[Security] The AuthenticationException should implements Security's ExceptionInterface #25772
Conversation
| @@ -19,7 +19,7 @@ | |||
| * @author Fabien Potencier <[email protected]> | |||
| * @author Alexander <[email protected]> | |||
| */ | |||
| class AuthenticationException extends \RuntimeException implements \Serializable | |||
| class AuthenticationException extends \RuntimeException implements \Serializable, ExceptionInterface | |||
There was a problem hiding this comment.
This is OK but it's a fix for only one of the sub-exceptions ;)
IMHO it would be better to make all exceptions in \Symfony\Component\Security\Core\Exception\ namespace that extend \RuntimeException extend \Symfony\Component\Security\Core\Exception\RuntimeException instead.
|
In 3.4, none of the core features seem to catch this interface. However, I'm not sure about the behavior of custom listeners if people had this check already, it might alter behavior and break code. Also, this seems to be a new feature 🤔 |
|
This seems to be a new feature for me too. Like @iltar said it could break people's code. |
|
I can imagine a code that would break after this change but this is very unlikely. } catch (\Symfony\Component\Security\Core\Exception\ExceptionInterface $sex) {expecting it to catch whatever Security component throws and it's not gonna happen because of this issue. IMHO BC break is not such a big case here because if anyone is catching a specific sub-exception like |
A BC break is still a BC break though. |
2f81d28 to
275a293
Compare
It doesn't have to be misusing, can be perfectly normal usage. |
|
I can't say if not making these classes implement the interface was done on purpose or not, but I share @iltar concerns, this is a BC break, especially important because it is about security exceptions. Exception handling is often little tested, this could break final applications as well as librairies. |
|
AFAIK, we make such changes on master only. |
|
That's probably a good tradeoff. It will not break some applications that are potentially misusing the exceptions but will correct the expected behaviour 👍 |
275a293 to
64518fb
Compare
64518fb to
0ee4cf1
Compare
|
Rebased on master and PR's base changed. |
|
Thank you @sroze. |
…ts Security's ExceptionInterface (sroze) This PR was merged into the 4.1-dev branch. Discussion ---------- [Security] The AuthenticationException should implements Security's ExceptionInterface | Q | A | ------------- | --- | Branch? | master | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #25770 | License | MIT | Doc PR | ø Dunno why this is the case right now but this probably should not. Was reported by @paq85. Commits ------- 0ee4cf1 The Security Component's exceptions should implements Security's ExceptionInterface
Dunno why this is the case right now but this probably should not. Was reported by @paq85.