diff options
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Authentication/SimpleFormAuthenticatorInterface.php | 6 | ||||
| -rw-r--r-- | Http/Authentication/SimplePreAuthenticatorInterface.php | 6 | ||||
| -rw-r--r-- | Http/EntryPoint/DigestAuthenticationEntryPoint.php | 10 | ||||
| -rw-r--r-- | Http/Firewall/DigestAuthenticationListener.php | 2 | ||||
| -rw-r--r-- | Http/Firewall/LogoutListener.php | 21 | ||||
| -rw-r--r-- | Http/Firewall/SimpleFormAuthenticationListener.php | 24 | ||||
| -rw-r--r-- | Http/Firewall/SimplePreAuthenticationListener.php | 2 | ||||
| -rw-r--r-- | Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 21 | ||||
| -rw-r--r-- | Http/Logout/LogoutUrlGenerator.php | 10 | ||||
| -rw-r--r-- | Http/RememberMe/AbstractRememberMeServices.php | 10 | ||||
| -rw-r--r-- | Http/RememberMe/PersistentTokenBasedRememberMeServices.php | 23 | ||||
| -rw-r--r-- | Http/Session/SessionAuthenticationStrategy.php | 5 | ||||
| -rw-r--r-- | Http/Tests/Session/SessionAuthenticationStrategyTest.php | 17 | ||||
| -rw-r--r-- | Http/composer.json | 18 |
14 files changed, 25 insertions, 150 deletions
diff --git a/Http/Authentication/SimpleFormAuthenticatorInterface.php b/Http/Authentication/SimpleFormAuthenticatorInterface.php index 112688c..39c3133 100644 --- a/Http/Authentication/SimpleFormAuthenticatorInterface.php +++ b/Http/Authentication/SimpleFormAuthenticatorInterface.php @@ -11,11 +11,13 @@ namespace Symfony\Component\Security\Http\Authentication; -use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface as BaseSimpleFormAuthenticatorInterface; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface; /** * @author Jordi Boggiano <j.boggiano@seld.be> */ -interface SimpleFormAuthenticatorInterface extends BaseSimpleFormAuthenticatorInterface +interface SimpleFormAuthenticatorInterface extends SimpleAuthenticatorInterface { + public function createToken(Request $request, $username, $password, $providerKey); } diff --git a/Http/Authentication/SimplePreAuthenticatorInterface.php b/Http/Authentication/SimplePreAuthenticatorInterface.php index afa8049..63abb15 100644 --- a/Http/Authentication/SimplePreAuthenticatorInterface.php +++ b/Http/Authentication/SimplePreAuthenticatorInterface.php @@ -11,11 +11,13 @@ namespace Symfony\Component\Security\Http\Authentication; -use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface as BaseSimplePreAuthenticatorInterface; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface; /** * @author Jordi Boggiano <j.boggiano@seld.be> */ -interface SimplePreAuthenticatorInterface extends BaseSimplePreAuthenticatorInterface +interface SimplePreAuthenticatorInterface extends SimpleAuthenticatorInterface { + public function createToken(Request $request, $providerKey); } diff --git a/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/Http/EntryPoint/DigestAuthenticationEntryPoint.php index cdb98eb..9dfd592 100644 --- a/Http/EntryPoint/DigestAuthenticationEntryPoint.php +++ b/Http/EntryPoint/DigestAuthenticationEntryPoint.php @@ -65,16 +65,6 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac } /** - * @deprecated Since version 2.8, to be removed in 3.0. Use getSecret() instead. - */ - public function getKey() - { - @trigger_error(__method__.'() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead.', E_USER_DEPRECATED); - - return $this->getSecret(); - } - - /** * @return string */ public function getSecret() diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index d8d71fb..71bdf6c 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -78,7 +78,7 @@ class DigestAuthenticationListener implements ListenerInterface } try { - $digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName()); + $digestAuth->validateAndDecode($this->authenticationEntryPoint->getSecret(), $this->authenticationEntryPoint->getRealmName()); } catch (BadCredentialsException $e) { $this->fail($event, $request, $e); diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php index e19d39c..47583be 100644 --- a/Http/Firewall/LogoutListener.php +++ b/Http/Firewall/LogoutListener.php @@ -11,13 +11,10 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; -use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\LogoutException; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; @@ -49,24 +46,8 @@ class LogoutListener implements ListenerInterface * @param array $options An array of options to process a logout attempt * @param CsrfTokenManagerInterface $csrfTokenManager A CsrfTokenManagerInterface instance */ - public function __construct(TokenStorageInterface $tokenStorage, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), $csrfTokenManager = null) + public function __construct(TokenStorageInterface $tokenStorage, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), CsrfTokenManagerInterface $csrfTokenManager = null) { - if ($csrfTokenManager instanceof CsrfProviderInterface) { - $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); - } elseif (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) { - throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); - } - - if (isset($options['intention'])) { - if (isset($options['csrf_token_id'])) { - throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__)); - } - - @trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED); - - $options['csrf_token_id'] = $options['intention']; - } - $this->tokenStorage = $tokenStorage; $this->httpUtils = $httpUtils; $this->options = array_merge(array( diff --git a/Http/Firewall/SimpleFormAuthenticationListener.php b/Http/Firewall/SimpleFormAuthenticationListener.php index 331d018..7c940c3 100644 --- a/Http/Firewall/SimpleFormAuthenticationListener.php +++ b/Http/Firewall/SimpleFormAuthenticationListener.php @@ -12,17 +12,14 @@ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\EventDispatcher\EventDispatcherInterface; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; -use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface; +use Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Security; @@ -57,30 +54,13 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener * @param SimpleFormAuthenticatorInterface $simpleAuthenticator A SimpleFormAuthenticatorInterface instance * * @throws \InvalidArgumentException In case no simple authenticator is provided - * @throws InvalidArgumentException In case an invalid CSRF token manager is passed */ - public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfTokenManagerInterface $csrfTokenManager = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null) { if (!$simpleAuthenticator) { throw new \InvalidArgumentException('Missing simple authenticator'); } - if ($csrfTokenManager instanceof CsrfProviderInterface) { - $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); - } elseif (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) { - throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); - } - - if (isset($options['intention'])) { - if (isset($options['csrf_token_id'])) { - throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__)); - } - - @trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED); - - $options['csrf_token_id'] = $options['intention']; - } - $this->simpleAuthenticator = $simpleAuthenticator; $this->csrfTokenManager = $csrfTokenManager; diff --git a/Http/Firewall/SimplePreAuthenticationListener.php b/Http/Firewall/SimplePreAuthenticationListener.php index 8f1f6fd..2b4b593 100644 --- a/Http/Firewall/SimplePreAuthenticationListener.php +++ b/Http/Firewall/SimplePreAuthenticationListener.php @@ -15,7 +15,7 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterfac use Psr\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface; +use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface; use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 866d0c3..426457d 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Http\Firewall; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; use Psr\Log\LoggerInterface; use Symfony\Component\Security\Csrf\CsrfToken; @@ -26,7 +24,6 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterfac use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\BadCredentialsException; -use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; use Symfony\Component\Security\Core\Security; use Symfony\Component\EventDispatcher\EventDispatcherInterface; @@ -41,24 +38,8 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL { private $csrfTokenManager; - public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $csrfTokenManager = null) + public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfTokenManagerInterface $csrfTokenManager = null) { - if ($csrfTokenManager instanceof CsrfProviderInterface) { - $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); - } elseif (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) { - throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); - } - - if (isset($options['intention'])) { - if (isset($options['csrf_token_id'])) { - throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__)); - } - - @trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED); - - $options['csrf_token_id'] = $options['intention']; - } - parent::__construct($tokenStorage, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array( 'username_parameter' => '_username', 'password_parameter' => '_password', diff --git a/Http/Logout/LogoutUrlGenerator.php b/Http/Logout/LogoutUrlGenerator.php index 761e56a..ada733b 100644 --- a/Http/Logout/LogoutUrlGenerator.php +++ b/Http/Logout/LogoutUrlGenerator.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Http\Logout; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; -use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\RequestStack; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; @@ -47,14 +45,8 @@ class LogoutUrlGenerator * @param string $csrfParameter The CSRF token parameter name * @param CsrfTokenManagerInterface $csrfTokenManager A CsrfTokenManagerInterface instance */ - public function registerListener($key, $logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager = null) + public function registerListener($key, $logoutPath, $csrfTokenId, $csrfParameter, CsrfTokenManagerInterface $csrfTokenManager = null) { - if ($csrfTokenManager instanceof CsrfProviderInterface) { - $csrfTokenManager = new CsrfProviderAdapter($csrfTokenManager); - } elseif (null !