Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security/Http] call auth listeners/guards eagerly when they "support" the request#34627
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
nicolas-grekas commentedNov 26, 2019 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
|
stof commentedNov 26, 2019
maybe we should allow to define a list of path for which you want to disable lazyness (the check paths of your OAuth callbacks could then be registered there) |
weaverryan commentedNov 26, 2019
I was wondering about this too. On a high-level, with
Also, what about the Thanks :) |
81bcfa3 to1f760b6Comparenicolas-grekas commentedNov 26, 2019
PR green in a minute :) |
622671b toa2ad5baComparenicolas-grekas commentedNov 26, 2019
PR ready, now with functional tests. |
a2ad5ba to64cc080Comparenicolas-grekas commentedNov 27, 2019 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
PR updated, last change: laziness now mandates extending |
Uh oh!
There was an error while loading.Please reload this page.
82c27c1 to4a74ba4Compare
aschempp left a comment• edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
If I understand correctly, the wholelazy firewall behavior is meant to prevent unnecessary session access? Why not just skip/lazy-load theContextListener and always call all other listeners?
nicolas-grekas commentedNov 29, 2019
I don't understand what you mean sorry. The order is important so we cannot call one listener lazily. "just" here is missing the fact all this work is happening in the Security component, nothing is simple there :) |
Uh oh!
There was an error while loading.Please reload this page.
| private$map; | ||
| publicfunction__construct(iterable$listeners, ?ExceptionListener$exceptionListener, ?LogoutListener$logoutListener, ?FirewallConfig$config,AccessListener$accessListener,TokenStorage$tokenStorage,AccessMapInterface$map) | ||
| publicfunction__construct(iterable$listeners, ?ExceptionListener$exceptionListener, ?LogoutListener$logoutListener, ?FirewallConfig$config,TokenStorage$tokenStorage) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Isn't it a BC break? This class is not marked as being internal.
4a74ba4 toe8ef30fComparee8ef30f tob20ebe6Comparefabpot commentedNov 30, 2019
Thank you@nicolas-grekas. |
…ey "support" the request (nicolas-grekas)This PR was merged into the 4.4 branch.Discussion----------[Security/Http] call auth listeners/guards eagerly when they "support" the request| Q | A| ------------- | ---| Branch? | 4.4| Bug fix? | yes| New feature? | no| Deprecations? | no| Tickets |Fix#34614,Fix#34679| License | MIT| Doc PR | -This fixes the form authenticator linked to#34614.Since laziness is here to provide compatibility with HTTP caching, it should be disabled when the request cannot be cached.Tests don't pass yet, but I'm on the path to something here.The PR now introduces a new `AbstractListener` that splits the handling logic in two:- `supports(Request): ?bool` is always called eagerly and tells whether the listener matches the request for an earger call or a lazy call- `authenticate(RequestEvent)` does the rest of the job when `supports()` allows so - lazily or not depending on the return value of `supports()`.Of course, this remains compatible with non-lazy logics, see `AbstractListener::__invoke()`.Commits-------b20ebe6 [Security/Http] call auth listeners/guards eagerly when they "support" the request
…heCat)This PR was merged into the 7.4 branch.Discussion----------[Security] Deprecate callable firewall listeners| Q | A| ------------- | ---| Branch? | 7.4| Bug fix? | no| New feature? | no| Deprecations? | yes| Issues | N/A| License | MITAfter spending some time in the Security component it occurred to me callable firewall listeners are obsolete now that we got the `FirewallListenerInterface`. Their deprecation has already been suggested (like in#34627 (comment) or#38751 (review)), so this PR does it.Commits-------510e506 [Security] Deprecate callable firewall listeners
Uh oh!
There was an error while loading.Please reload this page.
This fixes the form authenticator linked to#34614.
Since laziness is here to provide compatibility with HTTP caching, it should be disabled when the request cannot be cached.
Tests don't pass yet, but I'm on the path to something here.
The PR now introduces a new
AbstractListenerthat splits the handling logic in two:supports(Request): ?boolis always called eagerly and tells whether the listener matches the request for an earger call or a lazy callauthenticate(RequestEvent)does the rest of the job whensupports()allows so - lazily or not depending on the return value ofsupports().Of course, this remains compatible with non-lazy logics, see
AbstractListener::__invoke().