Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security/Core] Fix wrong roles comparison#35944

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:4.4fromthlbaut:4.4
May 22, 2020
Merged

Conversation

@thlbaut
Copy link
Contributor

QA
Branch?4.4
Bug fix?yes
New feature?no
Deprecations?no
TicketsFix#35941
LicenseMIT

Fix wrong roles comparison.

@ajgarlag
Copy link
Contributor

I've openedthlbaut#1 to PR author branch with an small change to reproduce the bug, and to prevent a future regression.

@nicolas-grekasnicolas-grekas changed the titleFix wrong roles comparison[Security/Core] Fix wrong roles comparisonMar 31, 2020
@nicolas-grekas
Copy link
Member

This would deserve more tests I suppose (note the I don't know if this is correct.)

Copy link
Member

@chalasrchalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

The added test looks good enough.

thlbaut and ajgarlag reacted with hooray emoji
Copy link
Member

@wouterjwouterj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Agreed with Robin, the tweaked test covers the BC regression introduced in 4.4

@fabpot
Copy link
Member

Thank you@thlbaut.

thlbaut reacted with thumbs up emoji

@fabpotfabpot merged commit2e46c63 intosymfony:4.4May 22, 2020
@fabpotfabpot mentioned this pull requestMay 26, 2020
wouterj added a commit to wouterj/symfony that referenced this pull requestMay 30, 2020
…(thlbaut)"This reverts commit2e46c63, reversingchanges made to47180fe.
wouterj added a commit to wouterj/symfony that referenced this pull requestMay 30, 2020
…(thlbaut)"This reverts commit2e46c63, reversingchanges made to47180fe.
nicolas-grekas added a commit that referenced this pull requestMay 30, 2020
This PR was squashed before being merged into the 4.4 branch.Discussion----------[Security] Fixed AbstractToken::hasUserChanged()| Q             | A| ------------- | ---| Branch?       | 4.4| Bug fix?      | yes| New feature?  | no| Deprecations? | no| Tickets       |Fix#36989| License       | MIT| Doc PR        | -This PR completely reverts#35944.That PR tried to fix a BC break (ref#35941,#35509) introduced by#31177. However, this broke many authentications (ref#36989), as the User is serialized in the session (as hinted by@stof). Many applications don't include the `roles` property in the serialization (at least, the MakerBundle doesn't include it).In 5.2, we should probably deprecate having different roles in token and user, which fixes the BC breaks all together.Commits-------f297beb [Security] Fixed AbstractToken::hasUserChanged()
This was referencedMay 31, 2020
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@fabpotfabpotfabpot approved these changes

@wouterjwouterjwouterj approved these changes

@chalasrchalasrchalasr approved these changes

Assignees

No one assigned

Projects

None yet

Milestone

4.4

Development

Successfully merging this pull request may close these issues.

8 participants

@thlbaut@ajgarlag@nicolas-grekas@fabpot@wouterj@chalasr@xabbuh@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp