From 3bb04f179bba557166cbdb299580706677e0bfab Mon Sep 17 00:00:00 2001 From: Fran Moreno Date: Sat, 4 Nov 2023 08:29:23 +0100 Subject: [PATCH] Remove support of Symfony 4.4 --- .github/workflows/continuous-integration.yml | 7 ++-- CHANGELOG.md | 1 + composer.json | 20 +++++------ phpstan.neon.dist | 3 -- .../NelmioSecurityExtension.php | 7 +--- src/EventListener/BaseFlexibleSslListener.php | 33 ----------------- src/EventListener/ClickjackingListener.php | 4 +-- .../ContentSecurityPolicyListener.php | 6 ++-- src/EventListener/ContentTypeListener.php | 4 +-- .../ExternalRedirectListener.php | 4 +-- src/EventListener/FlexibleSslListener.php | 20 ++--------- src/EventListener/ForcedSslListener.php | 6 ++-- .../KernelEventForwardCompatibilityTrait.php | 32 ----------------- src/EventListener/ReferrerPolicyListener.php | 4 +-- src/EventListener/SignedCookieListener.php | 6 ++-- src/EventListener/XssProtectionListener.php | 4 +-- src/Resources/config/flexible_ssl_legacy.php | 36 ------------------- tests/App/config/config.yaml | 1 + tests/Listener/FlexibleSslListenerTest.php | 21 ++++------- 19 files changed, 36 insertions(+), 183 deletions(-) delete mode 100644 src/EventListener/BaseFlexibleSslListener.php delete mode 100644 src/EventListener/KernelEventForwardCompatibilityTrait.php delete mode 100644 src/Resources/config/flexible_ssl_legacy.php diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index a6953962..cf7cda67 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -20,18 +20,17 @@ jobs: - 8.1 - 8.2 symfony-version: - - 4.4.x - 5.4.x - - 6.2.x + - 6.3.x dependencies: - highest include: - php-version: 7.4 dependencies: lowest - symfony-version: 4.4 + symfony-version: 5.4 exclude: - php-version: 7.4 - symfony-version: 6.2.x + symfony-version: 6.3.x steps: - name: Checkout diff --git a/CHANGELOG.md b/CHANGELOG.md index 635bc82a..c22a72e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ### 3.x.x (xxxx-xx-xx) * Fixed overriding CSP header +* Dropped support for Symfony < 5.4 ### 3.0.0 (2022-03-17) * Bump minimal PHP version to 7.4 diff --git a/composer.json b/composer.json index 60022c71..b788bd80 100644 --- a/composer.json +++ b/composer.json @@ -18,12 +18,12 @@ ], "require": { "php": "^7.4 || ^8.0", - "symfony/framework-bundle": "^4.4 || ^5.4 || ^6.0", - "symfony/http-kernel": "^4.4 || ^5.4 || ^6.0", - "symfony/security-core": "^4.4 || ^5.4 || ^6.0", - "symfony/security-csrf": "^4.4 || ^5.4 || ^6.0", - "symfony/security-http": "^4.4 || ^5.4 || ^6.0", - "symfony/yaml": "^4.4 || ^5.4 || ^6.0", + "symfony/framework-bundle": "^5.4 || ^6.3", + "symfony/http-kernel": "^5.4 || ^6.3", + "symfony/security-core": "^5.4 || ^6.3", + "symfony/security-csrf": "^5.4 || ^6.3", + "symfony/security-http": "^5.4 || ^6.3", + "symfony/yaml": "^5.4 || ^6.3", "ua-parser/uap-php": "^3.4.4" }, "require-dev": { @@ -34,10 +34,10 @@ "phpstan/phpstan-symfony": "^1.1", "phpunit/phpunit": "^9.5", "psr/cache": "^1.0 || ^2.0 || ^3.0", - "symfony/browser-kit": "^4.4 || ^5.4 || ^6.0", - "symfony/cache": "^4.4 || ^5.4 || ^6.0", - "symfony/phpunit-bridge": "^6.0", - "symfony/twig-bundle": "^4.4 || ^5.4 || ^6.0", + "symfony/browser-kit": "^5.4 || ^6.3", + "symfony/cache": "^5.4 || ^6.3", + "symfony/phpunit-bridge": "^6.3", + "symfony/twig-bundle": "^5.4 || ^6.3", "twig/twig": "^2.10 || ^3.0" }, "autoload": { diff --git a/phpstan.neon.dist b/phpstan.neon.dist index 25518f9c..7a40f7ac 100644 --- a/phpstan.neon.dist +++ b/phpstan.neon.dist @@ -16,9 +16,6 @@ parameters: ignoreErrors: - '#^Dynamic call to static method PHPUnit\\Framework\\\S+\(\)\.$#' - '#^Dynamic call to static method Symfony\\Bundle\\FrameworkBundle\\Test\\\S+\(\)\.$#' - # BC with Symfony 4.4 - - "#^Call to function method_exists\\(\\) with Symfony\\\\Component\\\\HttpKernel\\\\Event\\\\KernelEvent and 'isMainRequest' will always evaluate to true\\.#" - - '#^Call to an undefined method Symfony\\Component\\HttpKernel\\Event\\KernelEvent\:\:isMasterRequest\(\)\.#' # Ignore typing providers in tests - '#^Method Nelmio\\SecurityBundle\\Tests\\[^:]+Test::(provide\w+|\w+Provider)\(\) return type has no value type specified in iterable type (array|iterable)\.#' dynamicConstantNames: diff --git a/src/DependencyInjection/NelmioSecurityExtension.php b/src/DependencyInjection/NelmioSecurityExtension.php index 04f4cb92..580a6ca6 100644 --- a/src/DependencyInjection/NelmioSecurityExtension.php +++ b/src/DependencyInjection/NelmioSecurityExtension.php @@ -21,7 +21,6 @@ use Symfony\Component\DependencyInjection\Loader\PhpFileLoader; use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\HttpKernel\DependencyInjection\Extension; -use Symfony\Component\HttpKernel\Kernel; final class NelmioSecurityExtension extends Extension { @@ -132,11 +131,7 @@ public function load(array $configs, ContainerBuilder $container): void } if ($this->isConfigEnabled($container, $config['flexible_ssl'])) { - if (version_compare(Kernel::VERSION, '5.1', '<')) { - $loader->load('flexible_ssl_legacy.php'); - } else { - $loader->load('flexible_ssl.php'); - } + $loader->load('flexible_ssl.php'); $container->setParameter('nelmio_security.flexible_ssl.cookie_name', $config['flexible_ssl']['cookie_name']); $container->setParameter('nelmio_security.flexible_ssl.unsecured_logout', $config['flexible_ssl']['unsecured_logout']); diff --git a/src/EventListener/BaseFlexibleSslListener.php b/src/EventListener/BaseFlexibleSslListener.php deleted file mode 100644 index a1d0c8c4..00000000 --- a/src/EventListener/BaseFlexibleSslListener.php +++ /dev/null @@ -1,33 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Nelmio\SecurityBundle\EventListener; - -use Symfony\Component\HttpKernel\Kernel; -use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface; - -if (version_compare(Kernel::VERSION, '5.1', '<')) { - /** - * @internal - */ - interface BaseFlexibleSslListener extends LogoutHandlerInterface - { - } -} else { - /** - * @internal - */ - interface BaseFlexibleSslListener - { - } -} diff --git a/src/EventListener/ClickjackingListener.php b/src/EventListener/ClickjackingListener.php index 8d9d669a..0949208d 100644 --- a/src/EventListener/ClickjackingListener.php +++ b/src/EventListener/ClickjackingListener.php @@ -18,8 +18,6 @@ final class ClickjackingListener extends AbstractContentTypeRestrictableListener { - use KernelEventForwardCompatibilityTrait; - /** * @var array> */ @@ -46,7 +44,7 @@ public static function getSubscribedEvents(): array public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/EventListener/ContentSecurityPolicyListener.php b/src/EventListener/ContentSecurityPolicyListener.php index 35516b56..cdd6e50d 100644 --- a/src/EventListener/ContentSecurityPolicyListener.php +++ b/src/EventListener/ContentSecurityPolicyListener.php @@ -23,8 +23,6 @@ final class ContentSecurityPolicyListener extends AbstractContentTypeRestrictableListener { - use KernelEventForwardCompatibilityTrait; - private DirectiveSet $report; private DirectiveSet $enforce; private bool $compatHeaders; @@ -68,7 +66,7 @@ public function __construct( public function onKernelRequest(RequestEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } @@ -135,7 +133,7 @@ public function getNonce(string $usage): string public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/EventListener/ContentTypeListener.php b/src/EventListener/ContentTypeListener.php index 83147765..819b7bf7 100644 --- a/src/EventListener/ContentTypeListener.php +++ b/src/EventListener/ContentTypeListener.php @@ -17,8 +17,6 @@ final class ContentTypeListener { - use KernelEventForwardCompatibilityTrait; - private bool $nosniff; public function __construct(bool $nosniff) @@ -28,7 +26,7 @@ public function __construct(bool $nosniff) public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/EventListener/ExternalRedirectListener.php b/src/EventListener/ExternalRedirectListener.php index e9fbd553..21415de3 100644 --- a/src/EventListener/ExternalRedirectListener.php +++ b/src/EventListener/ExternalRedirectListener.php @@ -22,8 +22,6 @@ final class ExternalRedirectListener { - use KernelEventForwardCompatibilityTrait; - private bool $abort; private ?string $override; private ?string $forwardAs; @@ -68,7 +66,7 @@ public function __construct( public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/EventListener/FlexibleSslListener.php b/src/EventListener/FlexibleSslListener.php index 22ea8903..863db5ee 100644 --- a/src/EventListener/FlexibleSslListener.php +++ b/src/EventListener/FlexibleSslListener.php @@ -16,18 +16,14 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\HttpFoundation\Cookie; use Symfony\Component\HttpFoundation\RedirectResponse; -use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\RequestEvent; use Symfony\Component\HttpKernel\Event\ResponseEvent; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; use Symfony\Component\Security\Http\Event\LogoutEvent; -final class FlexibleSslListener implements BaseFlexibleSslListener +final class FlexibleSslListener { - use KernelEventForwardCompatibilityTrait; - private string $cookieName; private bool $unsecuredLogout; private EventDispatcherInterface $dispatcher; @@ -41,7 +37,7 @@ public function __construct(string $cookieName, bool $unsecuredLogout, EventDisp public function onKernelRequest(RequestEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } @@ -60,7 +56,7 @@ public function onLogin(InteractiveLoginEvent $e): void public function onPostLoginKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } @@ -127,16 +123,6 @@ public function onLogout(LogoutEvent $e): void $this->doLogout($response); } - /** - * Legacy method called from deprecated/removed Symfony\Component\Security\Http\Logout\LogoutHandlerInterface. - * - * @internal - */ - public function logout(Request $request, Response $response, TokenInterface $token): void - { - $this->doLogout($response); - } - private function doLogout(Response $response): void { if ($this->unsecuredLogout && null !== $response->headers->get('Location')) { diff --git a/src/EventListener/ForcedSslListener.php b/src/EventListener/ForcedSslListener.php index cbec2efb..9572cb00 100644 --- a/src/EventListener/ForcedSslListener.php +++ b/src/EventListener/ForcedSslListener.php @@ -19,8 +19,6 @@ final class ForcedSslListener { - use KernelEventForwardCompatibilityTrait; - private ?int $hstsMaxAge; private bool $hstsSubdomains; private bool $hstsPreload; @@ -50,7 +48,7 @@ public function __construct( public function onKernelRequest(RequestEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } @@ -77,7 +75,7 @@ public function onKernelRequest(RequestEvent $e): void public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/EventListener/KernelEventForwardCompatibilityTrait.php b/src/EventListener/KernelEventForwardCompatibilityTrait.php deleted file mode 100644 index a3a903a5..00000000 --- a/src/EventListener/KernelEventForwardCompatibilityTrait.php +++ /dev/null @@ -1,32 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Nelmio\SecurityBundle\EventListener; - -use Symfony\Component\HttpKernel\Event\KernelEvent; - -/** - * Provides forward compatibility with newer Symfony versions. - * - * @internal - */ -trait KernelEventForwardCompatibilityTrait -{ - protected function isMainRequest(KernelEvent $event): bool - { - return method_exists($event, 'isMainRequest') - ? $event->isMainRequest() - : $event->isMasterRequest() - ; - } -} diff --git a/src/EventListener/ReferrerPolicyListener.php b/src/EventListener/ReferrerPolicyListener.php index f048ca0d..28a60d9d 100644 --- a/src/EventListener/ReferrerPolicyListener.php +++ b/src/EventListener/ReferrerPolicyListener.php @@ -20,8 +20,6 @@ */ final class ReferrerPolicyListener { - use KernelEventForwardCompatibilityTrait; - /** * @var list */ @@ -37,7 +35,7 @@ public function __construct(array $policies) public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/EventListener/SignedCookieListener.php b/src/EventListener/SignedCookieListener.php index 961cc190..e3e4b665 100644 --- a/src/EventListener/SignedCookieListener.php +++ b/src/EventListener/SignedCookieListener.php @@ -20,8 +20,6 @@ final class SignedCookieListener { - use KernelEventForwardCompatibilityTrait; - private Signer $signer; /** @@ -44,7 +42,7 @@ public function __construct(Signer $signer, array $signedCookieNames) public