[Security] Deprecate argument $secret of RememberMeToken and RememberMeAuthenticator

nicolas-grekas · nicolas-grekas · commit 74ebf9b36c60 · 2024-05-21T16:54:23.000+02:00
diff --git a/Authentication/Token/RememberMeToken.php b/Authentication/Token/RememberMeToken.php
@@ -21,28 +21,26 @@
  */
 class RememberMeToken extends AbstractToken
 {
-    private string $secret;
+    private ?string $secret = null;
     private string $firewallName;
 
     /**
-     * @param string $secret A secret used to make sure the token is created by the app and not by a malicious client
-     *
      * @throws \InvalidArgumentException
      */
-    public function __construct(UserInterface $user, string $firewallName, #[\SensitiveParameter] string $secret)
+    public function __construct(UserInterface $user, string $firewallName)
     {
         parent::__construct($user->getRoles());
 
-        if (!$secret) {
-            throw new InvalidArgumentException('A non-empty secret is required.');
+        if (\func_num_args() > 2) {
+            trigger_deprecation('symfony/security-core', '7.2', 'The "$secret" argument of "%s()" is deprecated.', __METHOD__);
+            $this->secret = func_get_arg(2);
         }
 
         if (!$firewallName) {
             throw new InvalidArgumentException('$firewallName must not be empty.');
         }
 
         $this->firewallName = $firewallName;
-        $this->secret = $secret;
 
         $this->setUser($user);
     }
@@ -52,13 +50,19 @@ public function getFirewallName(): string
         return $this->firewallName;
     }
 
+    /**
+     * @deprecated since Symfony 7.2
+     */
     public function getSecret(): string
     {
-        return $this->secret;
+        trigger_deprecation('symfony/security-core', '7.2', 'The "%s()" method is deprecated.', __METHOD__);
+
+        return $this->secret ??= base64_encode(random_bytes(8));
     }
 
     public function __serialize(): array
     {
+        // $this->firewallName should be kept at index 1 for compatibility with payloads generated before Symfony 8
         return [$this->secret, $this->firewallName, parent::__serialize()];
     }
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 CHANGELOG
 =========
 
+7.2
+---
+
+ * Deprecate argument `$secret` of `RememberMeToken`
 
 7.0
 ---
diff --git a/Tests/Authentication/AuthenticationTrustResolverTest.php b/Tests/Authentication/AuthenticationTrustResolverTest.php
@@ -72,7 +72,7 @@ protected function getRememberMeToken()
     {
         $user = new InMemoryUser('wouter', '', ['ROLE_USER']);
 
-        return new RememberMeToken($user, 'main', 'secret');
+        return new RememberMeToken($user, 'main');
     }
 }
 
diff --git a/Tests/Authentication/Token/RememberMeTokenTest.php b/Tests/Authentication/Token/RememberMeTokenTest.php
@@ -20,22 +20,22 @@ class RememberMeTokenTest extends TestCase
     public function testConstructor()
     {
         $user = $this->getUser();
-        $token = new RememberMeToken($user, 'fookey', 'foo');
+        $token = new RememberMeToken($user, 'fookey');
 
         $this->assertEquals('fookey', $token->getFirewallName());
-        $this->assertEquals('foo', $token->getSecret());
         $this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
         $this->assertSame($user, $token->getUser());
     }
 
-    public function testConstructorSecretCannotBeEmptyString()
+    /**
+     * @group legacy
+     */
+    public function testSecret()
     {
-        $this->expectException(\InvalidArgumentException::class);
-        new RememberMeToken(
-            $this->getUser(),
-            '',
-            ''
-        );
+        $user = $this->getUser();
+        $token = new RememberMeToken($user, 'fookey', 'foo');
+
+        $this->assertEquals('foo', $token->getSecret());
     }
 
     protected function getUser($roles = ['ROLE_FOO'])
diff --git a/Tests/Authorization/ExpressionLanguageTest.php b/Tests/Authorization/ExpressionLanguageTest.php
@@ -50,7 +50,7 @@ public static function provider()
         $user = new InMemoryUser('username', 'password', $roles);
 
