feature #218 Drop support for Symfony < 6.4 (ajgarlag)

This PR was merged into the 0.10-dev branch.

Discussion
----------

Drop support for Symfony < 6.4

It also removes the related BC layer

Commits
-------

4a77ebc Drop Symfony < 6.4 support

Author: chalasr

.github/workflows/unit-tests.yml

@@ -15,13 +15,13 @@ jobs:
             fail-fast: false
             matrix:
                 php: ['8.1', '8.2', '8.3', '8.4']
-                symfony: ['5.4.*', '6.4.*', '7.1.*', '7.2.*']
+                symfony: ['6.4.*', '7.1.*', '7.2.*']
                 doctrine-orm: ['^2.14', '^3.0']
                 composer-flags: ['--prefer-stable']
                 can-fail: [false]
                 include:
                     - php: "8.1"
-                      symfony: "5.4.*"
+                      symfony: "6.4.*"
                       doctrine-orm: "^2.14"
                       composer-flags: '--prefer-stable --prefer-lowest'
                       can-fail: false

composer.json

@@ -23,18 +23,18 @@
         "league/oauth2-server": "^9.2",
         "nyholm/psr7": "^1.4",
         "psr/http-factory": "^1.0",
-        "symfony/event-dispatcher": "^5.4|^6.2|^7.0",
-        "symfony/filesystem": "^5.4|^6.0|^7.0",
-        "symfony/framework-bundle": "^5.4|^6.2|^7.0",
+        "symfony/event-dispatcher": "^6.4|^7.0",
+        "symfony/filesystem": "^6.4|^7.0",
+        "symfony/framework-bundle": "^6.4|^7.0",
         "symfony/polyfill-php81": "^1.22",
-        "symfony/psr-http-message-bridge": "^2.0|^6|^7",
-        "symfony/security-bundle": "^5.4|^6.2|^7.0"
+        "symfony/psr-http-message-bridge": "^6.4|^7",
+        "symfony/security-bundle": "^6.4|^7.0"
     },
     "require-dev": {
         "ext-pdo": "*",
         "ext-pdo_sqlite": "*",
-        "symfony/browser-kit": "^5.4|^6.2|^7.0",
-        "symfony/phpunit-bridge": "^5.4|^6.2|^7.0"
+        "symfony/browser-kit": "^6.4|^7.0",
+        "symfony/phpunit-bridge": "^7.2"
     },
     "autoload": {
         "psr-4": { "League\\Bundle\\OAuth2ServerBundle\\": "src/" }

docs/index.md

@@ -13,7 +13,7 @@ For implementation into Symfony projects, please see [bundle documentation](basi
 ## Requirements
 
 * [PHP 8.1](http://php.net/releases/8_1_0.php) or greater
-* [Symfony 5.4](https://symfony.com/roadmap/5.4) or greater
+* [Symfony 6.4](https://symfony.com/roadmap/6.4) or greater
 
 ## Installation
 

src/Converter/UserConverter.php

@@ -12,16 +12,13 @@ final class UserConverter implements UserConverterInterface
 {
     /**
      * @psalm-suppress ArgumentTypeCoercion
-     * @psalm-suppress DeprecatedMethod
      * @psalm-suppress UndefinedInterfaceMethod
      */
     public function toLeague(UserInterface $user): UserEntityInterface
     {
         $userEntity = new User();
 
-        $identifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
-
-        $userEntity->setIdentifier($identifier);
+        $userEntity->setIdentifier($user->getUserIdentifier());
 
         return $userEntity;
     }

src/DependencyInjection/Security/OAuth2Factory.php

@@ -4,38 +4,53 @@
 
 namespace League\Bundle\OAuth2ServerBundle\DependencyInjection\Security;
 
+use League\Bundle\OAuth2ServerBundle\Security\Authenticator\OAuth2Authenticator;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
-use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
-use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
-
-if (interface_exists(SecurityFactoryInterface::class) && !interface_exists(AuthenticatorFactoryInterface::class)) {
-    /**
-     * Wires the "oauth" authenticator from user configuration.
-     *
-     * @author Mathias Arlaud <mathias.arlaud@gmail.com>
-     */
-    class OAuth2Factory implements SecurityFactoryInterface
+use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+use Symfony\Component\DependencyInjection\ChildDefinition;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Reference;
+
+/**
+ * Wires the "oauth" authenticator from user configuration.
+ *
+ * @author Mathias Arlaud <mathias.arlaud@gmail.com>
+ */
+class OAuth2Factory implements AuthenticatorFactoryInterface
+{
+    public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint): array
+    {
+        throw new \LogicException('OAuth2 is not supported when "security.enable_authenticator_manager" is not set to true.');
+    }
+
+    public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
     {
-        use OAuth2FactoryTrait;
+        $authenticator = \sprintf('security.authenticator.oauth2.%s', $firewallName);
+
+        $definition = new ChildDefinition(OAuth2Authenticator::class);
+        $definition->replaceArgument(2, new Reference($userProviderId));
+
+        $container->setDefinition($authenticator, $definition);
+
+        return $authenticator;
     }
-} elseif (!method_exists(SecurityExtension::class, 'addAuthenticatorFactory')) {
-    /**
-     * Wires the "oauth" authenticator from user configuration.
-     *
-     * @author Mathias Arlaud <mathias.arlaud@gmail.com>
-     */
-    class OAuth2Factory implements AuthenticatorFactoryInterface, SecurityFactoryInterface
+
+    public function getPosition(): string
     {
-        use OAuth2FactoryTrait;
+        return 'pre_auth';
     }
-} else {
-    /**
-     * Wires the "oauth" authenticator from user configuration.
-     *
-     * @author Mathias Arlaud <mathias.arlaud@gmail.com>
-     */
-    class OAuth2Factory implements AuthenticatorFactoryInterface
+
+    public function getPriority(): int
+    {
+        return -10;
+    }
+
+    public function getKey(): string
+    {
+        return 'oauth2';
+    }
+
+    public function addConfiguration(NodeDefinition $builder): void
     {
-        use OAuth2FactoryTrait;
     }
 }

