Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] fix Check if it has session before getSession() #42259

Merged
merged 1 commit into from Jul 27, 2021
Merged

[Security] fix Check if it has session before getSession() #42259

merged 1 commit into from Jul 27, 2021

Conversation

mousezheng
Copy link
Contributor

@mousezheng mousezheng commented Jul 26, 2021
edited by OskarStark

Q A
Branch? 5.3
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #42258
License MIT

Check if it has session before getSession(),for details, see issues#42258

@carsonbot carsonbot added this to the 5.2 milestone Jul 26, 2021
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 5.4 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@carsonbot
Copy link

Hey!

Oh no, it looks like you have made this PR towards a branch that is not maintained anymore. :/
Could you update the PR base branch to target one of these branches instead? 4.4, 5.3, 5.4, 6.0.

Cheers!

Carsonbot

@mousezheng mousezheng changed the base branch from 5.2 to 5.4 July 26, 2021 13:23
@derrabus
Copy link
Member

You've submitted your patch against the 5.4 branch although 5.2 should be the correct target. Can you please rebase your changes?

Furthermore, can you please add a test covering your changes?

@mousezheng mousezheng changed the base branch from 5.4 to 5.3 July 26, 2021 15:57
@mousezheng
Copy link
Contributor Author

@derrabus

The 5.2 version is no longer maintained. So consider upgrading to Symfony 5.3.
I submitted my patch against the 5.3 branch.

And , I already add a test covering my changes. Please advise thanks.

@chalasr
Copy link
Member

chalasr commented Jul 26, 2021

Don't this apply to SessionLogoutHandler as well?

@chalasr chalasr removed the request for review from yceruto July 26, 2021 16:26
@fabpot fabpot modified the milestones: 5.2, 5.3 Jul 26, 2021
@derrabus
Copy link
Member

The 5.2 version is no longer maintained.

Yeah, my comment did not age well. 😅 We've just release the final 5.2 release, so 5.3 is the correct target now.

@carsonbot carsonbot changed the title fix Check if it has session before getSession() [Security] fix Check if it has session before getSession() Jul 26, 2021
@wouterj
Copy link
Member

wouterj commented Jul 26, 2021

Hi @mousezheng! Thanks for preparing this PR so quickly and even writing a test case.

There are some mostly aesthetic suggestions for your test. Don't worry about too much about them, each library has its own unwritten testing practices :)

@mousezheng mousezheng requested a review from wouterj July 27, 2021 01:03
@mousezheng
Copy link
Contributor Author

Don't this apply to SessionLogoutHandler as well?

@chalasr SessionLogoutHandler deprecated since Symfony 5.1. in 4.4 this may be a problem.

@derrabus
Copy link
Member

@chalasr SessionLogoutHandler deprecated since Symfony 5.1.

But that does not mean that we can leave it broken. If it needs to be fixed, we should fix it.

@wouterj
Copy link
Member

wouterj commented Jul 27, 2021

But that does not mean that we can leave it broken. If it needs to be fixed, we should fix it.

But we can't include the fix in this PR, as that fix should target 4.4 and not 5.3 :)

@derrabus
Copy link
Member

Thank you @mousezheng.

@derrabus derrabus merged commit 20d740d into symfony:5.3 Jul 27, 2021
@fabpot fabpot mentioned this pull request Jul 29, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wouterj wouterj wouterj approved these changes

@derrabus derrabus derrabus approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

@OskarStark OskarStark Awaiting requested review from OskarStark

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
5.3
Development

Successfully merging this pull request may close these issues.

[SecurityHttp] if don't have session,logout will throw SessionNotFoundException
7 participants
@mousezheng @carsonbot @derrabus @chalasr @wouterj @OskarStark @fabpot