8000 Merge branch '5.0' · symfony/symfony@3987914 · GitHub
[go: up one dir, main page]
Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 3987914

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '5.0'
* 5.0: [HttpFoundation] Do not set the default Content-Type based on the Accept header [Security] Fix access_control behavior with unanimous decision strategy
2 parents 8ea7c26 + a92ffff commit 3987914

File tree

8 files changed

+76
-16
lines changed

8 files changed

+76
-16
lines changed

src/Symfony/Component/ErrorHandler/ErrorRenderer/SerializerErrorRenderer.php

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\ErrorHandler\ErrorRenderer;
1313

1414
use Symfony\Component\ErrorHandler\Exception\FlattenException;
15+
use Symfony\Component\HttpFoundation\Request;
1516
use Symfony\Component\HttpFoundation\RequestStack;
1617
use Symfony\Component\Serializer\Exception\NotEncodableValueException;
1718
use Symfony\Component\Serializer\SerializerInterface;
@@ -30,6 +31,7 @@ class SerializerErrorRenderer implements ErrorRendererInterface
3031

3132
/**
3233
* @param string|callable(FlattenException) $format The format as a string or a callable that should return it
34+
* formats not supported by Request::getMimeTypes() should be given as mime types
3335
* @param bool|callable $debug The debugging mode as a boolean or a callable that should return it
3436
*/
3537
public function __construct(SerializerInterface $serializer, $format, ErrorRendererInterface $fallbackErrorRenderer = null, $debug = false)
@@ -64,11 +66,16 @@ public function render(\Throwable $exception): FlattenException
6466

6567
try {
6668
$format = \is_string($this->format) ? $this->format : ($this->format)($flattenException);
69+
$headers = [
70+
'Content-Type' => Request::getMimeTypes($format)[0] ?? $format,
71+
'Vary' => 'Accept',
72+
];
6773

6874
return $flattenException->setAsString($this->serializer->serialize($flattenException, $format, [
6975
'exception' => $exception,
7076
'debug' => $debug,
71-
]));
77+
]))
78+
->setHeaders($flattenException->getHeaders() + $headers);
7279
} catch (NotEncodableValueException $e) {
7380
return $this->fallbackErrorRenderer->render($exception);
7481
}

src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1566,7 +1566,9 @@ public function isNoCache()
15661566
* Gets the preferred format for the response by inspecting, in the following order:
15671567
* * the request format set using setRequestFormat
15681568
* * the values of the Accept HTTP header
1569-
* * the content type of the body of the request.
1569+
*
1570+
* Note that if you use this method, you should send the "Vary: Accept" header
1571+
* in the response to prevent any issues with intermediary HTTP caches.
15701572
*/
15711573
public function getPreferredFormat(?string $default = 'html'): ?string
15721574
{

src/Symfony/Component/HttpFoundation/Response.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -270,7 +270,7 @@ public function prepare(Request $request)
270270
} else {
271271
// Content-type based on the Request
272272
if (!$headers->has('Content-Type')) {
273-
$format = $request->getPreferredFormat(null);
273+
$format = $request->getRequestFormat(null);
274274
if (null !== $format && $mimeType = $request->getMimeType($format)) {
275275
$headers->set('Content-Type', $mimeType);
276276
}

src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -500,12 +500,25 @@ public function testPrepareDoesNothingIfRequestFormatIsNotDefined()
500500
$this->assertEquals('text/html; charset=UTF-8', $response->headers->get('content-type'));
501501
}
502502

503+
/**
504+
* Same URL cannot produce different Content-Type based on the value of the Accept header,
505+
* unless explicitly stated in the response object.
506+
*/
507+
public function testPrepareDoesNotSetContentTypeBasedOnRequestAcceptHeader()
508+
{
509+
$response = new Response('foo');
510+
$request = Request::create('/');
511+
$request->headers->set('Accept', 'application/json');
512+
$response->prepare($request);
513+
514+
$this->assertSame('text/html; charset=UTF-8', $response->headers->get('content-type'));
515+
}
516+
503517
public function testPrepareSetContentType()
504518
{
505519
$response = new Response('foo');
506520
$request = Request::create('/');
507521
$request->setRequestFormat('json');
508-
$request->headers->remove('accept');
509522

