[HttpFoundation] Deprecate Request::get() in favor of using properties ->attributes, query or request directly

Author: nicolas-grekas

AccessToken/FormEncodedBodyExtractor.php

@@ -34,10 +34,7 @@ public function __construct(
 
     public function extractAccessToken(Request $request): ?string
     {
-        if (
-            Request::METHOD_POST !== $request->getMethod()
-            || !str_starts_with($request->headers->get('CONTENT_TYPE', ''), 'application/x-www-form-urlencoded')
-        ) {
+        if ('POST' !== $request->getMethod() || !str_starts_with($request->headers->get('CONTENT_TYPE', ''), 'application/x-www-form-urlencoded')) {
             return null;
         }
         $parameter = $request->request->get($this->parameter);

Authenticator/LoginLinkAuthenticator.php

@@ -51,7 +51,7 @@ public function supports(Request $request): ?bool
 
     public function authenticate(Request $request): Passport
     {
-        if (!$username = $request->get('user')) {
+        if (!$username = $request->query->get('user') ?? (!\in_array($request->getMethod(), ['GET', 'HEAD'], true) ? $request->request->get('user') : null)) {
             throw new InvalidLoginLinkAuthenticationException('Missing user from link.');
         }
 

Firewall/SwitchUserListener.php

@@ -65,7 +65,7 @@ public function __construct(
     public function supports(Request $request): ?bool
     {
         // usernames can be falsy
-        $username = $request->get($this->usernameParameter);
+        $username = $request->query->get($this->usernameParameter) ?? (!\in_array($request->getMethod(), ['GET', 'HEAD'], true) ? $request->request->get($this->usernameParameter) : null);
 
         if (null === $username || '' === $username) {
             $username = $request->headers->get($this->usernameParameter);

HttpUtils.php

@@ -88,8 +88,8 @@ public function createRequest(Request $request, string $path): Request
             $newRequest->attributes->set(SecurityRequestAttributes::LAST_USERNAME, $request->attributes->get(SecurityRequestAttributes::LAST_USERNAME));
         }
 
-        if ($request->get('_format')) {
-            $newRequest->attributes->set('_format', $request->get('_format'));
+        if ($request->attributes->has('_format')) {
+            $newRequest->attributes->set('_format', $request->attributes->get('_format'));
         }
         if ($request->getDefaultLocale() !== $request->getLocale()) {
             $newRequest->setLocale($request->getLocale());

LoginLink/LoginLinkHandler.php

@@ -22,6 +22,7 @@
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Http\LoginLink\Exception\ExpiredLoginLinkException;
 use Symfony\Component\Security\Http\LoginLink\Exception\InvalidLoginLinkException;
+use Symfony\Component\Security\Http\ParameterBagUtils;
 
 /**
  * @author Ryan Weaver <ryan@symfonycasts.com>
@@ -79,16 +80,16 @@ public function createLoginLink(UserInterface $user, ?Request $request = null, ?
 
     public function consumeLoginLink(Request $request): UserInterface
     {
-        $userIdentifier = $request->get('user');
+        $userIdentifier = ParameterBagUtils::getRequestParameterValue($request, 'user');
 
-        if (!$hash = $request->get('hash')) {
+        if (!$hash = ParameterBagUtils::getRequestParameterValue($request, 'hash')) {
             throw new InvalidLoginLinkException('Missing "hash" parameter.');
         }
         if (!\is_string($hash)) {
             throw new InvalidLoginLinkException('Invalid "hash" parameter.');
         }
 
-        if (!$expires = $request->get('expires')) {
+        if (!$expires = ParameterBagUtils::getRequestParameterValue($request, 'expires')) {
             throw new InvalidLoginLinkException('Missing "expires" parameter.');
         }
         if (!preg_match('/^\d+$/', $expires)) {

