[Security] Rename UserInterface::getUsername() to getUserIdentifier()

wouterj · chalasr · commit b61d4ef1ffd8 · 2021-03-28T22:24:55.000+02:00
diff --git a/Security/CheckLdapCredentialsListener.php b/Security/CheckLdapCredentialsListener.php
@@ -83,7 +83,8 @@ public function onCheckPassport(CheckPassportEvent $event)
                 } else {
                     throw new LogicException('Using the "query_string" config without using a "search_dn" and a "search_password" is not supported.');
                 }
-                $username = $ldap->escape($user->getUsername(), '', LdapInterface::ESCAPE_FILTER);
+                // @deprecated since 5.3, change to $user->getUserIdentifier() in 6.0
+                $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_FILTER);
                 $query = str_replace('{username}', $username, $ldapBadge->getQueryString());
                 $result = $ldap->query($ldapBadge->getDnString(), $query)->execute();
                 if (1 !== $result->count()) {
@@ -92,7 +93,8 @@ public function onCheckPassport(CheckPassportEvent $event)
 
                 $dn = $result[0]->getDn();
             } else {
-                $username = $ldap->escape($user->getUsername(), '', LdapInterface::ESCAPE_DN);
+                // @deprecated since 5.3, change to $user->getUserIdentifier() in 6.0
+                $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_DN);
                 $dn = str_replace('{username}', $username, $ldapBadge->getDnString());
             }
 
diff --git a/Security/LdapUser.php b/Security/LdapUser.php
@@ -75,6 +75,13 @@ public function getSalt(): ?string
      * {@inheritdoc}
      */
     public function getUsername(): string
+    {
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__);
+
+        return $this->username;
+    }
+
+    public function getUserIdentifier(): string
     {
         return $this->username;
     }
diff --git a/Security/LdapUserProvider.php b/Security/LdapUserProvider.php
@@ -17,7 +17,7 @@
 use Symfony\Component\Ldap\LdapInterface;
 use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
-use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
 use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -48,7 +48,7 @@ public function __construct(LdapInterface $ldap, string $baseDn, string $searchD
         }
 
         if (null === $filter) {
-            $filter = '({uid_key}={username})';
+            $filter = '({uid_key}={user_identifier})';
         }
 
         $this->ldap = $ldap;
@@ -66,15 +66,22 @@ public function __construct(LdapInterface $ldap, string $baseDn, string $searchD
      * {@inheritdoc}
      */
     public function loadUserByUsername(string $username)
+    {
+        trigger_deprecation('symfony/ldap', '5.3', 'Method "%s()" is deprecated, use loadUserByIdentifier() instead.', __METHOD__);
+
+        return $this->loadUserByIdentifier($username);
+    }
+
+    public function loadUserByIdentifier(string $identifier): UserInterface
     {
         try {
             $this->ldap->bind($this->searchDn, $this->searchPassword);
-            $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
-            $query = str_replace('{username}', $username, $this->defaultSearch);
+            $identifier = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER);
+            $query = str_replace(['{username}', '{user_identifier}'], $identifier, $this->defaultSearch);
             $search = $this->ldap->query($this->baseDn, $query);
         } catch (ConnectionException $e) {
-            $e = new UsernameNotFoundException(sprintf('User "%s" not found.', $username), 0, $e);
-            $e->setUsername($username);
+            $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier), 0, $e);
+            $e->setUserIdentifier($identifier);
 
             throw $e;
         }
@@ -83,15 +90,15 @@ public function loadUserByUsername(string $username)
         $count = \count($entries);
 
         if (!$count) {
-            $e = new UsernameNotFoundException(sprintf('User "%s" not found.', $username));
-            $e->setUsername($username);
+            $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier));
+            $e->setUserIdentifier($identifier);
 
             throw $e;
         }
 
         if ($count > 1) {
-            $e = new UsernameNotFoundException('More than one user found.');
-            $e->setUsername($username);
+            $e = new UserNotFoundException('More than one user found.');
+            $e->setUserIdentifier($identifier);
 
             throw $e;
         }
@@ -100,12 +107,12 @@ public function loadUserByUsername(string $username)
 
         try {
             if (null !== $this->uidKey) {
-                $username = $this->getAttributeValue($entry, $this->uidKey);
+                $identifier = $this->getAttributeValue($entry, $this->uidKey);
             }
         } catch (InvalidArgumentException $e) {
         }
 
-        return $this->loadUser($username, $entry);
+        return $this->loadUser($identifier, $entry);
     }
 
     /**
@@ -117,7 +124,7 @@ public function refreshUser(UserInterface $user)
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
         }
 
-        return new LdapUser($user->getEntry(), $user->getUsername(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());
+        return new LdapUser($user->getEntry(), $user->getUserIdentifier(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());
     }
 
     /**
@@ -157,7 +164,7 @@ public function supportsClass(string $class)
      *
      * @return UserInterface
      */
-    protected function loadUser(string $username, Entry $entry)
+    protected function loadUser(string $identifier, Entry $entry)
     {
         $password = null;
         $extraFields = [];
@@ -170,7 +177,7 @@ protected function loadUser(string $username, Entry $entry)
             $extraFields[$field] = $this->getAttributeValue($entry, $field);
         }
 
