New in Symfony 4.1: Deprecated the AdvancedUserInterface

March 2, 2018 · Published by Avatar of Javier Eguiluz Javier Eguiluz

Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.

Lynn van der Berg

Contributed by
Lynn van der Berg
in #23508.

Security is the trickiest part of any application, but the Symfony Security component helps you solve most of those problems. However, providing simple security tools to developers while maintaining first-class security which follows the latest best practices in the security field is a challenging problem.

One of our ongoing goals for security is to simplify some of its features. That's why in Symfony 4.1 we have deprecated the AdvancedUserInterface. This interface provided extra methods to the base user class related to account status flags:

1
2
3
4
5
6
7
8
9
namespace Symfony\Component\Security\Core\User;

interface AdvancedUserInterface extends UserInterface
{
    public function isAccountNonExpired();
    public function isAccountNonLocked();
    public function isCredentialsNonExpired();
    public function isEnabled();
}

Given that these methods are mostly related to your application domain logic, we've decided to deprecate it in Symfony 4.1 and remove it in Symfony 5.0. No alternative is provided for this interface. If you need this kind of checks, create a user checker, which perform additional checks during the authentication of a user to verify if the identified user is allowed to log in.

Published in #Living on the edge

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Avatar of Alex Rock
Alex Rock Certified said on Mar 2, 2018
I waited so long for this! ♥
Avatar of Guillaume Loulier
Guillaume Loulier Certified said on Mar 2, 2018
Oh god yes, finally, that's what I call a really good news!
Avatar of Ghost
Ghost said on Mar 3, 2018
Never used it :) Good call!
Avatar of Jonathan Kablan
Jonathan Kablan said on Mar 5, 2018
But UserInterface could existe alway in the 4.1 ?
Avatar of Marsiglietti
Marsiglietti said on Apr 8, 2018
@Jonathan Kablan

Yes, UserInterface still exist in 4.1, the post is about AdvancedUserInterface which add some more options linked to the account.

For example:
- not validated : account mail valiation requierment
- locked : account ban
- expired : account is only valid for an amount of time (like payed each month)
- etc ...

Now thoose functionality has to be made manually for thoose who used it (by creating manually the interface in src/(...) for example).

By the way in 4.1AdvancedUserInterface is just deprecated, so it still exist but planed to be removed in the futur.

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.