From 5f29c8d649f8596d93de6038c89249fd00f6f252 Mon Sep 17 00:00:00 2001 From: Tugdual Saunier Date: Tue, 11 Apr 2023 19:34:57 -0400 Subject: [PATCH] [SecurityBundle] Set request stateless if the attribute is not already defined --- src/Symfony/Bundle/SecurityBundle/CHANGELOG.md | 2 +- .../Bundle/SecurityBundle/Security/FirewallMap.php | 2 +- .../Tests/Security/FirewallMapTest.php | 14 ++++++++++---- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index f71cea472f7de..5944c0b138f08 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -5,7 +5,7 @@ CHANGELOG --- * Deprecate enabling bundle and not configuring it - * Add `_stateless` attribute to the request when firewall is stateless + * Add `_stateless` attribute to the request when firewall is stateless and the attribute is not already set * Add `StatelessAuthenticatorFactoryInterface` for authenticators targeting `stateless` firewalls only and that don't require a user provider * Modify "icon.svg" to improve accessibility for blind/low vision users * Make `Security::login()` return the authenticator response diff --git a/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php b/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php index d0151d10f9a28..6f1bdfcdd4892 100644 --- a/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php +++ b/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php @@ -75,7 +75,7 @@ private function getFirewallContext(Request $request): ?FirewallContext /** @var FirewallContext $context */ $context = $this->container->get($contextId); - if ($context->getConfig()?->isStateless()) { + if ($context->getConfig()?->isStateless() && !$request->attributes->has('_stateless')) { $request->attributes->set('_stateless', true); } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php index 4acad02e65225..fdf9c3d53a3c7 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php @@ -57,10 +57,9 @@ public function testGetListenersWithInvalidParameter() $this->assertFalse($request->attributes->has('_stateless')); } - public function testGetListeners() + /** @dataProvider providesStatefulStatelessRequests */ + public function testGetListeners(Request $request, bool $expectedState) { - $request = new Request(); - $firewallContext = $this->createMock(FirewallContext::class); $firewallConfig = new FirewallConfig('main', 'user_checker', null, true, true); @@ -89,6 +88,13 @@ public function testGetListeners() $this->assertEquals([[$listener], $exceptionListener, $logoutListener], $firewallMap->getListeners($request)); $this->assertEquals($firewallConfig, $firewallMap->getFirewallConfig($request)); $this->assertEquals('security.firewall.map.context.foo', $request->attributes->get(self::ATTRIBUTE_FIREWALL_CONTEXT)); - $this->assertTrue($request->attributes->get('_stateless')); + $this->assertEquals($expectedState, $request->attributes->get('_stateless')); + } + + public static function providesStatefulStatelessRequests(): \Generator + { + yield [new Request(), true]; + yield [new Request(attributes: ['_stateless' => false]), false]; + yield [new Request(attributes: ['_stateless' => true]), true]; } }