[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
This commit is contained in:
parent
4e4cdf548c
commit
ee26ce5987
@ -191,6 +191,12 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
||||
$attributes[] = $this->createExpression($container, $access['allow_if']);
|
||||
}
|
||||
|
||||
$emptyAccess = 0 === \count(array_filter($access));
|
||||
|
||||
if ($emptyAccess) {
|
||||
throw new InvalidConfigurationException('One or more access control items are empty. Did you accidentally add lines only containing a "-" under "security.access_control"?');
|
||||
}
|
||||
|
||||
$container->getDefinition('security.access_map')
|
||||
->addMethodCall('add', [$matcher, $attributes, $access['requires_channel']]);
|
||||
}
|
||||
|
@ -415,6 +415,56 @@ class SecurityExtensionTest extends TestCase
|
||||
$this->assertEquals(new Reference('security.user.provider.concrete.second'), $container->getDefinition('security.authentication.switchuser_listener.foobar')->getArgument(1));
|
||||
}
|
||||
|
||||
public function testInvalidAccessControlWithEmptyRow()
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
'firewalls' => [
|
||||
'some_firewall' => [
|
||||
'pattern' => '/.*',
|
||||
'http_basic' => [],
|
||||
],
|
||||
],
|
||||
'access_control' => [
|
||||
[],
|
||||
['path' => '/admin', 'roles' => 'ROLE_ADMIN'],
|
||||
],
|
||||
]);
|
||||
|
||||
$this->expectException(InvalidConfigurationException::class);
|
||||
$this->expectExceptionMessage('One or more access control items are empty. Did you accidentally add lines only containing a "-" under "security.access_control"?');
|
||||
$container->compile();
|
||||
}
|
||||
|
||||
public function testValidAccessControlWithEmptyRow()
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->loadFromExtension('security', [
|
||||
'providers' => [
|
||||
'default' => ['id' => 'foo'],
|
||||
],
|
||||
'firewalls' => [
|
||||
'some_firewall' => [
|
||||
'pattern' => '/.*',
|
||||
'http_basic' => [],
|
||||
],
|
||||
],
|
||||
'access_control' => [
|
||||
['path' => '^/login'],
|
||||
['path' => '^/', 'roles' => 'ROLE_USER'],
|
||||
],
|
||||
]);
|
||||
|
||||
$container->compile();
|
||||
|
||||
$this->assertTrue(true, 'extension throws an InvalidConfigurationException if there is one more more empty access control items');
|
||||
}
|
||||
|
||||
protected function getRawContainer()
|
||||
{
|
||||
$container = new ContainerBuilder();
|
||||
|
Reference in New Issue
Block a user