deprecate the FQCN properties of PersistentToken and RememberMeDetails

xabbuh · xabbuh · commit 6f0246d95644 · 2025-09-15T15:51:31.000+02:00
diff --git a/Authentication/RememberMe/InMemoryTokenProvider.php b/Authentication/RememberMe/InMemoryTokenProvider.php
@@ -42,7 +42,8 @@ public function updateToken(string $series, #[\SensitiveParameter] string $token
             $this->tokens[$series]->getUserIdentifier(),
             $series,
             $tokenValue,
-            $lastUsed
+            $lastUsed,
+            false
         );
         $this->tokens[$series] = $token;
     }
diff --git a/Authentication/RememberMe/PersistentToken.php b/Authentication/RememberMe/PersistentToken.php
@@ -18,18 +18,61 @@
  */
 final class PersistentToken implements PersistentTokenInterface
 {
+    private ?string $class = null;
+    private string $userIdentifier;
+    private string $series;
+    private string $tokenValue;
     private \DateTimeImmutable $lastUsed;
 
+    /**
+     * @param string             $userIdentifier
+     * @param string             $series
+     * @param string             $tokenValue
+     * @param \DateTimeInterface $lastUsed
+     */
     public function __construct(
-        private string $class,
-        private string $userIdentifier,
-        private string $series,
-        #[\SensitiveParameter] private string $tokenValue,
-        \DateTimeInterface $lastUsed,
+        $userIdentifier,
+        $series,
+        #[\SensitiveParameter] $tokenValue,
+        #[\SensitiveParameter] $lastUsed,
     ) {
-        if (!$class) {
-            throw new \InvalidArgumentException('$class must not be empty.');
+        if (\func_num_args() > 4) {
+            if (\func_num_args() < 6 || func_get_arg(5)) {
+                trigger_deprecation('symfony/security-core', '7.4', 'Passing a user FQCN to %s() is deprecated. The user class will be removed from the remember-me cookie in 8.0.', __CLASS__, __NAMESPACE__);
+            }
+
+            if (!\is_string($userIdentifier)) {
+                throw new \TypeError(\sprintf('Argument 1 passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($userIdentifier)));
+            }
+
+            $this->class = $userIdentifier;
+            $userIdentifier = $series;
+            $series = $tokenValue;
+            $tokenValue = $lastUsed;
+
+            if (\func_num_args() <= 4) {
+                throw new \TypeError(\sprintf('Argument 5 passed to "%s()" must be an instance of "%s", the argument is missing.', __METHOD__, \DateTimeInterface::class));
+            }
+
+            $lastUsed = func_get_arg(4);
+        }
+
+        if (!\is_string($userIdentifier)) {
+            throw new \TypeError(\sprintf('The $userIdentifier argument passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($userIdentifier)));
         }
+
+        if (!\is_string($series)) {
+            throw new \TypeError(\sprintf('The $series argument  passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($series)));
+        }
+
+        if (!\is_string($tokenValue)) {
+            throw new \TypeError(\sprintf('The $tokenValue argument  passed to "%s()" must be a string, "%s" given.', __METHOD__, get_debug_type($tokenValue)));
+        }
+
+        if (!$lastUsed instanceof \DateTimeInterface) {
+            throw new \TypeError(\sprintf('The $lastUsed argument  passed to "%s()" must be an instance of "%s", "%s" given.', __METHOD__, \DateTimeInterface::class, get_debug_type($lastUsed)));
+        }
+
         if ('' === $userIdentifier) {
             throw new \InvalidArgumentException('$userIdentifier must not be empty.');
         }
@@ -40,6 +83,9 @@ public function __construct(
             throw new \InvalidArgumentException('$tokenValue must not be empty.');
         }
 
+        $this->userIdentifier = $userIdentifier;
+        $this->series = $series;
+        $this->tokenValue = $tokenValue;
         $this->lastUsed = \DateTimeImmutable::createFromInterface($lastUsed);
     }
 
@@ -52,7 +98,7 @@ public function getClass(bool $triggerDeprecation = true): string
             trigger_deprecation('symfony/security-core', '7.4', 'The "%s()" method is deprecated: the user class will be removed from the remember-me cookie in 8.0.', __METHOD__);
         }
 
