Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[SecurityBundle] Don't normalize username of in-memory users#21718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:masterfromchalasr:in-memory-normalizekeys
Feb 22, 2017

Conversation

@chalasr
Copy link
Member

@chalasrchalasr commentedFeb 22, 2017
edited
Loading

QA
Branch?master
Bug fix?no
New feature?yes
BC breaks?yes
Deprecations?no
Tests pass?yes
Fixed ticketsn/a
LicenseMIT
Doc PRn/a

It's common to have e.g. emails as keys insecurity.providers.in_memory.users since keys are username. Actually they are normalized sofoo-bar@gmail.com becomesfoo_bar@gmail.com and authentication fails unexpectedly.

ogizanagi reacted with thumbs up emojivrcAlbert reacted with hooray emojiro0NL reacted with heart emoji
@fabpot
Copy link
Member

That's a BC break (probably just for tests in end-users apps, but still). I would document the change and merge it on master.

@chalasrchalasrforce-pushed thein-memory-normalizekeys branch from1b4800d to0e378efCompareFebruary 22, 2017 17:15
@chalasrchalasr changed the base branch from2.7 tomasterFebruary 22, 2017 17:15
@chalasr
Copy link
MemberAuthor

Change documented and rebased on master.

@stof
Copy link
Member

@fabpot ideally, we should skip normalized for all prototyped nodes (and even remove the explicit config), but this is a BC break.
Transforming keys selected by the user is generally a WTF moment, especially if they need to use these keys elsewhere.
The normalization was added to allow writing XML config files feeling native, but keys for prototyped nodes are inside attribute values, and so don't need to use dashes to feel native.

I don't see a way to easily disable key normalization for prototyped nodes in an fully BC way though (even though it would break BC only for people who faced the WTF moment and decided to keep a WTF config files forever rather than using an underscore explicitly)

@chalasrchalasrforce-pushed thein-memory-normalizekeys branch 2 times, most recently fromcdf1908 to313e6e8CompareFebruary 22, 2017 17:34
@chalasrchalasrforce-pushed thein-memory-normalizekeys branch from313e6e8 to8d03332CompareFebruary 22, 2017 17:37
@fabpot
Copy link
Member

Thank you@chalasr.

@fabpotfabpot merged commit8d03332 intosymfony:masterFeb 22, 2017
fabpot added a commit that referenced this pull requestFeb 22, 2017
… users (chalasr)This PR was merged into the 3.3-dev branch.Discussion----------[SecurityBundle] Don't normalize username of in-memory users| Q             | A| ------------- | ---| Branch?       | master| Bug fix?      | no| New feature?  | yes| BC breaks?    | yes| Deprecations? | no| Tests pass?   | yes| Fixed tickets | n/a| License       | MIT| Doc PR        | n/aIt's common to have e.g. emails as keys in `security.providers.in_memory.users` since keys are username. Actually they are normalized so `foo-bar@gmail.com` becomes `foo_bar@gmail.com` and authentication fails unexpectedly.Commits-------8d03332 [SecurityBundle] Don't normalize keys of in-memory users
@chalasrchalasr deleted the in-memory-normalizekeys branchFebruary 22, 2017 22:53
@fabpotfabpot mentioned this pull requestMay 1, 2017
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@chalasr@fabpot@stof@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp