Load the security bundle after the framework bundle #1903
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aschempp
approved these changes
Jul 4, 2020
|
Shouldn't we make sure to always load the Symfony framework bundle before all other Symfony bundles? Just like we always load the Contao manager bundle first: Maybe there are other Symfony bundles that react differently depending on whether the framework bundle is installed or not, too. |
|
Therefore the bundles, which refer to what framework bundle should be marked with the set load after. I check this again. |
|
I have now placed the framework bundle at the end in the manager bundle plugin. To test if the other bundles which are defined before don't cause an error. So everything should work with this pull request. |
|
Thank you @baumannsven. |
leofeyer
changed the title
discordier
added a commit
to discordier/manager-plugin
that referenced
this pull request
Aug 15, 2020
We now conflict with all previous 4.9 manager-bundle versions, as these do not contain the fixes from contao/contao#1903 which are needed to not break things for existing installations.
leofeyer
pushed a commit
to contao/manager-plugin
that referenced
this pull request
Aug 18, 2020
Description ----------- As discussed on Mumble on 2020-07-02, we want reproducible builds (as everyone else). However, Contao creates a `bundles.map` which can vary per host, directory, etc. despite using the very same `composer.lock` for input. This fixes that behaviour by sorting the loading order keys and therefore have an deterministic output of the resolved dependencies. Commits ------- 91d1173 Fix issue that loading order permutates per system As discussed on Mumble on 2020-07-02, we want reproducible builds (as everyone else). However, Contao creates a `bundles.map` which can vary per host, directory, etc. despite using the very same `composer.lock` for input. This fixes that behaviour by sorting the loading order keys and therefore have an deterministic output of the resolved dependencies. e510734 Merge configurations when bundles are provided multiple times When two extensions provide the same bundle to the system and both provide a config for `loadAfter` and `replace`, the values must get merged to a common array. When at least one of each sets `loadInProduction` or `loadInDevelopment`, the result must also get loaded then and not only the one coming arbitrary "last". Variance in config types is explicitely not handled so far and marked as FIXME for the moment as I have no clue how to handle these and the use case seems too narrow to handle them explicitely. bdc7339 Handle `setReplace` and `setLoadAfter` sorted To have predictable output, the results must be sorted, for functionality the order does not matter so this is fine. d9788e1 Fix coding standard issues dfb04e7 Fix for assertEquals => assertSame in test Now we have `assertSame` back at the expense of needing a loop. However, the result is now guaranteed to exactly match the expected output in order and contents. 8d8207b Yet another coding standard issue 172bedf Runtests five times with mt_srand(0) til mt_srand(4) We now run the tests five times with different random seeds to ensure the random sorting is predictable as well. This is a compromise between having "random" input values and predictable test output. 587f945 Drop FIXME After discussion we decided to keep the exception for the moment and revisit this as soon as some one encounteres a problem with it. 5561c93 Add conflict with Contao <4.9.4 We now conflict with all previous 4.9 manager-bundle versions, as these do not contain the fixes from contao/contao#1903 which are needed to not break things for existing installations. 96fc04c Replace `ksort` with `md5` comparison 4eb0b15 CI
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the extension of the security bundle, the parameter
%kernel.secret%is used. This provides the framework bundle. If it is not set, an error will occur after running composer (install|update).This has changed in version 4.4.1 of the security bundle.
https://github.com/symfony/security-bundle/blob/v4.4.1/DependencyInjection/SecurityExtension.php#L66
The Contao 4.4 LTS is not affected by this.
The error can be reproduced in the method
buildLoadingOrderof theConfigResolverwhich shuffle the loading order.https://github.com/contao/manager-plugin/blob/442c3b1360b2caa784cd38aa8b2997545f20f3e1/src/Bundle/Config/ConfigResolver.php#L95
And additionally in the manager bundle plugin the order of the security bundle and framework bundle is changed.
contao/manager-bundle/src/ContaoManager/Plugin.php
Lines 93 to 94 in 8637010