[Security] Cannot use env in RememberMe config #44978
Comments
|
Original issue where it was fixed for Symfony 3 for reference: #36271 |
|
Hey, thanks for your report! |
|
There is this ugly workaround, but I don't get why it was fixed in Symfony 3 but not in the newer versions. |
|
In #36271 (comment) it was said that the reproducer app for the 3.4 branch did not have the same issue when updating to 4.4. So it seems that your app might be different. Can you provide a full example application that allows to reproduce your issue? |
|
I am going to close here for now due to the lack of feedback. Please let us know when you have more information and we can consider to reopen. |
@xabbuh it is provided in the description. See mautic/mautic#9011. Mautic is an open source app where you can reproduce it. |
|
If you refer to mautic/mautic@9568806, this looks like an issue in Mautic to me. As far as I understand the code it is trying to evaluate the value at compile time which does not work (well) with environment variables. |
|
@xabbuh that is very good information. Do you have a suggestion how to fix it? https://github.com/mautic/mautic/blob/5.x/app/bundles/CoreBundle/Config/config.php#L1341 But it's failing because it's expecting an int but getting string. |
Symfony version(s) affected
4.4
Description
It seems like this was fixed for Symfony 3.4 but it still exists on 4.4+ and is causing problems for us (mautic/mautic#9011)
How to reproduce
Inside security.php:
lifetime: (int) $container->getParameter('env.rememberme_lifetime'),Possible Solution
Remove these lines
https://github.com/symfony/symfony/blob/4.4/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L159-L160
Additional Context
No response
The text was updated successfully, but these errors were encountered: