Release v1.11.1

Author: imjoehaines

BugsnagBundle.php

@@ -11,5 +11,5 @@ class BugsnagBundle extends Bundle
      *
      * @return string
      */
-    const VERSION = '1.11.0';
+    const VERSION = '1.11.1';
 }

CHANGELOG.md

@@ -1,6 +1,13 @@
 Changelog
 =========
 
+## 1.11.1 (2022-01-19)
+
+### Bug Fixes
+
+* Call `getUserIdentifier` instead of `getUsername` on Symfony 6
+  [#145](https://github.com/bugsnag/bugsnag-symfony/pull/145)
+
 ## 1.11.0 (2021-12-13)
 
 ### Enhancements

DependencyInjection/ClientFactory.php

@@ -389,7 +389,21 @@ protected function setupUserDetection(Client $client, TokenStorageInterface $tok
             $user = $token->getUser();
 
             if ($user instanceof UserInterface) {
-                return ['id' => $user->getUsername()];
+                // Symfony 5.3 introduced 'getUserIdentifier' to replace 'getUsername'
+                // Symfony 6.0 removed 'getUsername'
+                if (method_exists(UserInterface::class, 'getUserIdentifier')) {
+                    return ['id' => $user->getUserIdentifier()];
+                }
+
+                // Symfony 5.4 and below use 'getUsername' ('getUserIdentifier'
+                // wasn't added to the interface until Symfony 6.0 for BC)
+                if (method_exists(UserInterface::class, 'getUsername')) {
+                    return ['id' => $user->getUsername()];
+                }
+
+                // if neither method exists then we don't know how to deal with
+                // this version of Symfony's UserInterface, so can't get an ID
+                return;
             }
 
             return ['id' => (string) $user];

features/fixtures/symfony-2/app/config/security.yml

@@ -4,8 +4,8 @@ security:
 
     # https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
     providers:
-        in_memory:
-            memory: ~
+        app_user_provider:
+            id: app.user_provider
 
     firewalls:
         # disables authentication for assets and the profiler, adapt it according to your needs
@@ -15,10 +15,8 @@ security:
 
         main:
             anonymous: ~
-            # activate different ways to authenticate
+            provider: app_user_provider
 
-            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
-            #http_basic: ~
-
-            # https://symfony.com/doc/current/security/form_login_setup.html
-            #form_login: ~
+            guard:
+                authenticators:
+                    - app.query_string_authenticator

features/fixtures/symfony-2/app/config/services.yml

@@ -14,3 +14,9 @@ services:
         arguments: ['@bugsnag']
         tags:
             - { name: twig.extension }
+
+    app.query_string_authenticator:
+        class: AppBundle\Security\QueryStringAuthenticator
+
+    app.user_provider:
+        class: AppBundle\Security\UserProvider

features/fixtures/symfony-2/src/AppBundle/Security/QueryStringAuthenticator.php

@@ -0,0 +1,80 @@
+<?php
+
+namespace AppBundle\Security;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
+
+class QueryStringAuthenticator extends AbstractGuardAuthenticator
+{
+    /**
+     * Called on every request to decide if this authenticator should be
+     * used for the request. Returning `false` will cause this authenticator
+     * to be skipped.
+     */
+    public function supports(Request $request): bool
+    {
+        return $request->query->has('name');
+    }
+
+    /**
+     * Called on every request. Return whatever credentials you want to
+     * be passed to getUser() as $credentials.
+     */
+    public function getCredentials(Request $request)
+    {
+        return $request->query->get('name');
+    }
+
+    public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
+    {
+        if (null === $credentials) {
+            return null;
+        }
+
+        return $userProvider->loadUserByUsername($credentials);
+    }
+
+    public function checkCredentials($credentials, UserInterface $user): bool
+    {
+        return true;
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
+    {
+        // on success, let the request continue
+        return null;
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        $data = [
+            'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
+        ];
+
+        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
+    }
+
+    /**
+     * Called when authentication is needed, but it's not sent
+     */
+    public function start(Request $request, AuthenticationException $authException = null): Response
+    {
+        $data = [
+            'message' => 'Authentication Required'
+        ];
+
+        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
+    }
+
+    public function supportsRememberMe(): bool
+    {
+        return false;
+    }
+}

