New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] #15764. Use SessionAuthenticationStrategy on RememberMe login #16108
Conversation
Doesn't this also affect Symfony 2.3? |
*/ | ||
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true) | ||
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true, SessionAuthenticationStrategyInterface $sessionStrategy) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new argument must be optional (people can use it outside the framework which would break their applications when upgrading).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xabbuh, made it optional
Status: Needs work |
@xabbuh, looks like it does, would it be better to create a PR for 2.3? |
@s12v If I did not overlook anything the switch can be done when merging. So there's no need to create a new pull request. |
@@ -53,6 +55,7 @@ public function __construct(TokenStorageInterface $tokenStorage, RememberMeServi | |||
$this->logger = $logger; | |||
$this->dispatcher = $dispatcher; | |||
$this->catchExceptions = $catchExceptions; | |||
$this->sessionStrategy = $sessionStrategy; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to add the declaration of this property.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xabbuh, oh, right, thanks!
Regenerate session ID with default session strategy
👍 for merge in 2.3. |
👍 |
*/ | ||
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true) | ||
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true, SessionAuthenticationStrategyInterface $sessionStrategy = null) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The $catchExceptions
argument is not in 2.3, so I'm going to merge this one on 2.7 instead.
Thank you @s12v. |
…memberMe login (s12v) This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes #16108). Discussion ---------- [Security] #15764. Use SessionAuthenticationStrategy on RememberMe login Regenerate session ID with default session strategy. | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #15764 | License | MIT | Doc PR | - Commits ------- 795c8b3 [Security] Use SessionAuthenticationStrategy on RememberMe login
Regenerate session ID with default session strategy.