Skip to content

Environment Variable Processors not working in security.yml #37836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
alexgit2k opened this issue Aug 14, 2020 · 5 comments
Closed

Environment Variable Processors not working in security.yml #37836

alexgit2k opened this issue Aug 14, 2020 · 5 comments
Labels
Bug SecurityBundle Status: Needs Review

Comments

@alexgit2k
Copy link

Symfony version(s) affected: 4.4

Description
https://symfony.com/doc/current/configuration/env_var_processors.html says that there are json and csv processors which can be used for environment variables like %env(csv:TRUSTED_HOSTS)% with env(TRUSTED_HOSTS): "10.0.0.1, 10.0.0.2"

However using this for IP-protection in security.yml like https://symfony.com/doc/current/security/access_control.html#matching-access-control-by-ip fails with Invalid type for path "security.access_control.2.ips.0". Expected one of "bool", "int", "float", "string", but got "array".

How to reproduce

  • config/packages/security.yaml
security:
    # ...
    access_control:
        - { path: '^/internal', roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: '%env(csv:TRUSTED_HOSTS)%' }
        - { path: '^/internal', roles: ROLE_NO_ACCESS }
  • .env.local.php
return array (
 ...
 'TRUSTED_HOSTS' => '10.0.0.1, 10.0.0.2',
 ...
);

Execute bin/console cache:clear

The same is happening when using json-processor with %env(csv:TRUSTED_HOSTS)% and 'TRUSTED_HOSTS' => '["10.0.0.1", "10.0.0.2"]',

Additional context

Failure message:

In BaseNode.php line 543:

  Invalid type for path "security.access_control.2.ips.0". Expected one of "bool", "int", "float", "string", but got "array".
@alexgit2k alexgit2k added the Bug label Aug 14, 2020
@ro0NL
Copy link
Contributor

ro0NL commented Aug 14, 2020

i believe this is the same issue as #27683

see also #27683 (comment) - the docs are wrong.

@x1a
Copy link

x1a commented Aug 20, 2020
edited
Loading

I have the same issue in Symfony 5.1

secyrity.yml

firewalls:
        ....................
        api:
            pattern:   ^/api
            stateless: true
            anonymous: true
            security: '%env(bool:API_SECURITY)%'
            .......

but it does not work

@nicolas-grekas
Copy link
Member

@x1a why do you think your issue is related to the original description? "it does not work" could have thousands or different reasons...

@nicolas-grekas
Copy link
Member

Closing as duplicate of #27683

@x1a
Copy link

x1a commented Sep 3, 2020

@nicolas-grekas because it is also related to using environment variables in security.yaml

I tried such two simple cases (on fresh installed Symfony 5.1)

parameters:
    api.security: false

security:
    // ...
    firewalls:
        // ...
        api:
            //...
            security: '%api.security%'

and

parameters:
    env(API_SECURITY): 'false'
    api.security: '%env(bool:API_SECURITY)%'

security:
    // ...
    firewalls:
        // ...
        api:
            //...
            security: '%api.security%'

for first case it works as expected (security is turned off), for second case it does not

This test is passed for both cases

    public function testSomething()
    {
        $this->assertFalse(self::$container->getParameter('api.security'));
    }

It looks weird for me though may be I don't understand smth

@ro0NL ro0NL mentioned this issue Apr 22, 2021
Closed
@NicRoss-COM NicRoss-COM mentioned this issue Mar 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug SecurityBundle Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@nicolas-grekas @ro0NL @xabbuh @x1a @alexgit2k @carsonbot