[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped

2021-02-28 08:11:25 +00:00 · 2021-02-28 08:11:25 +00:00 · ee26ce5987
commit ee26ce5987
parent 4e4cdf548c
2 changed files with 56 additions and 0 deletions
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@ -191,6 +191,12 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
                $attributes[] = $this->createExpression($container, $access['allow_if']);
            }

+            $emptyAccess = 0 === \count(array_filter($access));
+
+            if ($emptyAccess) {
+                throw new InvalidConfigurationException('One or more access control items are empty. Did you accidentally add lines only containing a "-" under "security.access_control"?');
+            }
+
            $container->getDefinition('security.access_map')
                      ->addMethodCall('add', [$matcher, $attributes, $access['requires_channel']]);
        }
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@ -415,6 +415,56 @@ class SecurityExtensionTest extends TestCase
        $this->assertEquals(new Reference('security.user.provider.concrete.second'), $container->getDefinition('security.authentication.switchuser_listener.foobar')->getArgument(1));
    }

+    public function testInvalidAccessControlWithEmptyRow()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'providers' => [
+                'default' => ['id' => 'foo'],
+            ],
+            'firewalls' => [
+                'some_firewall' => [
+                    'pattern' => '/.*',
+                    'http_basic' => [],
+                ],
+            ],
+            'access_control' => [
+                [],
+                ['path' => '/admin', 'roles' => 'ROLE_ADMIN'],
+            ],
+        ]);
+
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('One or more access control items are empty. Did you accidentally add lines only containing a "-" under "security.access_control"?');
+        $container->compile();
+    }
+
+    public function testValidAccessControlWithEmptyRow()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'providers' => [
+                'default' => ['id' => 'foo'],
+            ],
+            'firewalls' => [
+                'some_firewall' => [
+                    'pattern' => '/.*',
+                    'http_basic' => [],
+                ],
+            ],
+            'access_control' => [
+                ['path' => '^/login'],
+                ['path' => '^/', 'roles' => 'ROLE_USER'],
+            ],
+        ]);
+
+        $container->compile();
+
+        $this->assertTrue(true, 'extension throws an InvalidConfigurationException if there is one more more empty access control items');
+    }
+
    protected function getRawContainer()
    {
        $container = new ContainerBuilder();