BAP-20198: Remove WSSE authentication (#40279)

Author: yurio

api/authentication/index.rst

@@ -13,12 +13,6 @@ Out-of-the-box, OroPlatform provides the following authentication mechanism:
    :maxdepth: 1
 
    oauth
-   wsse
-
-.. important::
-
-    Please note that WSSE authentication is deprecated and will be removed in one of the future LTS releases.
-    Use :ref:`OAuth authentication<web-services-api--authentication--oauth>` instead.
 
 
 .. admonition:: Business Tip

api/authentication/wsse.rst

@@ -80,10 +80,6 @@ case, entity data will be in the JSON format. Find more information on this form
 The **Curl Command Line** section contains an example of the CLI command to perform the request
 with |Curl|. This command may help emulate the real request to the API.
 
-.. important::
-
-    When performing Curl requests and using WSSE authentication, please ensure that your **X-WSSE** header is up to date for each request.
-
 *Edit a Record*
 
 To edit a record for a particular resource record with JSON:API, perform the PATCH method with the specified id parameter:

api/sandbox.rst

@@ -4,22 +4,22 @@ Configure Feature Depended Firewall Authenticators
 ==================================================
 
 API can be enabled or disabled via the system configuration. When the API is disabled, the API-related security firewalls
-should not use some authorization authenticators, for example, WSSE and OAuth authorization should be disabled.
+should not use some authorization authenticators, for example, OAuth authorization should be disabled.
 
 To be able to configure authenticators for a disabled API feature, use the following configuration:
 
 .. code-block:: yaml
 
     oro_api:
         api_firewalls:
-            api_wsse_secured: # firewall name
+            api_test_secured: # firewall name
                 feature_name: web_api
                 feature_firewall_authenticators: # list of authenticators that should be disabled when the feature specified in feature_name option is disabled
-                    - Oro\Bundle\WsseAuthenticationBundle\Security\Core\Authentication\WsseAuthenticator
-            wsse_secured:
+                    - Oro\Bundle\TestBundle\Security\Core\Authentication\SomeAuthenticator
+            test_secured:
                 feature_name: web_api
                 feature_firewall_authenticators:
-                    - Oro\Bundle\WsseAuthenticationBundle\Security\Core\Authentication\WsseAuthenticator
+                    - Oro\Bundle\TestBundle\Security\Core\Authentication\SomeAuthenticator
             api_options:
                 feature_name: web_api
 

backend/api/firewall-authenticators.rst

@@ -9,7 +9,7 @@ The following example shows how to get the total number of accounts:
 
 .. code-block:: none
 
-    curl "http://orocrm.loc/index_dev.php/api/accounts?page=1&limit=2" -v --header="X-Include:totalCount" --header="X-WSSE:..."
+    curl "http://orocrm.loc/index_dev.php/api/accounts?page=1&limit=2" -v --header="X-Include:totalCount" --header="..."
 
 The corresponding response:
 
@@ -20,7 +20,6 @@ The corresponding response:
     < X-Include-Total-Count: 67
     ...
 
-.. hint:: To generate a WSSE header, run: ``php bin/console oro:wsse:generate-header YOUR_API_KEY``.
 
 .. _existing-x-include-keys:
 

backend/api/headers.rst

@@ -5,7 +5,7 @@ Configure Stateless Security Firewalls
 
 The Symfony framework allows for the creation of stateless firewalls. In this case, the security token is not serialized for a session.
 
-However, when API calls are utilized in AJAX requests from the UI, the user's token data from the current session must be used instead of the firewall credentials (e.g., WSSE headers). For this purpose, the firewall should have the |context1| parameter with the context name that the system can use to authenticate the user.
+However, when API calls are utilized in AJAX requests from the UI, the user's token data from the current session must be used instead of the firewall credentials. For this purpose, the firewall should have the |context1| parameter with the context name that the system can use to authenticate the user.
 
 For example:
 

backend/api/security.rst

@@ -521,7 +521,7 @@ In this example, a user without sufficient permissions is trying to access a con
                 $this->getUrl('oro_api_get_users'),
                 ['limit' => 100],
                 [],
-                $this->generateWsseAuthHeader(LoadUserData::USER_NAME, LoadUserData::USER_API_KEY)
+                $this->generateApiAuthHeader(LoadUserData::USER_NAME)
             );
             $result = $this->client->getResponse();
             $this->assertJsonResponseStatusCodeEquals($result, 403);
@@ -538,7 +538,6 @@ Here is an example of a fixture that adds a user without permissions:
     use Doctrine\Common\DataFixtures\AbstractFixture;
     use Doctrine\Persistence\ObjectManager;
     use Oro\Bundle\UserBundle\Entity\Role;
-    use Oro\Bundle\UserBundle\Entity\UserApi;
     use Symfony\Component\DependencyInjection\ContainerAwareInterface;
     use Symfony\Component\DependencyInjection\ContainerAwareTrait;
 
@@ -564,12 +563,6 @@ Here is an example of a fixture that adds a user without permissions:
             // Creating new user
             $user = $userManager->createUser();
 
-            // Creating API entity for user, we will reference it in testGetUsersAPI method,
-            // if you are not going to test API you can skip it
-            $api = new UserApi();
-            $api->setApiKey(self::USER_API_KEY)
-                ->setUser($user);
-
             // Creating user
             $user
                 ->setUsername(self::USER_NAME)
@@ -578,7 +571,6 @@ Here is an example of a fixture that adds a user without permissions:
                 ->setLastName('User')
                 ->addRole($role)
                 ->setEmail('[email protected]')
-                ->setApi($api)
                 ->setSalt('');
 
