diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 4dade703030..8523d5778f1 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -1,4 +1,5 @@
security:
+ always_authenticate_before_granting: true
providers:
sylius_admin_user_provider:
id: sylius.admin_user_provider.email_or_name_based
diff --git a/psalm.xml b/psalm.xml
index 6a3b1a02d0f..341583d2a8d 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -119,6 +119,7 @@
+
@@ -202,6 +203,7 @@
+
@@ -225,6 +227,7 @@
+
diff --git a/src/Sylius/Behat/Service/SecurityService.php b/src/Sylius/Behat/Service/SecurityService.php
index 3afef083348..6c2baa63dbb 100644
--- a/src/Sylius/Behat/Service/SecurityService.php
+++ b/src/Sylius/Behat/Service/SecurityService.php
@@ -43,7 +43,13 @@ public function __construct(SessionInterface $session, CookieSetterInterface $co
public function logIn(UserInterface $user): void
{
- $token = new UsernamePasswordToken($user, $user->getPassword(), $this->firewallContextName, $user->getRoles());
+ /** @deprecated parameter credential was deprecated in Symfony 5.4, so in Sylius 1.11 too, in Sylius 2.0 providing 4 arguments will be prohibited. */
+ if (3 === (new \ReflectionClass(UsernamePasswordToken::class))->getConstructor()->getNumberOfParameters()) {
+ $token = new UsernamePasswordToken($user, $this->firewallContextName, $user->getRoles());
+ } else {
+ $token = new UsernamePasswordToken($user, $user->getPassword(), $this->firewallContextName, $user->getRoles());
+ }
+
$this->setToken($token);
}
diff --git a/src/Sylius/Bundle/CoreBundle/Resources/config/services.xml b/src/Sylius/Bundle/CoreBundle/Resources/config/services.xml
index 785b9f5d316..2ec65da31b9 100644
--- a/src/Sylius/Bundle/CoreBundle/Resources/config/services.xml
+++ b/src/Sylius/Bundle/CoreBundle/Resources/config/services.xml
@@ -288,5 +288,7 @@
+
+
diff --git a/src/Sylius/Bundle/CoreBundle/Security/UserImpersonator.php b/src/Sylius/Bundle/CoreBundle/Security/UserImpersonator.php
index 7d0e0a23baf..9fcce049727 100644
--- a/src/Sylius/Bundle/CoreBundle/Security/UserImpersonator.php
+++ b/src/Sylius/Bundle/CoreBundle/Security/UserImpersonator.php
@@ -40,11 +40,22 @@ public function __construct(SessionInterface $session, string $firewallContextNa
public function impersonate(UserInterface $user): void
{
- $token = new UsernamePasswordToken(
- $user,
- $this->firewallContextName,
- array_map(/** @param object|string $role */ static function ($role): string { return (string) $role; }, $user->getRoles())
- );
+ /** @deprecated parameter credential was deprecated in Symfony 5.4, so in Sylius 1.11 too, in Sylius 2.0 providing 4 arguments will be prohibited. */
+ if (3 === (new \ReflectionClass(UsernamePasswordToken::class))->getConstructor()->getNumberOfParameters()) {
+ $token = new UsernamePasswordToken(
+ $user,
+ $this->firewallContextName,
+ array_map(/** @param object|string $role */ static function ($role): string { return (string) $role; }, $user->getRoles())
+ );
+ } else {
+ $token = new UsernamePasswordToken(
+ $user,
+ $user->getPassword(),
+ $this->firewallContextName,
+ array_map(/** @param object|string $role */ static function ($role): string { return (string) $role; }, $user->getRoles())
+ );
+ }
+
$this->session->set($this->sessionTokenParameter, serialize($token));
$this->session->save();
diff --git a/src/Sylius/Bundle/ProductBundle/Controller/ProductSlugController.php b/src/Sylius/Bundle/ProductBundle/Controller/ProductSlugController.php
index 355557b9e5c..9403b53754c 100644
--- a/src/Sylius/Bundle/ProductBundle/Controller/ProductSlugController.php
+++ b/src/Sylius/Bundle/ProductBundle/Controller/ProductSlugController.php
@@ -13,6 +13,7 @@
namespace Sylius\Bundle\ProductBundle\Controller;
+use Sylius\Component\Product\Generator\SlugGeneratorInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
@@ -20,10 +21,30 @@
class ProductSlugController extends AbstractController
{
+ private ?SlugGeneratorInterface $slugGenerator;
+
+ public function __construct(?SlugGeneratorInterface $slugGenerator = null)
+ {
+ $this->slugGenerator = $slugGenerator;
+
+ if ($this->slugGenerator === null) {
+ @trigger_error(sprintf('Not passing a $slugGenerator to %s constructor is deprecated since Sylius 1.11 and will be prohibited in Sylius 2.0.', self::class), \E_USER_DEPRECATED);
+ }
+ }
+
+ /**
+ * @psalm-suppress DeprecatedMethod
+ */
public function generateAction(Request $request): Response
{
$name = $request->query->get('name');
+ if ($this->slugGenerator !== null) {
+ return new JsonResponse([
+ 'slug' => $this->slugGenerator->generate((string) $name),
+ ]);
+ }
+
return new JsonResponse([
'slug' => $this->get('sylius.generator.slug')->generate($name),
]);
diff --git a/src/Sylius/Bundle/ProductBundle/Resources/config/services.xml b/src/Sylius/Bundle/ProductBundle/Resources/config/services.xml
index 7738691542c..b6ea78c47d3 100644
