Calling Developers!
We are reenergizing our code contribution process! Learn More

What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hello, i just started to update our b2b 202009 based project starting with all the minor updates. Se

UPWG9AYH2 Posts: 509 🧑🏻‍🚀 - Cadet
edited October 2021 in Help

i just started to update our b2b 202009 based project starting with all the minor updates. Seems the most updates has been applied and composer does not complain about an invalid package state.
However, when i run the shop there is immediately an error when entering the login page.

ErrorException - FATAL ERROR - Declaration of Spryker\Zed\SecurityOauthUser\Communication\Plugin\Security\Provider\OauthUserProvider::loadUserByUsername(string $username) must be compatible with Symfony\Component\Security\Core\User\UserProviderInterface::loadUserByUsername($username)

So, no error on project level.
There is an error, because spryker has declared the params type in the function extension, but the interface does not. So its incompatible now.
I was wondering what changed and it worked before but it seems something strange happened:
The minor update seemed to downgrade some modules like symfony/security-core … before it was v5.2.5 … now its v4.4.31 … also, none of the advanced composer update commands does solve the problem (e.g. -W, ignore plaform deps etc.)

Looking at the current spryker/symfony:3.7.0 (before update 3.5.1)there are some deps like

“symfony/security-core”: “^4.4.13 || ^5.2.8",
“symfony/security-guard”: “^4.4.13 || ^5.2.8",
“symfony/security-http”: “^4.4.13 || ^5.2.8",

It feels like composer favours on of the 4.x.xx version over the 5.x.x but i cant figure out why.

With the previous 3.5.1 version of spryker/symfony there where just the depdency with

“symfony/security-core”: “^4.4.13 || ^5.0.0",
“symfony/security-guard”: “^4.4.13 || ^5.0.0",
“symfony/security-http”: “^4.4.13 || ^5.0.7",

which resulted in core:v5.2.5, guard:v5.2.4 and http:v5.1.11

Tracing the dependencies of the core guard and http modules i am running in circles

composer why-not symfony/security-core:v5.2.8
symfony/security-http v4.4.30 requires symfony/security-core (^4.4.8)
composer why-not symfony/security-http:v5.2.8
symfony/security-guard   v4.4.27 requires     symfony/security-http (^4.4.1)
composer why-not symfony/security-guard:v5.2.8
symfony/security-guard   v5.2.8 requires     symfony/security-core (^5.0)

I guess there is somewhere a broken dep between the modules since composer does not complain but the interface is broken … any idea what to do? What do i miss?



  • giovanni.piemontese
    giovanni.piemontese Technical Lead @ Löffelhardt Spryker Solution Partner Posts: 871 🧑🏻‍🚀 - Cadet

    In your composer.json just:
    "symfony/security-core": "^4.4.13 || ~5.2.8"
    then u have sf 5.3 but only security core to 5.2.x that it is compatible with spryker security plugin

    UPWG9AYH2 Posts: 509 🧑🏻‍🚀 - Cadet

    Hi Giovanni,
    let me try that. Strange anyway if there are no conflicts but problems for real

  • Andriy Netseplyayev
    Andriy Netseplyayev Domain Lead Solution Architecture Sprykee Posts: 519 🧑🏻‍🚀 - Cadet

    yes, I had a similar one (it’s already known internally) - after update composer has found 2 possible package sets - one with Symfony 4.4 and one with 5.2. And by default it preferred to go with lower version and degraded the Symfony package I had before (since it was not explicitly fixed). But SecurityOauthUser was apparently compatible only with Symfony 5.
    So I had to explicitly do composer require package.. symfony/security-core:"^5.2.0" --with-all-dependencies

    UPWG9AYH2 Posts: 509 🧑🏻‍🚀 - Cadet

    Hey Andriy,
    requiring explicit with 5.x.x with all deps seems to solve the problem for me too.