             // Handle password encoding

backend/automated-tests/functional.rst

@@ -16,7 +16,7 @@ This bundle has the following configuration options:
         # The number of seconds the CSRF token should live for.
         csrf_token_lifetime: 3600
         # The service id that is used to cache CSRF tokens.
-        # If not specified the Oro\Bundle\SecurityBundle\Cache\WsseNoncePhpFileCache
+        # If not specified the oro_embedded_form.csrf_token_cache service
         # will be used that stores data in %kernel.cache_dir%/security/embedded_form
         csrf_token_cache_service_id: ~
 

bundles/platform/EmbeddedFormBundle/index.rst

@@ -7,7 +7,7 @@ OroRedisConfigBundle
 
 |OroRedisConfigBundle| provides configuration enhancements for Oro applications to enable usage of |Redis| for caching.
 
-The bundle enables developers to set Redis parameters in the application configuration YAML files and after that automatically enables and configures Redis caching services for different types of application caches (Doctrine cache, file cache, wsse_nonces cache, etc.) based on these parameters.
+The bundle enables developers to set Redis parameters in the application configuration YAML files and after that automatically enables and configures Redis caching services for different types of application caches (Doctrine cache, file cache, etc.) based on these parameters.
 
 .. admonition:: Business Tip
 
@@ -38,4 +38,4 @@ Resources
    :start-after: begin
 
 .. include:: /include/include-links-seo.rst
-   :start-after: begin
+   :start-after: begin

bundles/platform/RedisConfigBundle/index.rst

@@ -95,7 +95,7 @@ oro_website_search:
 
 oro_organization_pro:
     ignore_preferred_organization_tokens:
-        - cme\Bundle\DemoBundle\Security\AcmeWsseToken
+        - Acme\Bundle\DemoBundle\Security\AcmeCustomToken
 
 oro_sanitize:
     # Custom email domain for the 'email' sanitizing rule

code_examples/commerce/demo/Resources/config/oro/app.yml

@@ -56,5 +56,5 @@ Developer Documentation is intended for developers and contains information abou
   * Create a third-party integration through the OroIntegrationBundle
   * Create Twig email templates with certain pre-defined placeholders to define template metadata
   * Run regular time-based background tasks through cronjobs (on UNIX-based operating systems) or the Windows task scheduler
-  * Use REST API and WSSE Authentication to integrate Oro functionality into third-party software systems
+  * Use REST API and OAuth 2.0 to integrate Oro functionality into third-party software systems
 

code_examples/commerce/demo/Security/AcmeWsseToken.php

@@ -2853,14 +2853,6 @@ Links (Dev)
 
    <a href="https://oauth.net/2/grant-types/password/" target="_blank">OAuth 2.0 Password Grant</a>
 
-.. |WSSE specification| raw:: html
-
-   <a href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf" target="_blank">WSSE specification</a>
-
-.. |OroWsseAuthenticationBundle| raw:: html
-
-   <a href="https://github.com/oroinc/platform/tree/master/src/Oro/Bundle/WsseAuthenticationBundle" target="_blank">OroWsseAuthenticationBundle</a>
-
 .. |Curl| raw:: html
 
    <a href="https://curl.haxx.se/" target="_blank">Curl</a>

developer/index.rst

@@ -55,7 +55,6 @@ user/back-office/system/integrations/outlook/sync-flow /user/back-office/system/
 user/concept-guides/highlight-products/all-products /user/concept-guides/product-management
 user/concept-guides/pricing/pricing-overview /user/concept-guides/pricing
 backend/api/using/advanced-search /api/advanced-search
-backend/api/using/how-to-use-wsse-authentication /api/authentication/wsse
 backend/api/using/simple-search /api/simple-search
 concept-guides/highlight-products/featured /user/back-office/system/configuration/commerce/product/global-featured-products
 user/back-office/system/integrations/outlook/create-lead-opp-case /user/back-office/system/integrations
@@ -462,4 +461,4 @@ user/back-office/system/configuration/commerce/customer/global-consents /user/ba
 user/back-office/system/configuration/commerce/customer/global-contact-us /user/back-office/system/configuration/commerce/customer/global-interactions
 user/back-office/system/user-management/organizations/org-configuration/commerce/customers/organization-contact-us /user/back-office/system/user-management/organizations/org-configuration/commerce/customers/organization-interactions
 user/back-office/system/websites/web-configuration/commerce/customers/website-consents /user/back-office/system/websites/web-configuration/commerce/customers/website-interactions
-user/back-office/system/websites/web-configuration/commerce/customers/website-contact-us /user/back-office/system/websites/web-configuration/commerce/customers/website-interactions
+user/back-office/system/websites/web-configuration/commerce/customers/website-contact-us /user/back-office/system/websites/web-configuration/commerce/customers/website-interactions

include/include-links-dev.rst

@@ -3,7 +3,7 @@
 Configure Microsoft 365 OAuth Integration (Azure Active Directory Application)
 ==============================================================================
 
-Integration with Microsoft 365 via OAuth 2 API enables users to log in with their Microsoft 365 account and connect their mailbox to the Oro application using OAuth authentication.
+Integration with Microsoft 365 via OAuth 2.0 API enables users to log in with their Microsoft 365 account and connect their mailbox to the Oro application using OAuth 2.0 authentication.
 To achieve this, you need to register a custom Azure application and connect it with your Oro application.
 
 Register an Application in Azure
@@ -140,4 +140,4 @@ For that:
 
 
 .. include:: /include/include-links-user.rst
-   :start-after: begin
+   :start-after: begin