Deprecation: Returning a string from "getSalt()" without implementing the LegacyPasswordAuthenticatedUserInterface

piddubnij commented 1 year ago

Environment

Sonata packages

show

``` $ composer show --latest 'sonata-project/*' Direct dependencies required in composer.json: sonata-project/admin-bundle 4.25.0 4.25.0 The missing Symfony Admin Generator sonata-project/doctrine-orm-admin-bundle 4.13.0 4.13.0 Integrate Doctrine ORM into the SonataAdminBundle sonata-project/user-bundle 5.9.0 5.9.0 Symfony SonataUserBundle Transitive dependencies not required in composer.json: sonata-project/block-bundle 4.21.0 4.21.0 Symfony SonataBlockBundle sonata-project/cache 2.2.0 2.2.0 Cache library Package sonata-project/cache is abandoned, you should avoid using it. No replacement was suggested. sonata-project/doctrine-extensions 2.3.0 2.3.0 Doctrine2 behavioral extensions sonata-project/exporter 3.1.1 3.1.1 Lightweight Exporter library ```

Symfony packages

show

``` $ composer show --latest 'symfony/*' Direct dependencies symfony/asset symfony/browser-kit symfony/console symfony/css-selector symfony/debug-bundle symfony/dotenv symfony/expression-language symfony/filesystem symfony/finder symfony/flex symfony/form symfony/framework-bundle symfony/http-client symfony/intl symfony/mailer symfony/maker-bundle symfony/monolog-bundle symfony/phpunit-bridge symfony/process symfony/property-access symfony/property-info symfony/runtime symfony/security-bundle symfony/serializer symfony/stopwatch symfony/translation symfony/twig-bundle symfony/validator symfony/web-link symfony/web-profiler-bundle symfony/webpack-encore-bundle symfony/yaml Transitive dependencies symfony/cache symfony/cache-contracts symfony/config symfony/dependency-injection symfony/deprecation-contracts symfony/doctrine-bridge symfony/dom-crawler symfony/error-handler symfony/event-dispatcher symfony/event-dispatcher-contracts symfony/http-client-contracts symfony/http-foundation symfony/http-kernel symfony/mime symfony/monolog-bridge symfony/options-resolver symfony/password-hasher symfony/polyfill-intl-grapheme symfony/polyfill-intl-icu symfony/polyfill-intl-idn symfony/polyfill-intl-normalizer symfony/polyfill-mbstring symfony/polyfill-php72 symfony/polyfill-php73 symfony/polyfill-php80 symfony/polyfill-php81 symfony/routing symfony/security-acl symfony/security-core symfony/security-csrf symfony/security-guard symfony/security-http symfony/service-contracts symfony/string symfony/translation-contracts symfony/twig-bridge symfony/var-dumper symfony/var-exporter ``` required in composer.json: v5.4.21 v6.3.0 Manages URL generation and versioning of web assets such as CSS stylesheets, JavaScript files and image files v5.4.21 v6.3.0 Simulates the behavior of a web browser, allowing you to make requests, click on links and submit forms programmatically v5.4.24 v6.3.0 Eases the creation of beautiful and testable command line interfaces v5.4.21 v6.3.0 Converts CSS selectors to XPath expressions v5.4.21 v6.3.0 Provides a tight integration of the Symfony VarDumper component and the ServerLogCommand from MonologBridge into the Symfony full-stack framework v5.4.22 v6.3.0 Registers environment variables from a .env file v5.4.21 v6.3.0 Provides an engine that can compile and evaluate expressions v5.4.23 v6.3.0 Provides basic utilities for the filesystem v5.4.21 v6.3.0 Finds files and directories via an intuitive fluent interface v1.20.0 v2.3.1 Composer plugin for Symfony v5.4.24 v6.3.0 Allows to easily create, process and reuse HTML forms v5.4.24 v6.3.0 Provides a tight integration between Symfony components and the Symfony full-stack framework v5.4.24 v6.3.0 Provides powerful methods to fetch HTTP resources synchronously or asynchronously v5.4.23 v6.3.0 Provides a PHP replacement layer for the C intl extension that includes additional data from the ICU library v5.4.22 v6.3.0 Helps sending emails v1.49.0 v1.49.0 Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code. v3.8.0 v3.8.0 Symfony MonologBundle v6.3.0 v6.3.0 Provides utilities for PHPUnit, especially