[Security] Rename UserInterface::getUsername() to getUserIdentifier() #40403
Conversation
carsonbot
changed the title
There was a problem hiding this comment.
Looks good! Thank you for this, Wouter.
Given that DebugClassLoader will automatically trigger a deprecation notice thanks to the added @method phpdoc, I'm fine with the proposed BC layer and the additional notices it introduces.
Regarding tests, we should keep some legacy ones using the deprecated method to make sure everything keeps working.
src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
Show resolved
Hide resolved
src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
Outdated
Show resolved
Hide resolved
src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php
Outdated
Show resolved
Hide resolved
|
Thanks Robin!
Oh, that's nice. The powers of the
Yes, sure thing. I've basically been find&replacing |
...ony/Bundle/SecurityBundle/Tests/Functional/Bundle/GuardedBundle/AuthenticationController.php
Show resolved
Hide resolved
|
I guess we will need to rename |
wouterj
force-pushed
the
security-username-identifier
branch
from
e800acc
to
1c7b338
Compare
| */ | ||
| public function getMessageKey() | ||
| { | ||
| return 'Username could not be found.'; |
There was a problem hiding this comment.
How would we consider BC on this public error message? I think we cannot change it?
There was a problem hiding this comment.
No, it's not BC break. We can change it, but (not a blocker) that invalidates all translations (so, we need updates on translations as well).
There was a problem hiding this comment.
that also break things if a project was customizing the translation messages in their own messages, as they won't be overriding the translation being used anymore.
There was a problem hiding this comment.
After @stof's comment, I think it's best to keep the message unchanged.
Also, User identifier could not be found is a much to technical error message to have as a default user-friendly message imho. I think most applications that care already updated this to say e.g. "E-mailaddress could not be found", so "Username" seems a good default for the others.
wouterj
force-pushed
the
security-username-identifier
branch
from
8a13540
to
cc659eb
Compare
|
For reference, I consider this PR to be "feature complete". However, we do need to have more tests to make sure all authentication providers/listeners can work with both the old and new names. I'll add these over the next few days. |
src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
Outdated
Show resolved
Hide resolved
src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
Show resolved
Hide resolved
src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php
Outdated
Show resolved
Hide resolved
src/Symfony/Component/Security/Core/Tests/Exception/UsernameNotFoundExceptionTest.php
Show resolved
Hide resolved
src/Symfony/Component/Security/Http/EventListener/UserProviderListener.php
Show resolved
Hide resolved
src/Symfony/Component/Security/Core/User/UserProviderInterface.php
Outdated
Show resolved
Hide resolved
src/Symfony/Bridge/Monolog/Tests/Processor/SwitchUserTokenProcessorTest.php
Outdated
Show resolved
Hide resolved
wouterj
force-pushed
the
security-username-identifier
branch
6 times, most recently
from
a0a9bfe
to
279f410
Compare
wouterj
changed the title
wouterj
force-pushed
the
security-username-identifier
branch
from
279f410
to
e3c8b30
Compare
|
I think this PR is ready. However, 2 comments are left unresolved (open discussion), and the travis high builds are failing (I guess I need to submit another PR for 5.2 to change all tests to fix them?). appveyor builds have a timeout, they were green before. |
|
The merge of the User rename makes a lot of conflicts here, sorry about that :( |
| @@ -26,6 +26,8 @@ | |||
| * | |||
| * @see UserProviderInterface | |||
| * | |||
| * @method string getUserIdentifier() returns the identifier for this user (e.g. its username or e-mailaddress) | |||
There was a problem hiding this comment.
getIdentifier? a user's ID and a user's user ID are the same thing IMHO.
i think only token needs to convey it's the user identifier
There was a problem hiding this comment.
