Skip to content

[Security] Update password upgrader listener to work with the new UserBadge #39111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 18, 2020
Merged

[Security] Update password upgrader listener to work with the new UserBadge #39111

merged 1 commit into from
Nov 18, 2020

Conversation

wouterj
Copy link
Member

@wouterj wouterj commented Nov 18, 2020
edited
Loading

Q A
Branch? 5.2
Bug fix? yes
New feature? yes
Deprecations? no
Tickets -
License MIT
Doc PR -

While working on a new amazing make:auth maker, @jrushlow discovered that we forgot to update the PasswordUpgradeBadge with the 5.2 UserBadge changes (ref #37846).

This PR fixes it, by making the password upgrader optional and falling back to the user provider instead. Without these changes, each authenticator still needs to know the user repository/user provider in order to pass it to PasswordUpgradeBadge.

I'm sorry for catching this soo late in the release cycle. There is a BC break involved here, but it's (a) very unlikely to impact application code and (b) in an experimental class.

@wouterj wouterj requested a review from chalasr as a code owner November 18, 2020 17:24
@carsonbot carsonbot added this to the 5.2 milestone Nov 18, 2020
@jrushlow jrushlow mentioned this pull request Nov 18, 2020
Merged
@wouterj wouterj force-pushed the security/password-upgrade-userbadge branch from 7b6a3df to 650256e Compare November 18, 2020 17:25
chalasr
chalasr approved these changes Nov 18, 2020
View reviewed changes
Copy link
Member

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!

@wouterj wouterj force-pushed the security/password-upgrade-userbadge branch from 650256e to e39e844 Compare November 18, 2020 21:03
@chalasr chalasr removed the Feature label Nov 18, 2020
@chalasr
Copy link
Member

chalasr commented Nov 18, 2020

Thank you @wouterj.

@chalasr chalasr merged commit de09329 into symfony:5.2 Nov 18, 2020
@wouterj wouterj deleted the security/password-upgrade-userbadge branch November 18, 2020 22:42
@fabpot fabpot mentioned this pull request Nov 21, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chalasr chalasr chalasr approved these changes

@derrabus derrabus derrabus approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
5.2
Development

Successfully merging this pull request may close these issues.
4 participants
@wouterj @chalasr @derrabus @carsonbot