? | 5.4| Bug fix? | no| New feature? | yes| Deprecations? | yes| Tickets | Ref#41613| License | MIT| Doc PR | tbdDeprecates the remaining checks for anonymous found in#41613. It's WIP because the tests are failing until#42423 is merged and this PR is rebased (didn't update one test to avoid merge conflicts).Besides this, it also introduced `IS_AUTHENTICATED` and `AuthenticationTrustResolver::isAutenticated()`. Previously, `IS_AUTHENTICATED_ANONYMOUSLY` was considered to be the "bottom type" for authenticated requests. As this is no longer true, `IS_AUTHENTICATED_REMEMBERME` is now the new "bottom type". I suggest we use an explicit bottom type (the ones introduced) instead to avoid another such update if we change something with remember me. It's also more clear on the exact intent of the check.Commits-------e3aca7f [Security] Deprecate remaining anonymous checks
2 parents76a7fe7 +e3aca7f commit016074c

File tree

18 files changed

+158
-27
lines changed

18 files changed

+158
-27
lines changed

‎UPGRADE-5.4.md‎

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,30 @@ Security
6262
* Deprecate`AnonymousToken`, as the related authenticator was deprecated in 5.3
6363
* Deprecate`Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
6464
* Deprecate not returning an`UserInterface` from`Token::getUser()`
65+
* Deprecate`AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and`AuthenticatedVoter::IS_ANONYMOUS`,
66+
use`AuthenticatedVoter::PUBLIC_ACCESS` instead.
67+
68+
Before:
69+
```yaml
70+
# config/packages/security.yaml
71+
security:
72+
# ...
73+
access_control:
74+
-{ path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
75+
```
76+
77+
After:
78+
```yaml
79+
# config/packages/security.yaml
80+
security:
81+
# ...
82+
access_control:
83+
-{ path: ^/login, roles: PUBLIC_ACCESS }
84+
```
85+
86+
* Deprecate`AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function
87+
as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead
88+
if you want to check if the request is (fully) authenticated.
6589
* Deprecate the `$authManager` argument of `AccessListener`, the argument will be removed
6690
* Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor, the argument will be removed
6791
* Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the

‎UPGRADE-6.0.md‎

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,30 @@ Security
210210
* Remove`AnonymousToken`
211211
* Remove`Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
212212
* Restrict the return type of`Token::getUser()` to`UserInterface` (removing`string|\Stringable`)
213+
* Remove`AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and`AuthenticatedVoter::IS_ANONYMOUS`,
214+
use`AuthenticatedVoter::PUBLIC_ACCESS` instead.
215+
216+
Before:
217+
```yaml
218+
# config/packages/security.yaml
219+
security:
220+
# ...
221+
access_control:
222+
-{ path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
223+
```
224+
225+
After:
226+
```yaml
227+
# config/packages/security.yaml
228+
security:
229+
# ...
230+
access_control:
231+
-{ path: ^/login, roles: PUBLIC_ACCESS }
232+
```
233+
234+
* Remove`AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function
235+
as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead
236+
if you want to check if the request is (fully) authenticated.
213237
* Remove the 4th and 5th argument of `AuthorizationChecker`
214238
* Remove the 5th argument of `AccessListener`
215239
* Remove class `User`, use `InMemoryUser` or your own implementation instead.

‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ CHANGELOG
44
5.4
55
---
66

7+
* Deprecate`FirewallConfig::allowsAnonymous()` and the`allows_anonymous` from the data collector data, there will be no anonymous concept as of version 6.
78
* Deprecate not setting`$authenticatorManagerEnabled` to`true` in`SecurityDataCollector` and`DebugFirewallCommand`
89
* Deprecate`SecurityFactoryInterface` and`SecurityExtension::addSecurityListenerFactory()` in favor of
910
`AuthenticatorFactoryInterface` and`SecurityExtension::addAuthenticatorFactory()`

‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,7 @@ public function collect(Request $request, Response $response, \Throwable $except
184184
if (null !==$firewallConfig) {
185185
$this->data['firewall'] = [
186186
'name' =>$firewallConfig->getName(),
187-
'allows_anonymous' =>$firewallConfig->allowsAnonymous(),
187+
'allows_anonymous' =>$this->authenticatorManagerEnabled ?false :$firewallConfig->allowsAnonymous(),
188188
'request_matcher' =>$firewallConfig->getRequestMatcher(),
189189
'security_enabled' =>$firewallConfig->isSecurityEnabled(),
190190
'stateless' =>$firewallConfig->isStateless(),

