Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit d78481c

Browse filesBrowse files
chalasrchalasr
committed
minor #60425 [SecurityBundle] forbid to use hide_user_not_found and expose_security_errors at the same time (xabbuh)
This PR was merged into the 7.3 branch. Discussion ---------- [SecurityBundle] forbid to use `hide_user_not_found` and `expose_security_errors` at the same time | Q | A | ------------- | --- | Branch? | 7.3 | Bug fix? | no | New feature? | no | Deprecations? | no | Issues | | License | MIT `hide_user_not_found` will not have any effect if `expose_security_errors` is set. Throwing an exception early will improve DX and avoid WTF moments where one might be wondering why the "hide_user_not_found" option doesn't change anything. Commits ------- f758e26 forbid to use "hide_user_not_found" and "expose_security_errors" at the same time
2 parents dff2ff8 + f758e26 commit d78481c
Copy full SHA for d78481c

File tree

Expand file treeCollapse file tree

2 files changed

+18
-0
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+18
-0
lines changed

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,10 @@ public function getConfigTreeBuilder(): TreeBuilder
5959
->beforeNormalization()
6060
->always()
6161
->then(function ($v) {
62+
if (isset($v['hide_user_not_found']) && isset($v['expose_security_errors'])) {
63+
throw new InvalidConfigurationException('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');
64+
}
65+
6266
if (isset($v['hide_user_not_found']) && !isset($v['expose_security_errors'])) {
6367
$v['expose_security_errors'] = $v['hide_user_not_found'] ? ExposeSecurityLevel::None : ExposeSecurityLevel::All;
6468
}

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
+14Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -283,4 +283,18 @@ public static function provideHideUserNotFoundLegacyData(): iterable
283283
yield [['hide_user_not_found' => true], ExposeSecurityLevel::None, true];
284284
yield [['hide_user_not_found' => false], ExposeSecurityLevel::All, false];
285285
}
286+
287+
public function testCannotUseHideUserNotFoundAndExposeSecurityErrorsAtTheSameTime()
288+
{
289+
$processor = new Processor();
290+
$configuration = new MainConfiguration([], []);
291+
292+
$this->expectException(InvalidConfigurationException::class);
293+
$this->expectExceptionMessage('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');
294+
295+
$processor->processConfiguration($configuration, [static::$minimalConfig + [
296+
'hide_user_not_found' => true,
297+
'expose_security_errors' => ExposeSecurityLevel::None,
298+
]]);
299+
}
286300
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.