[Security] Improve BC-layer to deprecate eraseCredentials methods

nicolas-grekas · nicolas-grekas · commit f5f6b03bafb2 · 2025-02-04T09:22:58.000+01:00
diff --git a/Authentication/Token/AbstractToken.php b/Authentication/Token/AbstractToken.php
@@ -62,11 +62,11 @@ public function setUser(UserInterface $user): void
     /**
      * Removes sensitive information from the token.
      *
-     * @deprecated since Symfony 7.3
+     * @deprecated since Symfony 7.3, erase credentials using the "__serialize()" method instead
      */
     public function eraseCredentials(): void
     {
-        trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__));
+        trigger_deprecation('symfony/security-core', '7.3', \sprintf('The "%s::eraseCredentials()" method is deprecated and will be removed in 8.0, erase credentials using the "__serialize()" method instead.', TokenInterface::class));
 
         if ($this->getUser() instanceof UserInterface) {
             $this->getUser()->eraseCredentials();
diff --git a/Authentication/Token/NullToken.php b/Authentication/Token/NullToken.php
@@ -44,12 +44,14 @@ public function getUserIdentifier(): string
     }
 
     /**
-     * Removes sensitive information from the token.
-     *
      * @deprecated since Symfony 7.3
      */
+    #[\Deprecated(since: 'symfony/security-core 7.3')]
     public function eraseCredentials(): void
     {
+        if (\PHP_VERSION_ID < 80400) {
+            @trigger_error(\sprintf('Method %s::eraseCredentials() is deprecated since symfony/security-core 7.3', self::class), \E_USER_DEPRECATED);
+        }
     }
 
     public function getAttributes(): array
diff --git a/Authentication/Token/TokenInterface.php b/Authentication/Token/TokenInterface.php
@@ -16,6 +16,9 @@
 /**
  * TokenInterface is the interface for the user authentication information.
  *
+ * The __serialize/__unserialize() magic methods can be implemented on the token
+ * class to prevent sensitive credentials from being put in the session storage.
+ *
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  */
@@ -57,8 +60,7 @@ public function setUser(UserInterface $user): void;
     /**
      * Removes sensitive information from the token.
      *
-     * @deprecated since Symfony 7.3, use a dedicated DTO instead or implement your
-     *             own erasing logic instead
+     * @deprecated since Symfony 7.3; erase credentials using the "__serialize()" method instead
      */
     public function eraseCredentials(): void;
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,7 +8,7 @@ CHANGELOG
    For example, users not currently logged in, or while processing a message from a message queue.
  * Add `OfflineTokenInterface` to mark tokens that do not represent the currently logged-in user
  * Deprecate `UserInterface::eraseCredentials()` and `TokenInterface::eraseCredentials()`,
-   use a dedicated DTO or erase credentials on your own e.g. upon `AuthenticationTokenCreatedEvent` instead
+   erase credentials e.g. using `__serialize()` instead
 
 7.2
 ---
diff --git a/Tests/Authentication/AuthenticationTrustResolverTest.php b/Tests/Authentication/AuthenticationTrustResolverTest.php
@@ -119,6 +119,7 @@ public function getUserIdentifier(): string
     {
     }
 
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
     }
diff --git a/Tests/Authentication/Token/AbstractTokenTest.php b/Tests/Authentication/Token/AbstractTokenTest.php
@@ -14,6 +14,7 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\UserInterface;
 
@@ -46,7 +47,8 @@ public function testEraseCredentials()
         $user = $this->createMock(UserInterface::class);
         $user->expects($this->once())->method('eraseCredentials');
         $token->setUser($user);
-        $this->expectDeprecation('The Symfony\Component\Security\Core\User\UserInterface::eraseCredentials method is deprecated (since Symfony 7.3, use a dedicated DTO instead or implement your own erasing logic instead).');
+
+        $this->expectDeprecation(\sprintf('Since symfony/security-core 7.3: The "%s::eraseCredentials()" method is deprecated and will be removed in 8.0, erase credentials using the "__serialize()" method instead.', TokenInterface::class));
 
         $token->eraseCredentials();
     }
diff --git a/Tests/Authentication/Token/Fixtures/CustomUser.php b/Tests/Authentication/Token/Fixtures/CustomUser.php
@@ -31,6 +31,12 @@ public function getRoles(): array
         return $this->roles;
     }
 
