Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security] Skip user checks if not implementing UserInterface#27044
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
chalasr commentedApr 25, 2018
| Q | A |
|---|---|
| Branch? | 2.7 |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #26871 |
| License | MIT |
| Doc PR | n/a |
| thrownewAuthenticationException('Simple authenticator failed to return an authenticated token.'); | ||
| } | ||
| if ($authTokeninstanceof AnonymousToken) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
the right check would be!$user instanceof UserInterface, to cover all cases where calling the user checker is not possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
done
758860f tofa20fe1Comparefa20fe1 to384acf9Comparefabpot commentedApr 25, 2018
Thank you@chalasr. |
…ace (chalasr)This PR was merged into the 2.7 branch.Discussion----------[Security] Skip user checks if not implementing UserInterface| Q | A| ------------- | ---| Branch? | 2.7| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets |#26871| License | MIT| Doc PR | n/aCommits-------384acf9 [Security] Skip user checks if not implementing UserInterface
leofeyer commentedApr 26, 2018 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
It seems that the changes have not been merged correctly into the 2.8 branch (and higher). I can confirm that the error no longer occurs in version 2.7, however,it still does occur in the versions 2.8, 3.4 and 4.0. |
nicolas-grekas commentedApr 26, 2018
But tests pass, so there is a missing test case. |
chalasr commentedApr 26, 2018
I can see what happened, I'm on it |
leofeyer commentedApr 26, 2018
Here you go:#27059 |
… (leofeyer)This PR was merged into the 2.8 branch.Discussion----------Make the simple auth provider the same as in Symfony 2.7| Q | A| ------------- | ---| Branch? | 2.8| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets |#27044| License | MITThis PR adds the `SimpleAuthenticationProvider` changes made in Symfony 2.7 to Symfony 2.8. See#27044 (comment)Commits-------9afad9d Make the simple auth provider the same as in Symfony 2.7.