510523
$response->prepare($request);
511524

src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,16 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA
5555
}
5656

5757
/**
58+
* @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array
59+
*
5860
* {@inheritdoc}
5961
*/
60-
public function decide(TokenInterface $token, array $attributes, $object = null)
62+
public function decide(TokenInterface $token, array $attributes, $object = null/*, bool $allowMultipleAttributes = false*/)
6163
{
62-
if (\count($attributes) > 1) {
64+
$allowMultipleAttributes = 3 < func_num_args() && func_get_arg(3);
65+
66+
// Special case for AccessListener, do not remove the right side of the condition before 6.0
67+
if (\count($attributes) > 1 && !$allowMultipleAttributes) {
6368
throw new InvalidArgumentException(sprintf('Passing more than one Security attribute to "%s()" is not supported.', __METHOD__));
6469
}
6570

src/Symfony/Component/Security/Http/Firewall/AccessListener.php

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -85,15 +85,7 @@ public function authenticate(RequestEvent $event)
8585
$this->tokenStorage->setToken($token);
8686
}
8787

88-
$granted = false;
89-
foreach ($attributes as $key => $value) {
90-
if ($this->accessDecisionManager->decide($token, [$key => $value], $request)) {
91-
$granted = true;
92-
break;
93-
}
94-
}
95-
96-
if (!$granted) {
88+
if (!$this->accessDecisionManager->decide($token, $attributes, $request, true)) {
9789
$exception = new AccessDeniedException();
9890
$exception->setAttributes($attributes);
9991
$exception->setSubject($request);

src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
use Symfony\Component\HttpKernel\Event\RequestEvent;
1717
use Symfony\Component\HttpKernel\HttpKernelInterface;
1818
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
19+
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
1920
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2021
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
2122
use Symfony\Component\Security\Http\AccessMapInterface;
@@ -227,4 +228,44 @@ public function testHandleWhenTheSecurityTokenStorageHasNoToken()
227228

228229
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MASTER_REQUEST));
229230
}
231+
232+
public function testHandleMWithultipleAttributesShouldBeHandledAsAnd()
233+
{
234+
$request = new Request();
235+
236+
$accessMap = $this->getMockBuilder('Symfony\Component\Security\Http\AccessMapInterface')->getMock();
237+
$accessMap
238+
->expects($this->any())
239+
->method('getPatterns')
240+
->with($this->equalTo($request))
241+
->willReturn([['foo' => 'bar', 'bar' => 'baz'], null])
242+
;
243+
244+
$authenticatedToken = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
245+
$authenticatedToken
246+
->expects($this->any())
247+
->method('isAuthenticated')
248+
->willReturn(true)
249+
;
250+
251+
$tokenStorage = new TokenStorage();
252+
$tokenStorage->setToken($authenticatedToken);
253+
254+
$accessDecisionManager = $this->getMockBuilder('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')->getMock();
255+
$accessDecisionManager
256+
->expects($this->once())
257+
->method('decide')
258+
->with($this->equalTo($authenticatedToken), $this->equalTo(['foo' => 'bar', 'bar' => 'baz']), $this->equalTo($request), true)
259+
->willReturn(true)
260+
;
261+
262+
$listener = new AccessListener(
263+
$tokenStorage,
264+
$accessDecisionManager,
265+
$accessMap,
266+
$this->createMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')
267+
);
268+
269+
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MASTER_REQUEST));
270+
}
230271
}

src/Symfony/Component/Security/Http/composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
],
1818
"require": {
1919
"php": "^7.2.5",
20-
"symfony/security-core": "^4.4|^5.0",
20+
"symfony/security-core": "^4.4.7|^5.0.7",
2121
"symfony/http-foundation": "^4.4.7|^5.0.7",
2222
"symfony/http-kernel": "^4.4|^5.0",
2323
"symfony/polyfill-php80": "^1.15",

0 commit comments

Comments
 (0)
0