Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 8fa2954

Browse filesBrowse files
fabpotfabpot
committed
feature #39340 [Security] Assert voter returns valid decision (jderusse)
This PR was merged into the 5.3-dev branch. Discussion ---------- [Security] Assert voter returns valid decision | Q | A | ------------- | --- | Branch? | 5.x | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | Fix #39205 | License | MIT | Doc PR | Replace #39248 Commits ------- ffdfb4f Assert voter returns valid decision
2 parents e9108e9 + ffdfb4f commit 8fa2954
Copy full SHA for 8fa2954

File tree

5 files changed

+46
-0
lines changed
Filter options

5 files changed

+46
-0
lines changed

‎UPGRADE-5.3.md

Copy file name to clipboardExpand all lines: UPGRADE-5.3.md
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,8 @@ Form
1212
* Deprecated passing an array as the first argument of the `CheckboxListMapper::mapFormsToData()` method, pass `\Traversable` instead.
1313
* Deprecated passing an array as the second argument of the `RadioListMapper::mapDataToForms()` method, pass `\Traversable` instead.
1414
* Deprecated passing an array as the first argument of the `RadioListMapper::mapFormsToData()` method, pass `\Traversable` instead.
15+
16+
Security
17+
--------
18+
19+
* Deprecated voters that do not return a valid decision when calling the `vote` method.

‎UPGRADE-6.0.md

Copy file name to clipboardExpand all lines: UPGRADE-6.0.md
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,7 @@ Security
159159
in `PreAuthenticatedToken`, `RememberMeToken`, `SwitchUserToken`, `UsernamePasswordToken`,
160160
`DefaultAuthenticationSuccessHandler`.
161161
* Removed the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName`
162+
* `AccessDecisionManager` now throw an exception when a voter does not return a valid decision.
162163

163164
TwigBundle
164165
----------

‎src/Symfony/Component/Security/CHANGELOG.md

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/CHANGELOG.md
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
CHANGELOG
22
=========
33

4+
5.3.0
5+
-----
6+
7+
* Deprecated voters that do not return a valid decision when calling the `vote` method.
8+
49
5.2.0
510
-----
611

‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
+10Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,8 @@ private function decideAffirmative(TokenInterface $token, array $attributes, $ob
8989

9090
if (VoterInterface::ACCESS_DENIED === $result) {
9191
++$deny;
92+
} elseif (VoterInterface::ACCESS_ABSTAIN !== $result) {
93+
trigger_deprecation('symfony/security-core', '5.3', 'Returning "%s" in "%s::vote()" is deprecated, return one of "%s" constants: "ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN".', var_export($result, true), get_debug_type($voter), VoterInterface::class);
9294
}
9395
}
9496

@@ -124,6 +126,8 @@ private function decideConsensus(TokenInterface $token, array $attributes, $obje
124126
++$grant;
125127
} elseif (VoterInterface::ACCESS_DENIED === $result) {
126128
++$deny;
129+
} elseif (VoterInterface::ACCESS_ABSTAIN !== $result) {
130+
trigger_deprecation('symfony/security-core', '5.3', 'Returning "%s" in "%s::vote()" is deprecated, return one of "%s" constants: "ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN".', var_export($result, true), get_debug_type($voter), VoterInterface::class);
127131
}
128132
}
129133

@@ -161,6 +165,8 @@ private function decideUnanimous(TokenInterface $token, array $attributes, $obje
161165

162166
if (VoterInterface::ACCESS_GRANTED === $result) {
163167
++$grant;
168+
} elseif (VoterInterface::ACCESS_ABSTAIN !== $result) {
169+
trigger_deprecation('symfony/security-core', '5.3', 'Returning "%s" in "%s::vote()" is deprecated, return one of "%s" constants: "ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN".', var_export($result, true), get_debug_type($voter), VoterInterface::class);
164170
}
165171
}
166172
}
@@ -192,6 +198,10 @@ private function decidePriority(TokenInterface $token, array $attributes, $objec
192198
if (VoterInterface::ACCESS_DENIED === $result) {
193199
return false;
194200
}
201+
202+
if (VoterInterface::ACCESS_ABSTAIN !== $result) {
203+
trigger_deprecation('symfony/security-core', '5.3', 'Returning "%s" in "%s::vote()" is deprecated, return one of "%s" constants: "ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN".', var_export($result, true), get_debug_type($voter), VoterInterface::class);
204+
}
195205
}
196206

197207
return $this->allowIfAllAbstainDecisions;

‎src/Symfony/Component/Security/Core/Tests/Authorization/AccessDecisionManagerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authorization/AccessDecisionManagerTest.php
+25Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,14 @@
1212
namespace Symfony\Component\Security\Core\Tests\Authorization;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1516
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
1617
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
1718

1819
class AccessDecisionManagerTest extends TestCase
1920
{
21+
use ExpectDeprecationTrait;
22+
2023
public function testSetUnsupportedStrategy()
2124
{
2225
$this->expectException('InvalidArgumentException');
@@ -34,6 +37,20 @@ public function testStrategies($strategy, $voters, $allowIfAllAbstainDecisions,
3437
$this->assertSame($expected, $manager->decide($token, ['ROLE_FOO']));
3538
}
3639

40+
/**
41+
* @dataProvider provideStrategies
42+
* @group legacy
43+
*/
44+
public function testDeprecatedVoter($strategy)
45+
{
46+
$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
47+
$manager = new AccessDecisionManager([$this->getVoter(3)], $strategy);
48+
49+
$this->expectDeprecation('Since symfony/security-core 5.3: Returning "3" in "%s::vote()" is deprecated, return one of "Symfony\Component\Security\Core\Authorization\Voter\VoterInterface" constants: "ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN".');
50+
51+
$manager->decide($token, ['ROLE_FOO']);
52+
}
53+
3754
public function getStrategyTests()
3855
{
3956
return [
@@ -94,6 +111,14 @@ public function getStrategyTests()
94111
];
95112
}
96113

114+
public function provideStrategies()
115+
{
116+
yield [AccessDecisionManager::STRATEGY_AFFIRMATIVE];
117+
yield [AccessDecisionManager::STRATEGY_CONSENSUS];
118+
yield [AccessDecisionManager::STRATEGY_UNANIMOUS];
119+
yield [AccessDecisionManager::STRATEGY_PRIORITY];
120+
}
121+
97122
protected function getVoters($grants, $denies, $abstains)
98123
{
99124
$voters = [];

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.