Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Security] AuthenticationUtils::getLastUsername() return type inconsistency #23409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 10, 2018
Merged

[Security] AuthenticationUtils::getLastUsername() return type inconsistency #23409

merged 1 commit into from
Mar 10, 2018

Conversation

vudaltsov
Copy link
Contributor

Always return string, never null according to the @return annotation tag.

Q A
Branch? 2.8
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets
License MIT
Doc PR

Alternatively, string return might be nullable:

return null === $session ? null : $session->get(Security::LAST_USERNAME);

Is test needed for this change?

@linaori
Copy link
Contributor

linaori commented Jul 5, 2017

This would break every single null !== check though. I suggest to update the docs rather than the actual return type. Either you have a username or you don't, but you don't have a username or an empty username imo.

@vudaltsov
Copy link
Contributor Author

vudaltsov commented Jul 5, 2017
edited
Loading

@iltar , what if it always returns an nonempty string or null? This shouldn't break BC
see commit above

@linaori
Copy link
Contributor

linaori commented Jul 5, 2017

The case that the session is not set, is one that in theory should not happen frequently

@vudaltsov
Copy link
Contributor Author

@iltar , I agree. But that's how it was done before, the null === $session check existed before my pull request. The only difference is that now the method never returns an empty string and we can safely use null !== AuthenticationUtils::getLastUsername() which will cover all cases.

My point is to make returning type consistent and more DX-friendly.

@ro0NL
Copy link
Contributor

ro0NL commented Jul 5, 2017
edited
Loading

Not sure it will be accepted for 2.8, but +1 for this API :)

edit; on 2nd though Session::get defaults to null.. so we already should expect this.

@nicolas-grekas nicolas-grekas added this to the 2.8 milestone Jul 10, 2017
@fabpot
Copy link
Member

fabpot commented Jul 19, 2017

Given that username should never be empty, I would prefer getLastUsername to always return a string and never null.

@fabpot
Copy link
Member

fabpot commented Jul 19, 2017

In any case, that would be for 3.4.

@ro0NL
Copy link
Contributor

ro0NL commented Jul 21, 2017

While username may not be empty, the "last" one might not exist (yet). Hence it's a nullable imo.

@fabpot
Copy link
Member

fabpot commented Jul 21, 2017

Right, if there is no last username, it's an empty string.

@xabbuh
Copy link
Member

xabbuh commented Jul 21, 2017

What about the case where the input type was named wrongly (e.g. username instead of _username)? Doesn't it make sense to return null then (because there was actually no submitted username and not an empty username)?

@vudaltsov
Copy link
Contributor Author

vudaltsov commented Oct 31, 2017
edited
Loading

Let's finish this PR?
It doesn't require much effort but needs a final decision on the nullability.

@ro0NL
Copy link
Contributor

ro0NL commented Oct 31, 2017

👍 as well for always string (means session default changes)

@weaverryan
Copy link
Member

I agree with @ro0NL - return a string always.

@Simperfit
Copy link
Contributor

Same for me 👍 for a string return.

@vudaltsov vudaltsov changed the base branch from 2.8 to 3.4 November 1, 2017 09:19
@vudaltsov
Copy link
Contributor Author

vudaltsov commented Nov 1, 2017
edited
Loading

Rebased onto 3.4 and now it always returns a string.

@vudaltsov
Copy link
Contributor Author

But I think we should merge this into 4.0 because as @iltar said, we are breaking all the null === checks.

@chalasr chalasr modified the milestones: 2.8, 4.1 Nov 2, 2017
@vudaltsov
Copy link
Contributor Author

Could this be merged or smth else needs to be done?

@ro0NL
Copy link
Contributor

ro0NL commented Feb 2, 2018

Perhaps add a changelog entry?

@vudaltsov vudaltsov changed the base branch from 3.4 to master February 11, 2018 11:30
@vudaltsov
Copy link
Contributor Author

Rebased, squashed, added a changelog entry, changed base to master, ready to merge :)

ro0NL
ro0NL approved these changes Feb 11, 2018
View reviewed changes
Copy link
Contributor

@ro0NL ro0NL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@xabbuh
Copy link
Member

xabbuh commented Feb 13, 2018

I think we should document this change in the upgrade file for 4.1 too.

@vudaltsov
Copy link
Contributor Author

Ready!

@fabpot
Copy link
Member

fabpot commented Mar 10, 2018

Thank you @vudaltsov.

@fabpot fabpot merged commit 743692c into symfony:master Mar 10, 2018
fabpot added a commit that referenced this pull request Mar 10, 2018
@fabpot
feature #23409 [Security] AuthenticationUtils::getLastUsername() retu…
febc096 
…rn type inconsistency (vudaltsov)

This PR was merged into the 4.1-dev branch.

Discussion
----------

[Security] AuthenticationUtils::getLastUsername() return type inconsistency

Always return `string`, never `null` according to the `@return` annotation tag.

| Q             | A
| ------------- | ---
| Branch?       | 2.8
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

Alternatively, string return might be nullable:

```php
return null === $session ? null : $session->get(Security::LAST_USERNAME);
```

Is test needed for this change?

Commits
-------

743692c AuthenticationUtils::getLastUsername()` now always returns a string.
@vudaltsov vudaltsov deleted the patch-2 branch March 10, 2018 20:43
@fabpot fabpot mentioned this pull request May 7, 2018
Merged
@ro0NL ro0NL mentioned this pull request Dec 2, 2018
Merged
@chalasr chalasr mentioned this pull request Jan 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

@ro0NL ro0NL ro0NL approved these changes

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
4.1
Development

Successfully merging this pull request may close these issues.
10 participants
@vudaltsov @linaori @ro0NL @fabpot @xabbuh @weaverryan @Simperfit @chalasr @nicolas-grekas @carsonbot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.