-        return new LdapUser($entry, $username, $password, $this->defaultRoles, $extraFields);
+        return new LdapUser($entry, $identifier, $password, $this->defaultRoles, $extraFields);
     }
 
     private function getAttributeValue(Entry $entry, string $attribute)
diff --git a/Tests/Security/LdapUserProviderTest.php b/Tests/Security/LdapUserProviderTest.php
@@ -20,7 +20,7 @@
 use Symfony\Component\Ldap\Security\LdapUser;
 use Symfony\Component\Ldap\Security\LdapUserProvider;
 use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
-use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
 
 /**
  * @requires extension ldap
@@ -29,7 +29,7 @@ class LdapUserProviderTest extends TestCase
 {
     public function testLoadUserByUsernameFailsIfCantConnectToLdap()
     {
-        $this->expectException(UsernameNotFoundException::class);
+        $this->expectException(UserNotFoundException::class);
 
         $ldap = $this->createMock(LdapInterface::class);
         $ldap
@@ -39,12 +39,12 @@ public function testLoadUserByUsernameFailsIfCantConnectToLdap()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');
-        $provider->loadUserByUsername('foo');
+        $provider->loadUserByIdentifier('foo');
     }
 
     public function testLoadUserByUsernameFailsIfNoLdapEntries()
     {
-        $this->expectException(UsernameNotFoundException::class);
+        $this->expectException(UserNotFoundException::class);
 
         $result = $this->createMock(CollectionInterface::class);
         $query = $this->createMock(QueryInterface::class);
@@ -71,12 +71,12 @@ public function testLoadUserByUsernameFailsIfNoLdapEntries()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');
-        $provider->loadUserByUsername('foo');
+        $provider->loadUserByIdentifier('foo');
     }
 
     public function testLoadUserByUsernameFailsIfMoreThanOneLdapEntry()
     {
-        $this->expectException(UsernameNotFoundException::class);
+        $this->expectException(UserNotFoundException::class);
 
         $result = $this->createMock(CollectionInterface::class);
         $query = $this->createMock(QueryInterface::class);
@@ -103,7 +103,7 @@ public function testLoadUserByUsernameFailsIfMoreThanOneLdapEntry()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');
-        $provider->loadUserByUsername('foo');
+        $provider->loadUserByIdentifier('foo');
     }
 
     public function testLoadUserByUsernameFailsIfMoreThanOneLdapPasswordsInEntry()
@@ -144,7 +144,7 @@ public function testLoadUserByUsernameFailsIfMoreThanOneLdapPasswordsInEntry()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword');
-        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));
+        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));
     }
 
     public function testLoadUserByUsernameShouldNotFailIfEntryHasNoUidKeyAttribute()
@@ -180,7 +180,7 @@ public function testLoadUserByUsernameShouldNotFailIfEntryHasNoUidKeyAttribute()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})');
-        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));
+        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));
     }
 
     public function testLoadUserByUsernameFailsIfEntryHasNoPasswordAttribute()
@@ -218,7 +218,7 @@ public function testLoadUserByUsernameFailsIfEntryHasNoPasswordAttribute()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword');
-        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));
+        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));
     }
 
     public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttribute()
@@ -254,7 +254,7 @@ public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttribute()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');
-        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));
+        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));
     }
 
     public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttributeAndWrongCase()
@@ -290,7 +290,7 @@ public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttributeAndWro
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');
-        $this->assertSame('foo', $provider->loadUserByUsername('Foo')->getUsername());
+        $this->assertSame('foo', $provider->loadUserByIdentifier('Foo')->getUserIdentifier());
     }
 
     public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()
@@ -330,7 +330,7 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()
         ;
 
         $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword', ['email']);
-        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));
+        $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));
     }
 
     public function testRefreshUserShouldReturnUserWithSameProperties()

