[FrameworkBundle] make KernelBrowser::loginUser() session available for updating after login #47001
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After upgrading from 4.4 to 5.4, I started running into deprecation warnings about fetching
security.csrf.token_manager
andsecurity.csrf.token_storage
from the test container. The issue was that, in my functional tests, I was logging in, then I needed to generate and apply CSRF tokens to the logged in session so that I could directly submit data arrays to POST controller action methods without having to crawl to the form page first.Since I was not crawling to the form page first, no CSRF for the form was generated and applied to the session. Oddly enough, generating tokens from the CSRF token storage services did work, despite the deprecation warnings, and I'm not entirely sure how that was working without an activated session pointer. I prefer to not crawl to the form page first as it would double the amount of crawler requests in my test suite, so this approach is mostly for convenience (easier to abstract than crawler DOM interactions) and speed.
So, this is a simply PR that probably needs tweaks, and test coverage and docs, but I didn't want to invest the time into the later two if the Symfony team thinks this is not an idea they'd consider for implementation.
Anyways, all this PR really does is track an internal pointer to the generated test session on
KernelBrowser
, which can be manipulated after callingloginUser()
.I've explained the workaround to my problem, which implements this kind of logic here: #46961
I suppose another simpler option would be to continue allowing the use of the csrf token storage services without an active session within the test container (to basically function as they do now but without the deprecation warnings). I suspect this might not be possible given the system migration towards
RequestStack
.Given this PR, I could now do:
I imagine there are wide applications for this feature beyond CSRF tokens.