From fd9cff3c519fb9327a192f6ed87a3da493ac7792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= Date: Thu, 20 May 2021 10:12:11 +0200 Subject: [PATCH] Remove deprecate session service --- .../Bundle/FrameworkBundle/CHANGELOG.md | 4 + .../Controller/AbstractController.php | 2 - .../Compiler/SessionPass.php | 72 -------------- .../DependencyInjection/Configuration.php | 9 +- .../FrameworkExtension.php | 41 ++------ .../FrameworkBundle/FrameworkBundle.php | 2 - .../Resources/config/session.php | 70 -------------- .../FrameworkBundle/Resources/config/test.php | 24 +++-- .../Session/DeprecatedSessionFactory.php | 46 --------- .../Controller/AbstractControllerTest.php | 2 - .../Compiler/SessionPassTest.php | 95 ------------------- .../DependencyInjection/ConfigurationTest.php | 3 +- .../php/session_cookie_secure_auto_legacy.php | 9 -- .../Fixtures/php/session_legacy.php | 8 -- .../xml/session_cookie_secure_auto_legacy.xml | 12 --- .../Fixtures/xml/session_legacy.xml | 12 --- .../yml/session_cookie_secure_auto_legacy.yml | 5 - .../Fixtures/yml/session_legacy.yml | 4 - .../FrameworkExtensionTest.php | 42 +------- .../DeprecatedSessionController.php | 16 ---- .../InjectedFlashbagSessionController.php | 36 ------- .../TestBundle/Resources/config/routing.yml | 8 -- .../Tests/Functional/SessionTest.php | 50 ---------- .../Tests/Functional/app/Session/config.yml | 8 -- .../RegisterTokenUsageTrackingPass.php | 1 + .../RegisterTokenUsageTrackingPassTest.php | 4 - .../RequestTrackerExtension.php | 26 +++++ .../RequestTrackerSubscriber.php | 38 ++++++++ .../RequestTrackerBundle.php | 18 ++++ .../SecurityRoutingIntegrationTest.php | 5 +- .../app/StandardFormLogin/bundles.php | 2 + .../RegisterServiceSubscribersPass.php | 3 +- .../Session/Storage/ServiceSessionFactory.php | 2 +- .../EventListener/AbstractSessionListener.php | 1 + .../AbstractTestSessionListener.php | 12 +-- .../EventListener/TestSessionListener.php | 21 +--- .../EventListener/TestSessionListenerTest.php | 5 +- .../Storage/UsageTrackingTokenStorage.php | 24 +---- .../Storage/UsageTrackingTokenStorageTest.php | 18 ---- .../Csrf/TokenStorage/SessionTokenStorage.php | 28 +----- .../Tests/Firewall/ContextListenerTest.php | 15 +-- .../CsrfTokenClearingLogoutHandlerTest.php | 15 ++- 42 files changed, 142 insertions(+), 676 deletions(-) delete mode 100644 src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/DependencyInjection/RequestTrackerExtension.php create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/RequestTrackerBundle.php diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md index 46ff5cc4854a3..79d8d95eb2587 100644 --- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md @@ -4,6 +4,10 @@ CHANGELOG 6.0 --- + * Remove the `session.storage` alias and `session.storage.*` services, use the `session.storage.factory` alias and `session.storage.factory.*` services instead + * Remove `framework.session.storage_id` configuration option, use the `framework.session.storage_factory_id` configuration option instead + * Remove the `session` service and the `SessionInterface` alias, use the `\Symfony\Component\HttpFoundation\Request::getSession()` or the new `\Symfony\Component\HttpFoundation\RequestStack::getSession()` methods instead + * Remove the `session.attribute_bag` service and `session.flash_bag` service * Remove the `lock.RESOURCE_NAME` and `lock.RESOURCE_NAME.store` services and the `lock`, `LockInterface`, `lock.store` and `PersistingStoreInterface` aliases, use `lock.RESOURCE_NAME.factory`, `lock.factory` or `LockFactory` instead * The `form.factory`, `form.type.file`, `translator`, `security.csrf.token_manager`, `serializer`, `cache_clearer`, `filesystem` and `validator` services are now private diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php b/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php index 3ddd8b185c4a2..b5900c60ae0ad 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php +++ b/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php @@ -29,7 +29,6 @@ use Symfony\Component\HttpFoundation\RequestStack; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ResponseHeaderBag; -use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\HttpFoundation\StreamedResponse; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\HttpKernel\HttpKernelInterface; @@ -94,7 +93,6 @@ public static function getSubscribedServices() 'request_stack' => '?'.RequestStack::class, 'http_kernel' => '?'.HttpKernelInterface::class, 'serializer' => '?'.SerializerInterface::class, - 'session' => '?'.SessionInterface::class, 'security.authorization_checker' => '?'.AuthorizationCheckerInterface::class, 'twig' => '?'.Environment::class, 'doctrine' => '?'.ManagerRegistry::class, diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php deleted file mode 100644 index 7230fc9fb4ce2..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php +++ /dev/null @@ -1,72 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler; - -use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; -use Symfony\Component\DependencyInjection\ContainerBuilder; -use Symfony\Component\DependencyInjection\Reference; - -/** - * @internal to be removed in 6.0 - */ -class SessionPass implements CompilerPassInterface -{ - public function process(ContainerBuilder $container) - { - if (!$container->has('session.factory')) { - return; - } - - // BC layer: Make "session" an alias of ".session.do-not-use" when not overridden by the user - if (!$container->has('session')) { - $alias = $container->setAlias('session', '.session.do-not-use'); - $alias->setDeprecated('symfony/framework-bundle', '5.3', 'The "%alias_id%" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.'); - // restore previous behavior - $alias->setPublic(true); - - return; - } - - if ($container->hasDefinition('session')) { - $definition = $container->getDefinition('session'); - $definition->setDeprecated('symfony/framework-bundle', '5.3', 'The "%service_id%" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.'); - } else { - $alias = $container->getAlias('session'); - $alias->setDeprecated('symfony/framework-bundle', '5.3', 'The "%alias_id%" and "SessionInterface" aliases are deprecated, use "$requestStack->getSession()" instead.'); - $definition = $container->findDefinition('session'); - } - - // Convert internal service `.session.do-not-use` into alias of `session`. - $container->setAlias('.session.do-not-use', 'session'); - - $bags = [ - 'session.flash_bag' => $container->hasDefinition('session.flash_bag') ? $container->getDefinition('session.flash_bag') : null, - 'session.attribute_bag' => $container->hasDefinition('session.attribute_bag') ? $container->getDefinition('session.attribute_bag') : null, - ]; - - foreach ($definition->getArguments() as $v) { - if (!$v instanceof Reference || !isset($bags[$bag = (string) $v]) || !\is_array($factory = $bags[$bag]->getFactory())) { - continue; - } - - if ([0, 1] !== array_keys($factory) || !