user deprecation notices management v5.4.24 v6.3.0 Executes commands in sub-processes v5.4.22 v6.3.0 Provides functions to read and write from/to an object or array using a simple string notation v5.4.24 v6.3.0 Extracts information about PHP class' properties using metadata of popular sources v5.4.22 v6.3.0 Enables decoupling PHP applications from global state v5.4.22 v6.3.0 Provides a tight integration of the Security component into the Symfony full-stack framework v5.4.24 v6.3.0 Handles serializing and deserializing data structures, including object graphs, into array structures or other formats like XML and JSON. v5.4.21 v6.3.0 Provides a way to profile code v5.4.24 v6.3.0 Provides tools to internationalize your application v5.4.21 v6.3.0 Provides a tight integration of Twig into the Symfony full-stack framework v5.4.24 v6.3.0 Provides tools to validate values v5.4.21 v6.3.0 Manages links between resources v5.4.24 v6.3.0 Provides a development tool that gives detailed information about the execution of any request v1.17.1 v2.0.1 Integration with your Symfony app & Webpack Encore! v5.4.23 v6.3.0 Loads and dumps YAML files not required in composer.json: v5.4.23 v6.3.0 Provides extended PSR-6, PSR-16 (and tags) implementations v2.5.2 v3.3.0 Generic abstractions related to caching v5.4.21 v6.3.0 Helps you find, load, combine, autofill and validate configuration values of any kind v5.4.24 v6.3.0 Allows you to standardize and centralize the way objects are constructed in your application v3.3.0 v3.3.0 A generic function and convention to trigger deprecation notices v5.4.24 v6.3.0 Provides integration for Doctrine with various Symfony components v5.4.23 v6.3.0 Eases DOM navigation for HTML and XML documents v5.4.24 v6.3.0 Provides tools to manage errors and ease debugging PHP code v5.4.22 v6.3.0 Provides tools that allow your application components to communicate with each other by dispatching events and listening to them v3.3.0 v3.3.0 Generic abstractions related to dispatching event v2.5.2 v3.3.0 Generic abstractions related to HTTP clients v5.4.24 v6.3.0 Defines an object-oriented layer for the HTTP specification v5.4.24 v6.3.0 Provides a structured process for converting a Request into a Response v5.4.23 v6.3.0 Allows manipulating MIME messages v5.4.22 v6.3.0 Provides integration for Monolog with various Symfony components v5.4.21 v6.3.0 Provides an improved replacement for the array_replace PHP function v5.4.21 v6.3.0 Provides password hashing utilities v1.27.0 v1.27.0 Symfony polyfill for intl's grapheme_* functions v1.27.0 v1.27.0 Symfony polyfill for intl's ICU-related data and classes v1.27.0 v1.27.0 Symfony polyfill for intl's idn_to_ascii and idn_to_utf8 functions v1.27.0 v1.27.0 Symfony polyfill for intl's Normalizer class and related functions v1.27.0 v1.27.0 Symfony polyfill for the Mbstring extension v1.27.0 v1.27.0 Symfony polyfill backporting some PHP 7.2+ features to lower PHP versions v1.27.0 v1.27.0 Symfony polyfill backporting some PHP 7.3+ features to lower PHP versions v1.27.0 v1.27.0 Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions v1.27.0 v1.27.0 Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions v5.4.22 v6.3.0 Maps an HTTP request to a set of configuration variables v3.3.2 v3.3.2 Symfony Security Component - ACL (Access Control List) v5.4.22 v6.3.0 Symfony Security Component - Core Library v5.4.21 v6.3.0 Symfony Security Component - CSRF Library v5.4.22 v5.4.22 Symfony Security Component - Guard v5.4.23 v6.3.0 Symfony Security Component - HTTP Integration v2.5.2 v3.3.0 Generic abstractions related to writing services v5.4.22 v6.3.0 Provides an object-oriented API to strings and deals with bytes, UTF-8 code points and grapheme clusters in a unified way v2.5.2 v3.3.0 Generic abstractions related to translation v5.4.22 v6.3.0 Provides integration for Twig with various Symfony components v5.4.24 v6.3.0 Provides mechanisms for walking through any arbitrary PHP variable v6.3.0 v6.3.0 Allows exporting any serializable PHP data structure to plain PHP code

PHP version

$ php -v
PHP 8.2.6

Subject

Minimal repository with the bug

Steps to reproduce

"sonata-project/user-bundle": "^5.0" "symfony/*": "5.4.*"

Login to admin and use Profiler -> [Last 10] -> 302 POST https://.../login_check -> Token -> Logs

Expected results

No deprecations

Actual results

User Deprecated: Since symfony/security-http 5.3: Returning a string from "getSalt()" without implementing the "Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface" interface is deprecated, the "App\Entity\SonataUserUser" class should implement it.

// src/Entity/SonataUserUser.php
namespace App\Entity;

use Doctrine\DBAL\Types\Types;
use Doctrine\ORM\Mapping as ORM;
use Sonata\UserBundle\Entity\BaseUser;

#[ORM\Table(name: 'sonata_user__user')]
#[ORM\Entity]
class SonataUserUser extends BaseUser
{
    #[ORM\Id]
    #[ORM\GeneratedValue]
    #[ORM\Column(type: Types::INTEGER)]
    protected $id = null;
}

Stack Trace

``` [▼ "exception" => ErrorException {#523 ▼ #message: "User Deprecated: Since symfony/security-http 5.3: Returning a string from "getSalt()" without implementing the "Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface" interface is deprecated, the "App\Entity\SonataUserUser" class should implement it." #code: 0 #file: "/home/dev/project/vendor/symfony/security-http/EventListener/CheckCredentialsListener.php" #line: 79 #severity: E_USER_DEPRECATED trace: {▼ /home/dev/project/vendor/symfony/security-http/EventListener/CheckCredentialsListener.php:79 {▼ Symfony\Component\Security\Http\EventListener\CheckCredentialsListener->checkPassport(CheckPassportEvent $event): void … › if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) { › trigger_deprecation('symfony/security-http', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user)); › } } /home/dev/project/vendor/symfony/event-dispatcher/EventDispatcher.php:270 {▼ Symfony\Component\EventDispatcher\EventDispatcher::Symfony\Component\EventDispatcher\{closure} … › } › ($closure = \Closure::fromCallable($listener))(...$args); › }; } /home/dev/project/vendor/symfony/event-dispatcher/EventDispatcher.php:230 {▼ Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) … › } › $listener($event, $eventName, $this); › } } /home/dev/project/vendor/symfony/event-dispatcher/EventDispatcher.php:59 {▼ Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, string $eventName = null): object … › if ($listeners) { › $this->callListeners($listeners, $eventName, $event); › } } /home/dev/project/vendor/symfony/security-http/Authentication/AuthenticatorManager.php:185 {▼ Symfony\Component\Security\Http\Authentication\AuthenticatorManager->executeAuthenticator(AuthenticatorInterface $authenticator, Request $request): Response … › $event = new CheckPassportEvent($authenticator, $passport); › $this->eventDispatcher->dispatch($event); › } /home/dev/project/vendor/symfony/security-http/Authentication/AuthenticatorManager.php:161 {▼ Symfony\Component\Security\Http\Authentication\AuthenticatorManager->executeAuthenticators(array $authenticators, Request $request): Response … › › $response = $this->executeAuthenticator($authenticator, $request); › if (null !== $response) { } /home/dev/project/vendor/symfony/security-http/Authentication/AuthenticatorManager.php:141 {▼ Symfony\Component\Security\Http\Authentication\AuthenticatorManager->authenticateRequest(Request $request): Response … › › return $this->executeAuthenticators($authenticators, $request); › } } /home/dev/project/vendor/symfony/security-http/Firewall/AuthenticatorManagerListener.php:40 {▼ Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener->authenticate(RequestEvent $event): void … › $request = $event->getRequest(); › $response = $this->authenticatorManager->authenticateRequest($request); › if (null === $response) { } /home/dev/project/vendor/symfony/security-http/Authenticator/Debug/TraceableAuthenticatorManagerListener.php:65 {▼ Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticatorManagerListener->authenticate(RequestEvent $event): void … › › $this->authenticationManagerListener->authenticate($event); › } /home/dev/project/vendor/symfony/security-bundle/Debug/WrappedLazyListener.php:49 {▼ Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener->authenticate(RequestEvent $event) … › try { › $ret = $this->listener->authenticate($event); › } catch (LazyResponseException $e) { } /home/dev/project/vendor/symfony/security-http/Firewall/AbstractListener.php:26 {▼ Symfony\Component\Security\Http\Firewall\AbstractListener->__invoke(RequestEvent $event) … › if (false !