Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.6k
[FrameworkBundle] makeKernelBrowser::loginUser() session available for updating after login#47001
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:7.4
Are you sure you want to change the base?
Conversation
On a related note, it would be nice to be able to tell |
Any thoughts on this? |
@fabpot@nicolas-grekas thoughts? |
KernelBrowser::loginUser() session available for updating after loginThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Just wondering: did you try using$container->get('session.factory')->createSession(); directly in your test cases?
| @@ -33,6 +34,7 @@ class KernelBrowser extends HttpKernelBrowser | |||
| private bool $hasPerformedRequest = false; | |||
| private bool $profiler = false; | |||
| private bool $reboot = true; | |||
| private SessionInterface $session; | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Keeping the session in a property might be a bad idea, it's a stateful object.
yes@nicolas-grekas, in fact I am using that in my workaround. calling |
Uh oh!
There was an error while loading.Please reload this page.
After upgrading from 4.4 to 5.4, I started running into deprecation warnings about fetching
security.csrf.token_managerandsecurity.csrf.token_storagefrom the test container. The issue was that, in my functional tests, I was logging in, then I needed to generate and apply CSRF tokens to the logged in session so that I could directly submit data arrays to POST controller action methods without having to crawl to the form page first.Since I was not crawling to the form page first, no CSRF for the form was generated and applied to the session. Oddly enough, generating tokens from the CSRF token storage services did work, despite the deprecation warnings, and I'm not entirely sure how that was working without an activated session pointer. I prefer to not crawl to the form page first as it would double the amount of crawler requests in my test suite, so this approach is mostly for convenience (easier to abstract than crawler DOM interactions) and speed.
So, this is a simply PR that probably needs tweaks, and test coverage and docs, but I didn't want to invest the time into the later two if the Symfony team thinks this is not an idea they'd consider for implementation.
Anyways, all this PR really does is track an internal pointer to the generated test session on
KernelBrowser, which can be manipulated after callingloginUser().I've explained the workaround to my problem, which implements this kind of logic here:#46961
I suppose another simpler option would be to continue allowing the use of the csrf token storage services without an active sessionwithin the test container (to basically function as they do now but without the deprecation warnings). I suspect this might not be possible given the system migration towards
RequestStack.Given this PR, I could now do:
I imagine there are wide applications for this feature beyond CSRF tokens.