Merge pull request PrestaShop#32992 from FabienPapet/symfony6-fix-use…

…r-deprecations

Symfony 6 - Fix user deprecations

src/Adapter/Security/Admin.php

@@ -98,7 +98,7 @@ public function onKernelRequest(RequestEvent $event)
 
         //if employee loggdin in legacy context, authenticate him into sf2 security context
         if (isset($this->legacyContext->employee) && $this->legacyContext->employee->isLoggedBack()) {
-            $user = $this->userProvider->loadUserByUsername($this->legacyContext->employee->email);
+            $user = $this->userProvider->loadUserByIdentifier($this->legacyContext->employee->email);
             $token = new UsernamePasswordToken($user, 'admin', $user->getRoles());
             $this->securityTokenStorage->setToken($token);
 

src/PrestaShopBundle/Resources/config/services/bundle/new_api.yml

@@ -5,7 +5,7 @@ services:
   PrestaShopBundle\Security\OAuth2\Repository\ClientRepository:
     arguments:
       - '@security.user.provider.concrete.oauth2'
-      - '@security.user_password_encoder.generic'
+      - '@security.user_password_hasher'
 
   PrestaShopBundle\Security\OAuth2\Repository\AccessTokenRepository:
 

src/PrestaShopBundle/Security/Admin/Employee.php

@@ -27,12 +27,13 @@
 namespace PrestaShopBundle\Security\Admin;
 
 use Symfony\Component\Security\Core\User\EquatableInterface;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
  * Class Employee is used for Symfony security components to authenticate the user.
  */
-class Employee implements UserInterface, EquatableInterface
+class Employee implements UserInterface, EquatableInterface, PasswordAuthenticatedUserInterface
 {
     /**
      * @var int
@@ -95,7 +96,7 @@ public function getRoles()
      *
      * @return string
      */
-    public function getPassword()
+    public function getPassword(): ?string
     {
         return $this->password;
     }
@@ -120,6 +121,11 @@ public function getUsername()
         return $this->username;
     }
 
+    public function getUserIdentifier(): string
+    {
+        return $this->getUsername();
+    }
+
     /**
      * Get the id of the current employee.
      *

src/PrestaShopBundle/Security/Admin/EmployeeProvider.php

@@ -72,7 +72,7 @@ public function __construct(
      *
      * @throws UserNotFoundException
      */
-    public function loadUserByUsername($username)
+    public function loadUserByIdentifier(string $username): Employee
     {
         $cacheKey = sha1($username);
         $cachedEmployee = $this->cache->getItem("app.employees_{$cacheKey}");
@@ -112,7 +112,7 @@ public function refreshUser(UserInterface $employee)
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', $employee::class));
         }
 
-        return $this->loadUserByUsername($employee->getUsername());
+        return $this->loadUserByIdentifier($employee->getUserIdentifier());
     }
 
     /**
@@ -126,4 +126,14 @@ public function supportsClass($class)
     {
         return $class === 'PrestaShopBundle\Security\Admin\Employee';
     }
+
+    /**
+     * Needed by the interface but not used.
+     *
+     * @deprecated since 9.0, to be removed when Symfony > 6.à
+     */
+    public function loadUserByUsername(string $username)
+    {
+        return $this->loadUserByIdentifier($username);
+    }
 }

src/PrestaShopBundle/Security/OAuth2/Repository/ClientRepository.php

@@ -30,8 +30,9 @@
 
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use PrestaShopBundle\Security\OAuth2\Entity\Client;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 
@@ -48,11 +49,11 @@ class ClientRepository implements ClientRepositoryInterface
     private $userProvider;
 
     /**
-     * @var UserPasswordEncoderInterface
+     * @var UserPasswordHasherInterface
      */
     private $passwordEncoder;
 
-    public function __construct(UserProviderInterface $userProvider, UserPasswordEncoderInterface $passwordEncoder)
+    public function __construct(UserProviderInterface $userProvider, UserPasswordHasherInterface $passwordEncoder)
     {
         $this->userProvider = $userProvider;
         $this->passwordEncoder = $passwordEncoder;
@@ -67,7 +68,7 @@ public function getClientEntity($clientIdentifier): ?Client
         }
 
         $client = new Client();
-        $client->setIdentifier($user->getUsername());
+        $client->setIdentifier($user->getUserIdentifier());
 
         return $client;
     }
@@ -77,15 +78,24 @@ public function validateClient($clientIdentifier, $clientSecret, $grantType): bo
         if ($grantType !== 'client_credentials' || $clientSecret === null) {
             return false;
         }
+
         $client = $this->getUser($clientIdentifier);
 
-        return $client !== null && $this->passwordEncoder->isPasswordValid($client, $clientSecret);
+        if ($client === null) {
+            return false;
+        }
+
+        if (!$client instanceof PasswordAuthenticatedUserInterface) {
+            throw new \LogicException(sprintf('The class %s should implement %s.', $client::class, PasswordAuthenticatedUserInterface::class));
+        }
+
+        return $this->passwordEncoder->isPasswordValid($client, $clientSecret);
     }
 
     private function getUser($clientIdentifier): ?UserInterface
     {
         try {
-            return $this->userProvider->loadUserByUsername($clientIdentifier);
+            return $this->userProvider->loadUserByIdentifier($clientIdentifier);
         } catch (UserNotFoundException $exception) {
             return null;
         }

src/PrestaShopBundle/Security/OAuth2/ResourceServer.php

@@ -64,7 +64,7 @@ public function isTokenValid(ServerRequestInterface $request): bool
     {
         try {
             $this->leagueResourceServer->validateAuthenticatedRequest($request);
-        } catch (OAuthServerException $e) {
+        } catch (OAuthServerException) {
             return false;
         }
 