== $csrfTokenManager && !$csrfTokenManager instanceof CsrfTokenManagerInterface) { - throw new \InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.'); - } - $this->listeners[$key] = array($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenManager); } diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php index 8627bc8..c22105b 100644 --- a/Http/RememberMe/AbstractRememberMeServices.php +++ b/Http/RememberMe/AbstractRememberMeServices.php @@ -85,16 +85,6 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface } /** - * @deprecated Since version 2.8, to be removed in 3.0. Use getSecret() instead. - */ - public function getKey() - { - @trigger_error(__method__.'() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead.', E_USER_DEPRECATED); - - return $this->getSecret(); - } - - /** * @return string */ public function getSecret() diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php index 807a4a7..edfa208 100644 --- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -19,8 +19,6 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\CookieTheftException; use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Util\SecureRandomInterface; -use Psr\Log\LoggerInterface; /** * Concrete implementation of the RememberMeServicesInterface which needs @@ -34,27 +32,6 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices private $tokenProvider; /** - * Constructor. - * - * Note: The $secureRandom parameter is deprecated since version 2.8 and will be removed in 3.0. - * - * @param array $userProviders - * @param string $secret - * @param string $providerKey - * @param array $options - * @param LoggerInterface $logger - * @param SecureRandomInterface $secureRandom - */ - public function __construct(array $userProviders, $secret, $providerKey, array $options = array(), LoggerInterface $logger = null, SecureRandomInterface $secureRandom = null) - { - if (null !== $secureRandom) { - @trigger_error('The $secureRandom parameter in '.__METHOD__.' is deprecated since version 2.8 and will be removed in 3.0.', E_USER_DEPRECATED); - } - - parent::__construct($userProviders, $secret, $providerKey, $options, $logger); - } - - /** * Sets the token provider. * * @param TokenProviderInterface $tokenProvider diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php index ccfa6ba..dd258a0 100644 --- a/Http/Session/SessionAuthenticationStrategy.php +++ b/Http/Session/SessionAuthenticationStrategy.php @@ -47,10 +47,7 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte return; case self::MIGRATE: - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See php bug #63379 - $destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); return; diff --git a/Http/Tests/Session/SessionAuthenticationStrategyTest.php b/Http/Tests/Session/SessionAuthenticationStrategyTest.php index 4aef4b2..a1f960f 100644 --- a/Http/Tests/Session/SessionAuthenticationStrategyTest.php +++ b/Http/Tests/Session/SessionAuthenticationStrategyTest.php @@ -39,10 +39,6 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase public function testSessionIsMigrated() { - if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) { - $this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.'); - } - $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); $session->expects($this->once())->method('migrate')->with($this->equalTo(true)); @@ -50,19 +46,6 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase $strategy->onAuthentication($this->getRequest($session), $this->getToken()); } - public function testSessionIsMigratedWithPhp54Workaround() - { - if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) { - $this->markTestSkipped('This PHP version is not affected.'); - } - - $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); - $session->expects($this->once())->method('migrate')->with($this->equalTo(false)); - - $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE); - $strategy->onAuthentication($this->getRequest($session), $this->getToken()); - } - public function testSessionIsInvalidated() { $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); diff --git a/Http/composer.json b/Http/composer.json index 24708ac..a3e008a 100644 --- a/Http/composer.json +++ b/Http/composer.json @@ -16,18 +16,18 @@ } ], "require": { - "php": ">=5.3.9", - "symfony/security-core": "~2.8", - "symfony/event-dispatcher": "~2.1|~3.0.0", - "symfony/http-foundation": "~2.4|~3.0.0", - "symfony/http-kernel": "~2.4|~3.0.0", + "php": ">=5.5.9", + "symfony/security-core": "~2.8|~3.0", + "symfony/event-dispatcher": "~2.8|~3.0", + "symfony/http-foundation": "~2.8|~3.0", + "symfony/http-kernel": "~2.8|~3.0", "symfony/polyfill-php56": "~1.0", "symfony/polyfill-php70": "~1.0", - "symfony/property-access": "~2.3|~3.0.0" + "symfony/property-access": "~2.8|~3.0" }, "require-dev": { - "symfony/routing": "~2.2|~3.0.0", - "symfony/security-csrf": "~2.4|~3.0.0", + "symfony/routing": "~2.8|~3.0", + "symfony/security-csrf": "~2.8|~3.0", "psr/log": "~1.0" }, "suggest": { @@ -43,7 +43,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.8-dev" + "dev-master": "3.0-dev" } } } |