-        return $this->class;
+        return $this->class ?? '';
     }
 
     public function getUserIdentifier(): string
diff --git a/Tests/Authentication/RememberMe/CacheTokenVerifierTest.php b/Tests/Authentication/RememberMe/CacheTokenVerifierTest.php
@@ -21,22 +21,22 @@ class CacheTokenVerifierTest extends TestCase
     public function testVerifyCurrentToken()
     {
         $verifier = new CacheTokenVerifier(new ArrayAdapter());
-        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
+        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);
         $this->assertTrue($verifier->verifyToken($token, 'value'));
     }
 
     public function testVerifyFailsInvalidToken()
     {
         $verifier = new CacheTokenVerifier(new ArrayAdapter());
-        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
+        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);
         $this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
     }
 
     public function testVerifyOutdatedToken()
     {
         $verifier = new CacheTokenVerifier(new ArrayAdapter());
-        $outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
-        $newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable());
+        $outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);
+        $newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable(), false);
         $verifier->updateExistingToken($outdatedToken, 'newvalue', new \DateTimeImmutable());
         $this->assertTrue($verifier->verifyToken($newToken, 'value'));
     }
diff --git a/Tests/Authentication/RememberMe/InMemoryTokenProviderTest.php b/Tests/Authentication/RememberMe/InMemoryTokenProviderTest.php
@@ -22,7 +22,7 @@ public function testCreateNewToken()
     {
         $provider = new InMemoryTokenProvider();
 
-        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable());
+        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable(), false);
         $provider->createNewToken($token);
 
         $this->assertSame($provider->loadTokenBySeries('foo'), $token);
@@ -38,7 +38,7 @@ public function testUpdateToken()
     {
         $provider = new InMemoryTokenProvider();
 
-        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable());
+        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable(), false);
         $provider->createNewToken($token);
         $provider->updateToken('foo', 'newFoo', $lastUsed = new \DateTime());
         $token = $provider->loadTokenBySeries('foo');
@@ -51,7 +51,7 @@ public function testDeleteToken()
     {
         $provider = new InMemoryTokenProvider();
 
-        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable());
+        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable(), false);
         $provider->createNewToken($token);
         $provider->deleteTokenBySeries('foo');
 
diff --git a/Tests/Authentication/RememberMe/PersistentTokenTest.php b/Tests/Authentication/RememberMe/PersistentTokenTest.php
@@ -21,7 +21,7 @@ class PersistentTokenTest extends TestCase
     public function testConstructor()
     {
         $lastUsed = new \DateTimeImmutable();
-        $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', $lastUsed);
+        $token = new PersistentToken('fooname', 'fooseries', 'footokenvalue', $lastUsed);
 
         $this->assertEquals('fooname', $token->getUserIdentifier());
         $this->assertEquals('fooseries', $token->getSeries());
@@ -32,7 +32,7 @@ public function testConstructor()
     public function testDateTime()
     {
         $lastUsed = new \DateTime();
-        $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', $lastUsed);
+        $token = new PersistentToken('fooname', 'fooseries', 'footokenvalue', $lastUsed);
 
         $this->assertEquals($lastUsed, $token->getLastUsed());
     }

Original file line number	Diff line number	Diff line change
`@@ -21,22 +21,22 @@ class CacheTokenVerifierTest extends TestCase`
`21`	`21`	`public function testVerifyCurrentToken()`
`22`	`22`	`{`
`23`	`23`	`$verifier = new CacheTokenVerifier(new ArrayAdapter());`
`24`		`- $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());`
	`24`	`+ $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);`
`25`	`25`	`$this->assertTrue($verifier->verifyToken($token, 'value'));`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`public function testVerifyFailsInvalidToken()`
`29`	`29`	`{`
`30`	`30`	`$verifier = new CacheTokenVerifier(new ArrayAdapter());`
`31`		`- $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());`
	`31`	`+ $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);`
`32`	`32`	`$this->assertFalse($verifier->verifyToken($token, 'wrong-value'));`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`public function testVerifyOutdatedToken()`
`36`	`36`	`{`
`37`	`37`	`$verifier = new CacheTokenVerifier(new ArrayAdapter());`
`38`		`- $outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());`
`39`		`- $newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable());`
	`38`	`+ $outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable(), false);`
	`39`	`+ $newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable(), false);`
`40`	`40`	`$verifier->updateExistingToken($outdatedToken, 'newvalue', new \DateTimeImmutable());`
`41`	`41`	`$this->assertTrue($verifier->verifyToken($newToken, 'value'));`
`42`	`42`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ class PersistentTokenTest extends TestCase`
`21`	`21`	`public function testConstructor()`
`22`	`22`	`{`
`23`	`23`	`$lastUsed = new \DateTimeImmutable();`
`24`		`- $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', $lastUsed);`
	`24`	`+ $token = new PersistentToken('fooname', 'fooseries', 'footokenvalue', $lastUsed);`
`25`	`25`
`26`	`26`	`$this->assertEquals('fooname', $token->getUserIdentifier());`
`27`	`27`	`$this->assertEquals('fooseries', $token->getSeries());`
`@@ -32,7 +32,7 @@ public function testConstructor()`
`32`	`32`	`public function testDateTime()`
`33`	`33`	`{`
`34`	`34`	`$lastUsed = new \DateTime();`
`35`		`- $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', $lastUsed);`
	`35`	`+ $token = new PersistentToken('fooname', 'fooseries', 'footokenvalue', $lastUsed);`
`36`	`36`
`37`	`37`	`$this->assertEquals($lastUsed, $token->getLastUsed());`
`38`	`38`	`}`