fixed Symfony Security Component deprecations

12571d34 · Fabien Potencier · 9d688a93 · 12571d34 · 12571d34 · 12571d34
Commit 12571d34 authored Jan 08, 2015 by Fabien Potencier
8 changed files
--- a/src/Silex/Application/SecurityTrait.php
+++ b/src/Silex/Application/SecurityTrait.php
@@ -30,7 +30,7 @@ trait SecurityTrait
     */
    public function user()
    {
-        if (null === $token = $this['security']->getToken()) {
+        if (null === $token = $this['security.token_storage']->getToken()) {
            return;
        }

--- a/src/Silex/Provider/RememberMeServiceProvider.php
+++ b/src/Silex/Provider/RememberMeServiceProvider.php
@@ -76,7 +76,7 @@ class RememberMeServiceProvider implements ServiceProviderInterface
        $app['security.authentication_listener.remember_me._proto'] = $app->protect(function ($providerKey) use ($app) {
            return $app->share(function () use ($app, $providerKey) {
                $listener = new RememberMeListener(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $app['security.remember_me.service.'.$providerKey],
                    $app['security.authentication_manager'],
                    $app['logger'],

--- a/src/Silex/Provider/SecurityServiceProvider.php
+++ b/src/Silex/Provider/SecurityServiceProvider.php
@@ -15,6 +15,7 @@ use Silex\Application;
 use Silex\ServiceProviderInterface;
 use Symfony\Component\HttpFoundation\RequestMatcher;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Core\User\UserChecker;
@@ -27,6 +28,8 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler;
 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
+use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
 use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
 use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
@@ -72,9 +75,31 @@ class SecurityServiceProvider implements ServiceProviderInterface
        $app['security.access_rules'] = array();
        $app['security.hide_user_not_found'] = true;
+        $r = new \ReflectionMethod('Symfony\Component\Security\Http\Firewall\ContextListener', '__construct');
+        $params = $r->getParameters();
+        if ('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface' === $params[0]->getClass()->getName()) {
+            $app['security.authorization_checker'] = $app->share(function ($app) {
+                return new AuthorizationChecker($app['security.token_storage'], $app['security.authentication_manager'], $app['security.access_manager']);
+            });
+            $app['security.token_storage'] = $app->share(function ($app) {
+                return new TokenStorage();
+            });
+            $app['security'] = $app->share(function ($app) {
+                // Deprecated, to be removed in 2.0
+                return new SecurityContext($app['security.token_storage'], $app['security.authorization_checker']);
+            });
+        } else {
+            $app['security.token_storage'] = $app['security.authorization_checker'] = $app->share(function ($app) {
+                return $app['security'];
+            });
            $app['security'] = $app->share(function ($app) {
+                // Deprecated, to be removed in 2.0
                return new SecurityContext($app['security.authentication_manager'], $app['security.access_manager']);
            });
+        }
        $app['security.authentication_manager'] = $app->share(function ($app) {
            $manager = new AuthenticationProviderManager($app['security.authentication_providers']);
@@ -271,7 +296,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
        $app['security.access_listener'] = $app->share(function ($app) {
            return new AccessListener(
-                $app['security'],
+                $app['security.token_storage'],
                $app['security.access_manager'],
                $app['security.access_map'],
                $app['security.authentication_manager'],
@@ -306,14 +331,19 @@ class SecurityServiceProvider implements ServiceProviderInterface
        });
        $app['security.last_error'] = $app->protect(function (Request $request) {
-            if ($request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
+            if (class_exists('Symfony\Component\Security\Core\Security')) {
-                return $request->attributes->get(SecurityContextInterface::AUTHENTICATION_ERROR)->getMessage();
+                $error = Security::AUTHENTICATION_ERROR;
+            } else {
+                $error = SecurityContextInterface::AUTHENTICATION_ERROR;
+            }
+            if ($request->attributes->has($error)) {
+                return $request->attributes->get($error)->getMessage();
            }
            $session = $request->getSession();
-            if ($session && $session->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
+            if ($session && $session->has($error)) {
-                $error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR)->getMessage();
+                $error = $session->get($error)->getMessage();
-                $session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
+                $session->remove($error);
                return $error;
            }
@@ -324,7 +354,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
        $app['security.context_listener._proto'] = $app->protect(function ($providerKey, $userProviders) use ($app) {
            return $app->share(function () use ($app, $userProviders, $providerKey) {
                return new ContextListener(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $userProviders,
                    $providerKey,
                    $app['logger'],
@@ -347,7 +377,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
        $app['security.exception_listener._proto'] = $app->protect(function ($entryPoint, $name) use ($app) {
            return $app->share(function () use ($app, $entryPoint, $name) {
                return new ExceptionListener(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $app['security.trust_resolver'],
                    $app['security.http_utils'],
                    $name,
@@ -401,7 +431,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
                }
                return new $class(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $app['security.authentication_manager'],
                    isset($app['security.session_strategy.'.$name]) ? $app['security.session_strategy.'.$name] : $app['security.session_strategy'],
                    $app['security.http_utils'],
@@ -419,7 +449,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
        $app['security.authentication_listener.http._proto'] = $app->protect(function ($providerKey, $options) use ($app) {
            return $app->share(function () use ($app, $providerKey, $options) {
                return new BasicAuthenticationListener(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $app['security.authentication_manager'],
                    $providerKey,
                    $app['security.entry_point.'.$providerKey.'.http'],
@@ -431,7 +461,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
        $app['security.authentication_listener.anonymous._proto'] = $app->protect(function ($providerKey, $options) use ($app) {
            return $app->share(function () use ($app, $providerKey, $options) {
                return new AnonymousAuthenticationListener(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $providerKey,
                    $app['logger']
                );
@@ -460,7 +490,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
                }
                $listener = new LogoutListener(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $app['security.http_utils'],
                    $app['security.authentication.logout_handler.'.$name],
                    $options,
@@ -476,7 +506,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
        $app['security.authentication_listener.switch_user._proto'] = $app->protect(function ($name, $options) use ($app, $that) {
            return $app->share(function () use ($app, $name, $options, $that) {
                return new SwitchUserListener(
-                    $app['security'],
+                    $app['security.token_storage'],
                    $app['security.user_provider.'.$name],
                    $app['security.user_checker'],
                    $name,
@@ -524,7 +554,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
        if (isset($app['validator'])) {
            $app['security.validator.user_password_validator'] = $app->share(function ($app) {
-                return new UserPasswordValidator($app['security'], $app['security.encoder_factory']);
+                return new UserPasswordValidator($app['security.token_storage'], $app['security.encoder_factory']);
            });
            if (!isset($app['validator.validator_service_ids'])) {