ParameterBagUtils.php

@@ -62,13 +62,15 @@ public static function getParameterBagValue(ParameterBag $parameters, string $pa
      */
     public static function getRequestParameterValue(Request $request, string $path, array $parameters = []): mixed
     {
+        $get = static fn ($path) => $request->attributes->get($path) ?? $request->query->all()[$path] ?? (!\in_array($request->getMethod(), ['GET', 'HEAD'], true) ? $request->request->all()[$path] ?? null : null);
+
         if (false === $pos = strpos($path, '[')) {
-            return $parameters[$path] ?? $request->get($path);
+            return $parameters[$path] ?? $get($path);
         }
 
         $root = substr($path, 0, $pos);
 
-        if (null === $value = $parameters[$root] ?? $request->get($root)) {
+        if (null === $value = $parameters[$root] ?? $get($root)) {
             return null;
         }
 
@@ -77,7 +79,7 @@ public static function getRequestParameterValue(Request $request, string $path,
         try {
             $value = self::$propertyAccessor->getValue($value, substr($path, $pos));
 
-            if (null === $value && isset($parameters[$root]) && null !== $value = $request->get($root)) {
+            if (null === $value && isset($parameters[$root]) && null !== $value = $get($root)) {
                 $value = self::$propertyAccessor->getValue($value, substr($path, $pos));
             }
 

Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php

@@ -46,19 +46,17 @@ protected function setUp(): void
         $this->logger = $this->createMock(LoggerInterface::class);
 
         $this->session = $this->createMock(SessionInterface::class);
-        $this->request = $this->createMock(Request::class);
-        $this->request->attributes = new ParameterBag(['_stateless' => false]);
-        $this->request->expects($this->any())->method('getSession')->willReturn($this->session);
+        $this->request = Request::create('/');
+        $this->request->attributes->set('_stateless', false);
+        $this->request->setSession($this->session);
         $this->exception = $this->getMockBuilder(AuthenticationException::class)->onlyMethods(['getMessage'])->getMock();
     }
 
     public function testForward()
     {
         $options = ['failure_forward' => true];
 
-        $subRequest = $this->getRequest();
-        $subRequest->attributes->expects($this->once())
-            ->method('set')->with(SecurityRequestAttributes::AUTHENTICATION_ERROR, $this->exception);
+        $subRequest = Request::create('/');
         $this->httpUtils->expects($this->once())
             ->method('createRequest')->with($this->request, '/login')
             ->willReturn($subRequest);
@@ -67,6 +65,7 @@ public function testForward()
         $result = $handler->onAuthenticationFailure($this->request, $this->exception);
 
         $this->assertSame($this->response, $result);
+        $this->assertSame($this->exception, $subRequest->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR));
     }
 
     public function testRedirect()
@@ -106,9 +105,7 @@ public function testExceptionIsPassedInRequestOnForward()
     {
         $options = ['failure_forward' => true];
 
-        $subRequest = $this->getRequest();
-        $subRequest->attributes->expects($this->once())
-            ->method('set')->with(SecurityRequestAttributes::AUTHENTICATION_ERROR, $this->exception);
+        $subRequest = Request::create('/');
 
         $this->httpUtils->expects($this->once())
             ->method('createRequest')->with($this->request, '/login')
@@ -118,6 +115,8 @@ public function testExceptionIsPassedInRequestOnForward()
 
         $handler = new DefaultAuthenticationFailureHandler($this->httpKernel, $this->httpUtils, $options, $this->logger);
         $handler->onAuthenticationFailure($this->request, $this->exception);
+
+        $this->assertSame($this->exception, $subRequest->attributes->get(SecurityRequestAttributes::AUTHENTICATION_ERROR));
     }
 
     public function testRedirectIsLogged()
@@ -137,7 +136,7 @@ public function testForwardIsLogged()
 
         $this->httpUtils->expects($this->once())
             ->method('createRequest')->with($this->request, '/login')
-            ->willReturn($this->getRequest());
+            ->willReturn(Request::create('/'));
 
