-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[1.x] use UriSigner::checkRequest()
to validate signatures using a Request
object
#157
Changes from all commits
1753bef
6a7a324
f15d4b8
d58e241
1f467a0
331c5e0
fb37569
d822623
e52e2af
395b47d
82cd0e1
8b6f2d7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,6 +9,7 @@ | |
|
||
namespace SymfonyCasts\Bundle\VerifyEmail; | ||
|
||
use Symfony\Component\HttpFoundation\Request; | ||
use Symfony\Component\HttpFoundation\UriSigner; | ||
use Symfony\Component\HttpKernel\UriSigner as LegacyUriSigner; | ||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; | ||
|
@@ -45,6 +46,11 @@ public function __construct(UrlGeneratorInterface $router, /* no typehint for BC | |
$this->queryUtility = $queryUtility; | ||
$this->tokenGenerator = $generator; | ||
$this->lifetime = $lifetime; | ||
|
||
if (!$uriSigner instanceof UriSigner) { | ||
/** @psalm-suppress UndefinedFunction */ | ||
@trigger_deprecation('symfonycasts/verify-email-bundle', '1.17.0', 'Not providing an instance of %s is deprecated. It will be required in v2.0', UriSigner::class); | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We should also deprecated "passing $queryUtility as 3rd argument is deprecated. The arg will be removed in the future..." but usually when we do this - the param is Do we let this ride as is and document this "non-deprecated" change in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hmm, maybe we lave the argument as is & not deprecated for now. Then we deprecate it in v2, once it's fully unused. There may be a better way to handle this, but I can't see it at the moment. |
||
} | ||
|
||
public function generateSignature(string $routeName, string $userId, string $userEmail, array $extraParams = []): VerifyEmailSignatureComponents | ||
|
@@ -65,6 +71,9 @@ public function generateSignature(string $routeName, string $userId, string $use | |
|
||
public function validateEmailConfirmation(string $signedUrl, string $userId, string $userEmail): void | ||
{ | ||
/** @psalm-suppress UndefinedFunction */ | ||
@trigger_deprecation('symfonycasts/verify-email-bundle', '1.17.0', '%s() is deprecated and will be removed in v2.0, use validateEmailConfirmationFromRequest() instead.', __METHOD__); | ||
|
||
if (!$this->uriSigner->check($signedUrl)) { | ||
throw new InvalidSignatureException(); | ||
} | ||
|
@@ -80,4 +89,26 @@ public function validateEmailConfirmation(string $signedUrl, string $userId, str | |
throw new WrongEmailVerifyException(); | ||
} | ||
} | ||
|
||
public function validateEmailConfirmationFromRequest(Request $request, string $userId, string $userEmail): void | ||
jrushlow marked this conversation as resolved.
Show resolved
Hide resolved
|
||
{ | ||
/** @legacy - Remove in 2.0 */ | ||
if (!$this->uriSigner instanceof UriSigner) { | ||
throw new \RuntimeException(sprintf('An instance of %s is required, provided by symfony/http-kernel >=6.4, to validate an email confirmation.', UriSigner::class)); | ||
} | ||
|
||
if (!$this->uriSigner->checkRequest($request)) { | ||
throw new InvalidSignatureException(); | ||
} | ||
|
||
if ($request->query->getInt('expires') <= time()) { | ||
throw new ExpiredSignatureException(); | ||
} | ||
|
||
$knownToken = $this->tokenGenerator->createToken($userId, $userEmail); | ||
|
||
if (!hash_equals($knownToken, $request->query->getString('token'))) { | ||
throw new WrongEmailVerifyException(); | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,6 +9,7 @@ | |
|
||
namespace SymfonyCasts\Bundle\VerifyEmail; | ||
|
||
use Symfony\Component\HttpFoundation\Request; | ||
use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface; | ||
use SymfonyCasts\Bundle\VerifyEmail\Model\VerifyEmailSignatureComponents; | ||
|
||
|
@@ -17,6 +18,8 @@ | |
* | ||
* @author Jesse Rushlow <jr@rushlow.dev> | ||
* @author Ryan Weaver <ryan@symfonycasts.com> | ||
* | ||
* @method void validateEmailConfirmationFromRequest(Request $request, string $userId, string $userEmail) | ||
*/ | ||
interface VerifyEmailHelperInterface | ||
{ | ||
|
@@ -33,6 +36,8 @@ interface VerifyEmailHelperInterface | |
public function generateSignature(string $routeName, string $userId, string $userEmail, array $extraParams = []): VerifyEmailSignatureComponents; | ||
|
||
/** | ||
* @deprecated since v1.17.0, use validateEmailConfirmationFromRequest instead. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this even the right way to deprecate an interface method? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. To the best of my knowledge, yes - but not sure. |
||
* | ||
* Validate a signed an email confirmation request. | ||
* | ||
* If something is wrong with the email confirmation, a | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious that this needs the pslam-suppress... since the library does require the deprecations-contract
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ya, I don't get it either - locally I don't get the error. But on CI, we do. I think it has something to do with psalm not picking up the autoload.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll check into this outside of this PR.