Merge branch '5.3' into 5.4

nicolas-grekas · nicolas-grekas · commit 11d87d17650a · 2021-12-28T18:15:56.000+01:00
* 5.3:
  expand uninitialized session tests
  [Lock] Release PostgreSqlStore connection lock on failure
  [DomCrawler] Fix HTML5 parser charset option
  cs fix
  [HttpKernel] Do not attempt to register enum arguments in controller service locator
  [Mime] Fix missing sprintf in DkimSigner
  [Translation] [LocoProvider] Use rawurlencode and separate tag setting
  [Security] fix unserializing session payloads from v4
  [Cache] Don't lock when doing nested computations
  [Messenger] fix Redis support on 32b arch
  [HttpFoundation] Fix notice when HTTP_PHP_AUTH_USER passed without pass
  [Security] Add getting started example to README
diff --git a/README.md b/README.md
@@ -3,8 +3,40 @@ Security Component - Core
 
 Security provides an infrastructure for sophisticated authorization systems,
 which makes it possible to easily separate the actual authorization logic from
-so called user providers that hold the users credentials. It is inspired by
-the Java Spring framework.
+so called user providers that hold the users credentials.
+
+Getting Started
+---------------
+
+```
+$ composer require symfony/security-core
+```
+
+```php
+use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
+use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
+use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
+use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Security\Core\Role\RoleHierarchy;
+
+$accessDecisionManager = new AccessDecisionManager([
+    new AuthenticatedVoter(new AuthenticationTrustResolver()),
+    new RoleVoter(),
+    new RoleHierarchyVoter(new RoleHierarchy([
+        'ROLE_ADMIN' => ['ROLE_USER'],
+    ]))
+]);
+
+$user = new \App\Entity\User(...);
+$token = new UsernamePasswordToken($user, 'main', $user->getRoles());
+
+if (!$accessDecisionManager->decide($token, ['ROLE_ADMIN'])) {
+    throw new AccessDeniedException();
+}
+```
 
 Sponsor
 -------
diff --git a/Role/Role.php b/Role/Role.php
@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Role;
+
+/**
+ * Allows migrating session payloads from v4.
+ *
+ * @internal
+ */
+class Role
+{
+    private $role;
+
+    private function __construct()
+    {
+    }
+
+    public function __toString(): string
+    {
+        return $this->role;
+    }
+}
diff --git a/Role/SwitchUserRole.php b/Role/SwitchUserRole.php
@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Role;
+
+/**
+ * Allows migrating session payloads from v4.
+ *
+ * @internal
+ */
+class SwitchUserRole extends Role
+{
+    private $deprecationTriggered;
+    private $source;
+}
diff --git a/Tests/Role/LegacyRoleTest.php b/Tests/Role/LegacyRoleTest.php
@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\Role;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+
+class LegacyRoleTest extends TestCase
+{
+    public function testPayloadFromV4CanBeUnserialized()
+    {
+        $serialized = 'C:74:"Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken":236:{a:3:{i:0;N;i:1;s:4:"main";i:2;a:5:{i:0;s:2:"sf";i:1;b:1;i:2;a:1:{i:0;O:41:"Symfony\Component\Security\Core\Role\Role":1:{s:47:"Symfony\Component\Security\Core\Role\Role'."\0".'role'."\0".'";s:9:"ROLE_USER";}}i:3;a:0:{}i:4;a:1:{i:0;s:9:"ROLE_USER";}}}}';
+
+        $token = unserialize($serialized);
+
+        $this->assertInstanceOf(UsernamePasswordToken::class, $token);
+        $this->assertSame(['ROLE_USER'], $token->getRoleNames());
+    }
+}
