Skip to content

[Security] Add missing NullToken vote #37844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 16, 2020
Merged

[Security] Add missing NullToken vote #37844

merged 1 commit into from
Aug 16, 2020

Conversation

wouterj
Copy link
Member

@wouterj wouterj commented Aug 15, 2020

Q A
Branch? master
Bug fix? yes
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

While playing with 5.2-dev, I discovered I forgot to add a granted vote for PUBLIC_ACCESS.

I also think it makes more sense now to move the constant from AccessListener to AuthenticatedVoter (to not have a dependency on Http constants in a Core voter). This is however a BC break, should we do anything more to facility our early-adapters?

fabpot
fabpot approved these changes Aug 16, 2020
View reviewed changes
Copy link
Member

@fabpot fabpot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that having the BC break listed in the UPGRADE file is enough.

@fabpot fabpot force-pushed the pull-37620/fix-nulltoken-bugs branch from 1dd0ca9 to f17746c Compare August 16, 2020 05:27
@fabpot
Copy link
Member

fabpot commented Aug 16, 2020

Thank you @wouterj.

@fabpot fabpot merged commit 1c67261 into symfony:master Aug 16, 2020
@wouterj wouterj mentioned this pull request Aug 17, 2020
Merged
fabpot added a commit that referenced this pull request Aug 18, 2020
@fabpot
minor #37866 [Security] Fixed tests (wouterj)
b637450 
This PR was squashed before being merged into the 5.2-dev branch.

Discussion
----------

[Security] Fixed tests

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

This fixes a test bug introduced by #37844 Next time, I'll open a PR in draft state before I'm sure I didn't break any tests, sorry!

In order to make up for my mistake, I've also fixed another failing test introduced by #37847

Commits
-------

c57b879 Remove MimeMessageNormalizer if the Mime component is not installed
98802e5 Use PUBLIC_ACCESS from AuthenticatedVoter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wouterj @fabpot @carsonbot