[Security] Fix BC layer

Author: chalasr

Tests/User/InMemoryUserProviderTest.php

@@ -74,7 +74,7 @@ protected function createProvider(): InMemoryUserProvider
     public function testCreateUser()
     {
         $provider = new InMemoryUserProvider();
-        $provider->createUser(new User('fabien', 'foo'));
+        $provider->createUser(new InMemoryUser('fabien', 'foo'));
 
         $user = $provider->loadUserByUsername('fabien');
         $this->assertEquals('foo', $user->getPassword());
@@ -84,8 +84,8 @@ public function testCreateUserAlreadyExist()
     {
         $this->expectException(\LogicException::class);
         $provider = new InMemoryUserProvider();
-        $provider->createUser(new User('fabien', 'foo'));
-        $provider->createUser(new User('fabien', 'foo'));
+        $provider->createUser(new InMemoryUser('fabien', 'foo'));
+        $provider->createUser(new InMemoryUser('fabien', 'foo'));
     }
 
     public function testLoadUserByUsernameDoesNotExist()

User/InMemoryUser.php

@@ -19,115 +19,58 @@
  * @author Robin Chalas <[email protected]>
  * @author Fabien Potencier <[email protected]>
  */
-final class InMemoryUser implements UserInterface, PasswordAuthenticatedUserInterface, EquatableInterface
+final class InMemoryUser extends User
 {
-    private $username;
-    private $password;
-    private $enabled;
-    private $roles;
-
     /**
-     * @param string[] $roles
+     * {@inheritdoc}
+     *
+     * @deprecated since Symfony 5.3
      */
-    public function __construct(string $username, ?string $password, array $roles = [], bool $enabled = true)
+    public function isAccountNonExpired(): bool
     {
-        if ('' === $username) {
-            throw new \InvalidArgumentException('The username cannot be empty.');
-        }
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, you should stop using it.', __METHOD__);
 
-        $this->username = $username;
-        $this->password = $password;
-        $this->roles = $roles;
-        $this->enabled = $enabled;
-    }
-
-    public function __toString(): string
-    {
-        return $this->getUsername();
+        return parent::isAccountNonExpired();
     }
 
     /**
      * {@inheritdoc}
+     *
+     * @deprecated since Symfony 5.3
      */
-    public function getRoles(): array
+    public function isAccountNonLocked(): bool
     {
-        return $this->roles;
-    }
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, you should stop using it.', __METHOD__);
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getPassword(): ?string
-    {
-        return $this->password;
+        return parent::isAccountNonLocked();
     }
 
     /**
      * {@inheritdoc}
+     *
+     * @deprecated since Symfony 5.3
      */
-    public function getSalt(): ?string
+    public function isCredentialsNonExpired(): bool
     {
-        return null;
-    }
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, you should stop using it.', __METHOD__);
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getUsername(): string
-    {
-        return $this->username;
+        return parent::isCredentialsNonExpired();
     }
 
     /**
-     * Checks whether the user is enabled.
-     *
-     * Internally, if this method returns false, the authentication system
-     * will throw a DisabledException and prevent login.
-     *
-     * @return bool true if the user is enabled, false otherwise
-     *
-     * @see DisabledException
+     * @deprecated since Symfony 5.3
      */
-    public function isEnabled(): bool
+    public function getExtraFields(): array
     {
-        return $this->enabled;
-    }
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, you should stop using it.', __METHOD__);
 
-    /**
-     * {@inheritdoc}
-     */
-    public function eraseCredentials()
-    {
+        return parent::getExtraFields();
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function isEqualTo(UserInterface $user): bool
+    public function setPassword(string $password)
     {
-        if (!$user instanceof self) {
-            return false;
-        }
-
-        if ($this->getPassword() !== $user->getPassword()) {
-            return false;
-        }
-
-        $currentRoles = array_map('strval', (array) $this->getRoles());
-        $newRoles = array_map('strval', (array) $user->getRoles());
-        $rolesChanged = \count($currentRoles) !== \count($newRoles) || \count($currentRoles) !== \count(array_intersect($currentRoles, $newRoles));
-        if ($rolesChanged) {
-            return false;
-        }
-
-        if ($this->getUsername() !== $user->getUsername()) {
-            return false;
-        }
-
-        if ($this->isEnabled() !== $user->isEnabled()) {
-            return false;
-        }
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, you should stop using it.', __METHOD__);
 