features/fixtures/symfony-2/src/AppBundle/Security/User.php

@@ -0,0 +1,75 @@
+<?php
+
+namespace AppBundle\Security;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class User implements UserInterface
+{
+    private $id;
+
+    private $roles = [];
+
+    public function __construct(string $id)
+    {
+        $this->id = $id;
+    }
+
+    /**
+     * A visual identifier that represents this user.
+     *
+     * @see UserInterface
+     */
+    public function getUsername(): string
+    {
+        return $this->id;
+    }
+
+    /**
+     * @see UserInterface
+     */
+    public function getRoles(): array
+    {
+        $roles = $this->roles;
+
+        // guarantee every user at least has ROLE_USER
+        $roles[] = 'ROLE_USER';
+
+        return array_unique($roles);
+    }
+
+    public function setRoles(array $roles): self
+    {
+        $this->roles = $roles;
+
+        return $this;
+    }
+
+    /**
+     * This method can be removed in Symfony 6.0 - is not needed for apps that do not check user passwords.
+     *
+     * @see UserInterface
+     */
+    public function getPassword(): ?string
+    {
+        return null;
+    }
+
+    /**
+     * This method can be removed in Symfony 6.0 - is not needed for apps that do not check user passwords.
+     *
+     * @see UserInterface
+     */
+    public function getSalt(): ?string
+    {
+        return null;
+    }
+
+    /**
+     * @see UserInterface
+     */
+    public function eraseCredentials()
+    {
+        // If you store any temporary, sensitive data on the user, clear it here
+    }
+}

features/fixtures/symfony-2/src/AppBundle/Security/UserProvider.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace AppBundle\Security;
+
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+
+class UserProvider implements UserProviderInterface
+{
+    /**
+     * Symfony calls this method if you use features like switch_user
+     * or remember_me.
+     *
+     * If you're not using these features, you do not need to implement
+     * this method.
+     *
+     * @throws UsernameNotFoundException if the user is not found
+     */
+    public function loadUserByUsername($username): UserInterface
+    {
+        switch ($username) {
+            case 'abc':
+                return new User('abc-123');
+
+            case 'xyz':
+                return new User('xyz-789');
+
+            default:
+                throw new UsernameNotFoundException("No user exists with the name '{$username}'");
+        }
+    }
+
+    /**
+     * Refreshes the user after being reloaded from the session.
+     *
+     * When a user is logged in, at the beginning of each request, the
+     * User object is loaded from the session and then this method is
+     * called. Your job is to make sure the user's data is still fresh by,
+     * for example, re-querying for fresh User data.
+     *
+     * If your firewall is "stateless: true" (for a pure API), this
+     * method is not called.
+     */
+    public function refreshUser(UserInterface $user): UserInterface
+    {
+        if (!$user instanceof User) {
+            throw new UnsupportedUserException(sprintf('Invalid user class "%s".', get_class($user)));
+        }
+
+        // Return a User object after making sure its data is "fresh".
+        // Or throw a UsernameNotFoundException if the user no longer exists.
+        return $user;
+    }
+
+    /**
+     * Tells Symfony to use this provider for this User class.
+     */
+    public function supportsClass($class): bool
+    {
+        return User::class === $class || is_subclass_of($class, User::class);
+    }
+}

features/fixtures/symfony-4/config/packages/security.yaml

@@ -1,20 +1,20 @@
 security:
     # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
     providers:
-        users_in_memory: { memory: null }
+        # used to reload user from session & other features (e.g. switch_user)
+        app_user_provider:
+            id: App\Security\UserProvider
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
             anonymous: lazy
-            provider: users_in_memory
+            provider: app_user_provider
 
-            # activate different ways to authenticate
-            # https://symfony.com/doc/current/security.html#firewalls-authentication
-
-            # https://symfony.com/doc/current/security/impersonating_user.html
-            # switch_user: true
+            guard:
+                authenticators:
+                    - App\Security\QueryStringAuthenticator
 
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used