[1.x] use UriSigner::checkRequest() to validate signatures using a Request object
#157
Conversation
src/VerifyEmailHelper.php
Outdated
| @@ -63,21 +64,60 @@ public function generateSignature(string $routeName, string $userId, string $use | |||
| return new VerifyEmailSignatureComponents(\DateTimeImmutable::createFromFormat('U', (string) $expiryTimestamp), $signature, $generatedAt); | |||
| } | |||
|
|
|||
| public function validateEmailConfirmation(string $signedUrl, string $userId, string $userEmail): void | |||
| public function validateEmailConfirmation(string $signedUrl, string $userId, string $userEmail, ?Request $request = null): void | |||
There was a problem hiding this comment.
I think we'll be better off leaving this method alone and adding a deprecation @trigger_deprecation('Use validateEmailConfirmationFromRequest instead...)
- theres alot of if/else action happening in here
- we don't have a clean path forward to reorder the arguments where
Requestis the 1st argument.
There was a problem hiding this comment.
I think so too. Leave this method alone, but deprecate it.
src/VerifyEmailHelper.php
Outdated
| @@ -63,21 +64,60 @@ public function generateSignature(string $routeName, string $userId, string $use | |||
| return new VerifyEmailSignatureComponents(\DateTimeImmutable::createFromFormat('U', (string) $expiryTimestamp), $signature, $generatedAt); | |||
| } | |||
|
|
|||
| public function validateEmailConfirmation(string $signedUrl, string $userId, string $userEmail): void | |||
| public function validateEmailConfirmation(string $signedUrl, string $userId, string $userEmail, ?Request $request = null): void | |||
There was a problem hiding this comment.
I think so too. Leave this method alone, but deprecate it.
| @@ -33,6 +36,8 @@ interface VerifyEmailHelperInterface | |||
| public function generateSignature(string $routeName, string $userId, string $userEmail, array $extraParams = []): VerifyEmailSignatureComponents; | |||
|
|
|||
| /** | |||
| * @deprecated since v1.17.0, use validateEmailConfirmationFromRequest instead. | |||
There was a problem hiding this comment.
Is this even the right way to deprecate an interface method?
There was a problem hiding this comment.
To the best of my knowledge, yes - but not sure.
jrushlow
changed the title
checkRequest()UriSigner::checkRequest() to validate signatures using a Request object
jrushlow
added
Status: Needs Review
| if (!$uriSigner instanceof UriSigner) { | ||
| /** @psalm-suppress UndefinedFunction */ | ||
| @trigger_deprecation('symfonycasts/verify-email-bundle', '1.17.0', 'Not providing an instance of %s is deprecated. It will be required in v2.0', UriSigner::class); | ||
| } |
There was a problem hiding this comment.
We should also deprecated "passing $queryUtility as 3rd argument is deprecated. The arg will be removed in the future..." but usually when we do this - the param is = nullable. We can't do that here because the last 2 arg's are not nullable.
Do we let this ride as is and document this "non-deprecated" change in Upgrade.md or add the deprecation anyway without providing a way for the user to "silence" it?
There was a problem hiding this comment.
Hmm, maybe we lave the argument as is & not deprecated for now. Then we deprecate it in v2, once it's fully unused. There may be a better way to handle this, but I can't see it at the moment.
| @@ -23,13 +25,19 @@ class VerifyEmailQueryUtility | |||
| { | |||
| public function getTokenFromQuery(string $uri): string | |||
| { | |||
| /** @psalm-suppress UndefinedFunction */ | |||
| @trigger_deprecation('symfonycasts/verify-email-bundle', '1.17.0', 'This method is deprecated and will be removed in 2.0.'); | |||
There was a problem hiding this comment.
Curious that this needs the pslam-suppress... since the library does require the deprecations-contract
There was a problem hiding this comment.
Ya, I don't get it either - locally I don't get the error. But on CI, we do. I think it has something to do with psalm not picking up the autoload.
There was a problem hiding this comment.
I'll check into this outside of this PR.
| if (!$uriSigner instanceof UriSigner) { | ||
| /** @psalm-suppress UndefinedFunction */ | ||
| @trigger_deprecation('symfonycasts/verify-email-bundle', '1.17.0', 'Not providing an instance of %s is deprecated. It will be required in v2.0', UriSigner::class); | ||
| } |
There was a problem hiding this comment.
Hmm, maybe we lave the argument as is & not deprecated for now. Then we deprecate it in v2, once it's fully unused. There may be a better way to handle this, but I can't see it at the moment.
| @@ -33,6 +36,8 @@ interface VerifyEmailHelperInterface | |||
| public function generateSignature(string $routeName, string $userId, string $userEmail, array $extraParams = []): VerifyEmailSignatureComponents; | |||
|
|
|||
| /** | |||
| * @deprecated since v1.17.0, use validateEmailConfirmationFromRequest instead. | |||
There was a problem hiding this comment.
To the best of my knowledge, yes - but not sure.
validateEmailConfirmationFromRequest()toVerifyEmailHelperInterface& it's implementation.validateEmailConfirmation()inVerifyEmailHelperInterface& it's implementation.deprecatesVerifyEmailQueryUtilityas this is no longer needed in the new "fromRequest" helper method.$queryUtilityargument in theVerifyEmailHelper::__construct()method as this argument is not nullable`UriSigneras the$uriSignerargument in theVerifyEmailHelper::__construct()method.@group legacyannotations. This is basically our entire test suite. Work is already started in WIP ! 2.x ! - remove deprecations from 157 #159 that will remove these annotations and deprecations in 2.0.Doc's will be updated in #143 after maker-bundle
#1464is updated / merged to reflect the changes in this PR.fixes #155