$factory[0] instanceof Reference || !\in_array((string) $factory[0], ['session', '.session.do-not-use'], true)) { - continue; - } - - if ('get'.ucfirst(substr($bag, 8, -4)).'Bag' !== $factory[1]) { - continue; - } - - $bags[$bag]->setFactory(null); - } - } -} diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php index 2f0d24dd858e9..e6e784b87d985 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php @@ -612,15 +612,8 @@ private function addSessionSection(ArrayNodeDefinition $rootNode) ->arrayNode('session') ->info('session configuration') ->canBeEnabled() - ->beforeNormalization() - ->ifTrue(function ($v) { - return \is_array($v) && isset($v['storage_id']) && isset($v['storage_factory_id']); - }) - ->thenInvalid('You cannot use both "storage_id" and "storage_factory_id" at the same time under "framework.session"') - ->end() ->children() - ->scalarNode('storage_id')->defaultValue('session.storage.native')->end() - ->scalarNode('storage_factory_id')->defaultNull()->end() + ->scalarNode('storage_factory_id')->defaultValue('session.storage.factory.native')->end() ->scalarNode('handler_id')->defaultValue('session.handler.native_file')->end() ->scalarNode('name') ->validate() diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php index b377839c3007f..152ebedb0b457 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php @@ -72,13 +72,14 @@ use Symfony\Component\HttpClient\RetryableHttpClient; use Symfony\Component\HttpClient\ScopingHttpClient; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface; use Symfony\Component\HttpKernel\Attribute\AsController; use Symfony\Component\HttpKernel\CacheClearer\CacheClearerInterface; use Symfony\Component\HttpKernel\CacheWarmer\CacheWarmerInterface; use Symfony\Component\HttpKernel\Controller\ArgumentValueResolverInterface; use Symfony\Component\HttpKernel\DataCollector\DataCollectorInterface; use Symfony\Component\HttpKernel\DependencyInjection\Extension; +use Symfony\Component\HttpKernel\EventListener\AbstractTestSessionListener; +use Symfony\Component\HttpKernel\EventListener\TestSessionListener; use Symfony\Component\Lock\Lock; use Symfony\Component\Lock\LockFactory; use Symfony\Component\Lock\PersistingStoreInterface; @@ -318,7 +319,7 @@ public function load(array $configs, ContainerBuilder $container) $this->sessionConfigEnabled = true; $this->registerSessionConfiguration($config['session'], $container, $loader); if (!empty($config['test'])) { - $container->getDefinition('test.session.listener')->setArgument(1, '%session.storage.options%'); + $container->getDefinition('test.session.listener')->setArgument(method_exists(TestSessionListener::class, 'getSession') ? 1 : 0, '%session.storage.options%'); } } @@ -1041,20 +1042,7 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c $loader->load('session.php'); // session storage - if (null === $config['storage_factory_id']) { - trigger_deprecation('symfony/framework-bundle', '5.3', 'Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.'); - $container->setAlias('session.storage', $config['storage_id']); - $container->setAlias('session.storage.factory', 'session.storage.factory.service'); - } else { - $container->setAlias('session.storage.factory', $config['storage_factory_id']); - - $container->removeAlias(SessionStorageInterface::class); - $container->removeDefinition('session.storage.metadata_bag'); - $container->removeDefinition('session.storage.native'); - $container->removeDefinition('session.storage.php_bridge'); - $container->removeDefinition('session.storage.mock_file'); - $container->removeAlias('session.storage.filesystem'); - } + $container->setAlias('session.storage.factory', $config['storage_factory_id']); $options = ['cache_limiter' => '0']; foreach (['name', 'cookie_lifetime', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'cookie_samesite', 'use_cookies', 'gc_maxlifetime', 'gc_probability', 'gc_divisor', 'sid_length', 'sid_bits_per_character'] as $key) { @@ -1064,16 +1052,8 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c } if ('auto' === ($options['cookie_secure'] ?? null)) { - if (null === $config['storage_factory_id']) { - $locator = $container->getDefinition('session_listener')->getArgument(0); - $locator->setValues($locator->getValues() + [ - 'session_storage' => new Reference('session.storage', ContainerInterface::IGNORE_ON_INVALID_REFERENCE), - 'request_stack' => new Reference('request_stack'), - ]); - } else { - $container->getDefinition('session.storage.factory.native')->replaceArgument(3, true); - $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(2, true); - } + $container->getDefinition('session.storage.factory.native')->replaceArgument(3, true); + $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(2, true); } $container->setParameter('session.storage.options', $options); @@ -1081,13 +1061,8 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c // session handler (the internal callback registered with PHP session management) if (null === $config['handler_id']) { // Set the handler class to be null - if ($container->hasDefinition('session.storage.native')) { - $container->getDefinition('session.storage.native')->replaceArgument(1, null); - $container->getDefinition('session.storage.php_bridge')->replaceArgument(0, null); - } else { - $container->getDefinition('session.storage.factory.native')->replaceArgument(1, null); - $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(0, null); - } + $container->getDefinition('session.storage.factory.native')->replaceArgument(1, null); + $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(0, null); $container->setAlias('session.handler', 'session.handler.native_file'); } else { diff --git a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php index 7f439bb572f87..cfeef6e9f5862 100644 --- a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php +++ b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php @@ -20,7 +20,6 @@ use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\LoggingTranslatorPass; use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\ProfilerPass; use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\RemoveUnusedSessionMarshallingHandlerPass; -use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SessionPass; use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerRealRefPass; use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerWeakRefPass; use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\UnusedTagsPass; @@ -159,7 +158,6 @@ public function build(ContainerBuilder $container) $container->addCompilerPass(new RegisterReverseContainerPass(true)); $container->addCompilerPass(new RegisterReverseContainerPass(false), PassConfig::TYPE_AFTER_REMOVING); $container->addCompilerPass(new RemoveUnusedSessionMarshallingHandlerPass()); - $container->addCompilerPass(new SessionPass()); if ($container->getParameter('kernel.debug')) { $container->addCompilerPass(new AddDebugLogProcessorPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 2); diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php index 65a1b364dce12..7b07118a4822d 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php @@ -11,13 +11,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator; -use Symfony\Bundle\FrameworkBundle\Session\DeprecatedSessionFactory; -use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag; -use Symfony\Component\HttpFoundation\Session\Flash\FlashBag; -use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface; -use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\Session\SessionFactory; -use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler; use Symfony\Component\HttpFoundation\Session\Storage\Handler\IdentityMarshaller; use Symfony\Component\HttpFoundation\Session\Storage\Handler\MarshallingSessionHandler; @@ -25,22 +19,15 @@ use Symfony\Component\HttpFoundation\Session\Storage\Handler\SessionHandlerFactory; use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler; use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag; -use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorage; use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorageFactory; -use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorageFactory; -use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorage; use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorageFactory; -use Symfony\Component\HttpFoundation\Session\Storage\ServiceSessionFactory; -use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface; use Symfony\Component\HttpKernel\EventListener\SessionListener; return static function (ContainerConfigurator $container) { $container->parameters()->set('session.metadata.storage_key', '_sf2_meta'); $container->services() - ->set('.session.do-not-use', Session::class) // to be removed in 6.0 - ->factory([service('session.factory'), 'createSession']) ->set('session.factory', SessionFactory::class) ->args([ service('request_stack'), @@ -79,60 +66,9 @@ param('session.metadata.update_threshold'), ]), ]) - ->set('session.storage.factory.service', ServiceSessionFactory::class) - ->args([ - service('session.storage'), - ]) - ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native", "session.storage.factory.php_bridge" or "session.storage.factory.mock_file" instead.') - ->set('.session.deprecated', SessionInterface::class) // to be removed in 6.0 - ->factory([inline_service(DeprecatedSessionFactory::class)->args([service('request_stack')]), 'getSession']) - ->alias(SessionInterface::class, '.session.do-not-use') - ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" and "SessionInterface" aliases are deprecated, use "$requestStack->getSession()" instead.') - ->alias(SessionStorageInterface::class, 'session.storage') - ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory" instead.') ->alias(\SessionHandlerInterface::class, 'session.handler') - ->set('session.storage.metadata_bag', MetadataBag::class) - ->args([ - param('session.metadata.storage_key'), - param('session.metadata.update_threshold'), - ]) - ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, create your own "session.storage.factory" instead.') - - ->set('session.storage.native', NativeSessionStorage::class) - ->args([ - param('session.storage.options'), - service('session.handler'), - service('session.storage.metadata_bag'), - ]) - ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native" instead.') - - ->set('session.storage.php_bridge', PhpBridgeSessionStorage::class) - ->args([ - service('session.handler'), - service('session.storage.metadata_bag'), - ]) - ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.php_bridge" instead.') - - ->set('session.flash_bag', FlashBag::class) - ->factory([service('.session.do-not-use'), 'getFlashBag']) - ->deprecate('symfony/framework-bundle', '5.1', 'The "%service_id%" service is deprecated, use "$session->getFlashBag()" instead.') - ->alias(FlashBagInterface::class, 'session.flash_bag') - - ->set('session.attribute_bag', AttributeBag::class) - ->factory([service('.session.do-not-use'), 'getBag']) - ->args(['attributes']) - ->deprecate('symfony/framework-bundle', '5.1', 'The "%service_id%" service is deprecated, use "$session->getAttributeBag()" instead.') - - ->set('session.storage.mock_file', MockFileSessionStorage::class) - ->args([ - param('kernel.cache_dir').'/sessions', - 'MOCKSESSID', - service('session.storage.metadata_bag'), - ]) - ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.mock_file" instead.') - ->set('session.handler.native_file', StrictSessionHandler::class) ->args([ inline_service(NativeFileSessionHandler::class) @@ -147,8 +83,6 @@ ->args([ service_locator([ 'session_factory' => service('session.factory')->ignoreOnInvalid(), - 'session' => service('.session.do-not-use')->ignoreOnInvalid(), - 'initialized_session' => service('.session.do-not-use')->ignoreOnUninitialized(), 'logger' => service('logger')->ignoreOnInvalid(), 'session_collector' => service('data_collector.request.session_collector')->ignoreOnInvalid(), ]), @@ -156,10 +90,6 @@ ]) ->tag('kernel.event_subscriber') - // for BC - ->alias('session.storage.filesystem', 'session.storage.mock_file') - ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory.mock_file" instead.') - ->set('session.marshaller', IdentityMarshaller::class) ->set('session.marshalling_handler', MarshallingSessionHandler::class) diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php index 29f3fa815c836..c425cc495d438 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php @@ -16,6 +16,7 @@ use Symfony\Component\BrowserKit\CookieJar; use Symfony\Component\BrowserKit\History; use Symfony\Component\DependencyInjection\ServiceLocator; +use Symfony\Component\HttpKernel\EventListener\AbstractTestSessionListener; use Symfony\Component\HttpKernel\EventListener\TestSessionListener; return static function (ContainerConfigurator $container) { @@ -35,15 +36,6 @@ ->set('test.client.history', History::class)->share(false) ->set('test.client.cookiejar', CookieJar::class)->share(false) - ->set('test.session.listener', TestSessionListener::class) - ->args([ - service_locator([ - 'session_factory' => service('session.factory')->ignoreOnInvalid(), - 'session' => service('.session.do-not-use')->ignoreOnInvalid(), - ]), - ]) - ->tag('kernel.event_subscriber') - ->set('test.service_container', TestContainer::class) ->args([ service('kernel'), @@ -55,4 +47,18 @@ ->args([abstract_arg('callable collection')]) ->public() ; + + if (method_exists(TestSessionListener::class, 'getSession')) { + $container->services() + ->set('test.session.listener', TestSessionListener::class) + ->args([service_locator([])]) + ->tag('kernel.event_subscriber') + ; + } else { + $container->services() + ->set('test.session.listener', TestSessionListener::class) + ->tag('kernel.event_subscriber') + ; + } + }; diff --git a/src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php b/src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php deleted file mode 100644 index faa29a1c7ef59..