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,13 @@ public function getSalt(): ?string`
`75`	`75`	`* {@inheritdoc}`
`76`	`76`	`*/`
`77`	`77`	`public function getUsername(): string`
	`78`	`+ {`
	`79`	`+ trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__);`
	`80`	`+`
	`81`	`+ return $this->username;`
	`82`	`+ }`
	`83`	`+`
	`84`	`+ public function getUserIdentifier(): string`
`78`	`85`	`{`
`79`	`86`	`return $this->username;`
`80`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`use Symfony\Component\Ldap\Security\LdapUser;`
`21`	`21`	`use Symfony\Component\Ldap\Security\LdapUserProvider;`
`22`	`22`	`use Symfony\Component\Security\Core\Exception\InvalidArgumentException;`
`23`		`-use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;`
	`23`	`+use Symfony\Component\Security\Core\Exception\UserNotFoundException;`
`24`	`24`
`25`	`25`	`/**`
`26`	`26`	`* @requires extension ldap`
`@@ -29,7 +29,7 @@ class LdapUserProviderTest extends TestCase`
`29`	`29`	`{`
`30`	`30`	`public function testLoadUserByUsernameFailsIfCantConnectToLdap()`
`31`	`31`	`{`
`32`		`- $this->expectException(UsernameNotFoundException::class);`
	`32`	`+ $this->expectException(UserNotFoundException::class);`
`33`	`33`
`34`	`34`	`$ldap = $this->createMock(LdapInterface::class);`
`35`	`35`	`$ldap`
`@@ -39,12 +39,12 @@ public function testLoadUserByUsernameFailsIfCantConnectToLdap()`
`39`	`39`	`;`
`40`	`40`
`41`	`41`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');`
`42`		`- $provider->loadUserByUsername('foo');`
	`42`	`+ $provider->loadUserByIdentifier('foo');`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`public function testLoadUserByUsernameFailsIfNoLdapEntries()`
`46`	`46`	`{`
`47`		`- $this->expectException(UsernameNotFoundException::class);`
	`47`	`+ $this->expectException(UserNotFoundException::class);`
`48`	`48`
`49`	`49`	`$result = $this->createMock(CollectionInterface::class);`
`50`	`50`	`$query = $this->createMock(QueryInterface::class);`
`@@ -71,12 +71,12 @@ public function testLoadUserByUsernameFailsIfNoLdapEntries()`
`71`	`71`	`;`
`72`	`72`
`73`	`73`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');`
`74`		`- $provider->loadUserByUsername('foo');`
	`74`	`+ $provider->loadUserByIdentifier('foo');`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`public function testLoadUserByUsernameFailsIfMoreThanOneLdapEntry()`
`78`	`78`	`{`
`79`		`- $this->expectException(UsernameNotFoundException::class);`
	`79`	`+ $this->expectException(UserNotFoundException::class);`
`80`	`80`
`81`	`81`	`$result = $this->createMock(CollectionInterface::class);`
`82`	`82`	`$query = $this->createMock(QueryInterface::class);`
`@@ -103,7 +103,7 @@ public function testLoadUserByUsernameFailsIfMoreThanOneLdapEntry()`
`103`	`103`	`;`
`104`	`104`
`105`	`105`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');`
`106`		`- $provider->loadUserByUsername('foo');`
	`106`	`+ $provider->loadUserByIdentifier('foo');`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`public function testLoadUserByUsernameFailsIfMoreThanOneLdapPasswordsInEntry()`
`@@ -144,7 +144,7 @@ public function testLoadUserByUsernameFailsIfMoreThanOneLdapPasswordsInEntry()`
`144`	`144`	`;`
`145`	`145`
`146`	`146`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword');`
`147`		`- $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));`
	`147`	`+ $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));`
`148`	`148`	`}`
`149`	`149`
`150`	`150`	`public function testLoadUserByUsernameShouldNotFailIfEntryHasNoUidKeyAttribute()`
`@@ -180,7 +180,7 @@ public function testLoadUserByUsernameShouldNotFailIfEntryHasNoUidKeyAttribute()`
`180`	`180`	`;`
`181`	`181`
`182`	`182`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})');`
`183`		`- $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));`
	`183`	`+ $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));`
`184`	`184`	`}`
`185`	`185`
`186`	`186`	`public function testLoadUserByUsernameFailsIfEntryHasNoPasswordAttribute()`
`@@ -218,7 +218,7 @@ public function testLoadUserByUsernameFailsIfEntryHasNoPasswordAttribute()`
`218`	`218`	`;`
`219`	`219`
`220`	`220`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword');`
`221`		`- $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));`
	`221`	`+ $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));`
`222`	`222`	`}`
`223`	`223`
`224`	`224`	`public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttribute()`
`@@ -254,7 +254,7 @@ public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttribute()`
`254`	`254`	`;`
`255`	`255`
`256`	`256`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');`
`257`		`- $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));`
	`257`	`+ $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));`
`258`	`258`	`}`
`259`	`259`
`260`	`260`	`public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttributeAndWrongCase()`
`@@ -290,7 +290,7 @@ public function testLoadUserByUsernameIsSuccessfulWithoutPasswordAttributeAndWro`
`290`	`290`	`;`
`291`	`291`
`292`	`292`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com');`
`293`		`- $this->assertSame('foo', $provider->loadUserByUsername('Foo')->getUsername());`
	`293`	`+ $this->assertSame('foo', $provider->loadUserByIdentifier('Foo')->getUserIdentifier());`
`294`	`294`	`}`
`295`	`295`
`296`	`296`	`public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()`
`@@ -330,7 +330,7 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()`
`330`	`330`	`;`
`331`	`331`
`332`	`332`	`$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword', ['email']);`
`333`		`- $this->assertInstanceOf(LdapUser::class, $provider->loadUserByUsername('foo'));`
	`333`	`+ $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));`
`334`	`334`	`}`
`335`	`335`
`336`	`336`	`public function testRefreshUserShouldReturnUserWithSameProperties()`