+    public function getPassword(): ?string
+    {
+        return null;
+    }
+
+    #[\Deprecated]
     public function eraseCredentials(): void
     {
     }
diff --git a/Tests/User/InMemoryUserTest.php b/Tests/User/InMemoryUserTest.php
@@ -12,11 +12,14 @@
 namespace Symfony\Component\Security\Core\Tests\User;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 class InMemoryUserTest extends TestCase
 {
+    use ExpectDeprecationTrait;
+
     public function testConstructorException()
     {
         $this->expectException(\InvalidArgumentException::class);
@@ -59,6 +62,7 @@ public function testIsEnabled()
     public function testEraseCredentials()
     {
         $user = new InMemoryUser('fabien', 'superpass');
+        $this->expectDeprecation(\sprintf('%sMethod %s::eraseCredentials() is deprecated since symfony/security-core 7.3', \PHP_VERSION_ID >= 80400 ? 'Unsilenced deprecation: ' : '', InMemoryUser::class));
         $user->eraseCredentials();
         $this->assertEquals('superpass', $user->getPassword());
     }
diff --git a/User/InMemoryUser.php b/User/InMemoryUser.php
@@ -74,9 +74,15 @@ public function isEnabled(): bool
         return $this->enabled;
     }
 
+    /**
+     * @deprecated since Symfony 7.3
+     */
+    #[\Deprecated(since: 'symfony/security-core 7.3')]
     public function eraseCredentials(): void
     {
-        trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__));
+        if (\PHP_VERSION_ID < 80400) {
+            @trigger_error(\sprintf('Method %s::eraseCredentials() is deprecated since symfony/security-core 7.3', self::class), \E_USER_DEPRECATED);
+        }
     }
 
     public function isEqualTo(UserInterface $user): bool
diff --git a/User/OidcUser.php b/User/OidcUser.php
@@ -71,8 +71,15 @@ public function getUserIdentifier(): string
         return (string) ($this->userIdentifier ?? $this->getSub());
     }
 
+    /**
+     * @deprecated since Symfony 7.3
+     */
+    #[\Deprecated(since: 'symfony/security-core 7.3')]
     public function eraseCredentials(): void
     {
+        if (\PHP_VERSION_ID < 80400) {
+            @trigger_error(\sprintf('Method %s::eraseCredentials() is deprecated since symfony/security-core 7.3', self::class), \E_USER_DEPRECATED);
+        }
     }
 
     public function getSub(): ?string
diff --git a/User/PasswordAuthenticatedUserInterface.php b/User/PasswordAuthenticatedUserInterface.php
@@ -23,6 +23,9 @@ interface PasswordAuthenticatedUserInterface
      * Returns the hashed password used to authenticate the user.
      *
      * Usually on authentication, a plain-text password will be compared to this value.
+     *
+     * The __serialize/__unserialize() magic methods can be implemented on the user
+     * class to prevent hashed passwords from being put in the session storage.
      */
     public function getPassword(): ?string;
 }
diff --git a/User/UserInterface.php b/User/UserInterface.php
@@ -24,6 +24,9 @@
  * this interface. Objects that implement this interface are created and
  * loaded by different objects that implement UserProviderInterface.
  *
+ * The __serialize/__unserialize() magic methods can be implemented on the user
+ * class to prevent sensitive credentials from being put in the session storage.
+ *
  * @see UserProviderInterface
  *
  * @author Fabien Potencier <fabien@symfony.com>
@@ -46,22 +49,20 @@ interface UserInterface
      */
     public function getRoles(): array;
 
-    /**
-     * Returns the identifier for this user (e.g. username or email address).
-     *
-     * @return non-empty-string
-     */
-    public function getUserIdentifier(): string;
-
     /**
      * Removes sensitive data from the user.
      *
      * This is important if, at any given point, sensitive information like
      * the plain-text password is stored on this object.
      *
-     * @deprecated since Symfony 7.3, use a dedicated DTO instead or implement your
-     *             own erasing logic instead
+     * @deprecated since Symfony 7.3, erase credentials using the "__serialize()" method instead
      */
     public function eraseCredentials(): void;
 
+    /**
+     * Returns the identifier for this user (e.g. username or email address).
+     *
+     * @return non-empty-string
+     */
+    public function getUserIdentifier(): string;
 }

