Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[SecurityBundle] Fix TokenStorage::reset not called in stateless firewall #34859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 6, 2019
Merged

[SecurityBundle] Fix TokenStorage::reset not called in stateless firewall #34859

merged 1 commit into from
Dec 6, 2019

Conversation

jderusse
Copy link
Member

@jderusse jderusse commented Dec 6, 2019

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets NA
License MIT
Doc PR NA

By default, the service security.token_storage is resetable. https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml#L22-L24

But when using a stateless application without session, the RegisterTokenUsageTrackingPass replace the service security.token_storage by an alias to security.untracked_token_storage (which is not tagged as resetable.

@nicolas-grekas nicolas-grekas added this to the 4.4 milestone Dec 6, 2019
@chalasr
Copy link
Member

chalasr commented Dec 6, 2019

Could we tag the xml definition instead?

symfony/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml

Line 32 in 0d2f411

<service id="security.untracked_token_storage" class="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage" />

@nicolas-grekas
Copy link
Member

Could we tag the xml definition instead?

that would do an extra call because UsageTrackingTokenStorage already resets the storage it decorates.

@nicolas-grekas
Copy link
Member

Thank you @jderusse.

nicolas-grekas added a commit that referenced this pull request Dec 6, 2019
@nicolas-grekas
bug #34859 [SecurityBundle] Fix TokenStorage::reset not called in sta…
70dec3c 
…teless firewall (jderusse)

This PR was merged into the 4.4 branch.

Discussion
----------

[SecurityBundle] Fix TokenStorage::reset not called in stateless firewall

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | NA
| License       | MIT
| Doc PR        | NA

By default, the service `security.token_storage` is resetable. https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml#L22-L24

But when using a stateless application without session, the `RegisterTokenUsageTrackingPass` replace the service `security.token_storage` by an alias to `security.untracked_token_storage` (which is not tagged as resetable.

Commits
-------

616c30f Fix TokenStorage::reset not called in stateless firewall
@nicolas-grekas nicolas-grekas merged commit 616c30f into symfony:4.4 Dec 6, 2019
This was referenced Dec 19, 2019
Merged
Merged
@jderusse jderusse deleted the token-storage-reset branch March 5, 2020 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@chalasr chalasr chalasr approved these changes

@bykclk bykclk bykclk approved these changes

Assignees
No one assigned
Labels
Bug SecurityBundle Status: Reviewed
Projects
None yet
Milestone
4.4
Development

Successfully merging this pull request may close these issues.
5 participants
@jderusse @chalasr @nicolas-grekas @bykclk @carsonbot