[SecurityBundle] Set request stateless if the attribute is not alread…

…y defined
symfony · Apr 11, 2023 · 5f29c8d · 5f29c8d
1 parent 6b92f5d
commit 5f29c8d
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -5,7 +5,7 @@ CHANGELOG
 ---
 
  * Deprecate enabling bundle and not configuring it
- * Add `_stateless` attribute to the request when firewall is stateless
+ * Add `_stateless` attribute to the request when firewall is stateless and the attribute is not already set
  * Add `StatelessAuthenticatorFactoryInterface` for authenticators targeting `stateless` firewalls only and that don't require a user provider
  * Modify "icon.svg" to improve accessibility for blind/low vision users
  * Make `Security::login()` return the authenticator response

diff --git a/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php b/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php
@@ -75,7 +75,7 @@ private function getFirewallContext(Request $request): ?FirewallContext
                 /** @var FirewallContext $context */
                 $context = $this->container->get($contextId);
 
-                if ($context->getConfig()?->isStateless()) {
+                if ($context->getConfig()?->isStateless() && !$request->attributes->has('_stateless')) {
                     $request->attributes->set('_stateless', true);
                 }
 

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php
@@ -57,10 +57,9 @@ public function testGetListenersWithInvalidParameter()
         $this->assertFalse($request->attributes->has('_stateless'));
     }
 
-    public function testGetListeners()
+    /** @dataProvider providesStatefulStatelessRequests */
+    public function testGetListeners(Request $request, bool $expectedState)
     {
-        $request = new Request();
-
         $firewallContext = $this->createMock(FirewallContext::class);
 
         $firewallConfig = new FirewallConfig('main', 'user_checker', null, true, true);
@@ -89,6 +88,13 @@ public function testGetListeners()
         $this->assertEquals([[$listener], $exceptionListener, $logoutListener], $firewallMap->getListeners($request));
         $this->assertEquals($firewallConfig, $firewallMap->getFirewallConfig($request));
         $this->assertEquals('security.firewall.map.context.foo', $request->attributes->get(self::ATTRIBUTE_FIREWALL_CONTEXT));
-        $this->assertTrue($request->attributes->get('_stateless'));
+        $this->assertEquals($expectedState, $request->attributes->get('_stateless'));
+    }
+
+    public static function providesStatefulStatelessRequests(): \Generator
+    {
+        yield [new Request(), true];
+        yield [new Request(attributes: ['_stateless' => false]), false];
+        yield [new Request(attributes: ['_stateless' => true]), true];
     }
 }