Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RTM] Match security firewall based on request scope #677

Merged
merged 16 commits into from
Jan 23, 2017

Conversation

aschempp
Copy link
Member

@aschempp aschempp commented Jan 22, 2017

There is one fundamental problem in the current implementation:

  • There is a frontend and a backend firewall context based on the route (= path / pattern).
  • Each route can have a _scope that defines TL_MODE.
  • These two are independet, so theroretically a route with a path that matches the frontend firewall scope can have a _scope attribute backend.

With this PR the firewall is no longer matching the path but only the request scope. This also means a route without request scope will no longer have a Contao firewall.

This also replaces #619 as a request matcher is the right way to detect Contao frontend or backend.

TODOs

  • Update unit tests
  • Update DEPRECATED.md

@bytehead
Copy link
Member

👍

@leofeyer leofeyer assigned leofeyer and aschempp and unassigned leofeyer Jan 23, 2017
@leofeyer leofeyer added this to the 4.4.0 milestone Jan 23, 2017
@aschempp
Copy link
Member Author

PR is updated to use the new request matchers instead of the ScopeAwareTrait. One thing to discuss is the class name RequestContext. It's not that wrong because context is what it's called in the firewall, but there already is a RequestContext class in Symfony which could be confusing.

@aschempp aschempp changed the title Match security firewall based on request scope [RFC] Match security firewall based on request scope Jan 23, 2017
}

/**
* Checks whether the request is a Contao the master request.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

… is a Contao master request.

@aschempp aschempp changed the title [RFC] Match security firewall based on request scope [RTM] Match security firewall based on request scope Jan 23, 2017
@leofeyer leofeyer merged commit d4c2efc into contao:develop Jan 23, 2017
@aschempp aschempp deleted the security-matcher branch January 23, 2017 16:51
agoat pushed a commit to agoat/contao-core-bundle that referenced this pull request Apr 10, 2017
* Make Symfony 3.2 the minimum requirement (see contao#630).

* Set the encryption key from the kernel secret by default (see contao#660).

* Stop using the deprecated QuestionHelper::setInputStream() method.

* Update Dropzone to version 4.

* Prefer the caret operator over the tilde operator in the composer.json file.

* Add the contao.root_dir parameter (see contao#662).

* Update the change log.

* Stop using the contao-components/all meta package.

* Update the README.md file.

* Deprecate the contao:version command (see contao#668).

* Update the installation path.

* Auto-select the active page in the quick navigation/link module (see contao/core#8587).

* Look up the form class and allow to choose the type (see contao/core#8527).

* Add PHP Toolbox support (see contao#565).

* Remove the arrow brackets in the book navigation template (see contao/core#8607).

* Add a bottom padding to the buttons layer.

* Add the contao.web_dir parameter (see contao/installation-bundle#40).

* Fix the tests.

* Match security firewall based on request scope (see contao#677).

* Fix an issue found by Scrutinizer.

* Use the contao.web_dir parameter in the Combiner (see contao#679).

* Fix the tests.

* Add stripRootDir() method to System class (see contao#683).

* Add the contao.image.target_dir parameter (see contao#684).

* The ContaoCoreExtension::overwriteImageTargetDir() is not deprecated.

* Support custom backend routes (see contao#512).

* Use the scope matcher instead of checking the request attribute (see contao#688).

* Replace every occurrence of $contaoFramework with $framework.

* Fix an issue found by Scrutinizer.

* Fix deprecations in unit tests (see contao#687).

* Added a DBAL field type for UUIDs (see contao#415).

* Support importing form field options from a CSV field (see contao#444).

* Fix the coding style and the unit tests.

* Add the Doctrine field type in the config.yml file.

doctrine:
    dbal:
        types:
            binary_string:
                class: "Contao\\CoreBundle\\Doctrine\\DBAL\\Types\\BinaryStringType"
                commented: true

* Add a basic unit test for the BackendCsvImportController class.

* Update the change log.

* Fix rebuilding the search index (see contao#689).

* Also handle „no origin“ and „empty origin“ in the CORS provider.

* Remove an unused use statement.

* Remove the security.yml file and update the README.md file.

* Improve the e-mail extraction in the text element (thanks to Martin Auswöger).

* Rename the Test namespace to Tests.

* Update the composer.json file.

* Update the .php_cs file.

* Raise the minimum PHP version to 5.6 (see contao#701).

* Support using objects in callback arrays (see contao#699).

* Use try-finally blocks to close all output buffers when downloading a file (see contao#714).

* Fix the coding style.

* Only prefix an all numeric alias when standardizing (see contao#707).

* Adjust the test namespaces.

* Allow to manually pass a value to any widget (see contao#674).

* Add a change log entry and fix the tests.

* Disable the picker buttons if the main window does not show a picker.

* Use the file manager instead of the file picker.

* Use the site structure instead of the page picker.

* Always show the selected nodes.

* Add the menu builder.
leofeyer added a commit that referenced this pull request Aug 30, 2019
Description
-----------

This is a follow-up on #657, #677 and #682. It implements the new template loading by looking up the keys in `TL_CTE`, `TL_FFL` and `FE_MOD` as discussed in Mumble on August 29th.

Commits
-------

de3089b7 Hide mod_article_list when searching for custom mod_article templates
7b6ce852 Replace "root template" with "bundle template"
1ee232da Support passing an additional mapper array as second argument
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants