NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

[Worflow] Fixed GuardListener when using the new Security system#39671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

lyrixx merged 1 commit intosymfony:5.2fromlyrixx:workflow-secu

Feb 15, 2021

Merged

[Worflow] Fixed GuardListener when using the new Security system#39671

lyrixx merged 1 commit intosymfony:5.2fromlyrixx:workflow-secu

Feb 15, 2021

Conversation

Copy link

Member

lyrixx commentedDec 31, 2020

Q	A
Branch?	5.2
Bug fix?	yes
New feature?	no
Deprecations?	no
Tickets	Fix#39505
License	MIT
Doc PR

lyrixx requested review fromchalasr andwouterj ascode owners

December 31, 2020 14:45

carsonbot added Status: Needs Review Bug labels

Dec 31, 2020

carsonbot added this to the5.2 milestone

Dec 31, 2020

lyrixx force-pushed theworkflow-secu branch from6d4c810 tofc30d99Compare

December 31, 2020 15:19

nicolas-grekas reviewed

Jan 4, 2021

View reviewed changes

src/Symfony/Component/Workflow/EventListener/GuardListener.php OutdatedShow resolvedHide resolved

lyrixx force-pushed theworkflow-secu branch fromfc30d99 tod4c3c69Compare

February 4, 2021 21:30

Copy link

MemberAuthor

lyrixx commentedFeb 4, 2021

I choose a totally different approach, like suggested by Wouterthere

[Worflow] Fixed GuardListener when using the new Security system

bd26a79

lyrixx force-pushed theworkflow-secu branch fromd4c3c69 tobd26a79Compare

February 4, 2021 21:34

Copy link

Member

fabpot commentedFeb 5, 2021

@wouterj Can you review this one please?

Copy link

Member

wouterj commentedFeb 5, 2021

I'm not so sure about the 5.2 target for this PR:

It's changing behavior, so it does need a CHANGELOG entry
It's remove an (exception) class, I don't think we are allowed to do so in any 5.x release?

We may be able to work around (1) by only doing this in the new system. Maybe we should set a parameter (e.g.security.exception_on_no_token) that is true when the new system is used and false otherwise. Wealready have some services depending on this knowledge, by using a parameter we can also depend on it in theGuardListener.

wouterj added Status: Needs Work and removed Status: Needs Review labels

Feb 5, 2021

Copy link

MemberAuthor

lyrixx commentedFeb 6, 2021

I'm not sure we must do something more about the BC. We open a door here, we don't close one.
Previously, a user MUST put a token in the token storage to make it work.
So we can be 100% sure a token is present.
So removing this check is dead code for current code. We only allow new security system to work

But maybe, I should let the removed exception, and deprecate it...

Copy link

Member

chalasr commentedFeb 7, 2021•
edited
Loading

We open a door here, we don't close one.

Looking at the code, I agree here. This stops throwing an undocumented exception, which is fine for me as a bugfix.

But maybe, I should let the removed exception, and deprecate it...

I think so :) it's a hard break, we can do it smoothly on 5.x.

Copy link

Member

wouterj commentedFeb 7, 2021

What I was meaning is that expressions now need to handletoken anduser beingnull, whereas it always wasTokenInterface andUserInterface before the changes in this PR, right?~~I haven't used Workflow at all, so I can't judge whether this is a blocker.~~ On a second thought, as it only happens when using the experimental system (and it doesn't work at all for the new system), it's probably OK for a patch release.

Copy link

MemberAuthor

lyrixx commentedFeb 7, 2021

yes and yes :) an anyway, without talking about the new security system, I think the patch is valid anyway.
When we look atwhy this exception has been added, when understand that this exception is not really required, and the new code seems more natural

lyrixx merged commitb15bfc4 intosymfony:5.2

Feb 15, 2021

lyrixx deleted the workflow-secu branch

February 15, 2021 14:23

chalasr mentioned this pull request

Feb 15, 2021

[Workflow] Re-add InvalidTokenConfigurationException for BC#40201

Merged

Copy link

Member

chalasr commentedFeb 15, 2021

no approval, not good! :) See#40201

Copy link

MemberAuthor

lyrixx commentedFeb 15, 2021•
edited
Loading

@chalasr I know there are no approval, but the more than one month, without a clear direction of what I must do. So I do what I think is the best and I merged it 11 days later :)

Anyway, thanks for taking care of the BC

chalasr added a commit that referenced this pull request

Feb 15, 2021

minor#40201[Workflow] Re-add InvalidTokenConfigurationException for…

7078382

… BC (chalasr)This PR was merged into the 5.2 branch.Discussion----------[Workflow] Re-add InvalidTokenConfigurationException for BC| Q             | A| ------------- | ---| Branch?       | 5.2| Bug fix?      | no| New feature?  | no| Deprecations? | no| Tickets       | -| License       | MIT| Doc PR        | -Reverts the BC breaking part of#39671Commits-------b596568 [Workflow] Re-add InvalidTokenConfigurationException for BC