security-http (LogoutUrlGenerator) error #47577
Comments
|
Can you create a small example application that allows to reproduce your issue? |
|
@xabbuh I have created minimal app to show issue: |
|
Hi, fwiw we're getting this error too. I'm getting the exact same error trace as the OP whenever there is a 500 error. Some observations:
|
|
@specky-rum Yes, this error happens in process of collecting data for displaying actual error in dev (Web Profiler) environment. SecurityDataCollector tries to get logout URL, but generator throws error because of no request in RequestStack. So there are two problems: why there is no request in RequestStack at this point (some time ago this problem did not exist so maybe it was introduced in some latest versions of Symfony), and why generateLogoutUrl is not checking for null value which is legal return value for getCurrentRequest so it should be handled in my opinion - then SecurityDataCollector will silently fetch thrown Exception as described in comments (fail silently when the logout URL cannot be generated), but only Exceptions are catched, not errors. |
|
Can confirm this issue with symfony/symfony 4.4.45 too. |
|
I too am experiencing the problem whenever an exception occurs. |
|
Thanks to @krzyc's reproducer and git-bisect, I've been able to track this down to this change: #47358 This has been identified in another profiler related issue as well: #47405 (comment) |
|
Also having this issue with 6.1.5 6.1.3 works, thanks @wouterj "extra": {
"symfony": {
"allow-contrib": false,
"require": "<=6.1.3"
}
} |
|
Having this exception in 5.4.13 |
|
On 6.0.13 |
|
For those on the 5.4.x branch, restricting to 5.4.12 works ! "extra": {
"symfony": {
"allow-contrib": false,
"require": "<=5.4.12"
}
}(thanks @Padam87 for the idea) |
|
Great to see so many people have found this issue, it means we have many candidates to work on a fix :) In the other issue, a more in-depth search has been done and the root cause has been found: #47405 (comment) (the root cause being that there is no request while collecting data). Anyone up for a PR to fix the issue? |
|
@wouterj the SecurityDataCollector already wraps the call to Changing this to catch any $logoutUrl = null;
try {
$logoutUrl = $this->logoutUrlGenerator?->getLogoutPath();
} catch (\Throwable) {
// fail silently when the logout URL cannot be generated
}Would this suffice as a PR if I submitted it? |
|
@wouterj Personally I think that generating proper exception is cleaner then intercepting error - there is a PR already submitted: https://github.com/symfony/symfony/pull/27175/files |
|
Adding the |
|
For those that, like me, end up in a situation where this is hiding exceptions but you cannot downgrade without breaking other features, just add some code directly in |
This problem originates in terminateWithException of HttpKernel. Pushing request to requestStack before calling handleThrowable (https://github.com/symfony/http-kernel/blob/6.1/HttpKernel.php#L109) in terminateWithException function fixes problem. @xabbuh Do you think this is correct solution? (I have submitted a PR). It is called by exceptionHandler from DebugHandlersListener. Before cited commit #47358 requestStack was not empty because it was popped in finishRequest. |
… exception (krzyc) This PR was squashed before being merged into the 4.4 branch. Discussion ---------- [HttpKernel] Fix empty request stack when terminating with exception | Q | A | ------------- | --- | Branch? | 4.4, 5.4, 6.0, 6.1, 6.2 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #47577 | License | MIT | Doc PR | After #47358 the RequestStack is empty when request terminates with exception, which prevents SecurityDataCollector to generate logout URL and generates fatal error. Commits ------- e4d6e7b [HttpKernel] Fix empty request stack when terminating with exception
|
For those on the 4.4.x branch, restricting to 4.4.44 works! |
Symfony version(s) affected
4.4.44
Description
Method generateLogoutUrl of LogoutUrlGenerator throws "Call to a member function getBaseUrl() on null" error.
It can be reproduced by generating error after authenticating as a user. Error is not present after logging out.
Similar issue is described on #27174
On Symfony 6.1 this problem does not occur on same setup.
Tested using PHP 8.1 (Ubuntu supplied) with built in server.
How to reproduce
Install symfony/website-skeleton:"^4.4" with dev environment
Add db based authentication
Login
Generate error
Possible Solution
Checking for null request in LogoutUrlGenerator - there was previously supplied PR which fixes this problem:
#27175
It was rejected because problem was not reproduced (or should not exist).
But I think that in any case if called function can return null then it should be checked against null before calling its methods.
Additional Context
Call to a member function getBaseUrl() on null
Exception Stack Trace
Error
in vendor/symfony/security-http/Logout/LogoutUrlGenerator.php (line 110)
in vendor/symfony/security-http/Logout/LogoutUrlGenerator.php -> generateLogoutUrl (line 64)
in vendor/symfony/security-bundle/DataCollector/SecurityDataCollector.php -> getLogoutPath (line 136)
in vendor/symfony/http-kernel/Profiler/Profiler.php -> collect (line 178)
in vendor/symfony/http-kernel/EventListener/ProfilerListener.php -> collect (line 100)
in vendor/symfony/event-dispatcher/Debug/WrappedListener.php -> onKernelResponse (line 126)
in vendor/symfony/event-dispatcher/EventDispatcher.php -> __invoke (line 264)
in vendor/symfony/event-dispatcher/EventDispatcher.php -> doDispatch (line 239)
in vendor/symfony/event-dispatcher/EventDispatcher.php -> callListeners (line 73)
in vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php -> dispatch (line 168)
in vendor/symfony/http-kernel/HttpKernel.php -> dispatch (line 192)
in vendor/symfony/http-kernel/HttpKernel.php -> filterResponse (line 245)
in vendor/symfony/http-kernel/HttpKernel.php -> handleThrowable (line 115)
in vendor/symfony/http-kernel/EventListener/DebugHandlersListener.php -> terminateWithException (line 129)
in vendor/symfony/error-handler/ErrorHandler.php :: Symfony\Component\HttpKernel\EventListener{closure} (line 601)
ErrorHandler->handleException()
The text was updated successfully, but these errors were encountered: