Skip to content

Consistent error handling in remember me services #23042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 14, 2017
Merged

Consistent error handling in remember me services #23042

merged 1 commit into from
Jun 14, 2017

Conversation

lstrojny
Copy link
Contributor

@lstrojny lstrojny commented Jun 2, 2017
edited
Loading

Q A
Branch? 3.4
Bug fix? yes
New feature? yes
BC breaks? yes
Deprecations? no
Tests pass? yes
Fixed tickets -
License MIT

RememberMeServices lacked consistent error handling so far making it impossible for implementors to e.g. maintain sufficiently detailed audit logs for remember me errors. Since remember me is a very sensitive area in any application, detailed logging is crucial.

The change proposed allows loginFail to optionally take the exception object as a second parameter and uses said exception consistently internally by calling loginFail instead of cancelCookie.

@nicolas-grekas nicolas-grekas changed the base branch from master to 3.4 June 3, 2017 08:44
@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Jun 3, 2017
@nicolas-grekas
Copy link
Member

@lstrojny can you please rebase on branch 3.4?

@lstrojny
Copy link
Contributor Author

lstrojny commented Jun 3, 2017

@nicolas-grekas done

nicolas-grekas
nicolas-grekas reviewed Jun 3, 2017
View reviewed changes
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php Outdated
@@ -11,6 +11,7 @@

namespace Symfony\Component\Security\Http\RememberMe;

use Exception;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't "use" root classes on the code base, so you should use \Exception everywhere instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@lstrojny
Copy link
Contributor Author

lstrojny commented Jun 3, 2017

@nicolas-grekas done

@fabpot
Copy link
Member

fabpot commented Jun 14, 2017

Thank you @lstrojny.

@fabpot fabpot merged commit eda1888 into symfony:3.4 Jun 14, 2017
fabpot added a commit that referenced this pull request Jun 14, 2017
@fabpot
feature #23042 Consistent error handling in remember me services (lst…
bf094ef 
…rojny)

This PR was merged into the 3.4 branch.

Discussion
----------

Consistent error handling in remember me services

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | yes
| BC breaks?    | yes
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT

RememberMeServices lacked consistent error handling so far making it impossible for implementors to e.g. maintain sufficiently detailed audit logs for remember me errors. Since remember me is a very sensitive area in any application, detailed logging is crucial.

The change proposed allows `loginFail` to optionally take the exception object as a second parameter and uses said exception consistently internally by calling `loginFail` instead of `cancelCookie`.

Commits
-------

eda1888 Consistent error handling in remember me services
This was referenced Oct 18, 2017
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas left review comments

@fabpot fabpot fabpot approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
3 participants
@lstrojny @nicolas-grekas @fabpot