Skip to content

[SecurityBundle] Do not pass traceable authenticators to security.helper #59342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 2, 2025
Merged

[SecurityBundle] Do not pass traceable authenticators to security.helper #59342

merged 1 commit into from
Jan 2, 2025

Conversation

MatTheCat
Copy link
Contributor

@MatTheCat MatTheCat commented Jan 1, 2025
edited
Loading

Q A
Branch? 7.2
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #59341
License MIT

Since #59278 authenticators are no longer aliases for their traceable version, which means calling Security::login with an authenticator ID won’t match its traceable ID, and fail.

Plus, Security::login using the traceable authenticators meant the profiler could show them as successful while not supporting the request:

This PR fixes these issues by passing the original authenticators to security.helper, using their ID as name.

@MatTheCat MatTheCat requested a review from chalasr as a code owner January 1, 2025 18:18
@carsonbot carsonbot added this to the 7.2 milestone Jan 1, 2025
MatTheCat
MatTheCat commented Jan 1, 2025
View reviewed changes
src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -501,7 +500,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
$configuredEntryPoint = $defaultEntryPoint;

// authenticator manager
$authenticators = array_map(fn ($id) => new Reference($id), $firewallAuthenticationProviders);
$authenticators = array_map(fn ($id) => new Reference($id), $firewallAuthenticationProviders, []);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The added array’s purpose is to reset $authenticators’s key (cf https://www.php.net/manual/en/function.array-map.php#refsect1-function.array-map-returnvalues) so that testConfigureCustomAuthenticator doesn’t fail.

@MatTheCat MatTheCat mentioned this pull request Jan 1, 2025
Closed
@MatTheCat MatTheCat changed the title [SecurityBundle] Keep authenticators’ service original ID as their name [SecurityBundle] Do not pass traceable authenticators to security.helper Jan 2, 2025
@fabpot
Copy link
Member

fabpot commented Jan 2, 2025

Thank you @MatTheCat.

@fabpot fabpot merged commit c9ad225 into symfony:7.2 Jan 2, 2025
10 of 11 checks passed
@MatTheCat MatTheCat deleted the ticket_59341 branch January 2, 2025 13:00
@xabbuh xabbuh mentioned this pull request Jan 28, 2025
Closed
@fabpot fabpot mentioned this pull request Jan 29, 2025
Merged
renovate bot added a commit to Runroom/archetype-symfony that referenced this pull request Jan 29, 2025
@renovate
Update symfony packages to v7.2.3 (patch) (#4375)
300ebd5 
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [symfony/doctrine-messenger](https://symfony.com)
([source](https://redirect.github.com/symfony/doctrine-messenger)) |
`7.2.2` -> `7.2.3` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fdoctrine-messenger/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fdoctrine-messenger/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fdoctrine-messenger/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fdoctrine-messenger/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/framework-bundle](https://symfony.com)
([source](https://redirect.github.com/symfony/framework-bundle)) |
`7.2.2` -> `7.2.3` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fframework-bundle/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fframework-bundle/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fframework-bundle/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fframework-bundle/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/mailer](https://symfony.com)
([source](https://redirect.github.com/symfony/mailer)) | `7.2.0` ->
`7.2.3` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fmailer/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fmailer/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fmailer/7.2.0/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fmailer/7.2.0/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/messenger](https://symfony.com)
([source](https://redirect.github.com/symfony/messenger)) | `7.2.1` ->
`7.2.3` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fmessenger/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fmessenger/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fmessenger/7.2.1/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fmessenger/7.2.1/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/runtime](https://symfony.com)
([source](https://redirect.github.com/symfony/runtime)) | `7.2.0` ->
`7.2.3` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fruntime/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fruntime/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fruntime/7.2.0/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fruntime/7.2.0/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/security-bundle](https://symfony.com)
([source](https://redirect.github.com/symfony/security-bundle)) |
`7.2.2` -> `7.2.3` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fsecurity-bundle/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fsecurity-bundle/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fsecurity-bundle/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fsecurity-bundle/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [symfony/web-profiler-bundle](https://symfony.com)
([source](https://redirect.github.com/symfony/web-profiler-bundle)) |
`7.2.2` -> `7.2.3` |
[![age](https://developer.mend.io/api/mc/badges/age/packagist/symfony%2fweb-profiler-bundle/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/packagist/symfony%2fweb-profiler-bundle/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/packagist/symfony%2fweb-profiler-bundle/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/packagist/symfony%2fweb-profiler-bundle/7.2.2/7.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>symfony/doctrine-messenger
(symfony/doctrine-messenger)</summary>

###
[`v7.2.3`](https://redirect.github.com/symfony/doctrine-messenger/compare/v7.2.2...v7.2.3)

[Compare
Source](https://redirect.github.com/symfony/doctrine-messenger/compare/v7.2.2...v7.2.3)

</details>

<details>
<summary>symfony/framework-bundle (symfony/framework-bundle)</summary>

###
[`v7.2.3`](https://redirect.github.com/symfony/framework-bundle/releases/tag/v7.2.3)

[Compare
Source](https://redirect.github.com/symfony/framework-bundle/compare/v7.2.2...v7.2.3)

