From b612a045cfbbbaafa39eb69f9e89850c50ad6c98 Mon Sep 17 00:00:00 2001 From: Robin de Rooij Date: Sun, 18 Feb 2024 18:40:16 +0100 Subject: [PATCH] Fix security deprecations --- config/packages/security.yaml | 15 +++++++-------- src/Entity/Member.php | 9 ++++++++- src/Security/IdOrEmailMemberProvider.php | 2 +- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/config/packages/security.yaml b/config/packages/security.yaml index ae7dbd8..a3d8c17 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -1,7 +1,7 @@ security: + enable_authenticator_manager: true password_hashers: - App\Entity\Member: - algorithm: auto + Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface: 'auto' # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: @@ -14,7 +14,6 @@ security: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: - anonymous: true lazy: true provider: app_user_provider form_login: @@ -22,7 +21,7 @@ security: check_path: login default_target_path: member_home always_use_default_target_path: true - csrf_token_generator: security.csrf.token_manager + enable_csrf: true logout: path: logout @@ -35,13 +34,13 @@ security: # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - - { path: ^/login$, roles: IS_ANONYMOUS } + - { path: ^/login$, roles: PUBLIC_ACCESS } - { path: ^/steunlid-worden(/|$), roles: IS_AUTHENTICATED_ANONYMOUSLY } - - { path: ^/wachtwoord-opvragen$, roles: IS_ANONYMOUS } - - { path: ^/wachtwoord-instellen/.+$, roles: IS_ANONYMOUS } + - { path: ^/wachtwoord-opvragen$, roles: PUBLIC_ACCESS } + - { path: ^/wachtwoord-instellen/.+$, roles: PUBLIC_ACCESS } - { path: ^/aanmelden$, roles: [IS_AUTHENTICATED_ANONYMOUSLY] } - { path: ^/aanmelden/.*$, roles: [IS_AUTHENTICATED_ANONYMOUSLY] } - - { path: ^/api/.+$, roles: IS_ANONYMOUS } + - { path: ^/api/.+$, roles: PUBLIC_ACCESS } - { path: ^/admin$, roles: [ROLE_ADMIN, ROLE_DIVISION_CONTACT] } - { path: '^/auth/check_admin'} - { path: '^', roles: ROLE_USER } diff --git a/src/Entity/Member.php b/src/Entity/Member.php index 11804d4..e3b7b6d 100644 --- a/src/Entity/Member.php +++ b/src/Entity/Member.php @@ -7,13 +7,14 @@ use Symfony\Component\Validator\Constraints as Assert; use DateTime; use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; use App\Repository\MemberRepository; /** * @ORM\Entity * @ORM\Table("admin_member") */ -class Member implements UserInterface { +class Member implements UserInterface, PasswordAuthenticatedUserInterface { const PERIOD_MONTHLY = 0; const PERIOD_QUARTERLY = 1; @@ -293,6 +294,12 @@ public function getManagingEmails(): Collection { /** @see UserInterface */ public function getUsername(): string { return $this->id; } + /** @see UserInterface */ + public function getUserIdentifier(): string + { + return $this->getUsername(); + } + /** @see UserInterface */ public function getRoles(): array { $roles = $this->roles; diff --git a/src/Security/IdOrEmailMemberProvider.php b/src/Security/IdOrEmailMemberProvider.php index 415bc97..16bc870 100644 --- a/src/Security/IdOrEmailMemberProvider.php +++ b/src/Security/IdOrEmailMemberProvider.php @@ -16,7 +16,7 @@ public function __construct(EntityManagerInterface $entityManager) { $this->entityManager = $entityManager; } - public function loadUserByUsername(string $usernameOrEmail) { + public function loadUserByUsername(string $usernameOrEmail): UserInterface { $user = $this->entityManager->createQuery('SELECT m FROM App\Entity\Member m WHERE m.id = ?1 OR m.email = ?1') ->setParameter(1, $usernameOrEmail) ->getOneOrNullResult()