--- a/src/Sylius/Bundle/ProductBundle/Resources/config/services.xml
+++ b/src/Sylius/Bundle/ProductBundle/Resources/config/services.xml
@@ -20,6 +20,7 @@
+
diff --git a/src/Sylius/Bundle/UserBundle/Controller/SecurityController.php b/src/Sylius/Bundle/UserBundle/Controller/SecurityController.php
index fac2a1174f9..150cfdd1afc 100644
--- a/src/Sylius/Bundle/UserBundle/Controller/SecurityController.php
+++ b/src/Sylius/Bundle/UserBundle/Controller/SecurityController.php
@@ -15,18 +15,45 @@
use Sylius\Bundle\UserBundle\Form\Type\UserLoginType;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Webmozart\Assert\Assert;
class SecurityController extends AbstractController
{
+ private ?AuthenticationUtils $authenticationUtils;
+
+ private ?FormFactoryInterface $formFactory;
+
+ public function __construct(?AuthenticationUtils $authenticationUtils = null, ?FormFactoryInterface $formFactory = null)
+ {
+ $this->authenticationUtils = $authenticationUtils;
+ $this->formFactory = $formFactory;
+
+ if ($this->authenticationUtils === null) {
+ @trigger_error(sprintf('Not passing a $authenticationUtils to %s constructor is deprecated since Sylius 1.11 and will be prohibited in Sylius 2.0.', self::class), \E_USER_DEPRECATED);
+ }
+
+ if ($this->formFactory === null) {
+ @trigger_error(sprintf('Not passing a $formFactory to %s constructor is deprecated since Sylius 1.11 and will be prohibited in Sylius 2.0.', self::class), \E_USER_DEPRECATED);
+ }
+ }
+
/**
* Login form action.
+ *
+ * @psalm-suppress DeprecatedMethod
*/
public function loginAction(Request $request): Response
{
- $authenticationUtils = $this->get('security.authentication_utils');
+ if ($this->authenticationUtils !== null) {
+ $authenticationUtils = $this->authenticationUtils;
+ } else {
+ $authenticationUtils = $this->get('security.authentication_utils');
+ }
+
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
@@ -36,7 +63,12 @@ public function loginAction(Request $request): Response
Assert::notNull($template, 'Template is not configured.');
$formType = $options['form'] ?? UserLoginType::class;
- $form = $this->get('form.factory')->createNamed('', $formType);
+
+ if ($this->formFactory !== null) {
+ $form = $this->formFactory->createNamed('', $formType);
+ } else {
+ $form = $this->get('form.factory')->createNamed('', $formType);
+ }
return $this->render($template, [
'form' => $form->createView(),
diff --git a/src/Sylius/Bundle/UserBundle/Resources/config/services.xml b/src/Sylius/Bundle/UserBundle/Resources/config/services.xml
index 09b04539d3e..6a9c3c4e31f 100644
--- a/src/Sylius/Bundle/UserBundle/Resources/config/services.xml
+++ b/src/Sylius/Bundle/UserBundle/Resources/config/services.xml
@@ -40,6 +40,8 @@
+
+
diff --git a/src/Sylius/Bundle/UserBundle/Security/UserLogin.php b/src/Sylius/Bundle/UserBundle/Security/UserLogin.php
index 8f30416d76c..60337c95785 100644
--- a/src/Sylius/Bundle/UserBundle/Security/UserLogin.php
+++ b/src/Sylius/Bundle/UserBundle/Security/UserLogin.php
@@ -58,8 +58,18 @@ public function login(UserInterface $user, ?string $firewallName = null): void
protected function createToken(UserInterface $user, string $firewallName): UsernamePasswordToken
{
+ /** @deprecated parameter credential was deprecated in Symfony 5.4, so in Sylius 1.11 too, in Sylius 2.0 providing 4 arguments will be prohibited. */
+ if (3 === (new \ReflectionClass(UsernamePasswordToken::class))->getConstructor()->getNumberOfParameters()) {
+ return new UsernamePasswordToken(
+ $user,
+ $firewallName,
+ array_map(/** @param object|string $role */ static function ($role): string { return (string) $role; }, $user->getRoles())
+ );
+ }
+
return new UsernamePasswordToken(
$user,
+ null,
$firewallName,
array_map(/** @param object|string $role */ static function ($role): string { return (string) $role; }, $user->getRoles())
);
diff --git a/tests/Controller/AdminProductAjaxTest.php b/tests/Controller/AdminProductAjaxTest.php
index 5aa8a62e1fc..3e7139b39b6 100644
--- a/tests/Controller/AdminProductAjaxTest.php
+++ b/tests/Controller/AdminProductAjaxTest.php
@@ -65,7 +65,14 @@ private function authenticateAdminUser(): void
$session = self::$container->get('session');
$firewallName = 'admin';
$firewallContext = 'admin';
- $token = new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
+
+ /** @deprecated parameter credential was deprecated in Symfony 5.4, so in Sylius 1.11 too, in Sylius 2.0 providing 4 arguments will be prohibited. */
+ if (3 === (new \ReflectionClass(UsernamePasswordToken::class))->getConstructor()->getNumberOfParameters()) {
+ $token = new UsernamePasswordToken($user, $firewallName, $user->getRoles());
+ } else {
+ $token = new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
+ }
+
$session->set(sprintf('_security_%s', $firewallContext), serialize($token));
$session->save();