--- a/src/Silex/Provider/TwigServiceProvider.php
+++ b/src/Silex/Provider/TwigServiceProvider.php
@@ -60,8 +60,8 @@ class TwigServiceProvider implements ServiceProviderInterface
                    $twig->addExtension(new TranslationExtension($app['translator']));
                }
-                if (isset($app['security'])) {
+                if (isset($app['security.authorization_checker'])) {
-                    $twig->addExtension(new SecurityExtension($app['security']));
+                    $twig->addExtension(new SecurityExtension($app['security.authorization_checker']));
                }
                if (isset($app['fragment.handler'])) {

--- a/src/Silex/Route/SecurityTrait.php
+++ b/src/Silex/Route/SecurityTrait.php
@@ -23,7 +23,7 @@ trait SecurityTrait
    public function secure($roles)
    {
        $this->before(function ($request, $app) use ($roles) {
-            if (!$app['security']->isGranted($roles)) {
+            if (!$app['security.authorization_checker']->isGranted($roles)) {
                throw new AccessDeniedException();
            }
        });

--- a/tests/Silex/Tests/Application/SecurityTraitTest.php
+++ b/tests/Silex/Tests/Application/SecurityTraitTest.php
@@ -13,6 +13,7 @@ namespace Silex\Tests\Application;
 use Silex\Provider\SecurityServiceProvider;
 use Symfony\Component\Security\Core\User\User;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\HttpFoundation\Request;
 /**
@@ -28,7 +29,9 @@ class SecurityTraitTest extends \PHPUnit_Framework_TestCase
    {
        $request = Request::create('/');
-        $app = $this->createApplication();
+        $app = $this->createApplication(array(
+            'fabien' => array('ROLE_ADMIN', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
+        ));
        $app->get('/', function () { return 'foo'; });
        $app->handle($request);
        $this->assertNull($app->user());
@@ -44,15 +47,7 @@ class SecurityTraitTest extends \PHPUnit_Framework_TestCase
    {
        $request = Request::create('/');
-        $app = new SecurityApplication();
+        $app = $this->createApplication();
-        $app['security'] = $this->getMockBuilder('Symfony\Component\Security\Core\SecurityContext')
-            ->disableOriginalConstructor()
-            ->getMock();
-        $app['security']->expects($this->any())
-            ->method('getToken')
-            ->will($this->returnValue(null));
        $app->get('/', function () { return 'foo'; });
        $app->handle($request);
        $this->assertNull($app->user());
@@ -62,22 +57,9 @@ class SecurityTraitTest extends \PHPUnit_Framework_TestCase
    {
        $request = Request::create('/');
-        $app = new SecurityApplication();
+        $app = $this->createApplication();
-        $app['security'] = $this->getMockBuilder('Symfony\Component\Security\Core\SecurityContext')
+        $app->boot();
-            ->disableOriginalConstructor()
+        $app['security.token_storage']->setToken(new UsernamePasswordToken('foo', 'foo', 'foo'));
-            ->getMock();
-        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken')
-            ->disableOriginalConstructor()
-            ->getMock();
-        $token->expects($this->once())
-            ->method('getUser')
-            ->will($this->returnValue(array()));
-        $app['security']->expects($this->any())
-            ->method('getToken')
-            ->will($this->returnValue($token));
        $app->get('/', function () { return 'foo'; });
        $app->handle($request);
