♻️Remove PlainPasswordTrait from User

config/packages/dev/mailer.yaml

@@ -1,7 +1,3 @@
-# See https://symfony.com/doc/current/mailer.html#always-send-to-the-same-address
 framework:
     mailer:
-        dsn: '%env(MAILER_DSN)%?verify_peer=0'
-        envelope:
-            # send all emails to a specific address
-            recipients: ['%env(MAILER_DELIVERY_ADDRESS)%']
+        dsn: 'null://null'

src/Controller/RecoveryController.php

@@ -205,8 +205,6 @@ public function recoveryToken(Request $request): Response
             $form->handleRequest($request);
 
             if ($form->isSubmitted() && $form->isValid()) {
-                $user->setPlainPassword($recoveryTokenModel->password);
-
                 // Check if user has a MailCrypt key
                 if ($user->hasMailCryptSecretBox()) {
                     // Decrypt the MailCrypt key

src/Entity/User.php

@@ -19,7 +19,6 @@
 use App\Traits\PasswordTrait;
 use App\Traits\PasswordVersionTrait;
 use App\Traits\PlainMailCryptPrivateKeyTrait;
-use App\Traits\PlainPasswordTrait;
 use App\Traits\PlainRecoveryTokenTrait;
 use App\Traits\QuotaTrait;
 use App\Traits\RecoverySecretBoxTrait;
@@ -53,7 +52,6 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface, Passwor
     use SaltTrait;
     use DeleteTrait;
     use InvitationVoucherTrait;
-    use PlainPasswordTrait;
     use DomainAwareTrait;
     use LastLoginTimeTrait;
     use PasswordVersionTrait;
@@ -142,4 +140,8 @@ public function getPasswordHasherName(): ?string
         // use default encoder
         return null;
     }
+
+    public function eraseCredentials()
+    {
+    }
 }

src/EventListener/LoginListener.php

@@ -4,28 +4,24 @@
 
 use App\Entity\User;
 use App\Event\LoginEvent;
-use App\Helper\PasswordUpdater;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
 use Symfony\Component\Security\Http\SecurityEvents;
 
-class LoginListener implements EventSubscriberInterface
+readonly class LoginListener implements EventSubscriberInterface
 {
-    /**
-     * LoginListener constructor.
-     */
-    public function __construct(private readonly EntityManagerInterface $manager, private readonly PasswordUpdater $passwordUpdater)
+    public function __construct(private EntityManagerInterface $manager)
     {
     }
 
     public function onSecurityInteractiveLogin(InteractiveLoginEvent $event): void
     {
-        $request = $event->getRequest();
-        /** @var User $user */
         $user = $event->getAuthenticationToken()->getUser();
-        $user->setPlainPassword($request->get('_password'));
-        $this->handleLogin($user);
+
+        if ($user instanceof User) {
+            $this->handleLogin($user);
+        }
     }
 
     public function onLogin(LoginEvent $event): void
@@ -34,25 +30,12 @@ public function onLogin(LoginEvent $event): void
     }
 
     private function handleLogin(User $user): void
-    {
-        // update password hash if necessary
-        if (($user->getPasswordVersion() < User::CURRENT_PASSWORD_VERSION) && null !== $plainPassword = $user->getPlainPassword()) {
-            $user->setPasswordVersion(User::CURRENT_PASSWORD_VERSION);
-            $this->passwordUpdater->updatePassword($user, $plainPassword);
-        }
-        $this->updateLastLogin($user);
-    }
-
-    private function updateLastLogin(User $user): void
     {
         $user->updateLastLoginTime();
         $this->manager->persist($user);
         $this->manager->flush();
     }
 
-    /**
-     * {@inheritdoc}
-     */
     public static function getSubscribedEvents(): array
     {
         return [

src/Handler/RegistrationHandler.php

@@ -73,7 +73,6 @@ private function buildUser(Registration $registration): User
     {
         $user = new User();
         $user->setEmail(strtolower((string)$registration->getEmail()));
-        $user->setPlainPassword($registration->getPlainPassword());
         $user->setRoles([Roles::USER]);
 
         if (null !== $domain = $this->domainGuesser->guess($registration->getEmail())) {

src/Handler/UserAuthenticationHandler.php

@@ -25,8 +25,6 @@ public function authenticate(User $user, string $password): ?User
         if (!$hasher->verify($user->getPassword(), $password)) {
             return null;
         }
-        $user->setPlainPassword($password);
-
         $this->eventDispatcher->dispatch(new LoginEvent($user), LoginEvent::NAME);
 
         return $user;

tests/Entity/UserTest.php

@@ -55,16 +55,6 @@ public function testGetPasswordHasherName(): void
         self::assertEquals('legacy', $user->getPasswordHasherName());
     }
 