-        return true;
+        parent::setPassword($password);
     }
 }

User/InMemoryUserChecker.php

@@ -38,7 +38,7 @@ public function checkPreAuth(UserInterface $user)
         }
 
         // @deprecated since Symfony 5.3
-        if ($user instanceof User) {
+        if (User::class === \get_class($user)) {
             if (!$user->isAccountNonLocked()) {
                 $ex = new LockedException('User account is locked.');
                 $ex->setUser($user);
@@ -56,7 +56,7 @@ public function checkPreAuth(UserInterface $user)
     public function checkPostAuth(UserInterface $user)
     {
         // @deprecated since Symfony 5.3, noop in 6.0
-        if (!$user instanceof User) {
+        if (User::class !== \get_class($user)) {
             return;
         }
 

User/InMemoryUserProvider.php

@@ -80,8 +80,8 @@ public function refreshUser(UserInterface $user)
         $storedUser = $this->getUser($user->getUsername());
 
         // @deprecated since Symfony 5.3
-        if ($user instanceof User) {
-            if (!$storedUser instanceof User) {
+        if (User::class === \get_class($user)) {
+            if (User::class !== \get_class($storedUser)) {
                 $accountNonExpired = true;
                 $credentialsNonExpired = $storedUser->getPassword() === $user->getPassword();
                 $accountNonLocked = true;

User/User.php

@@ -11,8 +11,6 @@
 
 namespace Symfony\Component\Security\Core\User;
 
-trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use "%s" instead.', User::class, InMemoryUser::class);
-
 /**
  * User is the user implementation used by the in-memory user provider.
  *
@@ -22,7 +20,7 @@
  *
  * @deprecated since Symfony 5.3, use {@link InMemoryUser} instead
  */
-final class User implements UserInterface, PasswordAuthenticatedUserInterface, EquatableInterface
+class User implements UserInterface, PasswordAuthenticatedUserInterface, EquatableInterface
 {
     private $username;
     private $password;
@@ -35,6 +33,10 @@ final class User implements UserInterface, PasswordAuthenticatedUserInterface, E
 
     public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true, array $extraFields = [])
     {
+        if (InMemoryUser::class !== static::class) {
+            trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use "%s" instead.', self::class, InMemoryUser::class);
+        }
+
         if ('' === $username || null === $username) {
             throw new \InvalidArgumentException('The username cannot be empty.');
         }
@@ -175,8 +177,8 @@ public function isEqualTo(UserInterface $user): bool
             return false;
         }
 
-        $currentRoles = array_map('strval', (array)$this->getRoles());
-        $newRoles = array_map('strval', (array)$user->getRoles());
+        $currentRoles = array_map('strval', (array) $this->getRoles());
+        $newRoles = array_map('strval', (array) $user->getRoles());
         $rolesChanged = \count($currentRoles) !== \count($newRoles) || \count($currentRoles) !== \count(array_intersect($currentRoles, $newRoles));
         if ($rolesChanged) {
             return false;
@@ -186,16 +188,18 @@ public function isEqualTo(UserInterface $user): bool
             return false;
         }
 
-        if ($this->isAccountNonExpired() !== $user->isAccountNonExpired()) {
-            return false;
-        }
+        if (self::class === static::class) {
+            if ($this->isAccountNonExpired() !== $user->isAccountNonExpired()) {
+                return false;
+            }
 
-        if ($this->isAccountNonLocked() !== $user->isAccountNonLocked()) {
-            return false;
-        }
+            if ($this->isAccountNonLocked() !== $user->isAccountNonLocked()) {
+                return false;
+            }
 
-        if ($this->isCredentialsNonExpired() !== $user->isCredentialsNonExpired()) {
-            return false;
+            if ($this->isCredentialsNonExpired() !== $user->isCredentialsNonExpired()) {
+                return false;
+            }
         }
 
         if ($this->isEnabled() !== $user->isEnabled()) {