@@ -86,22 +68,22 @@ class SecurityTraitTest extends \PHPUnit_Framework_TestCase
    public function testEncodePassword()
    {
-        $app = $this->createApplication();
+        $app = $this->createApplication(array(
+            'fabien' => array('ROLE_ADMIN', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
+        ));
        $user = new User('foo', 'bar');
        $this->assertEquals('5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg==', $app->encodePassword($user, 'foo'));
    }
-    public function createApplication()
+    public function createApplication($users = array())
    {
        $app = new SecurityApplication();
        $app->register(new SecurityServiceProvider(), array(
            'security.firewalls' => array(
                'default' => array(
                    'http' => true,
-                    'users' => array(
+                    'users' => $users,
-                        'fabien' => array('ROLE_ADMIN', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
-                    ),
                ),
            ),
        ));

--- a/tests/Silex/Tests/Provider/RememberMeServiceProviderTest.php
+++ b/tests/Silex/Tests/Provider/RememberMeServiceProviderTest.php
@@ -84,9 +84,9 @@ class RememberMeServiceProviderTest extends WebTestCase
        );
        $app->get('/', function () use ($app) {
-            if ($app['security']->isGranted('IS_AUTHENTICATED_FULLY')) {
+            if ($app['security.authorization_checker']->isGranted('IS_AUTHENTICATED_FULLY')) {
                return 'AUTHENTICATED_FULLY';
-            } elseif ($app['security']->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
+            } elseif ($app['security.authorization_checker']->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
                return 'AUTHENTICATED_REMEMBERED';
            } else {
                return 'AUTHENTICATED_ANONYMOUSLY';

--- a/tests/Silex/Tests/Provider/SecurityServiceProviderTest.php
+++ b/tests/Silex/Tests/Provider/SecurityServiceProviderTest.php
@@ -224,15 +224,15 @@ class SecurityServiceProviderTest extends WebTestCase
        });
        $app->get('/', function () use ($app) {
-            $user = $app['security']->getToken()->getUser();
+            $user = $app['security.token_storage']->getToken()->getUser();
            $content = is_object($user) ? $user->getUsername() : 'ANONYMOUS';
-            if ($app['security']->isGranted('IS_AUTHENTICATED_FULLY')) {
+            if ($app['security.authorization_checker']->isGranted('IS_AUTHENTICATED_FULLY')) {
                $content .= 'AUTHENTICATED';
            }
-            if ($app['security']->isGranted('ROLE_ADMIN')) {
+            if ($app['security.authorization_checker']->isGranted('ROLE_ADMIN')) {
                $content .= 'ADMIN';
            }
@@ -269,15 +269,14 @@ class SecurityServiceProviderTest extends WebTestCase
        ));
        $app->get('/', function () use ($app) {
-            $user = $app['security']->getToken()->getUser();
+            $user = $app['security.token_storage']->getToken()->getUser();
            $content = is_object($user) ? $user->getUsername() : 'ANONYMOUS';
-            if ($app['security']->isGranted('IS_AUTHENTICATED_FULLY')) {
+            if ($app['security.authorization_checker']->isGranted('IS_AUTHENTICATED_FULLY')) {
                $content .= 'AUTHENTICATED';
            }
-            if ($app['security']->isGranted('ROLE_ADMIN')) {
+            if ($app['security.authorization_checker']->isGranted('ROLE_ADMIN')) {
                $content .= 'ADMIN';
            }