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php +++ /dev/null @@ -1,46 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Bundle\FrameworkBundle\Session; - -use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException; -use Symfony\Component\HttpFoundation\RequestStack; -use Symfony\Component\HttpFoundation\Session\SessionInterface; - -/** - * Provides session and trigger deprecation. - * - * Used by service that should trigger deprecation when accessed by the user. - * - * @author Jérémy Derussé - * - * @internal to be removed in 6.0 - */ -class DeprecatedSessionFactory -{ - private $requestStack; - - public function __construct(RequestStack $requestStack) - { - $this->requestStack = $requestStack; - } - - public function getSession(): ?SessionInterface - { - trigger_deprecation('symfony/framework-bundle', '5.3', 'The "session" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.'); - - try { - return $this->requestStack->getSession(); - } catch (SessionNotFoundException $e) { - return null; - } - } -} diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php index 46fab2bcda42a..9b1283e8c1d26 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php @@ -68,7 +68,6 @@ public function testSubscribedServices() 'request_stack' => '?Symfony\\Component\\HttpFoundation\\RequestStack', 'http_kernel' => '?Symfony\\Component\\HttpKernel\\HttpKernelInterface', 'serializer' => '?Symfony\\Component\\Serializer\\SerializerInterface', - 'session' => '?Symfony\\Component\\HttpFoundation\\Session\\SessionInterface', 'security.authorization_checker' => '?Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationCheckerInterface', 'twig' => '?Twig\\Environment', 'doctrine' => '?Doctrine\\Persistence\\ManagerRegistry', @@ -503,7 +502,6 @@ public function testAddFlash() $requestStack->push($request); $container = new Container(); - $container->set('session', $session); $container->set('request_stack', $requestStack); $controller = $this->createController(); diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php deleted file mode 100644 index 7cbb3262f131f..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php +++ /dev/null @@ -1,95 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Bundle\FrameworkBundle\Tests\DependencyInjection\Compiler; - -use PHPUnit\Framework\TestCase; -use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SessionPass; -use Symfony\Component\DependencyInjection\ContainerBuilder; -use Symfony\Component\DependencyInjection\Reference; - -class SessionPassTest extends TestCase -{ - public function testProcess() - { - $container = new ContainerBuilder(); - $container - ->register('session.factory'); // marker service - $container - ->register('.session.do-not-use'); - - (new SessionPass())->process($container); - - $this->assertTrue($container->hasAlias('session')); - $this->assertSame($container->findDefinition('session'), $container->getDefinition('.session.do-not-use')); - $this->assertTrue($container->getAlias('session')->isDeprecated()); - } - - public function testProcessUserDefinedSession() - { - $arguments = [ - new Reference('session.flash_bag'), - new Reference('session.attribute_bag'), - ]; - $container = new ContainerBuilder(); - $container - ->register('session.factory'); // marker service - $container - ->register('session') - ->setArguments($arguments); - $container - ->register('session.flash_bag') - ->setFactory([new Reference('.session.do-not-use'), 'getFlashBag']); - $container - ->register('session.attribute_bag') - ->setFactory([new Reference('.session.do-not-use'), 'getAttributeBag']); - - (new SessionPass())->process($container); - - $this->assertSame($arguments, $container->getDefinition('session')->getArguments()); - $this->assertNull($container->getDefinition('session.flash_bag')->getFactory()); - $this->assertNull($container->getDefinition('session.attribute_bag')->getFactory()); - $this->assertTrue($container->hasAlias('.session.do-not-use')); - $this->assertSame($container->getDefinition('session'), $container->findDefinition('.session.do-not-use')); - $this->assertTrue($container->getDefinition('session')->isDeprecated()); - } - - public function testProcessUserDefinedAlias() - { - $arguments = [ - new Reference('session.flash_bag'), - new Reference('session.attribute_bag'), - ]; - $container = new ContainerBuilder(); - $container - ->register('session.factory'); // marker service - $container - ->register('trueSession') - ->setArguments($arguments); - $container - ->setAlias('session', 'trueSession'); - $container - ->register('session.flash_bag') - ->setFactory([new Reference('.session.do-not-use'), 'getFlashBag']); - $container - ->register('session.attribute_bag') - ->setFactory([new Reference('.session.do-not-use'), 'getAttributeBag']); - - (new SessionPass())->process($container); - - $this->assertSame($arguments, $container->findDefinition('session')->getArguments()); - $this->assertNull($container->getDefinition('session.flash_bag')->getFactory()); - $this->assertNull($container->getDefinition('session.attribute_bag')->getFactory()); - $this->assertTrue($container->hasAlias('.session.do-not-use')); - $this->assertSame($container->findDefinition('session'), $container->findDefinition('.session.do-not-use')); - $this->assertTrue($container->getAlias('session')->isDeprecated()); - } -} diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php index b056ed498e5ad..25eeb37730296 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php @@ -466,8 +466,7 @@ protected static function getBundleDefaultConfig() ], 'session' => [ 'enabled' => false, - 'storage_id' => 'session.storage.native', - 'storage_factory_id' => null, + 'storage_factory_id' => 'session.storage.factory.native', 'handler_id' => 'session.handler.native_file', 'cookie_httponly' => true, 'cookie_samesite' => null, diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php deleted file mode 100644 index 23cd73767bd88..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php +++ /dev/null @@ -1,9 +0,0 @@ -loadFromExtension('framework', [ - 'session' => [ - 'handler_id' => null, - 'cookie_secure' => 'auto', - ], -]); diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php deleted file mode 100644 index e453305799971..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php +++ /dev/null @@ -1,8 +0,0 @@ -loadFromExtension('framework', [ - 'session' => [ - 'handler_id' => null, - ], -]); diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml deleted file mode 100644 index 6893400865a8b..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - - diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml deleted file mode 100644 index 326cf268d967f..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - - diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml deleted file mode 100644 index bac546c371b19..