[SecurityBundle] Integrate current firewall in Profiler #19490
Conversation
beb2180 to
9549901
Compare
| {% if collector.firewall|default([]) is not empty %} | ||
| <div class="sf-toolbar-info-piece"> | ||
| <b>Firewall name</b> | ||
| <span>{{ collector.firewall.name }}</span> |
There was a problem hiding this comment.
Maybe you should use the default filter as below
|
I've left some minor comments but that's a really nice PR, thanks! |
|
Thank you @HeahDude, especially for your inputs about what it could be nice to see. I let you know when I made changes. |
fd9a5d2 to
6c706b7
Compare
|
@HeahDude I did the changes and updated the description accordingly. |
6c706b7 to
acd4cea
Compare
| $this->data['firewall'] = $firewallContext->getConfig(); | ||
| } | ||
| } else { | ||
| $this->data['firewall'] = array(); |
There was a problem hiding this comment.
So $this->data['firewall'] may either contain a FirewallConfig instance or an empty array if unavailable ? It's quite strange, isn't it ?
What about not setting it at all if unavailable, and returning false or null in getFirewall() ?
Twig checks will also make more sense:
- {% if collector.firewall|default([]) is not empty %}
+ {% if collector.firewall %}What do you think ?
There was a problem hiding this comment.
While my preference would be to set it to null, the twig check should already work with an empty array:
> var_dump((bool) []);
bool(false)There was a problem hiding this comment.
I confirm it works, but let's do object or null.
acd4cea to
73fe755
Compare
|
I made the change and updated the description accordingly (screenshots). |
73fe755 to
54a4ec3
Compare
|
Tests have been updated. |
| @@ -33,6 +33,12 @@ | |||
| <span>{{ collector.tokenClass|abbr_class }}</span> | |||
| </div> | |||
| {% endif %} | |||
| {% if collector.firewall|default([]) is not empty %} | |||
There was a problem hiding this comment.
- {% if collector.firewall|default([]) is not empty %}
+ {% if collector.firewall %}54a4ec3 to
bab3497
Compare
| </div> | ||
| {% else %} | ||
| <div class="empty"> | ||
| <p>The security component is disabled.</p> |
There was a problem hiding this comment.
I'm thinking to remove this else statement. As is, this message would appear in both Security Token and Security Firewall sections. Maybe should I move the existing one in a higher position to make it hide the two sections?
16a7d92 to
da9bc66
Compare
3677070 to
0bcf5a2
Compare
|
This PR and the base one are good to merge (or close). |
d1e1fb2 to
9a95c6e
Compare
|
Updated after #19614 |
| @@ -132,6 +137,16 @@ public function collect(Request $request, Response $response, \Exception $except | |||
| $this->data['voter_strategy'] = 'unknown'; | |||
| $this->data['voters'] = array(); | |||
| } | |||
|
|
|||
| // collect firewall context informations | |||
cd6c6b7 to
35cd6cd
Compare
|
I made the changes for using |
35cd6cd to
5100137
Compare
|
@fabpot I think this one is ready |
…ap (chalasr) This PR was merged into the 3.2-dev branch. Discussion ---------- [SecurityBundle] Cache contexts per request in FirewallMap | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #19819 (comment) | License | MIT | Doc PR | n/a From @HeahDude in #19819 (comment), I propose to store and retrieve `Context` objects per `Request` using `SplObjectStorage`. At the moment, contexts are consumed by the `Symfony\Components\Security\Http\Firewall` class only, but they could be indirectly by end users if #19490 and/or #19819 come to be merged. Commits ------- ffacec1 [SecurityBundle] Cache contexts per request in FirewallMap
83970b3 to
fd82a18
Compare
|
This one would be great, because it also would allow to add a "user logout link" to the profiler. Before this PR the required firewall wasn't available. Also see #17037 for a poc. |
|
Imho Security is the most complex thing for beginners. The fact we don't provide informations about it (i.e. the current firewall and all the logic behind it) involves that any security issue requires to look deeper in the core, which leads to misunderstandings and lots of support issues (just answered one by saying to the user to change the order on which firewalls are defined, it would have been easy to debug with this in the profiler). The lack of feedbacks is too bad here. Shall I close this? |
|
@chalasr please don't close it! You are right about the poor contents of the security profiler panel and debug toolbar. |
| private $userChecker; | ||
| private $listeners; | ||
|
|
||
| public function __construct($name, $requestMatcher, $securityEnabled = true, $stateless = false, $provider = null, $context = null, $entryPoint = null, $accessDeniedHandler = null, $accessDeniedUrl = null, $userChecker = null, $listeners = array()) |
There was a problem hiding this comment.
So.. what about __construct(array $config)?
There was a problem hiding this comment.
I started with exactly what you propose and came to this.
Having distinct arguments is imho more structuring and gives more visibility about what the class provides. Also it avoids lots of isset($key) ? $key : null, we would have to build $config from SecurityExtension anyway.
Also, please see #19398 for this part, this depends on :)
There was a problem hiding this comment.
I see :):) Think you're right.. this represents a config so the arguments dont add much complexity anyway.
| if (null === $config) { | ||
| @trigger_error(sprintf('"%s()" expects an instance of "%s" as third argument since version 3.2 and will trigger an error in 4.0 if not provided.', __METHOD__, FirewallConfig::class), E_USER_DEPRECATED); | ||
|
|
||
| return; |
There was a problem hiding this comment.
Can be removed. Perhaps put the deprecation on top.
|
Can you rebase now that the related PR is merged? |
fd82a18 to
be2a55b
Compare
be2a55b to
75e208e
Compare
|
Rebased |
|
Thank you @chalasr. |
…r (chalasr) This PR was merged into the 3.2-dev branch. Discussion ---------- [SecurityBundle] Integrate current firewall in Profiler | Q | A | | --- | --- | | Branch? | master | | Bug fix? | no | | New feature? | yes | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | n/a | | License | MIT | Based on #19398. This integrates current firewall information into the Profiler. **Toolbar**  **Panel**  Examples: <details> <summary> Show config</summary> ``` yaml main: pattern: ^/ anonymous: false stateless: true provider: in_memory access_denied_url: /access_denied http_basic: ~ ``` </details>  <details> <summary> Show config</summary> ``` yaml main: pattern: ^/ anonymous: true stateless: false provider: in_memory context: dummy access_denied_url: /access_denied http_basic: ~ ``` </details>  <details> <summary> Show config</summary> ``` yaml api: pattern: ^/ security: false ``` </details>  Commits ------- 75e208e Integrate current firewall in profiler
Based on #19398.
This integrates current firewall information into the Profiler.
Toolbar
Panel
Examples:
Show config
Show config
Show config