Replies: 3 comments 3 replies
-
|
On principle, I agree with the idea here. But, would this also affect |
Beta Was this translation helpful? Give feedback.
-
|
I see no need to modify With my proposed change you can assume that if this method returns an empty string, the token should be a |
Beta Was this translation helpful? Give feedback.
-
|
#58007 has been merged now. |
Beta Was this translation helpful? Give feedback.
-
|
With this mapping: /** @var non-empty-string $token */
#[ORM\Column]
#[Assert\NotBlank]
private string $token;PHPStan is now complaining:
Did you find a way around this, or are you just |
Beta Was this translation helpful? Give feedback.
-
|
I just ignore that stuff in general because there are cases where the database mapping can't match up with the PHP type mapping (databases don't have a notion of non-empty-string unless I'm really missing something). # Fields where the entity and the database cannot have a matching type declaration (typically due to stronger type inference within PHP, i.e. positive-int)
- '#^Property App\\Entity\\[^:]+::\$id type mapping mismatch: database can contain int but property expects int<1, max>\|null\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain int but property expects int<(0|1), max>\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain int\|null but property expects int<(0|1), max>\|null\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain string\|null but property expects non-empty-string\|null\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain string but property expects non-empty-string\.$#' |
Beta Was this translation helpful? Give feedback.
-
|
I suggested a new type for Doctrine that natively supports this: doctrine/orm#11748 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Some built-in authenticators already forbid using an empty user identifier, and I think this is an edge case that should not be supported.
I would add a
@return non-empty-stringannotation toUserInterface::getUserIdentifier. Then, I would add a check inUserBadge::__constructthat would trigger a deprecation in 7.x and throw aBadCredentialsExceptionin 8.x if an empty user identifier is received.WDYT?
Built-in authenticators checking for empty user identifier
symfony/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php
Lines 130 to 132 in ca1f528
symfony/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
Lines 149 to 151 in ca1f528
See #58007
Beta Was this translation helpful? Give feedback.
All reactions