-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update security config to use the new authenticator-based system #13507
Update security config to use the new authenticator-based system #13507
Conversation
7b2749f
to
d43638c
Compare
@Zales0123 @lchrusciel |
BTW i'm not sure about about password hashing config (the three lines with |
Hum... In a Symfony app, that should be auto. I think we can do this in another PR. |
The lines were added in #12329, so I suppose it has something to do with tests maybe. And there's no need to |
For the auto configuration, it's configured via flex recipe => https://github.com/symfony/recipes/blob/master/symfony/security-bundle/5.3/config/packages/security.yaml |
So I guess I'll remove these lines in a separate PR then, and we'll see whether tests will still pass? 😁 Does that sound okay? |
I also agree to remove it in a separate PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot! However, this config is used only in test env. Perhaps, we should add some recommendation in UPGRADE.md
The base of this pull-request was changed, you need fetch and reset your local branch Unless you added new commits (to this branch) locally that you did not push yet, Feel free to ask for assistance when you get stuck 👍 |
d43638c
to
d489119
Compare
@lchrusciel but this change is specific to Symfony 5.1+. Shouldn't it target master since that's the only place where Symfony 4.4 is no longer supported? |
The base of this pull-request was changed, you need fetch and reset your local branch Unless you added new commits (to this branch) locally that you did not push yet, Feel free to ask for assistance when you get stuck 👍 |
d489119
to
92dc36a
Compare
Hey Rimas, my mistake. Thanks for mentioning it |
Thanks, Rimas! 🎉 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rimas-kudelis If I see correctly, you've changed only security.yaml
file in the test application in ApiBundle, what about the main application config/packages/security.yaml
?
@GSadee ouch, that one somehow escaped my attention. |
This patch migrates security config to the new authenticator-based system introduced in Symfony 5.1.
Guard-based authentication has been deprecated in Symfony 5.3. Luckily, not much needs to change for us since Sylius didn't have any custom Guard authenticators to begin with.
The patch also drops
always_authenticate_before_granting: true
from config. This option has been deprecated since Symfony 5.4, and it's unclear why or whether at all it was needed in the first place, and it caused me personally some headache (see symfony/symfony#43375).Similar PR for Sylius Standard: Sylius/Sylius-Standard#660.