Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security] Move AbstractListener abstract methods to the new FirewallListenerInterface#38751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged

Conversation

@chalasr
Copy link
Member

@chalasrchalasr commentedOct 25, 2020
edited
Loading

QA
Branch?5.x
Bug fix?no
New feature?-
Deprecations?no
Tickets-
LicenseMIT
Doc PR-

We added a FirewallListenerInterface in 5.2, let's make it complete to allow for cleaner firewall listener implementations.

@chalasrchalasrforce-pushed thecomplete-firewall-listener branch from7de8b4e to5dd70bdCompareOctober 25, 2020 21:42
@chalasrchalasr removed the Feature labelOct 25, 2020
@wouterj
Copy link
Member

wouterj commentedOct 26, 2020
edited
Loading

Hmm, I'm not very sure about these changes. But the listener logic is quite complex, so I might completely miss something. What I see:

So, it should be possible to have a class with just an__invoke() andgetPriority() method, right?AbstractListener is only relevant when you want your listener to support laziness.

@chalasr
Copy link
MemberAuthor

AbstractListener is only relevant when you want your listener to support laziness.

Actuallysupports() is also relevant for listeners that don't need laziness (yet), as they can opt-in using the specialnull return type for this method.

At the time lazy firewalls were introduced,@nicolas-grekas and I talked about deprecating not extendingAbstractListener at some point, so that we have a consistent API for firewall listeners (seehttps://github.com/orgs/symfony/projects/1#card-30499343).
I'm still a bit annoyed by the fact we need to rely on inheritance instead of a clear contract if we do so.

Meanwhile we are reintroducing an interface which, right now, only covers the priority feature.
This PR takes it as an opportunity to not force extending a base class, making the concept more structured and more flexible. That's worth the hassle to me.

About adding__invoke() to the contract, I'm mitigated: should we just acceptcallable|FirewallListenerinterface for firewall listeners?
The interface allows you to opt-in into more complex features like priority, laziness and the ability to separate concerns between the guard clause and the actual authentication logic.

Does this make sense?

Copy link
Member

@nicolas-grekasnicolas-grekas left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

big 👍 on my side
this changeenables lazy firewalls (but is not ad hoc for them) because it enables a better design, with a better split of the steps of a firewall

Copy link
Member

@wouterjwouterj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Ah sorry, I originally was looking at this PR as "purely simplifying" instead of moving to more consistency.

If I understand correctly, the contract already iscallable|FirewallListenerInterface (it needs to be, for BC reasons IIRC). In that case 👍 and we might indeed want to deprecatecallable in Symfony 5.3 (I don't think it's possible to introduce new deprecations after feature freeze?)

chalasr reacted with thumbs up emoji
@nicolas-grekas
Copy link
Member

Thank you@chalasr.

@nicolas-grekasnicolas-grekas merged commit824bc44 intosymfony:5.xOct 27, 2020
@chalasrchalasr deleted the complete-firewall-listener branchOctober 27, 2020 10:47
@fabpotfabpot mentioned this pull requestOct 28, 2020
nicolas-grekas added a commit that referenced this pull requestJun 23, 2025
…heCat)This PR was merged into the 7.4 branch.Discussion----------[Security] Deprecate callable firewall listeners| Q             | A| ------------- | ---| Branch?       | 7.4| Bug fix?      | no| New feature?  | no| Deprecations? | yes| Issues        | N/A| License       | MITAfter spending some time in the Security component it occurred to me callable firewall listeners are obsolete now that we got the `FirewallListenerInterface`. Their deprecation has already been suggested (like in#34627 (comment) or#38751 (review)), so this PR does it.Commits-------510e506 [Security] Deprecate callable firewall listeners
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@wouterjwouterjwouterj approved these changes

Assignees

No one assigned

Projects

None yet

Milestone

5.2

Development

Successfully merging this pull request may close these issues.

4 participants

@chalasr@wouterj@nicolas-grekas@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp