Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 643fcae

Browse files
nicolas-grekasnicolas-grekas
committed
bug #58017 [SecurityBundle] Revert adding _stateless attribute to the request when firewall is stateless and the attribute is not already set (MatTheCat)
This PR was submitted for the 7.2 branch but it was merged into the 6.4 branch instead. Discussion ---------- [SecurityBundle] Revert adding `_stateless` attribute to the request when firewall is stateless and the attribute is not already set | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #50715 | License | MIT #40372 was about routes matching both stateful and stateless firewalls: you couldn’t easily configure them as stateless under a stateless firewall only. #48044 fixed it by linking these two attributes: a stateless firewall then implied a stateless request. While it can sound logical, this impacted many projects using the session while authenticating users in a stateless fashion. At last, #49997 allowed to override this behavior by explicitly configuring routes as *not* stateless. This kind of proved that #48044 was a mistake: you cannot tell a request must be stateless only because it matches a stateless firewall. As such, this PR reverts #48044 (and consequently #49997) so that configuring routes as stateless is the developers responsibility alone. It also reopens #40372, but I think this issue should be fixed in an opt-in way (with a new `firewall.stateless.with_routes` boolean configuration in the SecurityBundle e.g.). Commits ------- 47baed9 [SecurityBundle] Revert adding `_stateless` attribute to the request when firewall is stateless and the attribute is not already set
2 parents 56d753c + 47baed9 commit 643fcae

File tree

2 files changed

+3
-10
lines changed

2 files changed

+3
-10
lines changed

src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -72,14 +72,7 @@ private function getFirewallContext(Request $request): ?FirewallContext
7272
if (null === $requestMatcher || $requestMatcher->matches($request)) {
7373
$request->attributes->set('_firewall_context', $contextId);
7474

75-
/** @var FirewallContext $context */
76-
$context = $this->container->get($contextId);
77-
78-
if ($context->getConfig()?->isStateless() && !$request->attributes->has('_stateless')) {
79-
$request->attributes->set('_stateless', true);
80-
}
81-
82-
return $context;
75+
return $this->container->get($contextId);
8376
}
8477
}
8578

src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ public function testGetListeners(Request $request, bool $expectedState)
6363
$firewallContext = $this->createMock(FirewallContext::class);
6464

6565
$firewallConfig = new FirewallConfig('main', 'user_checker', null, true, true);
66-
$firewallContext->expects($this->exactly(2))->method('getConfig')->willReturn($firewallConfig);
66+
$firewallContext->expects($this->once())->method('getConfig')->willReturn($firewallConfig);
6767

6868
$listener = function () {};
6969
$firewallContext->expects($this->once())->method('getListeners')->willReturn([$listener]);
@@ -93,7 +93,7 @@ public function testGetListeners(Request $request, bool $expectedState)
9393

9494
public static function providesStatefulStatelessRequests(): \Generator
9595
{
96-
yield [new Request(), true];
96+
yield [new Request(), false];
9797
yield [new Request(attributes: ['_stateless' => false]), false];
9898
yield [new Request(attributes: ['_stateless' => true]), true];
9999
}

0 commit comments

Comments
 (0)