Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2d77238

Browse files
nicolas-grekasnicolas-grekas
committed
minor #49997 [SecurityBundle] Set request stateless only if the attribute is not defined (tucksaun)
This PR was merged into the 6.3 branch. Discussion ---------- [SecurityBundle] Set request stateless only if the attribute is not defined | Q | A | ------------- | --- | Branch? | 6.3 | Bug fix? | yes-ish | New feature? | no | Deprecations? | no | Tickets | #48044 (comment) | License | MIT | Doc PR | n/a The current implementation makes sense for most cases but not for every case as one can have a stateless authentication but still requires sessions. This PR allows setting the request as non-stateless while having a stateless firewall but keeping the new behavior by default. Commits ------- 5f29c8d [SecurityBundle] Set request stateless if the attribute is not already defined
2 parents 6b92f5d + 5f29c8d commit 2d77238

File tree

3 files changed

+12
-6
lines changed

3 files changed

+12
-6
lines changed

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ CHANGELOG
55
---
66

77
* Deprecate enabling bundle and not configuring it
8-
* Add `_stateless` attribute to the request when firewall is stateless
8+
* Add `_stateless` attribute to the request when firewall is stateless and the attribute is not already set
99
* Add `StatelessAuthenticatorFactoryInterface` for authenticators targeting `stateless` firewalls only and that don't require a user provider
1010
* Modify "icon.svg" to improve accessibility for blind/low vision users
1111
* Make `Security::login()` return the authenticator response

src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ private function getFirewallContext(Request $request): ?FirewallContext
7575
/** @var FirewallContext $context */
7676
$context = $this->container->get($contextId);
7777

78-
if ($context->getConfig()?->isStateless()) {
78+
if ($context->getConfig()?->isStateless() && !$request->attributes->has('_stateless')) {
7979
$request->attributes->set('_stateless', true);
8080
}
8181

src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php

+10-4
Original file line numberDiff line numberDiff line change
@@ -57,10 +57,9 @@ public function testGetListenersWithInvalidParameter()
5757
$this->assertFalse($request->attributes->has('_stateless'));
5858
}
5959

60-
public function testGetListeners()
60+
/** @dataProvider providesStatefulStatelessRequests */
61+
public function testGetListeners(Request $request, bool $expectedState)
6162
{
62-
$request = new Request();
63-
6463
$firewallContext = $this->createMock(FirewallContext::class);
6564

6665
$firewallConfig = new FirewallConfig('main', 'user_checker', null, true, true);
@@ -89,6 +88,13 @@ public function testGetListeners()
8988
$this->assertEquals([[$listener], $exceptionListener, $logoutListener], $firewallMap->getListeners($request));
9089
$this->assertEquals($firewallConfig, $firewallMap->getFirewallConfig($request));
9190
$this->assertEquals('security.firewall.map.context.foo', $request->attributes->get(self::ATTRIBUTE_FIREWALL_CONTEXT));
92-
$this->assertTrue($request->attributes->get('_stateless'));
91+
$this->assertEquals($expectedState, $request->attributes->get('_stateless'));
92+
}
93+
94+
public static function providesStatefulStatelessRequests(): \Generator
95+
{
96+
yield [new Request(), true];
97+
yield [new Request(attributes: ['_stateless' => false]), false];
98+
yield [new Request(attributes: ['_stateless' => true]), true];
9399
}
94100
}

0 commit comments

Comments
 (0)