feat!: permit use of the lib under Symfony 5

BREAKING CHANGE: the User class no longer implements Symfony's
AdvancedUserInterface which was removed in Symfony 5.  Instead of using
the methods of the removed interface, integrators should implement User
and Account checks in UserCheckers.  The LegacyAdvancedUserInterface is
available as a last resort.

Author: boite

UPGRADE-2.0.md

@@ -0,0 +1,10 @@
+UPGRADE FROM 1.9 to 2.0
+=======================
+
+- The User class no longer implements Symfony's `AdvancedUserInterface` which
+  it has been removed from Symfony 5.  Use of the methods of this interface
+  should be replaced by performing User and Account checks in UserCheckers.
+
+  A temporary replacement for the removed interface is
+  `UserBase\Client\Model\LegacyAdvancedUserInterface`, but use this only as a
+  last resort and as a temporary fix.

composer.json

@@ -18,14 +18,14 @@
     ],
     "require": {
         "php": ">=5.3.0",
-        "linkorb/userbase-role-contracts": "^1.0",
-        "symfony/security": "~2.6 || ~3.0 || ^4.0|| ^5.0",
+        "linkorb/envoi": "^1.1",
+        "linkorb/userbase-role-contracts": "^2.0",
         "psr/cache": "~1.0",
-        "symfony/cache": "~3.0|| ^4.0 || ^5.0 ",
-        "linkorb/envoi": "^1.1"
+        "symfony/cache": "~3.0 || ^4.0 || ^5.0",
+        "symfony/security-core": "~2.6 || ~3.0 || ^4.0 || ^5.0"
     },
     "require-dev": {
-      "symfony/dotenv": "~3.0 || ^4.0"
+      "symfony/dotenv": "~3.0 || ^4.0 || ^5.0"
     },
     "autoload": {
         "psr-4": {

src/Model/LegacyAdvancedUserInterface.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace UserBase\Client\Model;
+
+/**
+ * For backwards compatability only - use UserCheckers instead.
+ *
+ * This iface replaces Symfony\Component\Security\Core\User\AdvancedUserInterface
+ * which was removed from Symfony 5 because the User class is not the right place
+ * to implement account/user checks that influence whether or not a user is
+ * allowed to authenticate.  For more info about why it was removed see:
+ * https://github.com/symfony/symfony/issues/23292
+ *
+ * For info about UserCheckers see:
+ * https://symfony.com/doc/current/security/user_checkers.html
+ */
+interface LegacyAdvancedUserInterface extends UserInterface
+{
+    /**
+     * Check whether the user's account has expired.
+     *
+     * @return bool true if the user's account is non expired, false otherwise
+     */
+    public function isAccountNonExpired();
+
+    /**
+     * Check whether the user is locked.
+     *
+     * @return bool true if the user is not locked, false otherwise
+     */
+    public function isAccountNonLocked();
+
+    /**
+     * Check whether the user's credentials have expired.
+     *
+     * @return bool true if the user's credentials are non expired, false otherwise
+     */
+    public function isCredentialsNonExpired();
+
+    /**
+     * Check whether the user is enabled.
+     *
+     * @return bool true if the user is enabled, false otherwise
+     */
+    public function isEnabled();
+}

src/Model/User.php

@@ -4,20 +4,34 @@
 
 use LinkORB\Contracts\UserbaseRole\RoleInterface;
 use RuntimeException;
-use Symfony\Component\Security\Core\User\AdvancedUserInterface;
+use Symfony\Component\Security\Core\User\UserInterface as BaseUserInterface;
 
 final class User implements
     AccountContainerInterface,
-    AdvancedUserInterface,
+    BaseUserInterface,
+    LegacyAdvancedUserInterface,
     PolicyContainerInterface,
     RoleInterface,
     UserInterface
 {
-    private $password;
+    /**
+     * @deprecated
+     */
     private $enabled;
+    /**
+     * @deprecated
+     */
     private $accountNonExpired;
+    /**
+     * @deprecated
+     */
     private $credentialsNonExpired;
+    /**
+     * @deprecated
+     */
     private $accountNonLocked;
+
+    private $password;
     private $roles;
 
     private $createdAt;
@@ -134,21 +148,24 @@ public function getDisplayName()
     }
 
     /**
-     * {@inheritdoc}
+     * @deprecated
      */
     public function isAccountNonExpired()
     {
         return $this->accountNonExpired;
     }
 
     /**
-     * {@inheritdoc}
+     * @deprecated
      */
     public function isAccountNonLocked()
     {
         return $this->accountNonLocked;
     }
 
+    /**
+     * @deprecated
+     */
     public function setAccountNonLocked($accountNonLocked)
     {
         $this->accountNonLocked = $accountNonLocked;
@@ -157,21 +174,24 @@ public function setAccountNonLocked($accountNonLocked)
     }
 
     /**
-     * {@inheritdoc}
+     * @deprecated
      */
     public function isCredentialsNonExpired()
     {
         return $this->credentialsNonExpired;
     }
 
     /**
-     * {@inheritdoc}
+     * @deprecated
      */
     public function isEnabled()
     {
         return $this->enabled;
     }
 
+    /**
+     * @deprecated
+     */
     public function setEnabled($enabled)
     {
         $this->enabled = $enabled;

src/UserProvider.php

@@ -5,11 +5,11 @@
 use LinkORB\Contracts\UserbaseRole\RoleManagerInterface;
 use LinkORB\Contracts\UserbaseRole\RoleProviderInterface;
 use RuntimeException;
-use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
 use UserBase\Client\Event\UserLoadedEvent;
 use UserBase\Client\Model\User;
 
@@ -38,7 +38,7 @@ public function loadUserByUsername($username)
             $user = $this->client->getUserByUsername($username);
             if ($this->dispatcher) {
                 $event = new UserLoadedEvent($user);
-                $this->dispatcher->dispatch('userbase.user_loaded', $event);
+                $this->dispatcher->dispatch($event, 'userbase.user_loaded');
             }
         } catch (RuntimeException $e) {
             throw new UsernameNotFoundException(