Merge branch 'master' into 2.0

Commits: * 0906948 Depreciate injection of Request instances (lexik#200) (@chalasr) Conflicts: Event/AuthenticationSuccessEvent.php Security/Http/Authentication/AuthenticationFailureHandler.php Security/Http/Authentication/AuthenticationSuccessHandler.php Services/JWTManager.php
chalasr · Jul 25, 2016 · b9fbed9 · b9fbed9
2 parents 7a84f54 + 0906948
commit b9fbed9
Show file tree

Hide file tree

Showing 12 changed files with 126 additions and 40 deletions.
diff --git a/Event/AuthenticationFailureEvent.php b/Event/AuthenticationFailureEvent.php
@@ -17,6 +17,8 @@ class AuthenticationFailureEvent extends Event
 {
     /**
      * @var Request
+     *
+     * @deprecated since 1.7, removed in 2.0
      */
     protected $request;
 
@@ -31,22 +33,33 @@ class AuthenticationFailureEvent extends Event
     protected $response;
 
     /**
-     * @param Request                 $request
+     * @param Request|null            $request   Deprecated
      * @param AuthenticationException $exception
      * @param Response                $response
      */
-    public function __construct(Request $request, AuthenticationException $exception, Response $response)
+    public function __construct(Request $request = null, AuthenticationException $exception, Response $response)
     {
-        $this->request   = $request;
+        if (null !== $request && class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Passing a Request instance as first argument of %s() is deprecated since version 1.7 and will be removed in 2.0.%sInject the "@request_stack" service in your event listener instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+
+            $this->request = $request;
+        }
+
         $this->exception = $exception;
         $this->response  = $response;
     }
 
     /**
+     * @deprecated since 1.7, removed in 2.0
+     *
      * @return Request
      */
     public function getRequest()
     {
+        if (class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Method %s() is deprecated since version 1.7 and will be removed in 2.0.%sUse  Symfony\Component\HttpFoundation\RequestStack::getCurrentRequest() instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+        }
+
         return $this->request;
     }
 

diff --git a/Event/AuthenticationSuccessEvent.php b/Event/AuthenticationSuccessEvent.php
@@ -26,6 +26,8 @@ class AuthenticationSuccessEvent extends Event
 
     /**
      * @var Request
+     *
+     * @deprecated since 1.7, removed in 2.0
      */
     protected $request;
 
@@ -37,14 +39,20 @@ class AuthenticationSuccessEvent extends Event
     /**
      * @param array         $data
      * @param UserInterface $user
-     * @param Request       $request
+     * @param Request|null  $request Deprecated
      * @param Response      $response
      */
-    public function __construct(array $data, UserInterface $user, Request $request, Response $response)
+    public function __construct(array $data, UserInterface $user, Request $request = null, Response $response)
     {
-        $this->data     = $data;
-        $this->user     = $user;
-        $this->request  = $request;
+        if (null !== $request && class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Passing a Request instance as first argument of %s() is deprecated since version 1.7 and will be removed in 2.0.%sInject the "@request_stack" service in your event listener instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+
+            $this->request = $request;
+        }
+
+        $this->data = $data;
+        $this->user = $user;
+        $this->request = $request;
         $this->response = $response;
     }
 
@@ -73,10 +81,16 @@ public function getUser()
     }
 
     /**
+     * @deprecated since 1.7, removed in 2.0
+     *
      * @return Request
      */
     public function getRequest()
     {
+        if (class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Method %s() is deprecated since version 1.7 and will be removed in 2.0.%sUse  Symfony\Component\HttpFoundation\RequestStack::getCurrentRequest() instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+        }
+
         return $this->request;
     }
 

diff --git a/Event/JWTAuthenticatedEvent.php b/Event/JWTAuthenticatedEvent.php
@@ -20,12 +20,7 @@ class JWTAuthenticatedEvent extends Event
      * @var TokenInterface
      */
     protected $token;
-
-    /**
-     * @var Request
-     */
-    protected $request;
-
+
     /**
      * @param array          $payload
      * @param TokenInterface $token

diff --git a/Event/JWTCreatedEvent.php b/Event/JWTCreatedEvent.php
@@ -23,19 +23,26 @@ class JWTCreatedEvent extends Event
 
     /**
      * @var Request
+     *
+     * @deprecated since 1.7, removed in 2.0
      */
     protected $request;
 
     /**
      * @param array         $data
      * @param UserInterface $user
-     * @param Request       $request
+     * @param Request|null  $request Deprecated
      */
     public function __construct(array $data, UserInterface $user, Request $request = null)
     {
-        $this->data    = $data;
-        $this->user    = $user;
-        $this->request = $request;
+        if (null !== $request && class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Passing a Request instance as first argument of %s() is deprecated since version 1.7 and will be removed in 2.0.%sInject the "@request_stack" service in your event listener instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+
+            $this->request = $request;
+        }
+
+        $this->data = $data;
+        $this->user = $user;
     }
 