function onKernelRequest(RequestEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } @@ -65,7 +63,7 @@ public function onKernelRequest(RequestEvent $e): void public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/EventListener/XssProtectionListener.php b/src/EventListener/XssProtectionListener.php index d54a9e02..82fc9e3d 100644 --- a/src/EventListener/XssProtectionListener.php +++ b/src/EventListener/XssProtectionListener.php @@ -19,8 +19,6 @@ final class XssProtectionListener implements EventSubscriberInterface { - use KernelEventForwardCompatibilityTrait; - private bool $enabled; private bool $modeBlock; private ?string $reportUri; @@ -34,7 +32,7 @@ public function __construct(bool $enabled, bool $modeBlock, ?string $reportUri = public function onKernelResponse(ResponseEvent $e): void { - if (!$this->isMainRequest($e)) { + if (!$e->isMainRequest()) { return; } diff --git a/src/Resources/config/flexible_ssl_legacy.php b/src/Resources/config/flexible_ssl_legacy.php deleted file mode 100644 index f5290112..00000000 --- a/src/Resources/config/flexible_ssl_legacy.php +++ /dev/null @@ -1,36 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -use Nelmio\SecurityBundle\EventListener\FlexibleSslListener; -use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator; -use Symfony\Component\DependencyInjection\Loader\Configurator\ReferenceConfigurator; - -return static function (ContainerConfigurator $containerConfigurator): void { - $containerConfigurator->services() - - ->set('nelmio_security.flexible_ssl_listener', FlexibleSslListener::class) - ->args([ - '%nelmio_security.flexible_ssl.cookie_name%', - '%nelmio_security.flexible_ssl.unsecured_logout%', - new ReferenceConfigurator('event_dispatcher'), - ]) - ->tag('kernel.event_listener', [ - 'event' => 'kernel.request', - 'method' => 'onKernelRequest', - 'priority' => 20000, - ]) - ->tag('kernel.event_listener', [ - 'event' => 'security.interactive_login', - 'method' => 'onLogin', - ]); -}; diff --git a/tests/App/config/config.yaml b/tests/App/config/config.yaml index 697d3138..fefbfb64 100644 --- a/tests/App/config/config.yaml +++ b/tests/App/config/config.yaml @@ -1,6 +1,7 @@ framework: secret: my_secret test: true + http_method_override: false nelmio_security: external_redirects: diff --git a/tests/Listener/FlexibleSslListenerTest.php b/tests/Listener/FlexibleSslListenerTest.php index a01dfb4e..65455948 100644 --- a/tests/Listener/FlexibleSslListenerTest.php +++ b/tests/Listener/FlexibleSslListenerTest.php @@ -22,7 +22,6 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ResponseHeaderBag; use Symfony\Component\HttpKernel\HttpKernelInterface; -use Symfony\Component\HttpKernel\Kernel; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Event\LogoutEvent; @@ -163,13 +162,9 @@ public function testSecureLogout(): void $request = $this->getMockBuilder(Request::class)->getMock(); $token = $this->getMockBuilder(TokenInterface::class)->getMock(); - if (version_compare(Kernel::VERSION, '5.1', '<')) { - $this->listener->logout($request, $response, $token); - } else { - $logoutEvent = new LogoutEvent($request, $token); - $logoutEvent->setResponse($response); - $this->listener->onLogout($logoutEvent); - } + $logoutEvent = new LogoutEvent($request, $token); + $logoutEvent->setResponse($response); + $this->listener->onLogout($logoutEvent); $this->assertSame('https://foo', $response->headers->get('Location')); } @@ -182,13 +177,9 @@ public function testUnsecuredLogout(): void $request = $this->getMockBuilder(Request::class)->getMock(); $token = $this->getMockBuilder(TokenInterface::class)->getMock(); - if (version_compare(Kernel::VERSION, '5.1', '<')) { - $unsecuredLogoutListener->logout($request, $response, $token); - } else { - $logoutEvent = new LogoutEvent($request, $token); - $logoutEvent->setResponse($response); - $unsecuredLogoutListener->onLogout($logoutEvent); - } + $logoutEvent = new LogoutEvent($request, $token); + $logoutEvent->setResponse($response); + $unsecuredLogoutListener->onLogout($logoutEvent); $this->assertSame('http://foo', $response->headers->get('Location')); }