feature #22048 [Security] deprecate the Role and SwitchUserRole classes (xabbuh)

fabpot · fabpot · commit 5534d448be6c · 2019-02-25T17:04:33.000+01:00
This PR was merged into the 4.3-dev branch. Discussion ---------- [Security] deprecate the Role and SwitchUserRole classes | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | #20824 | License | MIT | Doc PR | symfony/symfony-docs#11047 In #20801, we deprecated the `RoleInterface`. The next logical step would be to also deprecate the `Role` class. However, we currently have the `SwitchUserRole` class (a sub-class of `Role`) that acts as an indicator to check whether or not the authenticated user switched to another user. This PR proposes an alternative solution to the usage of the special `SwitchUserRole` class by storing the original token inside the `UsernamePasswordToken`. This PR is not complete, but rather acts as a proof of concept of how we could get rid of the `Role` and the `SwitchUserRole` classes. Please share your opinions whether you think this is a valid approach and I will be happy to finalise the PR. Commits ------- d7aaa615b9 deprecate the Role and SwitchUserRole classes
diff --git a/Processor/TokenProcessor.php b/Processor/TokenProcessor.php
@@ -31,10 +31,16 @@ public function __invoke(array $records)
     {
         $records['extra']['token'] = null;
         if (null !== $token = $this->tokenStorage->getToken()) {
+            if (method_exists($token, 'getRoleNames')) {
+                $roles = $token->getRoleNames();
+            } else {
+                $roles = array_map(function ($role) { return $role->getRole(); }, $token->getRoles(false));
+            }
+
             $records['extra']['token'] = [
                 'username' => $token->getUsername(),
                 'authenticated' => $token->isAuthenticated(),
-                'roles' => array_map(function ($role) { return $role->getRole(); }, $token->getRoles()),
+                'roles' => $roles,
             ];
         }
 
diff --git a/Tests/Processor/TokenProcessorTest.php b/Tests/Processor/TokenProcessorTest.php
@@ -36,7 +36,6 @@ public function testProcessor()
         $this->assertArrayHasKey('token', $record['extra']);
         $this->assertEquals($token->getUsername(), $record['extra']['token']['username']);
         $this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);
-        $roles = array_map(function ($role) { return $role->getRole(); }, $token->getRoles());
-        $this->assertEquals($roles, $record['extra']['token']['roles']);
+        $this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,6 @@ public function testProcessor()`
`36`	`36`	`$this->assertArrayHasKey('token', $record['extra']);`
`37`	`37`	`$this->assertEquals($token->getUsername(), $record['extra']['token']['username']);`
`38`	`38`	`$this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);`
`39`		`- $roles = array_map(function ($role) { return $role->getRole(); }, $token->getRoles());`
`40`		`- $this->assertEquals($roles, $record['extra']['token']['roles']);`
	`39`	`+ $this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);`
`41`	`40`	`}`
`42`	`41`	`}`