90% of the time (honestly, I think more), people are using entities as users. I don't want them to confuse getIdentifier() as getId(): your users don't login with a uuid, but with some other identifier (e-mailaddres). See also #40403 (review)
There was a problem hiding this comment.
in that regard, i think getId vs getUserIdentifier is still as confusing
There was a problem hiding this comment.
also AFAIK doctrine entities actually forwarding getIdentifier to getId would still be legit. (even while logging in by email)
|
@wouterj Do you have time to rebase this PR? |
wouterj
force-pushed
the
security-username-identifier
branch
from
e3c8b30
to
835cb92
Compare
|
Rebased. I believe the deps=high builds will be fixed when #40609 is merged (other failures are unrelated). I'll rebase this PR again when that PR is merged up to 5.x. |
…terface classes in the tests (wouterj) This PR was merged into the 5.2 branch. Discussion ---------- [Security] Use concrete UserInterface and UserProviderInterface classes in the tests | Q | A | ------------- | --- | Branch? | 5.2 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | n/a Fixes failing deps=high builds in #40403 Commits ------- 89d9de2 Use concrete user related classes in the tests
wouterj
force-pushed
the
security-username-identifier
branch
from
835cb92
to
08dcf39
Compare
|
(Hopefully last) rebase needed |
wouterj
force-pushed
the
security-username-identifier
branch
from
08dcf39
to
33bee77
Compare
|
If we ignore psalm (which we should in this PR), we're finally green. Thanks for your help @chalasr! |
chalasr
force-pushed
the
security-username-identifier
branch
from
33bee77
to
8afd7a3
Compare
|
Thank you @wouterj. |
…shlow) This PR was squashed before being merged into the 1.0-dev branch. Discussion ---------- [make:user] implement getUserIdentifier if required handle `getUsername()` -> `getUserIdentifier()` in Symfony 5.3 symfony/symfony#40403 Commits ------- 1d83924 [make:user] implement getUserIdentifier if required
| * | ||
| * @return string The username | ||
| */ | ||
| public function getUsername(); |
…of '{user_identifier}' in LDAP configuration (EXT - THERAGE Kevin)
This PR was merged into the 6.2 branch.
Discussion
----------
[Ldap] Deprecate '{username}' parameter use in favour of '{user_identifier}' in LDAP configuration
| Q | A
| ------------- | ---
| Branch? | 6.2
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
This PR aims to fix a missing forward compatibility as done in src/Symfony/Component/Ldap/Security/LdapUserProvider.php at line 80 when authenticating with LDAP and using the following configuration :
```yaml
security:
// ...
firewalls:œ
// ...
main:
form_login_ldap:
// ...
query_string: '(whatever={user_identifier})'
dn_string: 'uid={user_identifier},dc=example,dc=com'
```
instead of :
```yaml
security:
// ...
firewalls:
// ...
main:
form_login_ldap:
// ...
query_string: '(whatever={username})'
dn_string: 'uid={username},dc=example,dc=com'
```
maybe related to : #40403
Commits
-------
6dd1221 [Ldap] Deprecate '{username}' parameter use in favour of '{user_identifier}' in LDAP configuration
This continues the great work by @chalasr in #40267 and rounds up the
UserInterfacecleanup.The
getUsername()has been a point of confusion for many years. In today's applications, many domains no longer have a username, but instead rely on a user's email address or the like. Even more, this username has to be unique for all Security functionality to work correctly - so it's more confusing in complex applications relying on e.g. "username+company" to be unique.This PR proposes to rename the method to
getUserIdentifier(), to more clearly indicate the goal of the method (note: I'm open for any other suggestion).For BC, the
getUsername()method is deprecated in 5.3 andgetUserIdentifier()will be added to theUserInterfacein 6.0. PHPdocs are used to improve type-hinting for 5.3 & 5.4. Both authentication managers (the legacy and experimental one) check the authenticated user object and trigger a deprecation ifgetUserIdentifier()is not implemented.getUsername()in the application code.Consistent with these changes, I've also done the same BC change for
TokenInterface::getUsername().PersistentTokenInterface::getUsername()UserProviderInterface::loadUserByUsername()&UsernameNotFoundExceptionUserLoaderInterface::loadUserByUsername()I'm very much looking forward for feedback and help for this important, but BC-heavy, rename. 😃