NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.7k

Commit7dd75b6

committed

[Security] Deprecate callable firewall listeners

1 parent1ecb87c commit7dd75b6Copy full SHA for 7dd75b6

File tree

10 files changed

+132

-28

lines changed

UPGRADE-7.4.md
src/Symfony
- Bundle/SecurityBundle
  - Debug
    - TraceableFirewallListener.php
  - Security
    - FirewallContext.php
    - LazyFirewallContext.php
  - Tests
    - DataCollector
      - SecurityDataCollectorTest.php
    - Debug
      - TraceableFirewallListenerTest.php
  - composer.json
- Component/Security/Http
  - CHANGELOG.md
  - Firewall.php
  - Tests
    - FirewallTest.php

10 files changed

+132

-28

lines changed

`‎UPGRADE-7.4.md‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,3 +22,8 @@ HttpClient`
`22`	`22`	`----------`
`23`	`23`
`24`	`24`	`* Deprecate using amphp/http-client < 5`
	`25`	`+`
	`26`	`+Security`
	`27`	`+--------`
	`28`	`+`
	`29`	+* Deprecate callable firewall listeners, extend`AbstractListener` or implement`FirewallListenerInterface` instead

`‎src/Symfony/Bundle/SecurityBundle/Debug/TraceableFirewallListener.php‎`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`	`useSymfony\Bundle\SecurityBundle\Security\LazyFirewallContext;`
`17`	`17`	`useSymfony\Component\HttpKernel\Event\RequestEvent;`
`18`	`18`	`useSymfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticatorManagerListener;`
	`19`	`+useSymfony\Component\Security\Http\Firewall\AbstractListener;`
`19`	`20`	`useSymfony\Component\Security\Http\Firewall\FirewallListenerInterface;`
`20`	`21`	`useSymfony\Contracts\Service\ResetInterface;`
`21`	`22`
`@@ -88,7 +89,11 @@ protected function callListeners(RequestEvent $event, iterable $listeners): void`
`88`	`89`	`}`
`89`	`90`
`90`	`91`	`foreach ($requestListenersas$listener) {`
`91`		`-$listener($event);`
	`92`	`+if (!$listenerinstanceof FirewallListenerInterface) {`
	`93`	`+$listener($event);`
	`94`	`+ }elseif (false !==$listener->supports($event->getRequest())) {`
	`95`	`+$listener->authenticate($event);`
	`96`	`+ }`
`92`	`97`
`93`	`98`	`if ($event->hasResponse()) {`
`94`	`99`	`break;`

`‎src/Symfony/Bundle/SecurityBundle/Security/FirewallContext.php‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespaceSymfony\Bundle\SecurityBundle\Security;`
`13`	`13`
`14`	`14`	`useSymfony\Component\Security\Http\Firewall\ExceptionListener;`
	`15`	`+useSymfony\Component\Security\Http\Firewall\FirewallListenerInterface;`
`15`	`16`	`useSymfony\Component\Security\Http\Firewall\LogoutListener;`
`16`	`17`
`17`	`18`	`/**`
`@@ -39,7 +40,7 @@ public function getConfig(): ?FirewallConfig`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`/**`
`42`		`- * @return iterable<mixed, callable>`
	`43`	`+ * @return iterable<mixed,FirewallListenerInterface\|callable>`
`43`	`44`	`*/`
`44`	`45`	`publicfunctiongetListeners():iterable`
`45`	`46`	`{`

