#21571 updated "Authentication Success and Failure Events" section #11457
Conversation
|
Please target |
Changed |
…ment branch instead of master for new features. (oleg-andreyev) This PR was merged into the 3.4 branch. Discussion ---------- Adding "special case" when need to select development branch instead of master for new features. As per discussion in symfony#11457 and symfony/symfony#31177 (comment) updated section on how to select branch Commits ------- 1c2bae2 added "special case"
|
Will this be merged soon? It should be since @chalasr closed symfony/symfony#21571 |
|
Any progress on this? |
|
Would it not be better to just merge this, and then accept a new PR if something in it is wrong? As it is now, the documentation is misleading. |
…ged (oleg-andreyev) This PR was merged into the 4.4 branch. Discussion ---------- #21571 Comparing roles to detected that users has changed | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | License | MIT | Fixed tickets | #21571 (comment) | Docs | symfony/symfony-docs#11457 **Case 1:** User A has roles `foo, bar and admin`, User A is signed-in into application and token is persisted, later another User B with role `admin`, decided to restrict role `admin` for User A, so User A won't lose it's privileges until session is expired or logout, because token is persisted with `roles` and `authenticated=true` and roles are not compared. Ref. to the previous attempt: #27121 Commits ------- 4f4c30d - updated AbstractToken to compare Roles - Updated isEqualTo method to match roles as default User implements EquatableInterface - added test case - bumped symfony/security-core to 4.4
|
@TerjeBr This aims to fix something wrong, let's not replace it with something equally wrong :) |
|
@chalasr I only suggested it because there seemed to be no progress (two weeks had gone by with no activity). But I am glad to hear that you are working on it. Always nice to have some feedback se we know the issue has not just been forgotten. I hope this piece of documentation can be fixed soon. |
…s" section (oleg-andreyev) This PR was merged into the 4.4 branch. Discussion ---------- #21571 updated "Authentication Success and Failure Events" section Updated "Authentication Success and Failure Events" `security.authentication.success` can be dispatched in the following cases: - if `always_authenticate_before_granting` is enabled and `isGranted` is called - if a token is not authenticated before `AccessListener` is invoked - if customer submitted credentials (actual authentication) symfony/symfony#21571 Commits ------- dc91bfd #21571 updated "Authentication Success and Failure Events" section
|
@oleg-andreyev thanks for this contribution and we're sorry it took us so long to merge. @chalasr I assumed this was OK "as is" because we didn't receive more comments from the community, but we can create new PRs to tweak or fix minor issues. Thanks. |
Updated "Authentication Success and Failure Events"
security.authentication.successcan be dispatched in the following cases:always_authenticate_before_grantingis enabled andisGrantedis calledAccessListeneris invokedsymfony/symfony#21571