         $this->logger
             ->expects($this->once())
@@ -161,9 +160,7 @@ public function testFailurePathCanBeOverwritten()
 
     public function testFailurePathCanBeOverwrittenWithRequest()
     {
-        $this->request->expects($this->once())
-            ->method('get')->with('_failure_path')
-            ->willReturn('/auth/login');
+        $this->request->attributes->set('_failure_path', '/auth/login');
 
         $this->httpUtils->expects($this->once())
             ->method('createRedirectResponse')->with($this->request, '/auth/login');
@@ -174,9 +171,7 @@ public function testFailurePathCanBeOverwrittenWithRequest()
 
     public function testFailurePathCanBeOverwrittenWithNestedAttributeInRequest()
     {
-        $this->request->expects($this->once())
-            ->method('get')->with('_failure_path')
-            ->willReturn(['value' => '/auth/login']);
+        $this->request->attributes->set('_failure_path', ['value' => '/auth/login']);
 
         $this->httpUtils->expects($this->once())
             ->method('createRedirectResponse')->with($this->request, '/auth/login');
@@ -189,9 +184,7 @@ public function testFailurePathParameterCanBeOverwritten()
     {
         $options = ['failure_path_parameter' => '_my_failure_path'];
 
-        $this->request->expects($this->once())
-            ->method('get')->with('_my_failure_path')
-            ->willReturn('/auth/login');
+        $this->request->attributes->set('_my_failure_path', '/auth/login');
 
         $this->httpUtils->expects($this->once())
             ->method('createRedirectResponse')->with($this->request, '/auth/login');
@@ -204,9 +197,7 @@ public function testFailurePathFromRequestWithInvalidUrl()
     {
         $options = ['failure_path_parameter' => '_my_failure_path'];
 
-        $this->request->expects($this->once())
-            ->method('get')->with('_my_failure_path')
-            ->willReturn('some_route_name');
+        $this->request->attributes->set('_my_failure_path', 'some_route_name');
 
         $this->logger->expects($this->exactly(2))
             ->method('debug')
@@ -229,22 +220,12 @@ public function testAbsoluteUrlRedirectionFromRequest()
     {
         $options = ['failure_path_parameter' => '_my_failure_path'];
 
-        $this->request->expects($this->once())
-            ->method('get')->with('_my_failure_path')
-            ->willReturn('https://localhost/some-path');
+        $this->request->attributes->set('_my_failure_path', 'https://localhost/some-path');
 
         $this->httpUtils->expects($this->once())
             ->method('createRedirectResponse')->with($this->request, 'https://localhost/some-path');
 
         $handler = new DefaultAuthenticationFailureHandler($this->httpKernel, $this->httpUtils, $options, $this->logger);
         $handler->onAuthenticationFailure($this->request, $this->exception);
     }
-
-    private function getRequest()
-    {
-        $request = $this->createMock(Request::class);
-        $request->attributes = $this->createMock(ParameterBag::class);
-
-        return $request;
-    }
 }

Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php

@@ -146,10 +146,8 @@ public function testTargetPathFromRequestWithInvalidUrl()
         $options = ['target_path_parameter' => '_my_target_path'];
         $token = $this->createMock(TokenInterface::class);
 
-        $request = $this->createMock(Request::class);
-        $request->expects($this->once())
-            ->method('get')->with('_my_target_path')
-            ->willReturn('some_route_name');
+        $request = Request::create('/');
+        $request->attributes->set('_my_target_path', 'some_route_name');
 
         $logger = $this->createMock(LoggerInterface::class);
         $logger->expects($this->once())
@@ -165,10 +163,8 @@ public function testTargetPathWithAbsoluteUrlFromRequest()
     {
         $options = ['target_path_parameter' => '_my_target_path'];
 
-        $request = $this->createMock(Request::class);
-        $request->expects($this->once())
-            ->method('get')->with('_my_target_path')
-            ->willReturn('https://localhost/some-path');
+        $request = Request::create('/');
+        $request->attributes->set('_my_target_path', 'https://localhost/some-path');
 
         $httpUtils = $this->createMock(HttpUtils::class);
         $httpUtils->expects($this->once())