     /**
@@ -63,10 +70,16 @@ public function getUser()
     }
 
     /**
+     * @deprecated since 1.7, removed in 2.0
+     *
      * @return Request
      */
     public function getRequest()
     {
+        if (class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Method %s() is deprecated since version 1.7 and will be removed in 2.0.%sUse  Symfony\Component\HttpFoundation\RequestStack::getCurrentRequest() instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+        }
+
         return $this->request;
     }
 }
diff --git a/Event/JWTDecodedEvent.php b/Event/JWTDecodedEvent.php
@@ -19,6 +19,8 @@ class JWTDecodedEvent extends Event
 
     /**
      * @var Request
+     *
+     * @deprecated since 1.7, removed in 2.0
      */
     protected $request;
 
@@ -28,13 +30,18 @@ class JWTDecodedEvent extends Event
     protected $isValid;
 
     /**
-     * @param array   $payload
-     * @param Request $request
+     * @param array        $payload
+     * @param Request|null $request Deprecated
      */
     public function __construct(array $payload, Request $request = null)
     {
+        if (null !== $request && class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Passing a Request instance as first argument of %s() is deprecated since version 1.7 and will be removed in 2.0.%sInject the "@request_stack" service in your event listener instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+
+            $this->request = $request;
+        }
+
         $this->payload = $payload;
-        $this->request = $request;
         $this->isValid = true;
     }
 
@@ -47,10 +54,16 @@ public function getPayload()
     }
 
     /**
+     * @deprecated since 1.7, removed in 2.0
+     *
      * @return Request
      */
     public function getRequest()
     {
+        if (class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Method %s() is deprecated since version 1.7 and will be removed in 2.0.%sUse  Symfony\Component\HttpFoundation\RequestStack::getCurrentRequest() instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+        }
+
         return $this->request;
     }
 

diff --git a/Event/JWTFailureEventInterface.php b/Event/JWTFailureEventInterface.php
@@ -19,6 +19,8 @@ interface JWTFailureEventInterface
     public function getResponse();
 
     /**
+     * @deprecated since 1.7, removed in 2.0
+     *
      * @return Request
      */
     public function getRequest();

diff --git a/Event/JWTNotFoundEvent.php b/Event/JWTNotFoundEvent.php
@@ -15,13 +15,18 @@
 class JWTNotFoundEvent extends AuthenticationFailureEvent implements JWTFailureEventInterface
 {
     /**
-     * @param Request                      $request
+     * @param Request|null                 $request   Deprecated
      * @param AuthenticationException|null $exception
      * @param Response|null                $response
      */
-    public function __construct(Request $request, AuthenticationException $exception = null, Response $response = null)
+    public function __construct(Request $request = null, AuthenticationException $exception = null, Response $response = null)
     {
-        $this->request   = $request;
+        if (null !== $request && class_exists('Symfony\Component\HttpFoundation\RequestStack')) {
+            @trigger_error(sprintf('Passing a Request instance as first argument of %s() is deprecated since version 1.7 and will be removed in 2.0.%sInject the "@request_stack" service in your event listener instead.', __METHOD__, PHP_EOL), E_USER_DEPRECATED);
+
+            $this->request = $request;
+        }
+
         $this->exception = $exception;
         $this->response  = $response;
     }

diff --git a/Resources/doc/2-data-customization.md b/Resources/doc/2-data-customization.md
@@ -13,6 +13,7 @@ but you can add your own data.
 services:
     acme_api.event.jwt_created_listener:
         class: Acme\Bundle\ApiBundle\EventListener\JWTCreatedListener
+        arguments: [ '@request_stack' ] # Symfony 2.4+
         tags:
             - { name: kernel.event_listener, event: lexik_jwt_authentication.on_jwt_created, method: onJWTCreated }
 ```
@@ -21,18 +22,38 @@ Example 1 : add client ip to the encoded payload
 
 ``` php
 // Acme\Bundle\ApiBundle\EventListener\JWTCreatedListener.php
+
+use Symfony\Component\HttpFoundation\RequestStack;
+
 class JWTCreatedListener
 {
+    /**
+     * @var RequestStack
+     */
+    private $requestStack;
+
+    /**
+     * @param RequestStack $requestStack
+     */
+    public function __construct(RequestStack $requestStack)
+    {
+        $this->requestStack = $requestStack;
+    }
+
+    // ...
+
     /**
      * @param JWTCreatedEvent $event
      *
      * @return void
      */
     public function onJWTCreated(JWTCreatedEvent $event)
     {
-        if (!($request = $event->getRequest())) {
-            return;
-        }
+        // Symfony < 2.4
+        $request = $event->getRequest();
+
+        // Symfony 2.4+
+        $request = $this->requestStack->getCurrentRequest();
 