`‎src/Symfony/Bundle/SecurityBundle/Security/LazyFirewallContext.php‎`

Lines changed: 19 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,9 +11,11 @@`
`11`	`11`
`12`	`12`	`namespaceSymfony\Bundle\SecurityBundle\Security;`
`13`	`13`
	`14`	`+useSymfony\Component\HttpFoundation\Request;`
`14`	`15`	`useSymfony\Component\HttpKernel\Event\RequestEvent;`
`15`	`16`	`useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;`
`16`	`17`	`useSymfony\Component\Security\Http\Event\LazyResponseEvent;`
	`18`	`+useSymfony\Component\Security\Http\Firewall\AbstractListener;`
`17`	`19`	`useSymfony\Component\Security\Http\Firewall\ExceptionListener;`
`18`	`20`	`useSymfony\Component\Security\Http\Firewall\FirewallListenerInterface;`
`19`	`21`	`useSymfony\Component\Security\Http\Firewall\LogoutListener;`
`@@ -23,7 +25,7 @@`
`23`	`25`	`*`
`24`	`26`	`* @author Nicolas Grekas <p@tchwork.com>`
`25`	`27`	`*/`
`26`		`-class LazyFirewallContextextends FirewallContext`
	`28`	`+class LazyFirewallContextextends FirewallContextimplements FirewallListenerInterface`
`27`	`29`	`{`
`28`	`30`	`publicfunction__construct(`
`29`	`31`	`iterable$listeners,`
`@@ -40,19 +42,26 @@ public function getListeners(): iterable`
`40`	`42`	`return [$this];`
`41`	`43`	`}`
`42`	`44`
`43`		`-publicfunction__invoke(RequestEvent$event):void`
	`45`	`+publicfunctionsupports(Request$request): ?bool`
	`46`	`+ {`
	`47`	`+returntrue;`
	`48`	`+ }`
	`49`	`+`
	`50`	`+publicfunctionauthenticate(RequestEvent$event):void`
`44`	`51`	`{`
`45`	`52`	`$listeners = [];`
`46`	`53`	`$request =$event->getRequest();`
`47`	`54`	`$lazy =$request->isMethodCacheable();`
`48`	`55`
`49`	`56`	`foreach (parent::getListeners()as$listener) {`
`50`		`-if (!$lazy \|\| !$listenerinstanceof FirewallListenerInterface) {`
	`57`	`+if (!$listenerinstanceof FirewallListenerInterface) {`
	`58`	`+trigger_deprecation('symfony/security-http','7.4','Using a callable as firewall listener is deprecated, extend "%s" or implement "%s" instead.', AbstractListener::class, FirewallListenerInterface::class);`
	`59`	`+`
`51`	`60`	`$listeners[] =$listener;`
`52`		`-$lazy =$lazy &&$listenerinstanceof FirewallListenerInterface;`
	`61`	`+$lazy =false;`
`53`	`62`	`}elseif (false !==$supports =$listener->supports($request)) {`
`54`	`63`	`$listeners[] = [$listener,'authenticate'];`
`55`		`-$lazy =null ===$supports;`
	`64`	`+$lazy =$lazy &&null ===$supports;`
`56`	`65`	`}`
`57`	`66`	`}`
`58`	`67`
`@@ -75,4 +84,9 @@ public function __invoke(RequestEvent $event): void`
`75`	`84`	`}`
`76`	`85`	`});`
`77`	`86`	`}`
	`87`	`+`
	`88`	`+publicstaticfunctiongetPriority():int`
	`89`	`+ {`
	`90`	`+return0;`
	`91`	`+ }`
`78`	`92`	`}`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php‎`

Lines changed: 21 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@`
`32`	`32`	`useSymfony\Component\Security\Core\Authorization\Voter\VoterInterface;`
`33`	`33`	`useSymfony\Component\Security\Core\Role\RoleHierarchy;`
`34`	`34`	`useSymfony\Component\Security\Core\User\InMemoryUser;`
	`35`	`+useSymfony\Component\Security\Http\Firewall\FirewallListenerInterface;`
`35`	`36`	`useSymfony\Component\Security\Http\FirewallMapInterface;`
`36`	`37`	`useSymfony\Component\Security\Http\Logout\LogoutUrlGenerator;`
`37`	`38`	`useSymfony\Component\VarDumper\Caster\ClassStub;`
`@@ -193,8 +194,24 @@ public function testGetListeners()`
`193`	`194`	`$request =newRequest();`
`194`	`195`	`$event =newRequestEvent($this->createMock(HttpKernelInterface::class),$request, HttpKernelInterface::MAIN_REQUEST);`
`195`	`196`	`$event->setResponse($response =newResponse());`
`196`		`-$listener =function ($e)use ($event, &$listenerCalled) {`
`197`		`-$listenerCalled +=$e ===$event;`
	`197`	`+$listener =newclassimplements FirewallListenerInterface`
	`198`	`+ {`
	`199`	`+publicint$callCount =0;`
	`200`	`+`
	`201`	`+publicfunctionsupports(Request$request): ?bool`
	`202`	`+ {`
	`203`	`+returntrue;`
	`204`	`+ }`
	`205`	`+`
	`206`	`+publicfunctionauthenticate(RequestEvent$event):void`
	`207`	`+ {`
	`208`	`+ ++$this->callCount;`
	`209`	`+ }`
	`210`	`+`
	`211`	`+publicstaticfunctiongetPriority():int`
	`212`	`+ {`
	`213`	`+return0;`
	`214`	`+ }`
`198`	`215`	`};`
`199`	`216`	`$firewallMap =$this`
`200`	`217`	`->getMockBuilder(FirewallMap::class)`
`@@ -217,9 +234,9 @@ public function testGetListeners()`
`217`	`234`	`$collector =newSecurityDataCollector(null,null,null,null,$firewallMap,$firewall,true);`
`218`	`235`	`$collector->collect($request,$response);`
`219`	`236`
`220`		`-$this->assertNotEmpty($collected =$collector->getListeners()[0]);`
	`237`	`+$this->assertCount(1,$collector->getListeners());`
`221`	`238`	`$collector->lateCollect();`
`222`		`-$this->assertSame(1,$listenerCalled);`
	`239`	`+$this->assertSame(1,$listener->callCount);`
`223`	`240`	`}`
`224`	`241`
`225`	`242`	`publicfunctiontestCollectCollectsDecisionLogWhenStrategyIsAffirmative()`

`‎src/Symfony/Bundle/SecurityBundle/Tests/Debug/TraceableFirewallListenerTest.php‎`

Lines changed: 20 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@`
`30`	`30`	`useSymfony\Component\Security\Http\Authenticator\Passport\Passport;`
`31`	`31`	`useSymfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;`
`32`	`32`	`useSymfony\Component\Security\Http\Firewall\AuthenticatorManagerListener;`
	`33`	`+useSymfony\Component\Security\Http\Firewall\FirewallListenerInterface;`
`33`	`34`	`useSymfony\Component\Security\Http\Logout\LogoutUrlGenerator;`
`34`	`35`
`35`	`36`	`/**`
`@@ -41,9 +42,25 @@ public function testOnKernelRequestRecordsListeners()`
`41`	`42`	`{`
`42`	`43`	`$request =newRequest();`
`43`	`44`	`$event =newRequestEvent($this->createMock(HttpKernelInterface::class),$request, HttpKernelInterface::MAIN_REQUEST);`
`44`		`-$event->setResponse($response =newResponse());`
`45`		`-$listener =function ($e)use ($event, &$listenerCalled) {`
`46`		`-$listenerCalled +=$e ===$event;`
	`45`	`+$event->setResponse(newResponse());`
	`46`	`+$listener =newclassimplements FirewallListenerInterface`
	`47`	`+ {`
	`48`	`+publicint$callCount =0;`
	`49`	`+`
	`50`	`+publicfunctionsupports(Request$request): ?bool`
	`51`	`+ {`
	`52`	`+returntrue;`
	`53`	`+ }`
	`54`	`+`
	`55`	`+publicfunctionauthenticate(RequestEvent$event):void`
	`56`	`+ {`
	`57`	`+ ++$this->callCount;`
	`58`	`+ }`
	`59`	`+`
	`60`	`+publicstaticfunctiongetPriority():int`
	`61`	`+ {`
	`62`	`+return0;`
	`63`	`+ }`
`47`	`64`	`};`
`48`	`65`	`$firewallMap =$this->createMock(FirewallMap::class);`
`49`	`66`	`$firewallMap`

`‎src/Symfony/Bundle/SecurityBundle/composer.json‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@`
`22`	`22`	`"symfony/clock":"^6.4\|^7.0\|^8.0",`
`23`	`23`	`"symfony/config":"^7.3\|^8.0",`
`24`	`24`	`"symfony/dependency-injection":"^6.4.11\|^7.1.4\|^8.0",`
	`25`	`+"symfony/deprecation-contracts":"^2.5\|^3",`
`25`	`26`	`"symfony/event-dispatcher":"^6.4\|^7.0\|^8.0",`
`26`	`27`	`"symfony/http-kernel":"^6.4\|^7.0\|^8.0",`
`27`	`28`	`"symfony/http-foundation":"^6.4\|^7.0\|^8.0",`

`‎src/Symfony/Component/Security/Http/CHANGELOG.md‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,11 @@`
`1`	`1`	`CHANGELOG`
`2`	`2`	`=========`
`3`	`3`
	`4`	`+7.4`
	`5`	`+---`
	`6`	`+`
	`7`	+* Deprecate callable firewall listeners, extend`AbstractListener` or implement`FirewallListenerInterface` instead
	`8`	`+`
`4`	`9`	`7.3`
`5`	`10`	`---`
`6`	`11`

