Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to use NotCompromisedPasswordValidator in tests/dev? #30871

Closed
nicolas-grekas opened this Issue Apr 5, 2019 · 5 comments

Comments

Projects
None yet
6 participants
@nicolas-grekas
Copy link
Member

commented Apr 5, 2019

Asked on https://symfony.com/blog/new-in-symfony-4-3-compromised-password-validator
What's the recommended way to test/dev with the validator added on entities via annotations?

@xabbuh xabbuh added the Validator label Apr 5, 2019

@stof

This comment has been minimized.

Copy link
Member

commented Apr 5, 2019

Maybe we could register a no-op ConstraintValidator for that constraint in testing mode (not sure about dev mode though)

@nicolas-grekas

This comment has been minimized.

Copy link
Member Author

commented Apr 5, 2019

Using a MockHttpClient could do it also, not sure how easy it would be though.

@lyrixx

This comment has been minimized.

Copy link
Member

commented Apr 5, 2019

It would be nice to be able to use DIC parameter:

/**
 * Assert\NotPwnedValidator(disabled="%kernel.debug%")
 */
private $email

BTW, we have such behavior in an internal project for google recaptcha;


class RecaptchaValidator extends ConstraintValidator
{
    private $enabled;
    private $privateKey;
    private $requestStack;
    private $httpClient;

    public function __construct(array $recaptchaConfig, RequestStack $requestStack, HttpClient $httpClient)
    {
        $this->enabled = $recaptchaConfig['enabled'];
        $this->privateKey = $recaptchaConfig['private_key'];
        $this->requestStack = $requestStack;
        $this->httpClient = $httpClient;
    }

    /**
     * {@inheritdoc}
     */
    public function validate($value, Constraint $constraint)
    {
        // if recaptcha is disabled, always valid
        if (!$this->enabled) {
            return;
        }
@stof

This comment has been minimized.

Copy link
Member

commented Apr 5, 2019

Well, this enabled option is in the Validator, not in the constraint. So you would not apply it in the annotation.
But FrameworkBundle could indeed have a configuration option to disable the validation logic (similar to what we do for the strict mode of the email validator)

@curry684

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

Given that this issue will come up more frequently now that we have an HTTP client - shouldn't we introduce some global setting that disables all external dependencies, that defaults to framework.testing?

@lyrixx lyrixx self-assigned this Apr 6, 2019

@lyrixx lyrixx changed the title How to use NotPwnedValidator in tests/dev? How to use NotCompromisedPasswordValidator in tests/dev? Apr 6, 2019

@lyrixx lyrixx removed their assignment Apr 6, 2019

@fabpot fabpot closed this Apr 6, 2019

fabpot added a commit that referenced this issue Apr 6, 2019

feature #30932 [Validator] Add an option to disable NotCompromisedPas…
…swordValidator (lyrixx)

This PR was merged into the 4.3-dev branch.

Discussion
----------

[Validator] Add an option to disable NotCompromisedPasswordValidator

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #30871
| License       | MIT
| Doc PR        | symfony/symfony-docs#11327

EUFOSSA

Commits
-------

9a2787e [Validator] Add an option to disable NotCompromisedPasswordValidator
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.