Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security][DX] Deprecate/warn having the security bundle loaded, but not having any config #47593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dkarlovi opened this issue Sep 16, 2022 · 1 comment · Fixed by #48043
Closed

[Security][DX] Deprecate/warn having the security bundle loaded, but not having any config #47593

dkarlovi opened this issue Sep 16, 2022 · 1 comment · Fixed by #48043
Labels
Bug DX DX = Developer eXperience (anything that improves the experience of using Symfony) SecurityBundle Status: Reviewed

Comments

@dkarlovi
Copy link
Contributor

Symfony version(s) affected

5.4.11

Description

Currently, if you don't have any security config, the Security bundle skips loading any of its conifg:

symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines 90 to 92 in 308edb5

if (!array_filter($configs)) {
return;
}

This can lead to weird errors like:

Did you forget to run "composer require symfony/twig-bundle"? Unknown function "is_granted" in "template.html.twig".

The developer is left to debug why Twig bundle is not being loaded, why the Security bundle is not loaded (they both are) (I'd argue that this itself is a bug).

How to reproduce

  1. Create a new symfony project
  2. don't define any security
  3. try to use some security related feature (like the mentioned Twig function) and see the error message

Possible Solution

  • warn about security not having any config (AFAIK it needs at least one firewall)
  • load some (most) services into the container even without the config

Additional Context

This happens if you're setting up a tiny Symfony app for functional tests where you need the smallest working config, you might omit things you're not directly interested in, but that can have unintended consequences which are hard to debug.
@dkarlovi dkarlovi added the Bug label Sep 16, 2022
@carsonbot carsonbot added DX DX = Developer eXperience (anything that improves the experience of using Symfony) Security Status: Needs Review labels Sep 16, 2022
@chalasr
Copy link
Member

chalasr commented Sep 18, 2022

👍 I can't recall any decision regarding this and I can't find anything in the history that justifies it.
Making it throw is likely to break some setups at least in test, which is not desired on a LTS version. I would handle this as a DX enhancement and trigger a deprecation notice at first.

@alamirault alamirault mentioned this issue Oct 29, 2022
Merged
@fabpot fabpot closed this as completed Nov 26, 2022
@fabpot fabpot closed this as completed in c79d4ab Nov 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug DX DX = Developer eXperience (anything that improves the experience of using Symfony) SecurityBundle Status: Reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[SecurityBundle] Deprecate enabling bundle and not configuring it alamirault/symfony
5 participants
@fabpot @dkarlovi @derrabus @chalasr @carsonbot