`‎src/Symfony/Component/Security/Http/Firewall.php‎`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`	`useSymfony\Component\HttpKernel\Event\FinishRequestEvent;`
`17`	`17`	`useSymfony\Component\HttpKernel\Event\RequestEvent;`
`18`	`18`	`useSymfony\Component\HttpKernel\KernelEvents;`
	`19`	`+useSymfony\Component\Security\Http\Firewall\AbstractListener;`
`19`	`20`	`useSymfony\Component\Security\Http\Firewall\ExceptionListener;`
`20`	`21`	`useSymfony\Component\Security\Http\Firewall\FirewallListenerInterface;`
`21`	`22`	`useSymfony\Contracts\EventDispatcher\EventDispatcherInterface;`
`@@ -123,6 +124,8 @@ protected function callListeners(RequestEvent $event, iterable $listeners)`
`123`	`124`	`{`
`124`	`125`	`foreach ($listenersas$listener) {`
`125`	`126`	`if (!$listenerinstanceof FirewallListenerInterface) {`
	`127`	`+trigger_deprecation('symfony/security-http','7.4','Using a callable as firewall listener is deprecated, extend "%s" or implement "%s" instead.', AbstractListener::class, FirewallListenerInterface::class);`
	`128`	`+`
`126`	`129`	`$listener($event);`
`127`	`130`	`}elseif (false !==$listener->supports($event->getRequest())) {`
`128`	`131`	`$listener->authenticate($event);`
`@@ -134,8 +137,8 @@ protected function callListeners(RequestEvent $event, iterable $listeners)`
`134`	`137`	`}`
`135`	`138`	`}`
`136`	`139`
`137`		`-privatefunctiongetListenerPriority(object$logoutListener):int`
	`140`	`+privatefunctiongetListenerPriority(object$listener):int`
`138`	`141`	`{`
`139`		`-return$logoutListenerinstanceof FirewallListenerInterface ?$logoutListener->getPriority() :0;`
	`142`	`+return$listenerinstanceof FirewallListenerInterface ?$listener->getPriority() :0;`
`140`	`143`	`}`
`141`	`144`	`}`

