Skip to content

[SecurityBundle] Don't normalize username of in-memory users #21718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 22, 2017
Merged

[SecurityBundle] Don't normalize username of in-memory users #21718

merged 1 commit into from
Feb 22, 2017

Conversation

chalasr
Copy link
Member

@chalasr chalasr commented Feb 22, 2017
edited
Loading

Q A
Branch? master
Bug fix? no
New feature? yes
BC breaks? yes
Deprecations? no
Tests pass? yes
Fixed tickets n/a
License MIT
Doc PR n/a

It's common to have e.g. emails as keys in security.providers.in_memory.users since keys are username. Actually they are normalized so foo-bar@gmail.com becomes foo_bar@gmail.com and authentication fails unexpectedly.

@fabpot
Copy link
Member

fabpot commented Feb 22, 2017

That's a BC break (probably just for tests in end-users apps, but still). I would document the change and merge it on master.

@chalasr chalasr force-pushed the in-memory-normalizekeys branch from 1b4800d to 0e378ef Compare February 22, 2017 17:15
@chalasr chalasr changed the base branch from 2.7 to master February 22, 2017 17:15
@chalasr
Copy link
Member Author

chalasr commented Feb 22, 2017

Change documented and rebased on master.

@stof
Copy link
Member

stof commented Feb 22, 2017

@fabpot ideally, we should skip normalized for all prototyped nodes (and even remove the explicit config), but this is a BC break.
Transforming keys selected by the user is generally a WTF moment, especially if they need to use these keys elsewhere.
The normalization was added to allow writing XML config files feeling native, but keys for prototyped nodes are inside attribute values, and so don't need to use dashes to feel native.

I don't see a way to easily disable key normalization for prototyped nodes in an fully BC way though (even though it would break BC only for people who faced the WTF moment and decided to keep a WTF config files forever rather than using an underscore explicitly)

@chalasr chalasr force-pushed the in-memory-normalizekeys branch 2 times, most recently from cdf1908 to 313e6e8 Compare February 22, 2017 17:34
@chalasr chalasr force-pushed the in-memory-normalizekeys branch from 313e6e8 to 8d03332 Compare February 22, 2017 17:37
@fabpot
Copy link
Member

fabpot commented Feb 22, 2017

Thank you @chalasr.

@fabpot fabpot merged commit 8d03332 into symfony:master Feb 22, 2017
fabpot added a commit that referenced this pull request Feb 22, 2017
@fabpot
feature #21718 [SecurityBundle] Don't normalize username of in-memory…
d69bb30 
… users (chalasr)

This PR was merged into the 3.3-dev branch.

Discussion
----------

[SecurityBundle] Don't normalize username of in-memory users

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | yes
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

It's common to have e.g. emails as keys in `security.providers.in_memory.users` since keys are username. Actually they are normalized so `foo-bar@gmail.com` becomes `foo_bar@gmail.com` and authentication fails unexpectedly.

Commits
-------

8d03332 [SecurityBundle] Don't normalize keys of in-memory users
@chalasr chalasr deleted the in-memory-normalizekeys branch February 22, 2017 22:53
@fabpot fabpot mentioned this pull request May 1, 2017
Merged
@chalasr chalasr mentioned this pull request Aug 29, 2017
Closed
@chalasr chalasr mentioned this pull request Nov 20, 2017
Closed
@ogizanagi ogizanagi mentioned this pull request Apr 3, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Bug SecurityBundle Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@chalasr @fabpot @stof @carsonbot