Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 1f386a3

Browse filesBrowse files
chalasrchalasr
committed
minor #54086 [Security][Tests] Update functional tests to better reflect end-user scenarios (llupa)
This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Security][Tests] Update functional tests to better reflect end-user scenarios | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Issues | N/A | License | MIT Pinging `@wouterj` This PR is related to #53851 's Context. > A person going through Symfony docs for the first time wanted to create their own LoginFormType as a next step in their learning Symfony journey and noticed that you can submit empty username/password with form login. > > They wanted to disallow this and tried to add validation. To validate a login form is not so straight forward as it either needs to be done with a custom authenticator (complex validation) or user provider if the data checks are simple. Following comments: #53851 (comment) > Given the broken high-deps build, I wonder if this shouldn't even be done with a deprecation notice before making it throw in 8.0? #53851 (comment) > These are 3 tests submitting an empty login form to trigger a CSRF token error. This new condition now takes precedence, meaning it returns the wrong error. I don't think that is something we have to worry about (in both situations, login errors), it rather reveals a bad test in our codebase. I can't think of a use-case that would result in success and will become a failure after this merge. #53851 (comment) > I think we need consensus on whether we find this a hard BC break that deserves a smooth upgrade path, but the test need to be fixed whatever the conclusion Commits ------- 4155f66 [Security][Tests] Update functional tests to better reflect end-user scenarios
2 parents bb7c711 + 4155f66 commit 1f386a3
Copy full SHA for 1f386a3

File tree

Expand file treeCollapse file tree

2 files changed

+4
-2
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+4
-2
lines changed

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -126,13 +126,13 @@ public function testCustomFailureHandler()
126126

127127
$client->request('POST', '/firewall1/login', [
128128
'_username' => 'jane@example.org',
129-
'_password' => '',
129+
'_password' => 'wrong',
130130
]);
131131
$this->assertResponseRedirects('http://localhost/firewall1/login');
132132

133133
$client->request('POST', '/firewall1/dummy_login', [
134134
'_username' => 'jane@example.org',
135-
'_password' => '',
135+
'_password' => 'wrong',
136136
]);
137137
$this->assertResponseRedirects('http://localhost/firewall1/dummy_login');
138138
}

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/CsrfFormLoginTest.php
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,8 @@ public function testFormLoginWithInvalidCsrfToken($options)
6868
});
6969

7070
$form = $client->request('GET', '/login')->selectButton('login')->form();
71+
$form['user_login[username]'] = 'johannes';
72+
$form['user_login[password]'] = 'test';
7173
$form['user_login[_token]'] = '';
7274
$client->submit($form);
7375

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.