@@ -79,7 +79,7 @@ public function getUser(ServerRequestInterface $request): ?UserInterface
         }
 
         try {
-            return $this->userProvider->loadUserByUsername($audience);
+            return $this->userProvider->loadUserByIdentifier($audience);
         } catch (UserNotFoundException $exception) {
             return null;
         }
@@ -89,7 +89,7 @@ private function getAudience(ServerRequestInterface $request): ?string
     {
         try {
             return $this->leagueResourceServer->validateAuthenticatedRequest($request)->getAttribute('oauth_client_id');
-        } catch (OAuthServerException $exception) {
+        } catch (OAuthServerException) {
             return null;
         }
     }

src/PrestaShopBundle/Service/DataProvider/UserProvider.php

@@ -59,7 +59,7 @@ public function getUser(): ?UserInterface
         }
 
         if ($this->legacyContext->getContext()->employee && !empty($this->legacyContext->getContext()->employee->email)) {
-            return $this->userProvider->loadUserByUsername($this->legacyContext->getContext()->employee->email);
+            return $this->userProvider->loadUserByIdentifier($this->legacyContext->getContext()->employee->email);
         }
 
         return null;
@@ -69,7 +69,7 @@ public function getUsername(): string
     {
         $user = $this->getUser();
         if ($user instanceof UserInterface) {
-            return $user->getUsername();
+            return $user->getUserIdentifier();
         }
 
         return self::ANONYMOUS_USER;

tests/UI/data/demo/modules.ts

@@ -41,6 +41,6 @@ export default {
   keycloak: new ModuleData({
     tag: 'keycloak_connector_demo',
     name: 'Keycloak OAuth2 connector demo',
-    releaseZip: 'https://github.com/PrestaShop/keycloak_connector_demo/releases/download/v1.0.3/keycloak_connector_demo.zip',
+    releaseZip: 'https://github.com/PrestaShop/keycloak_connector_demo/releases/download/v1.0.4/keycloak_connector_demo.zip',
   }),
 };

tests/UI/pages/BO/shopParameters/customerSettings/titles/index.ts

@@ -143,8 +143,6 @@ class Titles extends BOBasePage {
    * @return {Promise<void>}
    */
   async filterTitles(page: Page, filterType: string, filterBy: string, value: string): Promise<void> {
-    const currentUrl: string = page.url();
-
     switch (filterType) {
       case 'input':
         await this.setValue(page, this.filterColumn(filterBy), value);

tests/Unit/Adapter/Security/CommandHandler/BulkDeleteCustomersSessionHandlerTest.php

@@ -33,7 +33,7 @@
 use PrestaShop\PrestaShop\Adapter\Session\Repository\CustomerSessionRepository;
 use PrestaShop\PrestaShop\Core\Domain\Security\Command\BulkDeleteCustomerSessionsCommand;
 
-class BulkDeleteCustomerSessionHandlerTest extends TestCase
+class BulkDeleteCustomersSessionHandlerTest extends TestCase
 {
     public function testHandleDeleteShouldBeCalledOnlyOnce(): void
     {

tests/Unit/Core/Domain/Security/ValueObject/CustomerSessionIdTest.php

@@ -32,7 +32,7 @@
 use PrestaShop\PrestaShop\Core\Domain\Security\Exception\SessionException;
 use PrestaShop\PrestaShop\Core\Domain\Security\ValueObject\CustomerSessionId;
 
-class CustomerSessionTest extends TestCase
+class CustomerSessionIdTest extends TestCase
 {
     /**
      * @dataProvider createsSessionIdWithValidValuesData

tests/Unit/Core/Domain/Security/ValueObject/EmployeeSessionIdTest.php

@@ -32,7 +32,7 @@
 use PrestaShop\PrestaShop\Core\Domain\Security\Exception\SessionException;
 use PrestaShop\PrestaShop\Core\Domain\Security\ValueObject\EmployeeSessionId;
 
-class EmployeeSessionTest extends TestCase
+class EmployeeSessionIdTest extends TestCase
 {
     /**
      * @dataProvider createsSessionIdWithValidValuesData

tests/Unit/PrestaShopBundle/Security/OAuth2/Repository/ClientRepositoryTest.php

@@ -29,10 +29,10 @@
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use PHPUnit\Framework\TestCase;
 use PrestaShopBundle\Security\OAuth2\Repository\ClientRepository;
-use Symfony\Component\Security\Core\Encoder\EncoderFactory;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoder;
+use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasher;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;
-use Symfony\Component\Security\Core\User\User;
 
 class ClientRepositoryTest extends TestCase
 {
@@ -43,8 +43,8 @@ public function setUp(): void
         $userProvider = new InMemoryUserProvider(['myclientid' => ['password' => 'myclientsecret']]);
         $this->clientRepository = new ClientRepository(
             $userProvider,
-            new UserPasswordEncoder(new EncoderFactory([
-                User::class => ['algorithm' => 'plaintext', 'ignore_case' => false],
+            new UserPasswordHasher(new PasswordHasherFactory([
+                InMemoryUser::class => ['algorithm' => 'plaintext', 'ignore_case' => false],
             ]))
         );
         parent::setUp();