**Changelog**
(symfony/framework-bundle@v7.2.2...v7.2.3)

- bug
[symfony/symfony#58889](https://redirect.github.com/symfony/symfony/issues/58889)
\[Serializer] Handle default context in Serializer
([@&#8203;Valmonzo](https://redirect.github.com/Valmonzo))
- bug
[symfony/symfony#59625](https://redirect.github.com/symfony/symfony/issues/59625)
\[FrameworkBundle] Add missing `not-compromised-password` entry in XSD
(@&#8203;alexandre-daubois)
- bug
[symfony/symfony#59581](https://redirect.github.com/symfony/symfony/issues/59581)
\[Cache] Don't clear system caches on `cache:clear`
(@&#8203;nicolas-grekas)
- bug
[symfony/symfony#59579](https://redirect.github.com/symfony/symfony/issues/59579)
\[FrameworkBundle] Fix patching refs to the tmp warmup dir in files
generated by optional cache warmers
([@&#8203;nicolas-grekas](https://redirect.github.com/nicolas-grekas))
- bug
[symfony/symfony#59515](https://redirect.github.com/symfony/symfony/issues/59515)
\[FrameworkBundle] Fix wiring ConsoleProfilerListener
([@&#8203;nicolas-grekas](https://redirect.github.com/nicolas-grekas))
- bug
[symfony/symfony#59136](https://redirect.github.com/symfony/symfony/issues/59136)
\[DependencyInjection] Reset env vars with `kernel.reset`
(@&#8203;faizanakram99)
- bug
[symfony/symfony#59403](https://redirect.github.com/symfony/symfony/issues/59403)
\[FrameworkBundle]\[HttpFoundation] Reset Request's formats using the
service resetter
([@&#8203;nicolas-grekas](https://redirect.github.com/nicolas-grekas))
- bug
[symfony/symfony#59188](https://redirect.github.com/symfony/symfony/issues/59188)
\[HttpClient] Fix `reset()` not called on decorated clients
(@&#8203;HypeMC)

</details>

<details>
<summary>symfony/mailer (symfony/mailer)</summary>

###
[`v7.2.3`](https://redirect.github.com/symfony/mailer/compare/v7.2.0...v7.2.3)

[Compare
Source](https://redirect.github.com/symfony/mailer/compare/v7.2.0...v7.2.3)

</details>

<details>
<summary>symfony/messenger (symfony/messenger)</summary>

###
[`v7.2.3`](https://redirect.github.com/symfony/messenger/releases/tag/v7.2.3)

[Compare
Source](https://redirect.github.com/symfony/messenger/compare/v7.2.1...v7.2.3)

**Changelog**
(symfony/messenger@v7.2.2...v7.2.3)

- bug
[symfony/symfony#59513](https://redirect.github.com/symfony/symfony/issues/59513)
\[Messenger ] Extract retry delay from nested
`RecoverableExceptionInterface` (@&#8203;AydinHassan)
- bug
[symfony/symfony#59508](https://redirect.github.com/symfony/symfony/issues/59508)
\[Messenger] \[AMQP] Improve AMQP connection issues
([@&#8203;AurelienPillevesse](https://redirect.github.com/AurelienPillevesse))
- bug
[symfony/symfony#59352](https://redirect.github.com/symfony/symfony/issues/59352)
\[Messenger] Fix `TransportMessageIdStamp` not always added
(@&#8203;HypeMC)
- bug
[symfony/symfony#59362](https://redirect.github.com/symfony/symfony/issues/59362)
\[Doctrine]\[Messenger] Prevents multiple TransportMessageIdStamp being
stored in envelope
([@&#8203;rtreffler](https://redirect.github.com/rtreffler))

</details>

<details>
<summary>symfony/runtime (symfony/runtime)</summary>

###
[`v7.2.3`](https://redirect.github.com/symfony/runtime/releases/tag/v7.2.3)

[Compare
Source](https://redirect.github.com/symfony/runtime/compare/v7.2.0...v7.2.3)

**Changelog**
(symfony/runtime@v7.2.2...v7.2.3)

-   no significant changes

</details>

<details>
<summary>symfony/security-bundle (symfony/security-bundle)</summary>

###
[`v7.2.3`](https://redirect.github.com/symfony/security-bundle/releases/tag/v7.2.3)

[Compare
Source](https://redirect.github.com/symfony/security-bundle/compare/v7.2.2...v7.2.3)

**Changelog**
(symfony/security-bundle@v7.2.2...v7.2.3)

- bug
[symfony/symfony#59339](https://redirect.github.com/symfony/symfony/issues/59339)
\[SecurityBundle] Remove outdated guard from security xsd schema
([@&#8203;chalasr](https://redirect.github.com/chalasr))
- bug
[symfony/symfony#59342](https://redirect.github.com/symfony/symfony/issues/59342)
\[SecurityBundle] Do not pass traceable authenticators to
`security.helper` (@&#8203;MatTheCat)

</details>

<details>
<summary>symfony/web-profiler-bundle
(symfony/web-profiler-bundle)</summary>

###
[`v7.2.3`](https://redirect.github.com/symfony/web-profiler-bundle/releases/tag/v7.2.3)

[Compare
Source](https://redirect.github.com/symfony/web-profiler-bundle/compare/v7.2.2...v7.2.3)

**Changelog**
(symfony/web-profiler-bundle@v7.2.2...v7.2.3)

- bug
[symfony/symfony#59292](https://redirect.github.com/symfony/symfony/issues/59292)
\[WebProfilerBundle] Fix event delegation on links inside toggles
([@&#8203;MatTheCat](https://redirect.github.com/MatTheCat))
- bug
[symfony/symfony#59229](https://redirect.github.com/symfony/symfony/issues/59229)
\[WebProfilerBundle] fix loading of toolbar stylesheet
([@&#8203;alexislefebvre](https://redirect.github.com/alexislefebvre))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/Runroom/archetype-symfony).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMjUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjEyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

@maxbeckers maxbeckers maxbeckers approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees
No one assigned
Labels
Bug SecurityBundle Status: Reviewed
Projects
None yet
Milestone
7.2
Development

Successfully merging this pull request may close these issues.
4 participants
@MatTheCat @fabpot @maxbeckers @carsonbot