# Fix bad method call with guard authentication + session migration #27581

Closed
wants to merge 4 commits into
from
+64 −8

## Conversation

Projects
None yet
4 participants
Member

### weaverryan commented Jun 11, 2018

Q A
Branch? 2.8
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no (but there needs to be on master)
Tests pass? yes
Fixed tickets #27577
Doc PR n/a

I messed up #27452 :/. Guard is the one class where the session migration is not on the listener, it's on the handler. The tricky part is that there is only ONE handler (unlike listeners where there is 1 listener per firewall). That means that implementing a session migration strategy that avoids stateless firewalls was a bit more tricky: I could only think to inject a map into GuardAuthenticationHandler. On the bright side, this also fixes session migration (not happening) when people call the authenticateUserAndHandleSuccess() method directly.

On master, we'll need to add a deprecation to make the 3rd argument of authenticateWithToken() required - it's optional now for BC. We may also need to re-order the constructor args.

I DID test this in a real 2.8 project, to make sure that things were properly wired up. Apologies for not doing that for the other PR.

Cheers!

### weaverryan referenced this pull request Jun 11, 2018

Closed

#### [Security] Method "GuardAuthenticationListener::setSessionAuthenticationStrategy()" does not exist #27577

 Fixing guard authentication + session migration 
The original setter was put onto the wrong class. The handler is a bit
more difficult, as there is one handler only. So, we need to pass in
a statelessFirewalls array so we know whether or not to migrate the
session
 cd73af2 

### chalasr requested changes Jun 11, 2018

#### nicolas-grekas Jun 12, 2018

Member

(TokenInterface $token, Request$request/*, string \$providerKey */)

 tweak phpdoc 
 d689e55 

Member

### chalasr commented Jun 12, 2018

 Thank you @weaverryan.

### chalasr added a commit that referenced this pull request Jun 12, 2018

 bug #27581 Fix bad method call with guard authentication + session mi… 
…gration (weaverryan)

This PR was squashed before being merged into the 2.8 branch (closes #27581).

Discussion
----------

Fix bad method call with guard authentication + session migration

| Q             | A
| ------------- | ---
| Branch?       | 2.8
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no (but there needs to be on master)
| Tests pass?   | yes
| Fixed tickets | #27577
| Doc PR        | n/a

I messed up #27452 :/. Guard is the one class where the session migration is not on the listener, it's on the handler. The tricky part is that there is only ONE handler (unlike listeners where there is 1 listener per firewall). That means that implementing a session migration strategy that avoids stateless firewalls was a bit more tricky: I could only think to inject a map into GuardAuthenticationHandler. On the bright side, this also fixes session migration (not happening) when people call the authenticateUserAndHandleSuccess() method directly.

On master, we'll need to add a deprecation to make the 3rd argument of authenticateWithToken() required - it's optional now for BC. We may also need to re-order the constructor args.

I DID test this in a real 2.8 project, to make sure that things were properly wired up. Apologies for not doing that for the other PR.

Cheers!

Commits
-------

2c0ac93 Fix bad method call with guard authentication + session migration
 2643ec8 

Merged

Merged

Merged

Merged