         $payload       = $event->getData();
         $payload['ip'] = $request->getClientIp();
@@ -47,7 +68,7 @@ Example 2 : override token expiration date calcul to be more flexible
 ``` php
 // Acme\Bundle\ApiBundle\EventListener\JWTCreatedListener.php
 class JWTCreatedListener
-{
+{  
     /**
      * @param JWTCreatedEvent $event
      *
@@ -75,6 +96,7 @@ You can access the jwt payload once it has been decoded to perform you own addit
 services:
     acme_api.event.jwt_decoded_listener:
         class: Acme\Bundle\ApiBundle\EventListener\JWTDecodedListener
+        arguments: [ '@request_stack' ] # Symfony 2.4+
         tags:
             - { name: kernel.event_listener, event: lexik_jwt_authentication.on_jwt_decoded, method: onJWTDecoded }
 ```
@@ -85,19 +107,22 @@ Example 3 : check client ip the decoded payload (from example 1)
 // Acme\Bundle\ApiBundle\EventListener\JWTDecodedListener.php
 class JWTDecodedListener
 {
+    // ...
+
     /**
      * @param JWTDecodedEvent $event
      *
      * @return void
      */
     public function onJWTDecoded(JWTDecodedEvent $event)
     {
-        if (!($request = $event->getRequest())) {
-            return;
-        }
-
-        $payload = $event->getPayload();
+        // Symfony < 2.4
         $request = $event->getRequest();
+
+        // Symfony 2.4+
+        $request = $this->requestStack->getCurrentRequest();
+
+        $payload = $event->getPayload();
 
         if (!isset($payload['ip']) || $payload['ip'] !== $request->getClientIp()) {
             $event->markAsInvalid();

diff --git a/Security/Firewall/JWTListener.php b/Security/Firewall/JWTListener.php
@@ -70,10 +70,12 @@ public function __construct(
      */
     public function handle(GetResponseEvent $event)
     {
+        // Ensure backward compatibility for Symfony < 2.8
         $request = $event->getRequest();
+        $hasRequestStack = class_exists('Symfony\Component\HttpFoundation\RequestStack');
 
         if (!$requestToken = $this->getRequestToken($request)) {
-            $jwtNotFoundEvent = new JWTNotFoundEvent($request);
+            $jwtNotFoundEvent = new JWTNotFoundEvent($hasRequestStack ? null : $request);
             $this->dispatcher->dispatch(Events::JWT_NOT_FOUND, $jwtNotFoundEvent);
 
             if ($response = $jwtNotFoundEvent->getResponse()) {
@@ -98,7 +100,7 @@ public function handle(GetResponseEvent $event)
 
             $response = new JWTAuthenticationFailureResponse($failed->getMessage());
 
-            $jwtInvalidEvent = new JWTInvalidEvent($request, $failed, $response);
+            $jwtInvalidEvent = new JWTInvalidEvent($hasRequestStack ? null : $request, $failed, $response);
             $this->dispatcher->dispatch(Events::JWT_INVALID, $jwtInvalidEvent);
 
             $event->setResponse($jwtInvalidEvent->getResponse());

diff --git a/Security/Http/Authentication/AuthenticationFailureHandler.php b/Security/Http/Authentication/AuthenticationFailureHandler.php
@@ -35,7 +35,7 @@ public function __construct(EventDispatcherInterface $dispatcher)
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
     {
-        $event = new AuthenticationFailureEvent($request, $exception, new JWTAuthenticationFailureResponse());
+        $event = new AuthenticationFailureEvent(null, $exception, new JWTAuthenticationFailureResponse());
 
         $this->dispatcher->dispatch(Events::AUTHENTICATION_FAILURE, $event);
 

diff --git a/Security/Http/Authentication/AuthenticationSuccessHandler.php b/Security/Http/Authentication/AuthenticationSuccessHandler.php
@@ -46,8 +46,7 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token)
         $user     = $token->getUser();
         $jwt      = $this->jwtManager->create($user);
         $response = new JWTAuthenticationSuccessResponse($jwt);
-        $event    = new AuthenticationSuccessEvent(['token' => $jwt], $user, $request, $response);
-
+        $event    = new AuthenticationSuccessEvent(['token' => $jwt], $user, null, $response);
         $this->dispatcher->dispatch(Events::AUTHENTICATION_SUCCESS, $event);
         $response->setData($event->getData());
 

diff --git a/Services/JWTManager.php b/Services/JWTManager.php
@@ -74,7 +74,12 @@ public function create(UserInterface $user)
 
         $this->addUserIdentityToPayload($user, $payload);
 
-        $jwtCreatedEvent = new JWTCreatedEvent($payload, $user, $this->getRequest());
+        $jwtCreatedEvent = new JWTCreatedEvent(
+            $payload,
+            $user,
+            // Ensure backward compatibility for Symfony < 2.8
+            class_exists('Symfony\Component\HttpFoundation\RequestStack') ? null : $this->request
+        );
         $this->dispatcher->dispatch(Events::JWT_CREATED, $jwtCreatedEvent);
 
         $jwtString = $this->jwtEncoder->encode($jwtCreatedEvent->getData());
@@ -94,7 +99,7 @@ public function decode(TokenInterface $token)
             return false;
         }
 
-        $event = new JWTDecodedEvent($payload, $this->getRequest());
+        $event = new JWTDecodedEvent($payload, class_exists('Symfony\Component\HttpFoundation\RequestStack') ? null : $this->request);
         $this->dispatcher->dispatch(Events::JWT_DECODED, $event);
 
         if (!$event->isValid()) {