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml +++ /dev/null @@ -1,5 +0,0 @@ -# to be removed in Symfony 6.0 -framework: - session: - handler_id: ~ - cookie_secure: auto diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml deleted file mode 100644 index 171fadd07601a..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml +++ /dev/null @@ -1,4 +0,0 @@ -# to be removed in Symfony 6.0 -framework: - session: - handler_id: null diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php index e7619ef2019be..c3edff64abe9b 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php @@ -50,7 +50,6 @@ use Symfony\Component\HttpClient\MockHttpClient; use Symfony\Component\HttpClient\RetryableHttpClient; use Symfony\Component\HttpClient\ScopingHttpClient; -use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\HttpKernel\DependencyInjection\LoggerPass; use Symfony\Component\HttpKernel\Fragment\FragmentUriGeneratorInterface; use Symfony\Component\Messenger\Transport\TransportFactory; @@ -547,12 +546,8 @@ public function testSession() { $container = $this->createContainerFromFile('full'); - $this->assertTrue($container->hasAlias(SessionInterface::class), '->registerSessionConfiguration() loads session.xml'); $this->assertEquals('fr', $container->getParameter('kernel.default_locale')); $this->assertEquals('session.storage.factory.native', (string) $container->getAlias('session.storage.factory')); - $this->assertFalse($container->has('session.storage')); - $this->assertFalse($container->has('session.storage.native')); - $this->assertFalse($container->has('session.storage.php_bridge')); $this->assertEquals('session.handler.native_file', (string) $container->getAlias('session.handler')); $options = $container->getParameter('session.storage.options'); @@ -576,31 +571,11 @@ public function testNullSessionHandler() { $container = $this->createContainerFromFile('session'); - $this->assertTrue($container->hasAlias(SessionInterface::class), '->registerSessionConfiguration() loads session.xml'); $this->assertNull($container->getDefinition('session.storage.factory.native')->getArgument(1)); $this->assertNull($container->getDefinition('session.storage.factory.php_bridge')->getArgument(0)); $this->assertSame('session.handler.native_file', (string) $container->getAlias('session.handler')); - $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector']; - $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues())); - $this->assertFalse($container->getDefinition('session.storage.factory.native')->getArgument(3)); - } - - /** - * @group legacy - */ - public function testNullSessionHandlerLegacy() - { - $this->expectDeprecation('Since symfony/framework-bundle 5.3: Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.'); - - $container = $this->createContainerFromFile('session_legacy'); - - $this->assertTrue($container->hasAlias(SessionInterface::class), '->registerSessionConfiguration() loads session.xml'); - $this->assertNull($container->getDefinition('session.storage.native')->getArgument(1)); - $this->assertNull($container->getDefinition('session.storage.php_bridge')->getArgument(0)); - $this->assertSame('session.handler.native_file', (string) $container->getAlias('session.handler')); - - $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector']; + $expected = ['session_factory', 'logger', 'session_collector']; $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues())); $this->assertFalse($container->getDefinition('session.storage.factory.native')->getArgument(3)); } @@ -1618,20 +1593,7 @@ public function testSessionCookieSecureAuto() { $container = $this->createContainerFromFile('session_cookie_secure_auto'); - $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector']; - $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues())); - } - - /** - * @group legacy - */ - public function testSessionCookieSecureAutoLegacy() - { - $this->expectDeprecation('Since symfony/framework-bundle 5.3: Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.'); - - $container = $this->createContainerFromFile('session_cookie_secure_auto_legacy'); - - $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector', 'session_storage', 'request_stack']; + $expected = ['session_factory', 'logger', 'session_collector']; $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues())); } diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php deleted file mode 100644 index 75e9673c35a71..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php +++ /dev/null @@ -1,16 +0,0 @@ -get('session'); - - return new Response('done'); - } -} diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php deleted file mode 100644 index 20c33a17e4353..0000000000000 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php +++ /dev/null @@ -1,36 +0,0 @@ -flashBag = $flashBag; - $this->router = $router; - } - - public function setFlashAction(Request $request, $message) - { - $this->flashBag->add('notice', $message); - - return new RedirectResponse($this->router->generate('session_showflash')); - } -} diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml index d790c1a13125b..8d41ce3267131 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml @@ -18,14 +18,6 @@ session_setflash: path: /session_setflash/{message} defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SessionController::setFlashAction } -injected_flashbag_session_setflash: - path: injected_flashbag/session_setflash/{message} - defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\InjectedFlashbagSessionController::setFlashAction} - -deprecated_session_setflash: - path: /deprecated_session/trigger - defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\DeprecatedSessionController::triggerAction} - session_showflash: path: /session_showflash defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SessionController::showFlashAction } diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php index 7d66ff1726657..ae8c7afafd425 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php @@ -11,12 +11,8 @@ namespace Symfony\Bundle\FrameworkBundle\Tests\Functional; -use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait; - class SessionTest extends AbstractWebTestCase { - use ExpectDeprecationTrait; - /** * Tests session attributes persist. * @@ -73,52 +69,6 @@ public function testFlash($config, $insulate) $this->assertStringContainsString('No flash was set.', $crawler->text()); } - /** - * Tests flash messages work when flashbag service is injected to the constructor. - * - * @group legacy - * @dataProvider getConfigs - */ - public function testFlashOnInjectedFlashbag($config, $insulate) - { - $this->expectDeprecation('Since symfony/framework-bundle 5.1: The "session.flash_bag" service is deprecated, use "$session->getFlashBag()" instead.'); - - $client = $this->createClient(['test_case' => 'Session', 'root_config' => $config]); - if ($insulate) { - $client->insulate(); - } - - // set flash - $client->request('GET', '/injected_flashbag/session_setflash/Hello%20world.'); - - // check flash displays on redirect - $this->assertStringContainsString('Hello world.', $client->followRedirect()->text()); - - // check flash is gone - $crawler = $client->request('GET', '/session_showflash'); - $this->assertStringContainsString('No flash was set.', $crawler->text()); - } - - /** - * @group legacy - * @dataProvider getConfigs - */ - public function testSessionServiceTriggerDeprecation($config, $insulate) - { - $this->expectDeprecation('Since symfony/framework-bundle 5.3: The "session" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.'); - - $client = $this->createClient(['test_case' => 'Session', 'root_config' => $config]); - if ($insulate) { - $client->insulate(); - } - - // trigger deprecation - $crawler = $client->request('GET', '/deprecated_session/trigger'); - - // check response - $this->assertStringContainsString('done', $crawler->text()); - } - /** * See if two separate insulated clients can run without * polluting each other's session data. diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml index 03ee4fb151104..ad6bdb691ca52 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml @@ -5,11 +5,3 @@ services: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SubRequestController: tags: - { name: controller.service_arguments, action: indexAction, argument: handler, id: fragment.handler } - - Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\InjectedFlashbagSessionController: - autowire: true - tags: ['controller.service_arguments'] - - Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\DeprecatedSessionController: - autowire: true - autoconfigure: true diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php index 5ba017f51e386..4df056887571a 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php @@ -41,6 +41,7 @@ public function process(ContainerBuilder $container) TokenStorageInterface::class => new BoundArgument(new Reference('security.untracked_token_storage'), false), ]); + // the `!$container->has('session.storage')` check can be removed when bumping to symfony/framework-bundle:6.0 if (!$container->has('session.factory') && !$container->has('session.storage')) { $container->setAlias('security.token_storage', 'security.untracked_token_storage')->setPublic(true); $container->getDefinition('security.untracked_token_storage')->addTag('kernel.reset', ['method' => 'reset']); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php index 993601ee8e43e..cfc363b557c2c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php @@ -17,10 +17,7 @@ use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\DependencyInjection\Reference; -use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\Session\SessionFactory; -use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; -use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorageFactory; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage; use Symfony\Component\Security\Http\Firewall\ContextListener; @@ -44,7 +41,6 @@ public function testContextListenerIsNotModifiedIfTokenStorageDoesNotSupportUsag $container = new ContainerBuilder(); $container->setParameter('security.token_storage.class', TokenStorage::class); - $container->register('session', Session::class); $container->register('security.context_listener', ContextListener::class) ->setArguments([ new Reference('security.untracked_token_storage'), diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/DependencyInjection/RequestTrackerExtension.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/DependencyInjection/RequestTrackerExtension.php new file mode 100644 index 0000000000000..69deb865c2436 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/DependencyInjection/RequestTrackerExtension.php @@ -0,0 +1,26 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RequestTrackerBundle\DependencyInjection; + +use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RequestTrackerBundle\EventSubscriber\RequestTrackerSubscriber; +use Symfony\Component\DependencyInjection\ContainerBuilder; +use Symfony\Component\DependencyInjection\Extension\Extension; + +final class RequestTrackerExtension extends Extension +{ + public function load(array $configs, ContainerBuilder $container): void + { + $container->register('request_tracker_subscriber', RequestTrackerSubscriber::class) + ->setPublic(true) + ->addTag('kernel.event_subscriber'); + } +} diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php new file mode 100644 index 0000000000000..9496200e0486d --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php @@ -0,0 +1,38 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RequestTrackerBundle\EventSubscriber; + +use Symfony\Component\EventDispatcher\EventSubscriberInterface; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Event\RequestEvent; + +final class RequestTrackerSubscriber implements EventSubscriberInterface +{ + private ?Request $lastRequest; + + public static function getSubscribedEvents(): array + { + return [ + RequestEvent::class => 'onRequest', + ]; + } + + public function onRequest(RequestEvent $event) + { + $this->lastRequest = $event->getRequest(); + } + + public function getLastRequest(): ?Request + { + return $this->lastRequest; + } +} diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/RequestTrackerBundle.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/RequestTrackerBundle.php new file mode 100644 index 0000000000000..0497be83c316c --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/RequestTrackerBundle.php @@ -0,0 +1,18 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RequestTrackerBundle; + +use Symfony\Component\HttpKernel\Bundle\Bundle; + +final class RequestTrackerBundle extends Bundle +{ +} diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php index b649a4e6fa97c..788599224e47e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php @@ -136,8 +136,9 @@ public function testPublicHomepage() $this->assertEquals(200, $client->getResponse()->getStatusCode(), (string) $client->getResponse()); $this->assertTrue($client->getResponse()->headers->getCacheControlDirective('public')); - $this->assertSame(0, self::getContainer()->get('session')->getUsageIndex()); + $this->assertSame(0, self::getContainer()->get('request_tracker_subscriber')->getLastRequest()->getSession()->getUsageIndex()); } + /** * @dataProvider provideLegacyClientOptions * @group legacy @@ -273,7 +274,7 @@ public function testLegacyPublicHomepage() $this->assertEquals(200, $client->getResponse()->getStatusCode(), (string) $client->getResponse()); $this->assertTrue($client->getResponse()->headers->getCacheControlDirective('public')); - $this->assertSame(0, self::getContainer()->get('session')->getUsageIndex()); + $this->assertSame(0, self::getContainer()->get('request_tracker_subscriber')->getLastRequest()->getSession()->getUsageIndex()); } private function assertAllowed($client, $path) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/bundles.