You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Add AuthenticationComponent::replaceIdentity()
Swaps the in-request identity attribute without going through
clearIdentity()/persistIdentity(). Useful for cache-warming the
active identity (eager-loaded associations, computed flags) without
ending impersonation or rotating the session.
Adds AuthenticationServiceInterface::buildIdentity() so the
component can build an identity object using the configured
identityClass via the public service API.
* Address PR review: drop interface BC break, add preserveImpersonation option
- AuthenticationServiceInterface: revert added buildIdentity() method
declaration and replace with a @method docblock annotation. Adding a
method to the interface is BC-breaking for any third-party implementer
and cannot ship in 4.x or 4.next.
- AuthenticationComponent::setIdentity() gains a $preserveImpersonation
flag. When true, the new identity is persisted into the session as
usual, but an active impersonation session is left intact (as is the
successfully resolved authenticator).
- AuthenticationService::clearIdentity() gains an optional third
$stopImpersonation parameter that backs the new behavior. The interface
signature is unchanged, so external implementers remain compatible.
- Adds tests covering both the preserveImpersonation path and the
default path that still ends impersonation.
* Document replaceIdentity() and setIdentity() preserveImpersonation option
- Adds a 'Replacing the current identity' section to
authentication-component.md covering setIdentity(), replaceIdentity()
and the preserveImpersonation flag with usage examples.
- Adds a third 'Limitations' bullet to impersonation.md explaining that
setIdentity()/clearIdentity() end impersonation by default and pointing
at the two new APIs as the supported workarounds.
* Apply suggestions from code review
Co-authored-by: Mark Story <mark@mark-story.com>
* Fix isImpersonating() throwing after default setIdentity()
After a default setIdentity() the successful authenticator is reset to
null (via clearIdentity with stopImpersonation). Calling isImpersonating()
afterwards then threw InvalidArgumentException 'No AuthenticationProvider
present.' instead of reporting that no impersonation is active.
Treat a missing authentication provider as not impersonating, since an
unauthenticated request cannot be impersonating anyone. The misconfig
throw for providers that do not implement ImpersonationInterface is
preserved.
* Drop setIdentity()/clearIdentity() signature changes, defer to next major
Per review: replaceIdentity() already covers the reported request-only
refresh case as an opt-in addition, so the preserveImpersonation option on
setIdentity() and the stopImpersonation flag on clearIdentity() are not
needed on 4.x. Revert both to their original signatures and keep the public
API surface unchanged for this minor; the signature expansion can land in
the next major instead.
Kept: replaceIdentity(), the buildIdentity() interface annotation it relies
on, the isImpersonating() null guard, and the default-behavior regression
test.
---------
Co-authored-by: Mark Story <mark@mark-story.com>
Copy file name to clipboardExpand all lines: src/AuthenticationServiceInterface.php
+3Lines changed: 3 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -21,6 +21,9 @@
21
21
useAuthentication\Authenticator\ResultInterface;
22
22
usePsr\Http\Message\ServerRequestInterface;
23
23
24
+
/**
25
+
* @method \Authentication\IdentityInterface buildIdentity(\ArrayAccess<string, mixed>|array<string, mixed> $identityData) Build an identity object from raw identity data.
0 commit comments