Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security] Make security.providers optional#26787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:masterfromMatTheCat:ticket_21998
Apr 19, 2018
Merged

[Security] Make security.providers optional#26787

fabpot merged 1 commit intosymfony:masterfromMatTheCat:ticket_21998
Apr 19, 2018

Conversation

@MatTheCat
Copy link
Contributor

@MatTheCatMatTheCat commentedApr 4, 2018
edited
Loading

QA
Branch?master
Bug fix?no
New feature?yes
BC breaks?no
Deprecations?no
Tests pass?yes
Fixed tickets#21998
LicenseMIT

Don't really know if it's viable but I just hit#21998 so I would like to tackle this.

@MatTheCat
Copy link
ContributorAuthor

@chalasr@stof do you think this can cause issues?

Also I don't know how to provide a proper error message in case a provider is needed but none is configured.

@chalasr
Copy link
Member

chalasr commentedApr 6, 2018
edited
Loading

Very complex topic, looks like you like them :) (#24805)

@weaverryan and me have this in mind for a while, the issue is that actually pretty much all security listeners are requiring a user provider for user loading/refreshment.
This misses new test case(s) (authentication with no configured provider), adding them will better answer your question.

@MatTheCat
Copy link
ContributorAuthor

MatTheCat commentedApr 6, 2018
edited
Loading

Yes the way we'll authenticate our users makes me discover some edge cases!

the issue is that actually pretty much all security listeners are requiring a user provider for user loading/refreshment.

I don't understand how this is an issue?

/**
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
* @expectedExceptionMessage Not configuring explicitly the provider for the "http_basic" listener on "ambiguous" firewall is ambiguous as there is more than one registered provider.
* @expectedException \TypeError
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

getting aTypeError when not setting the provider isn't fine to me as this aims to make it optional

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Yes I agree we need a proper error but I don't know when to throw it.

@MatTheCat
Copy link
ContributorAuthor

I created a dummy user provider whose sole purpose is to throw an exception, WDYT?

dmaicher reacted with thumbs up emoji

@weaverryan
Copy link
Member

Huh, a dummy provider is a really clever idea - it makes this very feasible (and sure, we could try to rip out the guts of the user provider system later... but that will be super hard and will probably never happen).

I like this!

@MatTheCat
Copy link
ContributorAuthor

Do we need a functional test where authentication is done without user provider?

@chalasr
Copy link
Member

@MatTheCat The config test added here should be enough

@MatTheCat
Copy link
ContributorAuthor

Are we good to go then or are some things missing?

@MatTheCat
Copy link
ContributorAuthor

Is it alright to letBadMethodCallExceptions empty?

thrownewInvalidConfigurationException(sprintf(
'"%s" firewall requires a user provider but none was defined.',
$firewall
));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

small thing: should be on one line.

$container->setDefinition(
$userProvider,
(newChildDefinition('security.user.provider.missing'))->replaceArgument(0,$id)
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

CS fix: should be on one line.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Oh okay.

/**
* @param string $firewall the firewall missing a provider
*/
publicfunction__construct($firewall)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

string typehint

@fabpot
Copy link
Member

Thank you@MatTheCat.

@fabpotfabpot merged commitee54bfa intosymfony:masterApr 19, 2018
fabpot added a commit that referenced this pull requestApr 19, 2018
This PR was squashed before being merged into the 4.1-dev branch (closes#26787).Discussion----------[Security] Make security.providers optional| Q             | A| ------------- | ---| Branch?       | master| Bug fix?      | no| New feature?  | yes| BC breaks?    | no| Deprecations? | no| Tests pass?   | yes| Fixed tickets |#21998| License       | MITDon't really know if it's viable but I just hit#21998 so I would like to tackle this.Commits-------ee54bfa [Security] Make security.providers optional
@MatTheCatMatTheCat deleted the ticket_21998 branchApril 19, 2018 19:46
@fabpotfabpot mentioned this pull requestMay 7, 2018
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@fabpotfabpotfabpot approved these changes

@chalasrchalasrchalasr approved these changes

Assignees

No one assigned

Projects

None yet

Milestone

4.1

Development

Successfully merging this pull request may close these issues.

6 participants

@MatTheCat@chalasr@weaverryan@fabpot@nicolas-grekas@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp