Replies: 3 comments 3 replies
-
|
On principle, I agree with the idea here. But, would this also affect |
Beta Was this translation helpful? Give feedback.
-
|
I see no need to modify With my proposed change you can assume that if this method returns an empty string, the token should be a |
Beta Was this translation helpful? Give feedback.
-
|
#58007 has been merged now. |
Beta Was this translation helpful? Give feedback.
-
|
With this mapping: /** @var non-empty-string $token */
#[ORM\Column]
#[Assert\NotBlank]
private string $token;PHPStan is now complaining:
Did you find a way around this, or are you just |
Beta Was this translation helpful? Give feedback.
-
|
I just ignore that stuff in general because there are cases where the database mapping can't match up with the PHP type mapping (databases don't have a notion of non-empty-string unless I'm really missing something). # Fields where the entity and the database cannot have a matching type declaration (typically due to stronger type inference within PHP, i.e. positive-int)
- '#^Property App\\Entity\\[^:]+::\$id type mapping mismatch: database can contain int but property expects int<1, max>\|null\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain int but property expects int<(0|1), max>\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain int\|null but property expects int<(0|1), max>\|null\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain string\|null but property expects non-empty-string\|null\.$#'
- '#^Property App\\Entity\\[^:]+::\$\w+ type mapping mismatch: database can contain string but property expects non-empty-string\.$#' |
Beta Was this translation helpful? Give feedback.
-
|
I suggested a new type for Doctrine that natively supports this: doctrine/orm#11748 |
Beta Was this translation helpful? Give feedback.
-
Some built-in authenticators already forbid using an empty user identifier, and I think this is an edge case that should not be supported.
I would add a
@return non-empty-stringannotation toUserInterface::getUserIdentifier. Then, I would add a check inUserBadge::__constructthat would trigger a deprecation in 7.x and throw aBadCredentialsExceptionin 8.x if an empty user identifier is received.WDYT?
Built-in authenticators checking for empty user identifier
symfony/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php
Lines 130 to 132 in ca1f528
symfony/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
Lines 149 to 151 in ca1f528
See #58007
Beta Was this translation helpful? Give feedback.
All reactions