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/bundles.php index cef48bfcc4b46..6237258c8606e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/bundles.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/bundles.php @@ -12,6 +12,7 @@ use Symfony\Bundle\FrameworkBundle\FrameworkBundle; use Symfony\Bundle\SecurityBundle\SecurityBundle; use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\FormLoginBundle\FormLoginBundle; +use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RequestTrackerBundle\RequestTrackerBundle; use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\TestBundle; use Symfony\Bundle\TwigBundle\TwigBundle; @@ -20,5 +21,6 @@ new SecurityBundle(), new TwigBundle(), new FormLoginBundle(), + new RequestTrackerBundle(), new TestBundle(), ]; diff --git a/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php b/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php index 055cb3490bc6b..3ca0c0f2dd8b2 100644 --- a/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php +++ b/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php @@ -68,6 +68,7 @@ protected function processValue($value, bool $isRoot = false) throw new InvalidArgumentException(sprintf('Service "%s" must implement interface "%s".', $this->currentId, ServiceSubscriberInterface::class)); } $class = $r->name; + // to remove when bumping to symfony/framework-bundle:6.0 $replaceDeprecatedSession = $this->container->has('.session.deprecated') && $r->isSubclassOf(AbstractController::class); $subscriberMap = []; @@ -89,7 +90,7 @@ protected function processValue($value, bool $isRoot = false) } if ($replaceDeprecatedSession && SessionInterface::class === $type) { // This prevents triggering the deprecation when building the container - // Should be removed in Symfony 6.0 + // Should be removed when bumping to symfony/framework-bundle:6.0 $type = '.session.deprecated'; } $serviceMap[$key] = new Reference($type); diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php b/src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php index d17c60aebaac1..6d29bf8b161db 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php @@ -16,7 +16,7 @@ /** * @author Jérémy Derussé * - * @internal to be removed in Symfony 6 + * @internal to be removed when bumping to symfony/framework-bundle:6.0 */ final class ServiceSessionFactory implements SessionStorageFactoryInterface { diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php index d76f29b5bc683..0d61bfe5bc392 100644 --- a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php +++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php @@ -63,6 +63,7 @@ public function onKernelRequest(RequestEvent $event) $request->setSessionFactory(function () use (&$sess) { return $sess ?? $sess = $this->getSession(); }); } + // Code related to `initialized_session` can be removed when bumping symfony/framework-bundle:6.0 $session = $this->container && $this->container->has('initialized_session') ? $this->container->get('initialized_session') : null; $this->sessionUsageStack[] = $session instanceof Session ? $session->getUsageIndex() : 0; } diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php index 0c88187d1e931..2bf8e72bb644c 100644 --- a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php +++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php @@ -14,7 +14,6 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\Cookie; use Symfony\Component\HttpFoundation\Session\Session; -use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\HttpKernel\Event\RequestEvent; use Symfony\Component\HttpKernel\Event\ResponseEvent; use Symfony\Component\HttpKernel\KernelEvents; @@ -46,7 +45,7 @@ public function onKernelRequest(RequestEvent $event) } // bootstrap the session - if (!$session = $this->getSession()) { + if (!$event->getRequest()->hasSession() || !$session = $event->getRequest()->getSession()) { return; } @@ -100,15 +99,8 @@ public function onKernelResponse(ResponseEvent $event) public static function getSubscribedEvents(): array { return [ - KernelEvents::REQUEST => ['onKernelRequest', 192], + KernelEvents::REQUEST => ['onKernelRequest', 127], // AFTER SessionListener KernelEvents::RESPONSE => ['onKernelResponse', -128], ]; } - - /** - * Gets the session object. - * - * @return SessionInterface|null A SessionInterface instance or null if no session is available - */ - abstract protected function getSession(); } diff --git a/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php index 6d4b36ace352c..526aa2dc30b1d 100644 --- a/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php +++ b/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php @@ -11,9 +11,6 @@ namespace Symfony\Component\HttpKernel\EventListener; -use Psr\Container\ContainerInterface; -use Symfony\Component\HttpFoundation\Session\SessionInterface; - /** * Sets the session in the request. * @@ -23,24 +20,8 @@ */ class TestSessionListener extends AbstractTestSessionListener { - private $container; - - public function __construct(ContainerInterface $container, array $sessionOptions = []) + public function __construct(array $sessionOptions = []) { - $this->container = $container; parent::__construct($sessionOptions); } - - protected function getSession(): ?SessionInterface - { - if ($this->container->has('session')) { - return $this->container->get('session'); - } - - if ($this->container->has('session_factory')) { - return $this->container->get('session_factory')->createSession(); - } - - return null; - } } diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php index 016f7901c667a..3771d3058029b 100644 --- a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php @@ -46,9 +46,6 @@ protected function setUp(): void { $this->listener = $this->getMockForAbstractClass(AbstractTestSessionListener::class); $this->session = $this->getSession(); - $this->listener->expects($this->any()) - ->method('getSession') - ->willReturn($this->session); } public function testShouldSaveMainRequestSession() @@ -99,6 +96,7 @@ public function testEmptySessionWithNewSessionIdDoesSendCookie() $kernel = $this->createMock(HttpKernelInterface::class); $request = Request::create('/', 'GET', [], ['MOCKSESSID' => '123']); + $request->setSession($this->session); $event = new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST); $this->listener->onKernelRequest($event); @@ -118,6 +116,7 @@ public function testSessionWithNewSessionIdAndNewCookieDoesNotSendAnotherCookie( $kernel = $this->createMock(HttpKernelInterface::class); $request = Request::create('/', 'GET', [], ['MOCKSESSID' => '123']); + $request->setSession($this->session); $event = new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST); $this->listener->onKernelRequest($event); diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php index 4b2cac747abf5..d9f7f12af40ff 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php +++ b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php @@ -79,33 +79,11 @@ public static function getSubscribedServices(): array private function getSession(): SessionInterface { - // BC for symfony/security-bundle < 5.3 - if ($this->container->has('session')) { - trigger_deprecation('symfony/security-core', '5.3', 'Injecting the "session" in "%s" is deprecated, inject the "request_stack" instead.', __CLASS__); - - return $this->container->get('session'); - } - return $this->container->get('request_stack')->getSession(); } private function shouldTrackUsage(): bool { - if (!