         $noToken = null;
-        $rememberMeToken = new RememberMeToken($user, 'firewall-name', 'firewall');
+        $rememberMeToken = new RememberMeToken($user, 'firewall-name');
         $usernamePasswordToken = new UsernamePasswordToken($user, 'firewall-name', $roles);
 
         return [
diff --git a/Tests/Authorization/Voter/AuthenticatedVoterTest.php b/Tests/Authorization/Voter/AuthenticatedVoterTest.php
@@ -101,7 +101,7 @@ public function getCredentials()
         }
 
         if ('remembered' === $authenticated) {
-            return new RememberMeToken($user, 'foo', 'bar');
+            return new RememberMeToken($user, 'foo');
         }
 
         if ('impersonated' === $authenticated) {
diff --git a/composer.json b/composer.json
@@ -17,6 +17,7 @@
     ],
     "require": {
         "php": ">=8.2",
+        "symfony/deprecation-contracts": "^2.5|^3",
         "symfony/event-dispatcher-contracts": "^2.5|^3",
         "symfony/service-contracts": "^2.5|^3",
         "symfony/password-hasher": "^6.4|^7.0"

Original file line number	Diff line number	Diff line change
`@@ -21,28 +21,26 @@`
`21`	`21`	`*/`
`22`	`22`	`class RememberMeToken extends AbstractToken`
`23`	`23`	`{`
`24`		`- private string $secret;`
	`24`	`+ private ?string $secret = null;`
`25`	`25`	`private string $firewallName;`
`26`	`26`
`27`	`27`	`/**`
`28`		`- * @param string $secret A secret used to make sure the token is created by the app and not by a malicious client`
`29`		`- *`
`30`	`28`	`* @throws \InvalidArgumentException`
`31`	`29`	`*/`
`32`		`- public function __construct(UserInterface $user, string $firewallName, #[\SensitiveParameter] string $secret)`
	`30`	`+ public function __construct(UserInterface $user, string $firewallName)`
`33`	`31`	`{`
`34`	`32`	`parent::__construct($user->getRoles());`
`35`	`33`
`36`		`- if (!$secret) {`
`37`		`- throw new InvalidArgumentException('A non-empty secret is required.');`
	`34`	`+ if (\func_num_args() > 2) {`
	`35`	`+ trigger_deprecation('symfony/security-core', '7.2', 'The "$secret" argument of "%s()" is deprecated.', __METHOD__);`
	`36`	`+ $this->secret = func_get_arg(2);`
`38`	`37`	`}`
`39`	`38`
`40`	`39`	`if (!$firewallName) {`
`41`	`40`	`throw new InvalidArgumentException('$firewallName must not be empty.');`
`42`	`41`	`}`
`43`	`42`
`44`	`43`	`$this->firewallName = $firewallName;`
`45`		`- $this->secret = $secret;`
`46`	`44`
`47`	`45`	`$this->setUser($user);`
`48`	`46`	`}`
`@@ -52,13 +50,19 @@ public function getFirewallName(): string`
`52`	`50`	`return $this->firewallName;`
`53`	`51`	`}`
`54`	`52`
	`53`	`+ /**`
	`54`	`+ * @deprecated since Symfony 7.2`
	`55`	`+ */`
`55`	`56`	`public function getSecret(): string`
`56`	`57`	`{`
`57`		`- return $this->secret;`
	`58`	`+ trigger_deprecation('symfony/security-core', '7.2', 'The "%s()" method is deprecated.', __METHOD__);`
	`59`	`+`
	`60`	`+ return $this->secret ??= base64_encode(random_bytes(8));`
`58`	`61`	`}`
`59`	`62`
`60`	`63`	`public function __serialize(): array`
`61`	`64`	`{`
	`65`	`+ // $this->firewallName should be kept at index 1 for compatibility with payloads generated before Symfony 8`
`62`	`66`	`return [$this->secret, $this->firewallName, parent::__serialize()];`
`63`	`67`	`}`
`64`	`68`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ protected function getRememberMeToken()`
`72`	`72`	`{`
`73`	`73`	`$user = new InMemoryUser('wouter', '', ['ROLE_USER']);`
`74`	`74`
`75`		`- return new RememberMeToken($user, 'main', 'secret');`
	`75`	`+ return new RememberMeToken($user, 'main');`
`76`	`76`	`}`
`77`	`77`	`}`
`78`	`78`
Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ public function getCredentials()`
`101`	`101`	`}`
`102`	`102`
`103`	`103`	`if ('remembered' === $authenticated) {`
`104`		`- return new RememberMeToken($user, 'foo', 'bar');`
	`104`	`+ return new RememberMeToken($user, 'foo');`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`if ('impersonated' === $authenticated) {`