Skip to content

[SecurityBundle] Deprecate auto picking the first provider #24378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 30, 2017
Merged

[SecurityBundle] Deprecate auto picking the first provider #24378

merged 1 commit into from
Sep 30, 2017

Conversation

ogizanagi
Copy link
Contributor

@ogizanagi ogizanagi commented Sep 29, 2017
edited
Loading

when no provider is explicitly configured on a firewall

Q A
Branch? 3.4
Bug fix? no
New feature? no
BC breaks? no
Deprecations? yes
Tests pass? yes
Fixed tickets https://symfony-devs.slack.com/archives/C3A2XAQ20/p1506626210000345
License MIT
Doc PR N/A

From @Pierstoval on Slack:

Hey, guys, I learnt a few days ago that if you don't specify a user provider in a firewall configuration, the security will use the first one in the list. Don't anyone think specifying the user provider should be mandatory ? Or at least mandatory if we have more than one provider registered?

@ogizanagi ogizanagi added this to the 3.4 milestone Sep 29, 2017
@ogizanagi ogizanagi mentioned this pull request Sep 29, 2017
Merged
chalasr
chalasr approved these changes Sep 30, 2017
View reviewed changes
Copy link
Member

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php Outdated
@@ -358,6 +358,10 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
}
$defaultProvider = $providerIds[$normalizedName];
} else {
if (count($providerIds) > 1) {
@trigger_error(sprintf('Not configuring explicitly the provider on "%s" firewall is ambiguous as there is more than one registered provider. Using the first configured provider is deprecated since 3.4 and it will throw an exception on 4.0 instead.', $id), E_USER_DEPRECATED);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest

Firewall "$id" has no "provider" set but multiple providers exist. Using the first configured provider ($defaultProvider) is deprecated since 3.4 and will throw an exception in 4.0, set the "provider" key on the firewall instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, thanks 👍

@ogizanagi
[SecurityBundle] Deprecate auto picking the first provider
2d1e334 
when no provider is explicitly configured on a firewall
@fabpot
Copy link
Member

fabpot commented Sep 30, 2017

Thank you @ogizanagi.

@fabpot fabpot merged commit 2d1e334 into symfony:3.4 Sep 30, 2017
fabpot added a commit that referenced this pull request Sep 30, 2017
@fabpot
feature #24378 [SecurityBundle] Deprecate auto picking the first prov…
a2ae9a4 
…ider (ogizanagi)

This PR was merged into the 3.4 branch.

Discussion
----------

[SecurityBundle] Deprecate auto picking the first provider

when no provider is explicitly configured on a firewall

| Q             | A
| ------------- | ---
| Branch?       | 3.4 <!-- see comment below -->
| Bug fix?      | no
| New feature?  | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks?    | no
| Deprecations? | yes <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass?   | yes
| Fixed tickets | https://symfony-devs.slack.com/archives/C3A2XAQ20/p1506626210000345 <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | N/A

From @Pierstoval on Slack:

> Hey, guys, I learnt a few days ago that if you don't specify a user provider in a firewall configuration, the security will use the first one in the list. Don't anyone think specifying the user provider should be mandatory ? Or at least mandatory if we have more than one provider registered?

- [x] UPGRADE files
- [x] CHANGELOG
- [x] Fix other tests
- [x] Removal PR #24380

Commits
-------

2d1e334 [SecurityBundle] Deprecate auto picking the first provider
@ogizanagi ogizanagi deleted the deprec/security/autoselect_first_provider branch September 30, 2017 13:45
fabpot added a commit that referenced this pull request Sep 30, 2017
@fabpot
feature #24380 [SecurityBundle] Remove auto picking the first provide…
da2231e 
…r (ogizanagi)

This PR was merged into the 4.0-dev branch.

Discussion
----------

[SecurityBundle] Remove auto picking the first provider

when no provider is explicitly configured on a firewall

| Q             | A
| ------------- | ---
| Branch?       | master <!-- see comment below -->
| Bug fix?      | no
| New feature?  | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks?    | yes
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass?   | yes
| Fixed tickets | #24378 <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | N/A

After #24378

Commits
-------

aeb57ab [SecurityBundle] Remove auto picking the first provider
@javiereguiluz javiereguiluz mentioned this pull request Oct 3, 2017
Closed
This was referenced Oct 18, 2017
Merged
Merged
@teohhanhui teohhanhui mentioned this pull request Apr 11, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

@javiereguiluz javiereguiluz javiereguiluz approved these changes

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Deprecation SecurityBundle Status: Reviewed
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
5 participants
@ogizanagi @fabpot @javiereguiluz @chalasr @carsonbot