8000 [SecurityBundle] Allow for custom logout request matcher by ro0NL · Pull Request #22572 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[SecurityBundle] Allow for custom logout request matcher #22572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[SecurityBundle] Allow for custom logout request matcher #22572

wants to merge 1 commit into from

Conversation

ro0NL
Copy link
Contributor
@ro0NL ro0NL commented Apr 28, 2017
edited
Loading
Q A
Branch? master
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes/no
Fixed tickets #22473
License MIT
Doc PR symfony/symfony-docs#...

So you can do something like

logout:
  path: ~
  request_matcher: my_logout_matcher

and bypass path-matching, or combine it with a custom check afterwards.

Should go after #22574 and #22584

ogizanagi
ogizanagi reviewed Apr 28, 2017
View reviewed changes
src/Symfony/Component/Security/Http/Firewall/LogoutListener.php Outdated
*
* @param RequestMatcherInterface $requestMatcher
*/
public function setRequestMatcher(RequestMatcherInterface $requestMatcher)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cannot it be passed as a new optional constructor argument rather than by using a method call?

I'm not sure someone is supposed to replace the abstract service definition, so it shouldn't be an issue.

@ro0NL ro0NL mentioned this pull request Apr 28, 2017
Closed
@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Apr 28, 2017
fabpot added a commit that referenced this pull request Apr 28, 2017
@fabpot
minor #22574 [Security] Fix phpdoc logout listener (ro0NL)
af15ead 
This PR was squashed before being merged into the 2.7 branch (closes #22574).

Discussion
----------

[Security] Fix phpdoc logout listener

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!--highly recommended for new features-->

Separated from #22572

Commits
-------

e843924 [Security] Fix phpdoc logout listener
@ro0NL ro0NL mentioned this pull request Apr 28, 2017
Closed
@ro0NL
Copy link
Contributor Author
ro0NL commented Apr 29, 2017

Looking at the firewall configuration, which allows either request_matcher or pattern. So i think this should follow the same approach, as well as #22578

Status: needs work

@ro0NL
Copy link
Contributor Author
ro0NL commented Apr 29, 2017

Then again.. the logout path is needed for url generation and enables using routes (also for matching). So tend to keep it as is :)

Status: needs review

@ro0NL ro0NL mentioned this pull request Apr 29, 2017
Merged
fabpot added a commit that referenced this pull request May 11, 2017
@fabpot
bug #22584 [Security] Avoid unnecessary route lookup for empty logout…
2a288db 
… path (ro0NL)

This PR was merged into the 2.7 branch.

Discussion
----------

[Security] Avoid unnecessary route lookup for empty logout path

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no-ish
| Deprecations? | no
| Tests pass?   | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!--highly recommended for new features-->

i first included this with #22572 where having `logout: { path: ~ }` makes more sense for disabling logout path matching/generation. But currently it's already allowed and causes an unneeded route lookup and url generation.

Commits
-------

2967807 [Security] Avoid unnecessary route lookup for empty logout path
@nicolas-grekas nicolas-grekas changed the base branch from master to 3.4 May 23, 2017 17:03
@nicolas-grekas
Copy link
Member

rebase needed

weaverryan
weaverryan requested changes Sep 26, 2017
View reviewed changes
src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
return $this->httpUtils->checkRequestPath($request, $this->options['logout_path']);
if (!isset($this->options['logout_path']) && null === $this->requestMatcher) {
return false;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this condition be allowed at all? This seems invalid: you should pass one or the other. We could catch this with validation in MainConfiguration (and an exception here). We should probably also not allow both to be set.

@nicolas-grekas
Copy link
Member

Moving to 4.1. Rebase on master might be needed, where PHP 7.1 features can be used btw.

@nicolas-grekas nicolas-grekas modified the milestones: 3.4, 4.1 Oct 8, 2017
@nicolas-grekas nicolas-grekas modified the milestones: 4.1, next Apr 20, 2018
@ro0NL ro0NL closed this Nov 25, 2018
@ro0NL ro0NL deleted the logout-requestmatcher branch November 25, 2018 17:37
@nicolas-grekas nicolas-grekas modified the milestones: next, 4.3 Apr 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ogizanagi ogizanagi ogizanagi left review comments

@weaverryan weaverryan weaverryan requested changes

Assignees
No one assigned
Labels
Feature SecurityBundle Status: Needs Review
Projects
None yet
Milestone
4.3
Development

Successfully merging this pull request may close these issues.
5 participants
@ro0NL @nicolas-grekas @weaverryan @ogizanagi @carsonbot
0