Skip to content

[Security] User refreshment from identical users provider type #21737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mykiwi wants to merge 2 commits into from
Closed

[Security] User refreshment from identical users provider type #21737

mykiwi wants to merge 2 commits into from

Conversation

@mykiwi
Copy link
Contributor

@mykiwi mykiwi commented Feb 23, 2017

Q A
Branch? 2.7
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? ?
Fixed tickets #12465
License MIT

#12465 rebase with fixes.

@mykiwi mykiwi force-pushed the pr-12465-providers branch from 8c38f6e to 1e3df19 Compare February 23, 2017 17:00
@xabbuh
Copy link
Member

xabbuh commented Feb 23, 2017

Shouldn't we rather take the user provider that was configured for the active firewall?

@mykiwi
Copy link
Contributor Author

mykiwi commented Feb 24, 2017

I don't know well this part. I would need more details to do it.

@nicolas-grekas nicolas-grekas added this to the 2.7 milestone Feb 25, 2017
@xabbuh xabbuh mentioned this pull request Feb 27, 2017
Merged
@xabbuh
Copy link
Member

xabbuh commented Feb 27, 2017

@mykiwi Sorry for not coming back with more details. I had to look into the code myself and I propose to solve this in a more simple way. Therefore, I am closing here in favour of #21791.

@xabbuh xabbuh closed this Feb 27, 2017
fabpot added a commit that referenced this pull request Feb 28, 2017
@fabpot
bug #21791 [SecurityBundle] only pass relevant user provider (xabbuh)
eb750be 
This PR was merged into the 2.7 branch.

Discussion
----------

[SecurityBundle] only pass relevant user provider

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #4498, #12465, #20401, #21737
| License       | MIT
| Doc PR        |

There is no need for the context listener to be aware of all the configured user providers. It must only use the provider for the current firewall (the one identified by the context key passed to the constructor) to refresh the user from the session.

Commits
-------

d97e07f [SecurityBundle] only pass relevant user provider
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Bug Security Status: Needs Review

Projects

None yet

Milestone

2.7

Development

Successfully merging this pull request may close these issues.

5 participants

@mykiwi @xabbuh @nicolas-grekas @carsonbot @blanchonvincent