src/Event/AuthorizationRequestResolveEventFactory.php

@@ -7,30 +7,15 @@
 use League\Bundle\OAuth2ServerBundle\Converter\ScopeConverterInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
 use Symfony\Bundle\SecurityBundle\Security;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
 
-if (class_exists(Security::class)) {
-    final class AuthorizationRequestResolveEventFactory
-    {
-        use AuthorizationRequestResolveEventFactoryTrait;
+final class AuthorizationRequestResolveEventFactory
+{
+    use AuthorizationRequestResolveEventFactoryTrait;
 
-        public function __construct(ScopeConverterInterface $scopeConverter, ClientManagerInterface $clientManager, Security $security)
-        {
-            $this->scopeConverter = $scopeConverter;
-            $this->clientManager = $clientManager;
-            $this->security = $security;
-        }
-    }
-} else {
-    final class AuthorizationRequestResolveEventFactory
+    public function __construct(ScopeConverterInterface $scopeConverter, ClientManagerInterface $clientManager, Security $security)
     {
-        use AuthorizationRequestResolveEventFactoryTrait;
-
-        public function __construct(ScopeConverterInterface $scopeConverter, ClientManagerInterface $clientManager, LegacySecurity $security)
-        {
-            $this->scopeConverter = $scopeConverter;
-            $this->clientManager = $clientManager;
-            $this->security = $security;
-        }
+        $this->scopeConverter = $scopeConverter;
+        $this->clientManager = $clientManager;
+        $this->security = $security;
     }
 }

src/LeagueOAuth2ServerBundle.php

@@ -41,17 +41,7 @@ private function configureSecurityExtension(ContainerBuilder $container): void
         /** @var SecurityExtension $extension */
         $extension = $container->getExtension('security');
 
-        if (method_exists($extension, 'addAuthenticatorFactory')) {
-            $extension->addAuthenticatorFactory(new OAuth2Factory());
-
-            return;
-        }
-
-        /**
-         * @psalm-suppress DeprecatedMethod
-         * @psalm-suppress InvalidArgument
-         */
-        $extension->addSecurityListenerFactory(new OAuth2Factory());
+        $extension->addAuthenticatorFactory(new OAuth2Factory());
     }
 
     private function configureDoctrineExtension(ContainerBuilder $container): void

src/Resources/config/services.php

@@ -58,7 +58,6 @@
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
 
 return static function (ContainerConfigurator $container): void {
     $container->services()
@@ -281,7 +280,7 @@
             ->args([
                 service(ScopeConverterInterface::class),
                 service(ClientManagerInterface::class),
-                service(class_exists(Security::class) ? Security::class : LegacySecurity::class),
+                service(Security::class),
             ])
         ->alias(AuthorizationRequestResolveEventFactory::class, 'league.oauth2_server.factory.authorization_request_resolve_event')
 

src/Security/Authenticator/OAuth2Authenticator.php

@@ -91,13 +91,6 @@ public function doAuthenticate(Request $request) /* : Passport */
             if ('' === $userIdentifier || $oauthClientId === $userIdentifier) {
                 return new ClientCredentialsUser($oauthClientId);
             }
-            if (!method_exists($this->userProvider, 'loadUserByIdentifier')) {
-                /**
-                 * @psalm-suppress DeprecatedMethod
-                 * @psalm-suppress MixedReturnStatement
-                 */
-                return $this->userProvider->loadUserByUsername($userIdentifier);
-            }
 
             return $this->userProvider->loadUserByIdentifier($userIdentifier);
         };
@@ -150,17 +143,7 @@ public function createToken(Passport $passport, string $firewallName): TokenInte
         /** @var string $oauthClientId */
         $oauthClientId = $passport->getAttribute('oauthClientId', '');
 
