Archived

forked from https://github.com/symfony/symfony

This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Fabien Potencier c4df57212b merged branch meandmymonkey/switchuser-noexception (PR #3580 ) Commits ------- `0e4f789` changed test config `a98d554` [SecurityBundle] Allow switching to the user that is already impersonated (fix #2554) Discussion ---------- [Security] Disabled exception when switching to the user that is already impersonated Bug fix: yes-ish Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: #2554 Todo: - --------------------------------------------------------------------------- by vicb at 2012-03-13T14:31:45Z @meandmymonkey thank you for your work on this issue. Would you have time to add functional tests ? --------------------------------------------------------------------------- by meandmymonkey at 2012-03-13T14:49:52Z Probably not today, but during the next few days, yes, of course. --------------------------------------------------------------------------- by meandmymonkey at 2012-03-14T18:05:19Z @vicb @schmittjoh Writing the tests I noticed switching to an non-existent user will not raise an exception. While it's not a security issue, it should raise an error for completeness sake, shouldn't it? --------------------------------------------------------------------------- by vicb at 2012-03-14T20:28:52Z I think it should (throw an `AuthenticationCredentialsNotFoundException`). _btw there is an extra `sprintf` in the original code that could be remove when attempting to exit_ --------------------------------------------------------------------------- by meandmymonkey at 2012-03-14T21:13:16Z The problem with throwing an `AuthenticationCredentialsNotFoundException` (or any other security exception for that matter) is that it derives from `AuthenticationException`, which means it gets caught by the framework and redirects to the login form, which is not what we want in this case. We need to throw something 500-ish at [L89](`d40b3376ec/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php (L89)`), either a generic or a (new) custom Exception. --------------------------------------------------------------------------- by meandmymonkey at 2012-03-14T21:43:57Z IMHO a `LogicException`would be fine, like the one used at [L117](`d40b3376ec/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php (L117)`), as the error is not really about a failed authentication. --------------------------------------------------------------------------- by vicb at 2012-03-14T21:49:04Z I agree and btw very good job on the tests ! --------------------------------------------------------------------------- by meandmymonkey at 2012-03-14T22:12:43Z Thanks :) --------------------------------------------------------------------------- by vicb at 2012-03-15T08:01:13Z Could you squash the commits, prefix the commit message with `[SecurityBundle]` and add `(fix #2554)` at the end ? --------------------------------------------------------------------------- by meandmymonkey at 2012-03-15T08:53:12Z Done. --------------------------------------------------------------------------- by vicb at 2012-03-15T09:19:09Z @fabpot this PR looks good to me. --------------------------------------------------------------------------- by fabpot at 2012-03-15T12:50:50Z Tests do not pass when you run them all. --------------------------------------------------------------------------- by meandmymonkey at 2012-03-15T13:41:45Z @fabpot @vicb With this config change, they pass when run together. What is weird though is that the reason seems to be that the config for the profiler gets overwritten when running all tests together, while being used correctly when run alone. Any idea what can cause this? They should be isolated from each other. The new config from `0e4f789` works, but enables the profiler for all SecurityBundle Tests... which is not strictly necessary.		2012-03-15 14:53:33 +01:00
src/Symfony	merged branch meandmymonkey/switchuser-noexception (PR #3580 )	2012-03-15 14:53:33 +01:00
tests	[HttpFoundation] Add more tests.	2012-03-14 21:28:16 +05:45
.gitignore	Added vendor directory to .gitignore	2010-06-24 10:44:28 +02:00
.travis.yml	also test PHP 5.3.2, since this is the official lowest supported PHP version	2011-12-26 01:15:21 +01:00
autoload.php.dist	merged 2.0	2012-03-08 19:29:37 +01:00
CHANGELOG-2.0.md	updated CHANGELOG for 2.0.11	2012-02-24 22:59:05 +01:00
CHANGELOG-2.1.md	Changelog and upgrading changes.	2012-03-14 21:00:04 +05:45
check_cs	[Check CS] don't replace 'else if' on twig files (closes #2961 )	2011-12-27 16:10:32 +01:00
composer.json	fixed typos in composer file	2012-03-15 11:15:25 +01:00
CONTRIBUTORS.md	update CONTRIBUTORS for 2.0.10	2012-02-06 10:49:11 +01:00
LICENSE	Updated LICENSE files copyright	2012-02-22 10:10:37 +01:00
phpunit.xml.dist	Ignore destructive memcached tests by default	2012-02-24 13:37:42 +01:00
README.md	set travis-ci icon to master	2011-11-23 11:36:09 +01:00
UPGRADE-2.1.md	Changelog and upgrading changes.	2012-03-14 21:00:04 +05:45
vendors.php	Added Propel to the vendors.php script	2012-02-14 00:28:58 +01:00

README.md

README

What is Symfony2?

Symfony2 is a PHP 5.3 full-stack web framework. It is written with speed and flexibility in mind. It allows developers to build better and easy to maintain websites with PHP.

Symfony can be used to develop all kind of websites, from your personal blog to high traffic ones like Dailymotion or Yahoo! Answers.

Requirements

Symfony2 is only supported on PHP 5.3.2 and up.

Installation

The best way to install Symfony2 is to download the Symfony Standard Edition available at http://symfony.com/download.

Documentation

The "Quick Tour" tutorial gives you a first feeling of the framework. If, like us, you think that Symfony2 can help speed up your development and take the quality of your work to the next level, read the official Symfony2 documentation.

Contributing

Symfony2 is an open source, community-driven project. If you'd like to contribute, please read the Contributing Code part of the documentation. If you're submitting a pull request, please follow the guidelines in the Submitting a Patch section.