$this->enableUsageTracking) { - return false; - } - - // BC for symfony/security-bundle < 5.3 - if ($this->container->has('session')) { - return true; - } - - if (!$this->container->get('request_stack')->getMainRequest()) { - trigger_deprecation('symfony/security-core', '5.3', 'Using "%s" (service ID: "security.token_storage") outside the request-response cycle is deprecated, use the "%s" class (service ID: "security.untracked_token_storage") instead or disable usage tracking using "disableUsageTracking()".', __CLASS__, TokenStorage::class); - - return false; - } - - return true; + return $this->enableUsageTracking; } } diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/UsageTrackingTokenStorageTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/UsageTrackingTokenStorageTest.php index 0d074bd4b040f..7b3fa810d79ee 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/UsageTrackingTokenStorageTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/Storage/UsageTrackingTokenStorageTest.php @@ -68,22 +68,4 @@ public function testGetSetToken() $this->assertSame($token, $trackingStorage->getToken()); $this->assertSame(1, $sessionAccess); } - - /** - * @group legacy - */ - public function testWithoutMainRequest() - { - $locator = new class(['request_stack' => function () { - return new RequestStack(); - }]) implements ContainerInterface { - use ServiceLocatorTrait; - }; - $tokenStorage = new TokenStorage(); - $trackingStorage = new UsageTrackingTokenStorage($tokenStorage, $locator); - $trackingStorage->enableUsageTracking(); - - $this->expectDeprecation('Since symfony/security-core 5.3: Using "%s" (service ID: "security.token_storage") outside the request-response cycle is deprecated, use the "%s" class (service ID: "security.untracked_token_storage") instead or disable usage tracking using "disableUsageTracking()".'); - $trackingStorage->getToken(); - } } diff --git a/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php b/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php index 70613f5f26f25..eceaefc92d463 100644 --- a/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php +++ b/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php @@ -11,12 +11,9 @@ namespace Symfony\Component\Security\Csrf\TokenStorage; -use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException; -use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\RequestStack; use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\Session\SessionInterface; -use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage; use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException; /** @@ -33,27 +30,14 @@ class SessionTokenStorage implements ClearableTokenStorageInterface private $requestStack; private $namespace; - /** - * Tp be remove in Symfony 6.0 - */ - private $session; /** * Initializes the storage with a RequestStack object and a session namespace. * - * @param RequestStack $requestStack - * @param string $namespace The namespace under which the token is stored in the requestStack + * @param string $namespace The namespace under which the token is stored in the requestStack */ - public function __construct(/* RequestStack*/ $requestStack, string $namespace = self::SESSION_NAMESPACE) + public function __construct(RequestStack $requestStack, string $namespace = self::SESSION_NAMESPACE) { - if ($requestStack instanceof SessionInterface) { - trigger_deprecation('symfony/security-csrf', '5.3', 'Passing a "%s" to "%s" is deprecated, use a "%s" instead.', SessionInterface::class, __CLASS__, RequestStack::class); - $request = new Request(); - $request->setSession($requestStack); - - $requestStack = new RequestStack(); - $requestStack->push($request); - } $this->requestStack = $requestStack; $this->namespace = $namespace; } @@ -129,12 +113,6 @@ public function clear() private function getSession(): SessionInterface { - try { - return $this->requestStack->getSession(); - } catch (SessionNotFoundException $e) { - trigger_deprecation('symfony/security-csrf', '5.3', 'Using the "%s" without a session has no effect and is deprecated. It will throw a "%s" in Symfony 6.0', __CLASS__, SessionNotFoundException::class); - - return $this->session ?? $this->session = new Session(new MockArraySessionStorage()); - } + return $this->requestStack->getSession(); } } diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php index f995d215cabf1..2c5c82dbc16bf 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php @@ -426,17 +426,10 @@ private function handleEventWithPreviousSession($userProviders, UserInterface $u $tokenStorage = new TokenStorage(); $usageIndex = $session->getUsageIndex(); - $tokenStorage = new UsageTrackingTokenStorage($tokenStorage, new class( - (new \ReflectionClass(UsageTrackingTokenStorage::class))->hasMethod('getSession') ? [ - 'request_stack' => function () use ($requestStack) { - return $requestStack; - }] : [ - // BC for symfony/framework-bundle < 5.3 - 'session' => function () use ($session) { - return $session; - }, - ] - ) implements ContainerInterface { + $tokenStorage = new UsageTrackingTokenStorage($tokenStorage, new class(['request_stack' => function () use ($requestStack) { + return $requestStack; + }, + ]) implements ContainerInterface { use ServiceLocatorTrait; }); $sessionTrackerEnabler = [$tokenStorage, 'enableUsageTracking']; diff --git a/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php index 6942745e882a9..beebd1ff36434 100644 --- a/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php @@ -32,15 +32,12 @@ protected function setUp(): void { $this->session = new Session(new MockArraySessionStorage()); - // BC for symfony/security-core < 5.3 - if (\method_exists(SessionTokenStorage::class, 'getSession')) { - $request = new Request(); - $request->setSession($this->session); - $this->requestStack = new RequestStack(); - $this->requestStack->push($request); - } - - $this->csrfTokenStorage = new SessionTokenStorage($this->requestStack ?? $this->session, 'foo'); + $request = new Request(); + $request->setSession($this->session); + $this->requestStack = new RequestStack(); + $this->requestStack->push($request); + + $this->csrfTokenStorage = new SessionTokenStorage($this->requestStack, 'foo'); $this->csrfTokenStorage->setToken('foo', 'bar'); $this->csrfTokenStorage->setToken('foobar', 'baz'); $this->csrfTokenClearingLogoutHandler = new CsrfTokenClearingLogoutHandler($this->csrfTokenStorage);