Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] Fix invalid deprecation messages in Security constants #48554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 9, 2022
Merged

[Security] Fix invalid deprecation messages in Security constants #48554

merged 1 commit into from
Dec 9, 2022

Conversation

IonBazan
Copy link
Contributor

@IonBazan IonBazan commented Dec 8, 2022
edited
Loading

Q A
Branch? 6.2
Bug fix? yes
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

This PR changes invalid deprecation message, suggesting to use \Symfony\Bundle\SecurityBundle\Security::ACCESS_DENIED_ERROR instead of \Symfony\Component\Security\Core\Security::ACCESS_DENIED_ERROR, while \Symfony\Component\Security\Http\SecurityRequestAttributes::ACCESS_DENIED_ERROR should be used.

For reference: #47760

@carsonbot carsonbot added this to the 6.2 milestone Dec 8, 2022
@IonBazan IonBazan mentioned this pull request Dec 8, 2022
Merged
@chalasr
Copy link
Member

chalasr commented Dec 8, 2022

This is on purpose. The constants will be moved to the new Security helper, and will just reference the ones from SecurityRequestAttributes. The BC layer may be wrong though as the new Security class extends the deprecated one (and inherits the constants). Is it the case?

@stof
Copy link
Member

stof commented Dec 8, 2022

If the new class relies on inheriting the constants instead of overriding them, any SA tool will report the constants as deprecated on the child class too.

@chalasr chalasr force-pushed the bugfix/security-deprecation-constants branch from 8b2fb8b to 3dac1e4 Compare December 8, 2022 17:17
@chalasr chalasr force-pushed the bugfix/security-deprecation-constants branch from 3dac1e4 to 3fd5a40 Compare December 8, 2022 17:18
@chalasr
Copy link
Member

chalasr commented Dec 8, 2022

Thanks for confirming. PR updated

@IonBazan
Copy link
Contributor Author

IonBazan commented Dec 9, 2022

@chalasr yes - that's exactly the case. Besides, some IDEs like PHPStorm discourage from referencing inherited constants by derived class and suggest using the class where the constant was defined.

Is there any particular reason we are using \Symfony\Bundle\SecurityBundle\Security, instead of SecurityRequestAttributes directly? Seems inconsistent with what we did with Security::MAX_USERNAME_LENGTH -> UserBadge::MAX_USERNAME_LENGTH.

@chalasr
Copy link
Member

chalasr commented Dec 9, 2022

Is there any particular reason we are using \Symfony\Bundle\SecurityBundle\Security, instead of SecurityRequestAttributes directly? Seems inconsistent with what we did with Security::MAX_USERNAME_LENGTH -> UserBadge::MAX_USERNAME_LENGTH.

@IonBazan The MAX_USERNAME_LENGTH constant is mostly used by authenticators where UserBadge is mandatory, while other constants are also meant to be used at the controller layer (including underlying services).
If someone asks for it at some point, we could consider adding such shortcut to the Security helper for that constant though.

@chalasr
Copy link
Member

chalasr commented Dec 9, 2022

Thank you @IonBazan.

@chalasr chalasr merged commit 1663784 into symfony:6.2 Dec 9, 2022
@fabpot fabpot mentioned this pull request Dec 16, 2022
Merged
@IonBazan IonBazan deleted the bugfix/security-deprecation-constants branch December 18, 2022 17:38
@derrabus derrabus mentioned this pull request Jun 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OskarStark OskarStark OskarStark approved these changes

@chalasr chalasr chalasr approved these changes

@wouterj wouterj Awaiting requested review from wouterj wouterj is a code owner

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
6.2
Development

Successfully merging this pull request may close these issues.
5 participants
@IonBazan @chalasr @stof @OskarStark @carsonbot