Original file line number	Diff line number	Diff line change
`@@ -62,11 +62,11 @@ public function setUser(UserInterface $user): void`
`62`	`62`	`/**`
`63`	`63`	`* Removes sensitive information from the token.`
`64`	`64`	`*`
`65`		`- * @deprecated since Symfony 7.3`
	`65`	`+ * @deprecated since Symfony 7.3, erase credentials using the "__serialize()" method instead`
`66`	`66`	`*/`
`67`	`67`	`public function eraseCredentials(): void`
`68`	`68`	`{`
`69`		`- trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__));`
	`69`	`+ trigger_deprecation('symfony/security-core', '7.3', \sprintf('The "%s::eraseCredentials()" method is deprecated and will be removed in 8.0, erase credentials using the "__serialize()" method instead.', TokenInterface::class));`
`70`	`70`
`71`	`71`	`if ($this->getUser() instanceof UserInterface) {`
`72`	`72`	`$this->getUser()->eraseCredentials();`
Original file line number	Diff line number	Diff line change
`@@ -44,12 +44,14 @@ public function getUserIdentifier(): string`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`/**`
`47`		`- * Removes sensitive information from the token.`
`48`		`- *`
`49`	`47`	`* @deprecated since Symfony 7.3`
`50`	`48`	`*/`
	`49`	`+ #[\Deprecated(since: 'symfony/security-core 7.3')]`
`51`	`50`	`public function eraseCredentials(): void`
`52`	`51`	`{`
	`52`	`+ if (\PHP_VERSION_ID < 80400) {`
	`53`	`+ @trigger_error(\sprintf('Method %s::eraseCredentials() is deprecated since symfony/security-core 7.3', self::class), \E_USER_DEPRECATED);`
	`54`	`+ }`
`53`	`55`	`}`
`54`	`56`
`55`	`57`	`public function getAttributes(): array`
Original file line number	Diff line number	Diff line change
`@@ -119,6 +119,7 @@ public function getUserIdentifier(): string`
`119`	`119`	`{`
`120`	`120`	`}`
`121`	`121`
	`122`	`+ #[\Deprecated]`
`122`	`123`	`public function eraseCredentials(): void`
`123`	`124`	`{`
`124`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,12 @@ public function getRoles(): array`
`31`	`31`	`return $this->roles;`
`32`	`32`	`}`
`33`	`33`
	`34`	`+ public function getPassword(): ?string`
	`35`	`+ {`
	`36`	`+ return null;`
	`37`	`+ }`
	`38`	`+`
	`39`	`+ #[\Deprecated]`
`34`	`40`	`public function eraseCredentials(): void`
`35`	`41`	`{`
`36`	`42`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,11 +12,14 @@`
`12`	`12`	`namespace Symfony\Component\Security\Core\Tests\User;`
`13`	`13`
`14`	`14`	`use PHPUnit\Framework\TestCase;`
	`15`	`+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;`
`15`	`16`	`use Symfony\Component\Security\Core\User\InMemoryUser;`
`16`	`17`	`use Symfony\Component\Security\Core\User\UserInterface;`
`17`	`18`
`18`	`19`	`class InMemoryUserTest extends TestCase`
`19`	`20`	`{`
	`21`	`+ use ExpectDeprecationTrait;`
	`22`	`+`
`20`	`23`	`public function testConstructorException()`
`21`	`24`	`{`
`22`	`25`	`$this->expectException(\InvalidArgumentException::class);`
`@@ -59,6 +62,7 @@ public function testIsEnabled()`
`59`	`62`	`public function testEraseCredentials()`
`60`	`63`	`{`
`61`	`64`	`$user = new InMemoryUser('fabien', 'superpass');`
	`65`	`+ $this->expectDeprecation(\sprintf('%sMethod %s::eraseCredentials() is deprecated since symfony/security-core 7.3', \PHP_VERSION_ID >= 80400 ? 'Unsilenced deprecation: ' : '', InMemoryUser::class));`
`62`	`66`	`$user->eraseCredentials();`
`63`	`67`	`$this->assertEquals('superpass', $user->getPassword());`
`64`	`68`	`}`
Original file line number	Diff line number	Diff line change
`@@ -74,9 +74,15 @@ public function isEnabled(): bool`
`74`	`74`	`return $this->enabled;`
`75`	`75`	`}`
`76`	`76`
	`77`	`+ /**`
	`78`	`+ * @deprecated since Symfony 7.3`
	`79`	`+ */`
	`80`	`+ #[\Deprecated(since: 'symfony/security-core 7.3')]`
`77`	`81`	`public function eraseCredentials(): void`
`78`	`82`	`{`
`79`		`- trigger_deprecation('symfony/security-core', '7.3', sprintf('The "%s()" method is deprecated and will be removed in 8.0, use a DTO instead or implement your own erasing logic if needed.', __METHOD__));`
	`83`	`+ if (\PHP_VERSION_ID < 80400) {`
	`84`	`+ @trigger_error(\sprintf('Method %s::eraseCredentials() is deprecated since symfony/security-core 7.3', self::class), \E_USER_DEPRECATED);`
	`85`	`+ }`
`80`	`86`	`}`
`81`	`87`
`82`	`88`	`public function isEqualTo(UserInterface $user): bool`
Original file line number	Diff line number	Diff line change
`@@ -71,8 +71,15 @@ public function getUserIdentifier(): string`
`71`	`71`	`return (string) ($this->userIdentifier ?? $this->getSub());`
`72`	`72`	`}`
`73`	`73`
	`74`	`+ /**`
	`75`	`+ * @deprecated since Symfony 7.3`
	`76`	`+ */`
	`77`	`+ #[\Deprecated(since: 'symfony/security-core 7.3')]`
`74`	`78`	`public function eraseCredentials(): void`
`75`	`79`	`{`
	`80`	`+ if (\PHP_VERSION_ID < 80400) {`
	`81`	`+ @trigger_error(\sprintf('Method %s::eraseCredentials() is deprecated since symfony/security-core 7.3', self::class), \E_USER_DEPRECATED);`
	`82`	`+ }`
`76`	`83`	`}`
`77`	`84`
`78`	`85`	`public function getSub(): ?string`