== $this->supports($event->getRequest())) { › $this->authenticate($event); › } } /home/dev/project/vendor/symfony/security-bundle/Security/LazyFirewallContext.php:60 {▼ Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext->__invoke(RequestEvent $event) … › foreach ($listeners as $listener) { › $listener($event); › } /home/dev/project/vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php:70 {▼ Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener->callListeners(RequestEvent $event, iterable $listeners) … › › $listener($event); › } else { } /home/dev/project/vendor/symfony/security-http/Firewall.php:92 {▼ Symfony\Component\Security\Http\Firewall->onKernelRequest(RequestEvent $event) … › › $this->callListeners($event, $authenticationListeners()); › } } /home/dev/project/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:118 {▼ Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object $event, string $eventName, EventDispatcherInterface $dispatcher): void … › try { › ($this->optimizedListener ?? $this->listener)($event, $eventName, $dispatcher); › } finally { } /home/dev/project/vendor/symfony/event-dispatcher/EventDispatcher.php:230 {▼ Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) … › } › $listener($event, $eventName, $this); › } } /home/dev/project/vendor/symfony/event-dispatcher/EventDispatcher.php:59 {▼ Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, string $eventName = null): object … › if ($listeners) { › $this->callListeners($listeners, $eventName, $event); › } } /home/dev/project/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:154 {▼ Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object $event, string $eventName = null): object … › try { › $this->dispatcher->dispatch($event, $eventName); › } finally { } /home/dev/project/vendor/symfony/http-kernel/HttpKernel.php:139 {▼ Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MAIN_REQUEST): Response … › $event = new RequestEvent($this, $request, $type); › $this->dispatcher->dispatch($event, KernelEvents::REQUEST); › } /home/dev/project/vendor/symfony/http-kernel/HttpKernel.php:75 {▼ Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) … › try { › return $this->handleRaw($request, $type); › } catch (\Exception $e) { } /home/dev/project/vendor/symfony/http-kernel/Kernel.php:202 {▼ Symfony\Component\HttpKernel\Kernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) … › try { › return $this->getHttpKernel()->handle($request, $type, $catch); › } finally { } /home/dev/project/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35 {▼ Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run(): int … › { › $response = $this->kernel->handle($this->request); › $response->send(); } /home/dev/project/vendor/autoload_runtime.php:35 {▼ require_once … › ->getRunner($app) › ->run() › ); } /home/dev/project/public/index.php:5 {▼ › › require_once dirname(__DIR__).'/vendor/autoload_runtime.php'; › } } } ] ```

VincentLanglet commented 1 year ago

Hi @piddubnij Thanks for the report, could you open a PR with the fix ? Thanks

piddubnij commented 1 year ago

I'm not familiar with bundle insides. So just add interface may break something.

namespace Sonata\UserBundle\Model;

use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\UserInterface as SymfonyUserInterface;

abstract class User implements LegacyPasswordAuthenticatedUserInterface, UserInterface, \Stringable
{

Hanmac commented 1 year ago

@VincentLanglet what would the preferred fix?

implement the Interface (which would be a BC break?) or remove the Salt use for Sonata User? (which might also be a BC break?)

VincentLanglet commented 1 year ago

implement the Interface (which would be a BC break?)

Doesn't seem to be a BC break to me so I would do this way

The only issue would be if the LegacyPasswordAuthenticatedUserInterface doesn't exists in all the Sf versions

Hanmac commented 1 year ago

implement the Interface (which would be a BC break?)

Doesn't seem to be a BC break to me so I would do this way

The only issue would be if the LegacyPasswordAuthenticatedUserInterface doesn't exists in all the Sf versions

Implemented in 5.3, so should be in all of this supported Symfony versions: https://symfony.com/blog/new-in-symfony-5-3-improvements-for-security-users#decoupled-passwords-from-users

sonata-project / SonataUserBundle