Skip to content

[Security] Fix missing BC layer for AbstractGuardAuthenticator::getCredentials() #24624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 24, 2017
Merged

[Security] Fix missing BC layer for AbstractGuardAuthenticator::getCredentials() #24624

merged 1 commit into from
Oct 24, 2017

Conversation

chalasr
Copy link
Member

@chalasr chalasr commented Oct 19, 2017

Q A
Branch? 3.4
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets n/a
License MIT
Doc PR n/a

If a guard authenticator extends AbstractGuardAuthenticator and returns null from getCredentials(), an \UnexpectedValueException is thrown when upgrading to 3.4 because the abstract already implements the new interface.
This triggers a deprecation notice instead.

@chalasr chalasr added the Bug label Oct 19, 2017
@chalasr chalasr added this to the 3.4 milestone Oct 19, 2017
@chalasr chalasr changed the base branch from master to 3.4 October 19, 2017 12:55
@stof
Copy link
Member

stof commented Oct 19, 2017

Do we have a deprecation message when not implementing the new interface btw ? I don't see it in this code.

@chalasr
Copy link
Member Author

chalasr commented Oct 19, 2017

@stof we have https://github.com/symfony/symfony/blob/3.4/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php#L32 which should be enough (per #16835 (comment)).

weaverryan
weaverryan approved these changes Oct 19, 2017
View reviewed changes
Copy link
Member

@weaverryan weaverryan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very tricky :)

@nicolas-grekas
Copy link
Member

Thank you @chalasr.

@nicolas-grekas nicolas-grekas merged commit b6bb84b into symfony:3.4 Oct 24, 2017
nicolas-grekas added a commit that referenced this pull request Oct 24, 2017
@nicolas-grekas
bug #24624 [Security] Fix missing BC layer for AbstractGuardAuthentic…
7d97133 
…ator::getCredentials() (chalasr)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Fix missing BC layer for AbstractGuardAuthenticator::getCredentials()

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

If a guard authenticator extends `AbstractGuardAuthenticator` and returns `null` from `getCredentials()`, an `\UnexpectedValueException` is thrown when upgrading to 3.4 because the abstract already implements the new interface.
This triggers a deprecation notice instead.

Commits
-------

b6bb84b [Security] Fix BC layer for AbstractGuardAuthenticator subclasses
@chalasr chalasr deleted the guard-bc-layer branch October 24, 2017 13:42
This was referenced Oct 30, 2017
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weaverryan weaverryan weaverryan approved these changes

@ogizanagi ogizanagi ogizanagi approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
6 participants
@chalasr @stof @nicolas-grekas @weaverryan @ogizanagi @carsonbot