-        $token = new OAuth2Token($passport->getUser(), $accessTokenId, $oauthClientId, $scopeBadge->getScopes(), $this->rolePrefix);
-        if (method_exists(AuthenticatorInterface::class, 'createAuthenticatedToken') && !method_exists(AuthenticatorInterface::class, 'createToken')) {
-            // symfony 5.4 only
-            /**
-             * @psalm-suppress TooManyArguments
-             * @psalm-suppress UndefinedMethod
-             */
-            $token->setAuthenticated(true, false);
-        }
-
-        return $token;
+        return new OAuth2Token($passport->getUser(), $accessTokenId, $oauthClientId, $scopeBadge->getScopes(), $this->rolePrefix);
     }
 
     public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response

src/Security/User/ClientCredentialsUser.php

@@ -23,35 +23,11 @@ public function __construct(string $clientId)
         $this->clientId = $clientId;
     }
 
-    /**
-     * @psalm-mutation-free
-     */
-    public function getUsername(): string
-    {
-        return $this->getUserIdentifier();
-    }
-
     public function getUserIdentifier(): string
     {
         return $this->clientId;
     }
 
-    /**
-     * @psalm-mutation-free
-     */
-    public function getPassword(): ?string
-    {
-        return null;
-    }
-
-    /**
-     * @psalm-mutation-free
-     */
-    public function getSalt(): ?string
-    {
-        return null;
-    }
-
     /**
      * @psalm-mutation-free
      */

src/Service/CredentialsRevoker/DoctrineCredentialsRevoker.php

@@ -32,15 +32,14 @@ public function __construct(EntityManagerInterface $entityManager, ClientManager
     }
 
     /**
-     * @psalm-suppress DeprecatedMethod
      * @psalm-suppress UndefinedInterfaceMethod
      */
     public function revokeCredentialsForUser(UserInterface $user): void
     {
         /**
          * @psalm-suppress MixedAssignment
          */
-        $userIdentifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
+        $userIdentifier = $user->getUserIdentifier();
 
         $this->entityManager->createQueryBuilder()
             ->update(AccessToken::class, 'at')

tests/Acceptance/AuthorizationEndpointTest.php

@@ -34,7 +34,7 @@ protected function setUp(): void
     private function loginUser(string $username = FixtureFactory::FIXTURE_USER, string $firewallContext = 'authorization'): void
     {
         $userProvider = static::getContainer()->get('security.user_providers');
-        $user = method_exists($userProvider, 'loadUserByIdentifier') ? $userProvider->loadUserByIdentifier($username) : $userProvider->loadUserByUsername($username);
+        $user = $userProvider->loadUserByIdentifier($username);
         $this->client->loginUser($user, $firewallContext);
     }
 

tests/Acceptance/SecurityLayerTest.php

@@ -41,7 +41,7 @@ public function testAuthenticatedGuestRequest(): void
         $response = $this->client->getResponse();
 
         $this->assertSame(200, $response->getStatusCode());
-        $this->assertSame('Hello, guest', $response->getContent());
+        $this->assertSame('Hello, foo', $response->getContent());
     }
 
     public function testAuthenticatedGuestScopedRequest(): void

tests/Fixtures/SecurityTestController.php

@@ -4,7 +4,6 @@
 
 namespace League\Bundle\OAuth2ServerBundle\Tests\Fixtures;
 
-use League\Bundle\OAuth2ServerBundle\Security\User\ClientCredentialsUser;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -28,7 +27,7 @@ public function helloAction(): Response
         $user = $this->getUser();
 
         return new Response(
-            \sprintf('Hello, %s', null === $user || $user instanceof ClientCredentialsUser ? 'guest' : (method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername()))
+            \sprintf('Hello, %s', null === $user || $user instanceof ClientCredentialsUser ? 'guest' : $user->getUserIdentifier())
         );
     }
 

tests/Fixtures/User.php

@@ -23,11 +23,6 @@ public function getSalt(): ?string
         return null;
     }
 
-    public function getUsername(): string
-    {
-        return $this->getUserIdentifier();
-    }
-
     public function getUserIdentifier(): string
     {
         return FixtureFactory::FIXTURE_USER;

tests/TestKernel.php

@@ -19,7 +19,6 @@
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeRefreshTokenManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FixtureFactory;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\SecurityTestController;
-use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\Config\Loader\LoaderInterface;
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
@@ -147,15 +146,11 @@ public function registerContainerConfiguration(LoaderInterface $loader): void
                 'access_control' => [
                     [
                         'path' => '^/authorize',
-                        'roles' => class_exists(Security::class) ? 'IS_AUTHENTICATED' : 'IS_AUTHENTICATED_REMEMBERED',
+                        'roles' => 'IS_AUTHENTICATED',
                     ],
                 ],
             ];
 
-            if (!class_exists(Security::class)) {
-                $security['enable_authenticator_manager'] = true;
-            }
-
             $container->loadFromExtension('security', $security);
 
             $container->loadFromExtension('league_oauth2_server', [