Skip to content

feat: upgrade to Symfony 6.4/7.0 and PHP 8.1#93

Open
jaapromijn wants to merge 1 commit intomasterfrom
feat/upgrade-symfony-6-7
Open

feat: upgrade to Symfony 6.4/7.0 and PHP 8.1#93
jaapromijn wants to merge 1 commit intomasterfrom
feat/upgrade-symfony-6-7

Conversation

@jaapromijn
Copy link
Contributor

@jaapromijn jaapromijn commented Mar 10, 2026

Summary

Upgrades the bundle from Symfony 4/5 / PHP 7.3 to Symfony ^6.4 || ^7.0 and PHP ^8.1.

This is required to unblock the eindhoven-doet project's upgrade to Symfony 7.4 / PHP 8.4.

Changes

composer.json

  • PHP: ^7.3^8.1
  • All Symfony constraints: ^4.4 || ^5.0^6.4 || ^7.0
  • Removed: sensio/framework-extra-bundle, symfony/security-guard, symfony/templating, php-http/guzzle6-adapter
  • Added: php-http/guzzle7-adapter ^1.0
  • Updated: haydenpierce/class-finder ^0.5, league/html-to-markdown ^5.0, gisostallenberg/response-content-negotiation-bundle ^2.0
  • Doctrine: broadened to support ORM ^2.17 || ^3.0, persistence ^2.0 || ^3.0
  • Dev: phpstan ^1, phpunit ^10, rector ^1, php-cs-fixer ^3

Security (Guard → new Authenticator system)

  • UserBundleAuthenticator rewritten from AbstractFormLoginAuthenticator (Guard) to AbstractLoginFormAuthenticator with Passport / UserBadge / PasswordCredentials API
  • AuthenticateUserSubscriber migrated from GuardAuthenticatorHandler to UserAuthenticatorInterface

Password hashing

  • UserPasswordEncoderInterfaceUserPasswordHasherInterface
  • encodePassword()hashPassword() in all affected files

Controllers

  • All @Route / @IsGranted docblock annotations converted to PHP 8 #[Route] / #[IsGranted] attributes (Symfony 6+ namespaces)

Services

  • services.yaml: updated service references for password hasher, user authenticator, request stack

Testing needed

  • Registration flow
  • Login / CSRF authentication
  • Password reset flow
  • Account management
  • OAuth (if configured)

feat: upgrade to Symfony 6.4/7.0 and PHP 8.1
e273c1d 
- PHP: ^7.3 → ^8.1
- All Symfony constraints: ^4.4 || ^5.0 → ^6.4 || ^7.0
- Remove symfony/security-guard (dropped in Symfony 6)
- Remove symfony/templating (dropped in Symfony 6)
- Remove sensio/framework-extra-bundle (dropped in Symfony 7)
- Replace php-http/guzzle6-adapter with guzzle7-adapter
- Update twig/twig to ^3.0
- Update haydenpierce/class-finder to ^0.5.0
- Update league/html-to-markdown to ^5.0
- Update gisostallenberg/response-content-negotiation-bundle to ^2.0
- Update rollerworks/password-strength-validator to ^1.7
- Update doctrine/collections to ^1.6 || ^2.0
- Update doctrine/orm to ^2.17 || ^3.0
- Update doctrine/persistence to ^2.0 || ^3.0
- Update doctrine/doctrine-bundle to ^2.7
- Update stof/doctrine-extensions-bundle to ^1.9
- Update php-http/httplug-bundle to ^1.16 || ^2.0
- Add symfony/password-hasher and symfony/deprecation-contracts
- Update require-dev: phpstan ^1.0, phpunit ^10, rector ^1.0, php-cs-fixer ^3.0
- Remove deprecated require-dev packages (security-checker, composer-unused, composer-require-checker)
- Update branch-alias to 3.0.x-dev

Security:
- Rewrite UserBundleAuthenticator to extend AbstractLoginFormAuthenticator
  (new authenticator system, replaces Guard)
- Replace GuardAuthenticatorHandler with UserAuthenticatorInterface in
  AuthenticateUserSubscriber

Controllers:
- Replace @Route/@IsGranted docblock annotations with PHP 8 attributes
- Use Symfony\Component\Routing\Attribute\Route (not Annotation\Route)
- Use Symfony\Component\Security\Http\Attribute\IsGranted
- Remove unused Session injection from RegistrationController and ResetController

Password hashing:
- Replace UserPasswordEncoderInterface with UserPasswordHasherInterface
- Replace encodePassword() with hashPassword() throughout

Session:
- Replace SessionInterface injection with RequestStack in FlashSubscriber

Services:
- Update service wiring for new security services
- Replace @security.user_password_encoder.generic with @security.password_hasher
- Replace @security.authentication.guard_handler with @security.user_authenticator
- Replace @session with @request_stack where needed

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@jaapromijn
Copy link
Contributor Author

jaapromijn commented Mar 10, 2026

⚠️ API Platform code not yet migrated

The src/ApiPlatform/ directory (7 files) was intentionally left untouched in this PR. It still uses the AP2 API:

  • use ApiPlatform\Core\Annotation as Api (AP3 namespace is ApiPlatform\Metadata)
  • @Api\ApiResource(...) docblock annotations (AP3 uses PHP 8 #[ApiResource] attributes)
  • collectionOperations / itemOperations (AP3 uses #[GetCollection], #[Post] etc.)
  • messenger=true (AP3 uses #[ApiResource(messenger: true)])

Why deferred: api-platform/core is a suggest dependency (not required), and AP2 ^2.7 still runs on Symfony 6/7. The consuming app (eindhoven-doet) is still on AP2 — migrating user-bundle to AP3 now would break it.

When to do it: As part of Phase 5 (API Platform 2→3 upgrade), migrating this bundle and the main app together in one step.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jaapromijn