‎src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,13 @@ public function isSecurityEnabled(): bool
6464
return$this->securityEnabled;
6565
}
6666

67+
/**
68+
* @deprecated since Symfony 5.4
69+
*/
6770
publicfunctionallowsAnonymous():bool
6871
{
72+
trigger_deprecation('symfony/security-bundle','5.4','The "%s()" method is deprecated.',__METHOD__);
73+
6974
return\in_array('anonymous',$this->listeners,true);
7075
}
7176

‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php‎

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,6 @@ public function testGetFirewall()
141141
$collected =$collector->getFirewall();
142142

143143
$this->assertSame($firewallConfig->getName(),$collected['name']);
144-
$this->assertSame($firewallConfig->allowsAnonymous(),$collected['allows_anonymous']);
145144
$this->assertSame($firewallConfig->getRequestMatcher(),$collected['request_matcher']);
146145
$this->assertSame($firewallConfig->isSecurityEnabled(),$collected['security_enabled']);
147146
$this->assertSame($firewallConfig->isStateless(),$collected['stateless']);

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,5 +53,5 @@ security:
5353
-{ path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
5454
-{ path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
5555
-{ path: ^/highly_protected_resource$, roles: IS_ADMIN }
56-
-{ path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
56+
-{ path: ^/protected-via-expression$, allow_if: "(!is_authenticated() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
5757
-{ path: .*, roles: IS_AUTHENTICATED_FULLY }

‎src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php‎

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ class FirewallConfigTest extends TestCase
1818
{
1919
publicfunctiontestGetters()
2020
{
21-
$listeners = ['logout','remember_me','anonymous'];
21+
$listeners = ['logout','remember_me'];
2222
$options = [
2323
'request_matcher' =>'foo_request_matcher',
2424
'security' =>false,
@@ -57,7 +57,6 @@ public function testGetters()
5757
$this->assertSame($options['access_denied_handler'],$config->getAccessDeniedHandler());
5858
$this->assertSame($options['access_denied_url'],$config->getAccessDeniedUrl());
5959
$this->assertSame($options['user_checker'],$config->getUserChecker());
60-
$this->assertTrue($config->allowsAnonymous());
6160
$this->assertSame($listeners,$config->getListeners());
6261
$this->assertSame($options['switch_user'],$config->getSwitchUser());
6362
}

‎src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php‎

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,22 @@
2323
*/
2424
class AuthenticationTrustResolverimplements AuthenticationTrustResolverInterface
2525
{
26+
publicfunctionisAuthenticated(TokenInterface$token =null):bool
27+
{
28+
returnnull !==$token && !$tokeninstanceof NullToken
29+
// @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0
30+
&& !$tokeninstanceof AnonymousToken &&$token->isAuthenticated(false);
31+
}
32+
2633
/**
2734
* {@inheritdoc}
2835
*/
29-
publicfunctionisAnonymous(TokenInterface$token =null)
36+
publicfunctionisAnonymous(TokenInterface$token =null/*, $deprecation = true*/)
3037
{
38+
if (1 ===\func_num_args() ||false !==func_get_arg(1)) {
39+
trigger_deprecation('symfony/security-core','5.4','The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.',__METHOD__);
40+
}
41+
3142
if (null ===$token) {
3243
returnfalse;
3344
}
@@ -56,6 +67,6 @@ public function isFullFledged(TokenInterface $token = null)
5667
returnfalse;
5768
}
5869

59-
return !$this->isAnonymous($token) && !$this->isRememberMe($token);
70+
return !$this->isAnonymous($token,false) && !$this->isRememberMe($token);
6071
}
6172
}

‎src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolverInterface.php‎

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@
1717
* Interface for resolving the authentication status of a given token.
1818
*
1919
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
20+
*
21+
* @method bool isAuthenticated(TokenInterface $token = null)
2022
*/
2123
interface AuthenticationTrustResolverInterface
2224
{
@@ -27,6 +29,8 @@ interface AuthenticationTrustResolverInterface
2729
* If null is passed, the method must return false.
2830
*
2931
* @return bool
32+
*
33+
* @deprecated since Symfony 5.4, use !isAuthenticated() instead
3034
*/
3135
publicfunctionisAnonymous(TokenInterface$token =null);
3236

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp