bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is no…

…t found (nicolas-grekas) This PR was merged into the 3.4 branch. Discussion ---------- [SecurityBundle] Dont throw if "security.http_utils" is not found | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #27445 | License | MIT | Doc PR | - The comment + test were misleading, the actual important thing is wiring `AddSessionDomainConstraintPass` before removing passes, which is already the case already. Commits ------- db88330 [SecurityBundle] Dont throw if "security.http_utils" is not found
symfony · Jun 29, 2018 · 6e5c15d · 6e5c15d
1 parent 410a58b
commit 6e5c15d
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 15 deletions.
diff --git a/...ony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php b/...ony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php
@@ -26,15 +26,14 @@ class AddSessionDomainConstraintPass implements CompilerPassInterface
      */
     public function process(ContainerBuilder $container)
     {
-        if (!$container->hasParameter('session.storage.options')) {
+        if (!$container->hasParameter('session.storage.options') || !$container->has('security.http_utils')) {
             return;
         }
 
         $sessionOptions = $container->getParameter('session.storage.options');
         $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
         $domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;
 
-        // if the service doesn't exist, an exception must be thrown - ignoring would put security at risk
         $container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));
     }
 }
diff --git a/.../SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php b/.../SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php
@@ -96,19 +96,6 @@ public function testNoSession()
         $this->assertTrue($utils->createRedirectResponse($request, 'http://pirate.com/foo')->isRedirect('http://pirate.com/foo'));
     }
 
-    /**
-     * @expectedException \Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException
-     * @expectedExceptionMessage You have requested a non-existent service "security.http_utils".
-     */
-    public function testNoHttpUtils()
-    {
-        $container = new ContainerBuilder();
-        $container->setParameter('session.storage.options', array());
-
-        $pass = new AddSessionDomainConstraintPass();
-        $pass->process($container);
-    }
-
     private function createContainer($sessionStorageOptions)
     {
         $container = new ContainerBuilder();