`‎src/Symfony/Component/Security/Http/Tests/FirewallTest.php‎`

Lines changed: 48 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespaceSymfony\Component\Security\Http\Tests;`
`13`	`13`
`14`	`14`	`usePHPUnit\Framework\TestCase;`
	`15`	`+useSymfony\Bridge\PhpUnit\ExpectUserDeprecationMessageTrait;`
`15`	`16`	`useSymfony\Component\EventDispatcher\EventDispatcherInterface;`
`16`	`17`	`useSymfony\Component\HttpFoundation\Request;`
`17`	`18`	`useSymfony\Component\HttpFoundation\Response;`
`@@ -25,6 +26,8 @@`
`25`	`26`
`26`	`27`	`class FirewallTestextends TestCase`
`27`	`28`	`{`
	`29`	`+use ExpectUserDeprecationMessageTrait;`
	`30`	`+`
`28`	`31`	`publicfunctiontestOnKernelRequestRegistersExceptionListener()`
`29`	`32`	`{`
`30`	`33`	`$dispatcher =$this->createMock(EventDispatcherInterface::class);`
`@@ -54,21 +57,26 @@ public function testOnKernelRequestRegistersExceptionListener()`
`54`	`57`
`55`	`58`	`publicfunctiontestOnKernelRequestStopsWhenThereIsAResponse()`
`56`	`59`	`{`
`57`		`-$called = [];`
	`60`	`+$listener =newclassextends AbstractListener`
	`61`	`+ {`
	`62`	`+publicint$callCount =0;`
`58`	`63`
`59`		`-$first =function ()use (&$called) {`
`60`		`-$called[] =1;`
`61`		`- };`
	`64`	`+publicfunctionsupports(Request$request): ?bool`
	`65`	`+ {`
	`66`	`+returntrue;`
	`67`	`+ }`
`62`	`68`
`63`		`-$second =function ()use (&$called) {`
`64`		`-$called[] =2;`
	`69`	`+publicfunctionauthenticate(RequestEvent$event):void`
	`70`	`+ {`
	`71`	`+ ++$this->callCount;`
	`72`	`+ }`
`65`	`73`	`};`
`66`	`74`
`67`	`75`	`$map =$this->createMock(FirewallMapInterface::class);`
`68`	`76`	`$map`
`69`	`77`	`->expects($this->once())`
`70`	`78`	`->method('getListeners')`
`71`		`- ->willReturn([[$first,$second],null,null])`
	`79`	`+ ->willReturn([[$listener,$listener],null,null])`
`72`	`80`	`;`
`73`	`81`
`74`	`82`	`$event =newRequestEvent($this->createMock(HttpKernelInterface::class),newRequest(), HttpKernelInterface::MAIN_REQUEST);`
`@@ -77,7 +85,7 @@ public function testOnKernelRequestStopsWhenThereIsAResponse()`
`77`	`85`	`$firewall =newFirewall($map,$this->createMock(EventDispatcherInterface::class));`
`78`	`86`	`$firewall->onKernelRequest($event);`
`79`	`87`
`80`		`-$this->assertSame([1],$called);`
	`88`	`+$this->assertSame(1,$listener->callCount);`
`81`	`89`	`}`
`82`	`90`
`83`	`91`	`publicfunctiontestOnKernelRequestWithSubRequest()`
`@@ -100,11 +108,10 @@ public function testOnKernelRequestWithSubRequest()`
`100`	`108`	`$this->assertFalse($event->hasResponse());`
`101`	`109`	`}`
`102`	`110`
`103`		`-publicfunctiontestListenersAreCalled()`
	`111`	`+publicfunctiontestFirewallListenersAreCalled()`
`104`	`112`	`{`
`105`	`113`	`$calledListeners = [];`
`106`	`114`
`107`		`-$callableListener =staticfunction()use(&$calledListeners) {$calledListeners[] ='callableListener'; };`
`108`	`115`	`$firewallListener =newclass($calledListeners)implements FirewallListenerInterface {`
`109`	`116`	`publicfunction__construct(privatearray &$calledListeners) {}`
`110`	`117`
`@@ -144,14 +151,43 @@ public function authenticate(RequestEvent $event): void`
`144`	`151`	`->expects($this->once())`
`145`	`152`	`->method('getListeners')`
`146`	`153`	`->with($this->equalTo($request))`
`147`		`- ->willReturn([[$callableListener,$firewallListener,$callableFirewallListener],null,null])`
	`154`	`+ ->willReturn([[$firewallListener,$callableFirewallListener],null,null])`
	`155`	`+ ;`
	`156`	`+`
	`157`	`+$event =newRequestEvent($this->createMock(HttpKernelInterface::class),$request, HttpKernelInterface::MAIN_REQUEST);`
	`158`	`+`
	`159`	`+$firewall =newFirewall($map,$this->createMock(EventDispatcherInterface::class));`
	`160`	`+$firewall->onKernelRequest($event);`
	`161`	`+`
	`162`	`+$this->assertSame(['firewallListener','callableFirewallListener'],$calledListeners);`
	`163`	`+ }`
	`164`	`+`
	`165`	`+/**`
	`166`	`+ * @group legacy`
	`167`	`+ */`
	`168`	`+publicfunctiontestCallableListenersAreCalled()`
	`169`	`+ {`
	`170`	`+$this->expectUserDeprecationMessage('Since symfony/security-http 7.4: Using a callable as firewall listener is deprecated, extend "Symfony\Component\Security\Http\Firewall\AbstractListener" or implement "Symfony\Component\Security\Http\Firewall\FirewallListenerInterface" instead.');`
	`171`	`+`
	`172`	`+$calledListeners = [];`
	`173`	`+`
	`174`	`+$callableListener =staticfunction()use(&$calledListeners) {$calledListeners[] ='callableListener'; };`
	`175`	`+`
	`176`	`+$request =$this->createMock(Request::class);`
	`177`	`+`
	`178`	`+$map =$this->createMock(FirewallMapInterface::class);`
	`179`	`+$map`
	`180`	`+ ->expects($this->once())`
	`181`	`+ ->method('getListeners')`
	`182`	`+ ->with($this->equalTo($request))`
	`183`	`+ ->willReturn([[$callableListener],null,null])`
`148`	`184`	`;`
`149`	`185`
`150`	`186`	`$event =newRequestEvent($this->createMock(HttpKernelInterface::class),$request, HttpKernelInterface::MAIN_REQUEST);`
`151`	`187`
`152`	`188`	`$firewall =newFirewall($map,$this->createMock(EventDispatcherInterface::class));`
`153`	`189`	`$firewall->onKernelRequest($event);`
`154`	`190`
`155`		`-$this->assertSame(['callableListener','firewallListener','callableFirewallListener'],$calledListeners);`
	`191`	`+$this->assertSame(['callableListener'],$calledListeners);`
`156`	`192`	`}`
`157`	`193`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit7dd75b6

File tree

10 files changed

10 files changed

`‎UPGRADE-7.4.md‎`

`‎src/Symfony/Bundle/SecurityBundle/Debug/TraceableFirewallListener.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Security/FirewallContext.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Security/LazyFirewallContext.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/Debug/TraceableFirewallListenerTest.php‎`

`‎src/Symfony/Bundle/SecurityBundle/composer.json‎`

`‎src/Symfony/Component/Security/Http/CHANGELOG.md‎`

`‎src/Symfony/Component/Security/Http/Firewall.php‎`

`‎src/Symfony/Component/Security/Http/Tests/FirewallTest.php‎`

0 commit comments