Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Security expression doc about check anonymous user is misleading #11950

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
andrew-demb opened this issue Jul 11, 2019 · 1 comment
Closed

Security expression doc about check anonymous user is misleading #11950

andrew-demb opened this issue Jul 11, 2019 · 1 comment
Labels
actionable Clear and specific issues ready for anyone to take them. bug good first issue Ideal for your first contribution! (some Symfony experience may be required) Security

Comments

@andrew-demb
Copy link
Contributor

andrew-demb commented Jul 11, 2019
edited
Loading

Issue with page: https://symfony.com/doc/current/security/expressions.html

In https://symfony.com/doc/current/security.html#checking-to-see-if-a-user-is-logged-in-is-authenticated-fully docs are provide information, that IS_AUTHENTICATED_ANONYMOUSLY attribute are granted for anon. tokens and fully authenticated.

IS_AUTHENTICATED_ANONYMOUSLY: All users (even anonymous ones)

On https://symfony.com/doc/current/security/expressions.html we see, that is_anonymous() expression are the same as IS_AUTHENTICATED_ANONYMOUSLY.

is_anonymous
Equal to using IS_AUTHENTICATED_ANONYMOUSLY with the isGranted() function.

But in code we can see, that is_anonymous() returns true only for anon. tokens.

https://github.com/symfony/symfony/blob/ea92f38c52eaf5951911df6fa39eb258716ecd21/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php#L30

return $variables['trust_resolver']->isAnonymous($variables['token']);
@wouterj
Copy link
Member

wouterj commented Jul 17, 2019

Hi Andrew! You're 100% correct. is_anonymous() and IS_AUTHENTICATED_ANONYMOUSLY are different. The function is only true for anonymous authentication, while the attribute is true whenever the user is authenticated in any way.

Would it be possible for you to fix the expression documentation? (you can do so by clicking the blue "edit this page" button at the top right of the article). We should update to say something like "Whether the user is anonymous. This is different from IS_AUTHENTICATED_ANONYMOUSLY, see below."

@wouterj wouterj removed their assignment Jul 17, 2019
@wouterj wouterj added actionable Clear and specific issues ready for anyone to take them. good first issue Ideal for your first contribution! (some Symfony experience may be required) and removed Status: Needs Review labels Jul 18, 2019
@kevinreniers kevinreniers mentioned this issue Aug 9, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actionable Clear and specific issues ready for anyone to take them. bug good first issue Ideal for your first contribution! (some Symfony experience may be required) Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wouterj @xabbuh @andrew-demb @carsonbot