Skip to content

[Security] Deprecate callable firewall listeners #60614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 23, 2025
Merged

[Security] Deprecate callable firewall listeners #60614

merged 1 commit into from
Jun 23, 2025

Conversation

MatTheCat
Copy link
Contributor

@MatTheCat MatTheCat commented Jun 1, 2025
edited
Loading

Q A
Branch? 7.4
Bug fix? no
New feature? no
Deprecations? yes
Issues N/A
License MIT

After spending some time in the Security component it occurred to me callable firewall listeners are obsolete now that we got the FirewallListenerInterface. Their deprecation has already been suggested (like in #34627 (comment) or #38751 (review)), so this PR does it.

@MatTheCat MatTheCat requested a review from chalasr as a code owner June 1, 2025 14:01
@carsonbot carsonbot added this to the 7.4 milestone Jun 1, 2025
Spomky
Spomky reviewed Jun 1, 2025
View reviewed changes
Copy link
Contributor

@Spomky Spomky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Just one remark about the changlog.

chalasr
chalasr requested changes Jun 1, 2025
View reviewed changes
@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch 2 times, most recently from f2b8c5e to 311c89f Compare June 5, 2025 08:40
@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch from 311c89f to 253ed34 Compare June 11, 2025 08:34
chalasr
chalasr reviewed Jun 11, 2025
View reviewed changes
@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch 3 times, most recently from 225e787 to fd98438 Compare June 12, 2025 21:11
@MatTheCat
Copy link
Contributor Author

Just noticed that the LazyFirewallContext can also run the firewall listeners so I added the deprecation in there. I also moved the changelog entry to the security-http’s instead of the security-bundle’s.

@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch from fd98438 to 2b96194 Compare June 12, 2025 21:24
@MatTheCat MatTheCat mentioned this pull request Jun 13, 2025
Merged
@xabbuh xabbuh reopened this Jun 15, 2025
@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch 4 times, most recently from e900519 to c4d7fce Compare June 15, 2025 10:54
@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch 4 times, most recently from 7dd75b6 to 2b4d065 Compare June 15, 2025 11:59
@MatTheCat
Copy link
Contributor Author

With this PR AbstractListener::__invoke shouldn’t be called anymore, should I deprecate it as well? That would only leave its getPriority method so maybe the AbstractListener can be deprecated entirely?

@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch from 2b4d065 to 3b041a7 Compare June 17, 2025 14:05
nicolas-grekas
nicolas-grekas reviewed Jun 23, 2025
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's keep AbstractListener, it's not a big deal - but let's deprecate its __invoke method.

src/Symfony/Component/Security/Http/Firewall.php
@@ -134,8 +137,8 @@ protected function callListeners(RequestEvent $event, iterable $listeners)
}
}

private function getListenerPriority(object $logoutListener): int
private function getListenerPriority(object $listener): int
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's remember to inline this method on 8.0

@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch 4 times, most recently from c1a12a9 to 11f9c3f Compare June 23, 2025 10:00
@MatTheCat
Copy link
Contributor Author

Let's keep AbstractListener, it's not a big deal - but let's deprecate its __invoke method.

Done; I also deprecated LazyFirewallContext::__invoke() for the same reason.

@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch 3 times, most recently from 41ffe67 to a516e13 Compare June 23, 2025 10:29
@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch from a516e13 to 5234217 Compare June 23, 2025 16:02
@MatTheCat MatTheCat force-pushed the deprecate-callable-firewall-listener branch from 5234217 to 510e506 Compare June 23, 2025 16:04
@MatTheCat
Copy link
Contributor Author

Just to be sure: WrappedListener doesn’t need to be deprecated because it’s @internal?

@nicolas-grekas
Copy link
Member

Thank you @MatTheCat.

@nicolas-grekas nicolas-grekas merged commit 868f3dc into symfony:7.4 Jun 23, 2025
10 of 11 checks passed
@MatTheCat MatTheCat deleted the deprecate-callable-firewall-listener branch June 23, 2025 16:19
@MatTheCat MatTheCat mentioned this pull request Jun 23, 2025
Merged
nicolas-grekas added a commit that referenced this pull request Jun 24, 2025
@nicolas-grekas
feature #60879 [Security] Remove callable firewall listeners support …
c935ea5 
…(MatTheCat)

This PR was merged into the 8.0 branch.

Discussion
----------

[Security] Remove callable firewall listeners support

| Q             | A
| ------------- | ---
| Branch?       | 8.0
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Issues        | N/A
| License       | MIT

Follow-up of #60614

Now that firewall listeners must implement `FirewallListenerInterface`, their traceable version’s stub can be their class name again.

Commits
-------

fcadbf0 Remove callable firewall listeners support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@Spomky Spomky Spomky approved these changes

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Deprecation Security Status: Reviewed
Projects
None yet
Milestone
7.4
Development

Successfully merging this pull request may close these issues.
6 participants
@MatTheCat @nicolas-grekas @Spomky @chalasr @xabbuh @carsonbot
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy