@@ -435,23 +435,61 @@ into a security
435435Security Passports
436436~~~~~~~~~~~~~~~~~~
437437
438+ ..versionadded ::5.2
439+
440+ The ``UserBadge `` was introduced in Symfony 5.2. Prior to 5.2, the user
441+ instance was provided directly to the passport.
442+
438443A passport is an object that contains the user that will be authenticated as
439444well as other pieces of information, like whether a password should be checked
440445or if "remember me" functionality should be enabled.
441446
442447The default
443448:class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Passport `
444- requires a user object and credentials. The following credential classes
445- are supported by default:
449+ requires a user and credentials.
450+
451+ Use the
452+ :class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Badge\\ UserBadge `
453+ to attach the user to the passport. The ``UserBadge `` requires a user
454+ identifier (e.g. the username or email), which is used to load the user
455+ using:ref: `the user provider <security-user-providers >`::
456+
457+ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
458+
459+ // ...
460+ $passport = new Passport(new UserBadge($email), $credentials);
461+
462+ ..note ::
446463
464+ You can optionally pass a user loader as second argument to the
465+ ``UserBadge ``. This callable receives the ``$userIdentifier ``
466+ and must return a ``UserInterface `` object (otherwise a
467+ ``UsernameNotFoundException `` is thrown)::
468+
469+ // ...
470+ $passport = new Passport(
471+ new UserBadge($email, function ($userIdentifier) {
472+ return $this->userRepository->findOneBy(['email' => $userIdentifier]);
473+ }),
474+ $credentials
475+ );
476+
477+ The following credential classes are supported by default:
447478
448479:class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Credentials\\ PasswordCredentials `
449480 This requires a plaintext ``$password ``, which is validated using the
450- :ref: `password encoder configured for the user <security-encoding-user-password >`.
481+ :ref: `password encoder configured for the user <security-encoding-user-password >`::
482+
483+ use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
484+
485+ // ...
486+ return new Passport($user, new PasswordCredentials($plaintextPassword));
451487
452488:class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Credentials\\ CustomCredentials `
453489 Allows a custom closure to check credentials::
454490
491+ use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
492+
455493 // ...
456494 return new Passport($user, new CustomCredentials(
457495 // If this function returns anything else than `true`, the credentials
@@ -467,21 +505,13 @@ are supported by default:
467505
468506
469507Self Validating Passport
470- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
471- If you don't need any credentials to be checked (e.g. a JWT token), you can use the
472- :class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ SelfValidatingPassport `.
473- This class only requires a ``UserBadge `` object and optionally `Passport Badges `_.
474-
475- You can also pass a user loader to the ``UserBadge ``. This callable receives the
476- ``$userIdentifier `` as argument and must return a ``UserInterface `` object
477- (otherwise a ``UsernameNotFoundException `` is thrown). If this is not set,
478- the default user provider will be used with ``$userIdentifier `` as username::
479-
480- // ...
481- return new SelfValidatingPassport(new UserBadge($email, function ($username) {
482- return $this->userRepository->findOneBy(['email' => $username]);
483- });
508+ ........................
484509
510+ If you don't need any credentials to be checked (e.g. when using API
511+ tokens), you can use the
512+ :class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ SelfValidatingPassport `.
513+ This class only requires a ``UserBadge `` object and optionally `Passport
514+ Badges `_.
485515
486516Passport Badges
487517~~~~~~~~~~~~~~~
@@ -511,16 +541,21 @@ the following badges are supported:
511541 initiated). This skips the
512542:doc: `pre-authentication user checker </security/user_checkers >`.
513543
514- For instance, if you want to add CSRF and password migration to your custom
515- authenticator, you would initialize the passport like this::
544+ ..versionadded ::5.2
545+
546+ Since 5.2, the ``PasswordUpgradeBadge `` is automatically added to
547+ the passport if the passport has ``PasswordCredentials ``.
548+
549+ For instance, if you want to add CSRF to your custom authenticator, you
550+ would initialize the passport like this::
516551
517552 // src/Service/LoginAuthenticator.php
518553 namespace App\Service;
519554
520555 // ...
521556 use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
522557 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
523- use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge ;
558+ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge ;
524559 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
525560 use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
526561
@@ -532,14 +567,13 @@ authenticator, you would initialize the passport like this::
532567 $username = $request->request->get('username');
533568 $csrfToken = $request->request->get('csrf_token');
534569
535- // ... get the $user from the $username and validate no
536- // parameter is empty
570+ // ... validate no parameter is empty
537571
538- return new Passport($user, new PasswordCredentials($password), [
539- // $this->userRepository must implement PasswordUpgraderInterface
540- newPasswordUpgradeBadge ($password, $this->userRepository ),
541- new CsrfTokenBadge('login', $csrfToken),
542- ] );
572+ return new Passport(
573+ new UserBadge($user),
574+ newPasswordCredentials ($password),
575+ [ new CsrfTokenBadge('login', $csrfToken)]
576+ );
543577 }
544578 }
545579