Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Rename firewalls’ pattern to path #31496

Closed
wants to merge 1 commit into from
Closed

[Security] Rename firewalls’ pattern to path #31496

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
View file
Open in desktop
@@ -1,6 +1,11 @@
CHANGELOG
=========

4.4.0
-----

* Deprecated firewalls’ `pattern` option, use `path` instead

4.3.0
-----

Expand Down
23 changes: 18 additions & 5 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
View file
Open in desktop
Expand Up @@ -188,7 +188,10 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
;

$firewallNodeBuilder
->scalarNode('pattern')->end()
->scalarNode('pattern')
->setDeprecated('The "%path%.%node%" configuration key has been deprecated in Symfony 4.4. Use "path" instead.')
->end()
->scalarNode('path')->end()
->scalarNode('host')->end()
->arrayNode('methods')
->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
Expand Down Expand Up @@ -304,21 +307,31 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
}
}

// check for unreachable check paths
$firewallNodeBuilder
->end()
->validate()
->ifTrue(function (array $firewall) {
return isset($firewall['pattern']) && !isset($firewall['path']);
})
->then(function (array $firewall) {
$firewall['path'] = $firewall['pattern'];
unset($firewall['pattern']);

return $firewall;
})

// check for unreachable check paths
->ifTrue(function ($v) {
return true === $v['security'] && isset($v['pattern']) && !isset($v['request_matcher']);
return true === $v['security'] && isset($v['path']) && !isset($v['request_matcher']);
})
->then(function ($firewall) use ($abstractFactoryKeys) {
foreach ($abstractFactoryKeys as $k) {
if (!isset($firewall[$k]['check_path'])) {
continue;
}

if (false !== strpos($firewall[$k]['check_path'], '/') && !preg_match('#'.$firewall['pattern'].'#', $firewall[$k]['check_path'])) {
throw new \LogicException(sprintf('The check_path "%s" for login method "%s" is not matched by the firewall pattern "%s".', $firewall[$k]['check_path'], $k, $firewall['pattern']));
if (false !== strpos($firewall[$k]['check_path'], '/') && !preg_match('#'.$firewall['path'].'#', $firewall[$k]['check_path'])) {
throw new \LogicException(sprintf('The check_path "%s" for login method "%s" is not matched by the firewall path "%s".', $firewall[$k]['check_path'], $k, $firewall['path']));
}
}

Expand Down
6 changes: 3 additions & 3 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
View file
Open in desktop
Expand Up @@ -277,11 +277,11 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
$matcher = null;
if (isset($firewall['request_matcher'])) {
$matcher = new Reference($firewall['request_matcher']);
} elseif (isset($firewall['pattern']) || isset($firewall['host'])) {
$pattern = isset($firewall['pattern']) ? $firewall['pattern'] : null;
} elseif (isset($firewall['path']) || isset($firewall['host']) || !empty($firewall['methods'])) {
$path = $firewall['pattern'] ?? $firewall['path'] ?? null;
$host = isset($firewall['host']) ? $firewall['host'] : null;
$methods = isset($firewall['methods']) ? $firewall['methods'] : [];
$matcher = $this->createRequestMatcher($container, $pattern, $host, null, $methods);
$matcher = $this->createRequestMatcher($container, $path, $host, null, $methods);
}

$config->replaceArgument(2, $matcher ? (string) $matcher : null);
Expand Down
2 changes: 1 addition & 1 deletion ...ndle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php
View file
Open in desktop
Expand Up @@ -15,6 +15,6 @@
],
],
'firewalls' => [
'simple' => ['pattern' => '/login', 'security' => false],
'simple' => ['path' => '/login', 'security' => false],
],
]);
2 changes: 1 addition & 1 deletion ...undle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php
View file
Open in desktop
Expand Up @@ -11,6 +11,6 @@
],
],
'firewalls' => [
'simple' => ['pattern' => '/login', 'security' => false],
'simple' => ['path' => '/login', 'security' => false],
],
]);
2 changes: 1 addition & 1 deletion ...SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php
View file
Open in desktop
Expand Up @@ -14,6 +14,6 @@
],
],
'firewalls' => [
'simple' => ['pattern' => '/login', 'security' => false],
'simple' => ['path' => '/login', 'security' => false],
],
]);
2 changes: 1 addition & 1 deletion ...e/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php
View file
Open in desktop
Expand Up @@ -15,6 +15,6 @@
],
],
'firewalls' => [
'simple' => ['pattern' => '/login', 'security' => false],
'simple' => ['path' => '/login', 'security' => false],
],
]);
4 changes: 2 additions & 2 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
View file
Open in desktop
Expand Up @@ -65,7 +65,7 @@
],