-    public function testPlainPassword(): void
-    {
-        $user = new User();
-        self::assertEquals(null, $user->getPlainPassword());
-        $user->setPlainPassword('test');
-        self::assertEquals('test', $user->getPlainPassword());
-        $user->eraseCredentials();
-        self::assertEquals(null, $user->getPlainPassword());
-    }
-
     public function testHasRecoverySecretBox(): void
     {
         $user = new User();

tests/EventListener/LoginListenerTest.php

@@ -7,7 +7,6 @@
 use App\EventListener\LoginListener;
 use App\Helper\PasswordUpdater;
 use Doctrine\ORM\EntityManagerInterface;
-use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -17,33 +16,20 @@
 class LoginListenerTest extends TestCase
 {
     private EntityManagerInterface $manager;
-    private PasswordUpdater $passwordUpdater;
     private LoginListener $listener;
 
     public function setUp(): void
     {
         $this->manager = $this->getMockBuilder(EntityManagerInterface::class)
             ->disableOriginalConstructor()
             ->getMock();
-        $this->passwordUpdater = $this->getMockBuilder(PasswordUpdater::class)
-            ->disableOriginalConstructor()
-            ->getMock();
-        $this->listener = new LoginListener($this->manager, $this->passwordUpdater);
+        $this->listener = new LoginListener($this->manager);
     }
 
-    /**
-     * @dataProvider provider
-     */
-    public function testOnSecurityInteractiveLogin(User $user, bool $update): void
+    public function testOnSecurityInteractiveLogin(): void
     {
+        $user = new User();
         $this->manager->expects($this->once())->method('flush');
-
-        if ($update) {
-            $this->passwordUpdater->expects($this->once())->method('updatePassword');
-        } else {
-            $this->passwordUpdater->expects($this->never())->method('updatePassword');
-        }
-
         $event = $this->getEvent($user);
 
         $this->listener->onSecurityInteractiveLogin($event);
@@ -74,25 +60,6 @@ private function getEvent(User $user): InteractiveLoginEvent
         return $event;
     }
 
-    public function provider(): array
-    {
-        return [
-            [$this->getUser(null), true],
-            [$this->getUser(0), true],
-            [$this->getUser(1), true],
-            [$this->getUser(2), false],
-            [$this->getUser(3), false],
-        ];
-    }
-
-    public function getUser(?int $passwordVersion): User
-    {
-        $user = new User();
-        $user->setPasswordVersion($passwordVersion);
-
-        return $user;
-    }
-
     public function testGetSubscribedEvents(): void
     {
         $this->assertEquals([

tests/Handler/RecoveryTokenHandlerTest.php

@@ -26,7 +26,6 @@ public function testCreateExceptionPlainMailCryptPrivateKeyNull(): void
         $handler = $this->createHandler();
         $user = new User();
 
-        $user->setPlainPassword('password');
         $handler->create($user);
     }
 
@@ -35,7 +34,6 @@ public function testCreate(): void
         $handler = $this->createHandler();
         $user = new User();
 
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('dummyKey');
         $handler->create($user);
 
@@ -49,7 +47,6 @@ public function testVerify(): void
 
         self::assertFalse($handler->verify($user, 'recoveryToken'));
 
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('dummyKey');
         $handler->create($user);
 
@@ -78,7 +75,6 @@ public function testDecryptExceptionDecryptionFailed(): void
         $this->expectExceptionMessage('decryption of recoverySecretBox failed');
         $handler = $this->createHandler();
         $user = new User();
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('privateKey');
         $handler->create($user);
 
@@ -89,7 +85,6 @@ public function testDecrypt(): void
     {
         $handler = $this->createHandler();
         $user = new User();
-        $user->setPlainPassword('password');
         $user->setPlainMailCryptPrivateKey('privateKey');
         $handler->create($user);
         $recoveryToken = $user->getPlainRecoveryToken();

tests/Helper/AdminPasswordUpdaterTest.php

@@ -28,7 +28,6 @@ public function setUp(): void
     public function testUpdateAdminPassword(): void
     {
         $admin = new User();
-        $admin->setPlainPassword('password');
         $admin->setPassword('impossible_login');
 
         $adminPasswordUpdater = new AdminPasswordUpdater(