Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] Don't allow empty username or empty password #46109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Security] Don't allow empty username or empty password #46109

wants to merge 1 commit into from

Conversation

bikalbasnet
Copy link

Q A
Branch? 5.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets #46100
License MIT
Doc PR -

First time PR on Symfony. So apologies for any mistake.
As I understand if I merge on 5.4, it will be merged to 6.0 and other higher version, let me know if I need to open PR in multiple branch.

@carsonbot carsonbot added this to the 5.4 milestone Apr 19, 2022
@chalasr
Copy link
Member

chalasr commented Apr 19, 2022

Thanks for contributing to Symfony!
Since we never required non-empty-string usernames/passwords at the authentication level, even under the old security system, I'd call this a new feature. As such, this change should target 6.2 and be mentioned in the Security/Http/CHANGELOG.
The 6.2 branch does not exist yet so you will need to target 6.1 for now.

@chalasr chalasr modified the milestones: 5.4, 6.2 Apr 19, 2022
@bikalbasnet bikalbasnet deleted the 5.4-not-allow-empty-usr-pwd branch April 20, 2022 04:15
@bikalbasnet bikalbasnet mentioned this pull request Apr 20, 2022
Merged
@fabpot fabpot removed this from the 6.2 milestone May 8, 2022
fabpot added a commit that referenced this pull request Jul 20, 2022
@fabpot
feature #46118 [Security] Don't allow empty username or empty passwor…
5d9b6d2 
…d (bikalbasnet)

This PR was squashed before being merged into the 6.2 branch.

Discussion
----------

[Security] Don't allow empty username or empty password

| Q             | A
| ------------- | ---
| Branch?       | 6.2
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | yes
| Tickets       |  #46100
| License       | MIT
| Doc PR        | -
<!--
Replace this notice by a short README for your feature/bugfix.
This will help reviewers and should be a good start for the documentation.

Additionally (see https://symfony.com/releases):
 - Always add tests and ensure they pass.
 - Bug fixes must be submitted against the lowest maintained branch where they apply
   (lowest branches are regularly merged to upper ones so they get the fixes too.)
 - Features and deprecations must be submitted against the latest branch.
 - Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
 - Never break backward compatibility (see https://symfony.com/bc).
-->

Reopened from #46109 into `6.1` branch as this is not a bug rather a security feature

Commits
-------

db5afbd [Security] Don't allow empty username or empty password
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wouterj wouterj Awaiting requested review from wouterj

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees
No one assigned
Labels
Bug Security Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bikalbasnet @chalasr @fabpot @carsonbot