'firewalls' => [
'simple' => ['provider' => 'default', 'pattern' => '/login', 'security' => false],
'simple' => ['provider' => 'default', 'path' => '/login', 'security' => false],
'secure' => ['stateless' => true,
'provider' => 'default',
'http_basic' => true,
Expand All @@ -80,7 +80,7 @@
],
'host' => [
'provider' => 'default',
'pattern' => '/test',
'path' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => ['GET', 'POST'],
'anonymous' => true,
Expand Down
2 changes: 1 addition & 1 deletion ...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php
View file
Open in desktop
Expand Up @@ -11,7 +11,7 @@
],
],
'firewalls' => [
'simple' => ['pattern' => '/login', 'security' => false],
'simple' => ['path' => '/login', 'security' => false],
'secure' => [
'stateless' => true,
'http_basic' => true,
Expand Down
2 changes: 1 addition & 1 deletion ...ndle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml
View file
Open in desktop
Expand Up @@ -13,6 +13,6 @@
</memory>
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" path="/login" security="false" />
</config>
</srv:container>
2 changes: 1 addition & 1 deletion ...undle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml
View file
Open in desktop
Expand Up @@ -11,6 +11,6 @@
</memory>
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" path="/login" security="false" />
</config>
</srv:container>
2 changes: 1 addition & 1 deletion ...SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml
View file
Open in desktop
Expand Up @@ -13,6 +13,6 @@
</memory>
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" path="/login" security="false" />
</config>
</srv:container>
2 changes: 1 addition & 1 deletion ...e/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml
View file
Open in desktop
Expand Up @@ -13,6 +13,6 @@
</memory>
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" path="/login" security="false" />
</config>
</srv:container>
4 changes: 2 additions & 2 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
View file
Open in desktop
Expand Up @@ -45,7 +45,7 @@
<chain providers="service, basic" />
</provider>

<firewall name="simple" pattern="/login" security="false" provider="default" />
<firewall name="simple" path="/login" security="false" provider="default" />

<firewall name="secure" stateless="true" provider="default">
<http-basic />
Expand All @@ -59,7 +59,7 @@
<remember-me secret="TheSecret"/>
</firewall>

<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" provider="default">
<firewall name="host" path="/test" host="foo\.example\.org" methods="GET,POST" provider="default">
<anonymous />
<http-basic />
</firewall>
Expand Down
2 changes: 1 addition & 1 deletion ...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml
View file
Open in desktop
Expand Up @@ -11,7 +11,7 @@
</memory>
</provider>

<firewall name="simple" pattern="/login" security="false" />
<firewall name="simple" path="/login" security="false" />

<firewall name="secure" stateless="true">
<http-basic />
Expand Down
2 changes: 1 addition & 1 deletion ...ndle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml
View file
Open in desktop
Expand Up @@ -8,4 +8,4 @@ security:
users:
foo: { password: foo, roles: ROLE_USER }
firewalls:
simple: { pattern: /login, security: false }
simple: { path: /login, security: false }
2 changes: 1 addition & 1 deletion ...undle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml
View file
Open in desktop
Expand Up @@ -5,4 +5,4 @@ security:
users:
foo: { password: foo, roles: ROLE_USER }
firewalls:
simple: { pattern: /login, security: false }
simple: { path: /login, security: false }
2 changes: 1 addition & 1 deletion ...SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml
View file
Open in desktop
Expand Up @@ -7,4 +7,4 @@ security:
users:
foo: { password: foo, roles: ROLE_USER }
firewalls:
simple: { pattern: /login, security: false }
simple: { path: /login, security: false }
2 changes: 1 addition & 1 deletion ...e/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml
View file
Open in desktop
Expand Up @@ -8,4 +8,4 @@ security:
users:
foo: { password: foo, roles: ROLE_USER }
firewalls:
simple: { pattern: /login, security: false }
simple: { path: /login, security: false }
4 changes: 2 additions & 2 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
View file
Open in desktop
Expand Up @@ -45,7 +45,7 @@ security:


firewalls:
simple: { pattern: /login, security: false }
simple: { path: /login, security: false }
secure:
provider: default
stateless: true
Expand All @@ -62,7 +62,7 @@ security:

host:
provider: default
pattern: /test
path: /test
host: foo\.example\.org
methods: [GET,POST]
anonymous: true
Expand Down
2 changes: 1 addition & 1 deletion ...y/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml
View file
Open in desktop
Expand Up @@ -6,7 +6,7 @@ security:
foo: { password: foo, roles: ROLE_USER }

firewalls:
simple: { pattern: /login, security: false }
simple: { path: /login, security: false }
secure:
stateless: true
http_basic: true
Expand Down
22 changes: 11 additions & 11 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
View file
Open in desktop
Expand Up @@ -26,7 +26,7 @@ class SecurityExtensionTest extends TestCase
{
/**
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
* @expectedExceptionMessage The check_path "/some_area/login_check" for login method "form_login" is not matched by the firewall pattern "/secured_area/.*".
* @expectedExceptionMessage The check_path "/some_area/login_check" for login method "form_login" is not matched by the firewall path "/secured_area/.*".
*/
public function testInvalidCheckPath()
{
Expand All @@ -39,7 +39,7 @@ public function testInvalidCheckPath()

'firewalls' => [
'some_firewall' => [
'pattern' => '/secured_area/.*',
'path' => '/secured_area/.*',
'form_login' => [
'check_path' => '/some_area/login_check',
],
Expand All @@ -65,7 +65,7 @@ public function testFirewallWithoutAuthenticationListener()

'firewalls' => [
'some_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
],
],
]);
Expand All @@ -91,7 +91,7 @@ public function testFirewallWithInvalidUserProvider()

'firewalls' => [
'some_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
'http_basic' => [],
],
],
Expand All @@ -113,7 +113,7 @@ public function testDisableRoleHierarchyVoter()

'firewalls' => [
'some_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
'http_basic' => null,
],
],
Expand All @@ -135,11 +135,11 @@ public function testGuardHandlerIsPassedStatelessFirewalls()

'firewalls' => [
'some_firewall' => [
'pattern' => '^/admin',
'path' => '^/admin',
'http_basic' => null,
],
'stateless_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
'stateless' => true,
'http_basic' => null,
],
Expand Down Expand Up @@ -251,7 +251,7 @@ public function testRegisterRequestMatchersWithAllowIfExpression()
],
'firewalls' => [
'some_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
'http_basic' => [],
],
],
Expand Down Expand Up @@ -289,7 +289,7 @@ public function testRemovesExpressionCacheWarmerDefinitionIfNoExpressions()
],
'firewalls' => [
'some_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
'http_basic' => [],
],
],
Expand All @@ -310,7 +310,7 @@ public function testRegisterTheUserProviderAlias()

'firewalls' => [
'some_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
'http_basic' => null,
],
],
Expand All @@ -333,7 +333,7 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders()

'firewalls' => [
'some_firewall' => [
'pattern' => '/.*',
'path' => '/.*',
'http_basic' => ['provider' => 'second'],
],
],
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml
View file
Open in desktop
Expand Up @@ -24,7 +24,7 @@ security:
# configuration file, but it's here for testing purposes (do not use
# this file in a real world scenario though)
login_form:
pattern: ^/login$
path: ^/login$
security: false

default:
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config.yml
View file
Open in desktop
Expand Up @@ -16,7 +16,7 @@ services:
security:
firewalls:
secure:
pattern: ^/secure/
path: ^/secure/
http_basic: { realm: "Secure Gateway API" }
entry_point: firewall_entry_point.entry_point.stub
default:
Expand Down
2 changes: 1 addition & 1 deletion ...mfony/Bundle/SecurityBundle/Tests/Functional/app/FirewallEntryPoint/config_form_login.yml
View file
Open in desktop
Expand Up @@ -4,6 +4,6 @@ imports:
security:
firewalls:
secure:
pattern: ^/
path: ^/
form_login:
check_path: /login_check
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/config.yml
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@ security:

firewalls:
main:
pattern: ^/
path: ^/
anonymous: true
json_login:
check_path: /chk
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/custom_handlers.yml
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@ security:

firewalls:
main:
pattern: ^/
path: ^/
anonymous: true
json_login:
check_path: /chk
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLoginLdap/config.yml
View file
Open in desktop
Expand Up @@ -24,7 +24,7 @@ security:

firewalls:
main:
pattern: ^/login
path: ^/login
stateless: true
anonymous: true
json_login_ldap:
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/PasswordEncode/config.yml
View file
Open in desktop
Expand Up @@ -23,5 +23,5 @@ security:

firewalls:
test:
pattern: ^/
path: ^/
security: false