Fix failing tests on symfony 6 #100
Conversation
|
You will need to check for |
|
Yes indeed, this was a quick test to fix it and to open the draft PR. But I will make some time in the next few days to finish this! |
acrobat
force-pushed
the
fix-tests-for-symfony6
branch
13 times, most recently
from
1dfe279 to
02271e7
Compare
|
PR is ready for review. I'm not sure how I can solve that latest psalm error, if any can help me with this? |
|
You need to use the following annotation |
acrobat
force-pushed
the
fix-tests-for-symfony6
branch
4 times, most recently
from
efaefff to
c551a66
Compare
|
Thanks @jordisala1991, I wasn't sure if that was the "correct" fix. Php-cs-fixer is not happy with the psalm docblock but it is correct so can be ignored |
acrobat
force-pushed
the
fix-tests-for-symfony6
branch
3 times, most recently
from
2b949f5 to
dcb0336
Compare
acrobat
force-pushed
the
fix-tests-for-symfony6
branch
from
dcb0336 to
c918eed
Compare
| $anonymousRole = \defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS') ? AuthenticatedVoter::PUBLIC_ACCESS : AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY; | ||
| // add built-in special roles | ||
| if ($this->authenticationTrustResolver->isFullFledged($token)) { | ||
| $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); | ||
| $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); | ||
| $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); | ||
| $sids[] = new RoleSecurityIdentity($anonymousRole); | ||
| } elseif ($this->authenticationTrustResolver->isRememberMe($token)) { | ||
| $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); | ||
| $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); | ||
| } elseif ($this->authenticationTrustResolver->isAnonymous($token)) { | ||
| $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); | ||
| $sids[] = new RoleSecurityIdentity($anonymousRole); | ||
| } elseif ($this->isNotAuthenticated($token)) { | ||
| $sids[] = new RoleSecurityIdentity($anonymousRole); | ||
| } |
There was a problem hiding this comment.
I've never used ACL, so I'm not sure about this, but I guess change the security identity is a BC break (as these are persisted, so IS_AUTHENTICATED_ANONYMOUSLY might be persisted still?). Can you confirm (or reject) this?
If this is the case, we should support both token names I think (with hardcoded strings) and then somehow trigger a deprecation when the anonymous role is used.
There was a problem hiding this comment.
Hmm, you're right. I will add the old role back, but I'm not sure on how to deprecate this? Would be a warning/notice in an upgrade file be enough? Or even the symfony deprecation itself is enough?
There was a problem hiding this comment.
It would be great if we can add a specialized deprecation notice about it.
Can we do something in AclProvider::findAcls(), that triggers whenever we fetch a security identity with the old attribute name?
acrobat
force-pushed
the
fix-tests-for-symfony6
branch
from
c918eed to
0fb9eb4
Compare
Not really, on Symfony they do not use it, @wouterj requested to remove it on a previous comment. |
So this is ready to be merged then ^^ |
|
There is one left todo and that is find a way to trigger a deprecation when the old anonymous role string is used instead of the new public role |
@wouterj Couldn't the deprecation being added later (with maybe an issue about it) ? Symfony 6 support shouldn't be blocked by a missing deprecation. |
|
We not only need a deprecation, but the BC layer is missing as well (keeping the |
|
@acrobat do you have time for finishing the PR? If not I will try to finish it |
|
@jordisala1991 I have some time to do fixes, but extra help is welcome! Maybe you can send a pr to my fork to include the remaining fixes. I've pushed a some changes that I had locally to avoid the hard BC break with the anonymous role, so I just needs some help with the deprecation wouter asked for! EDIT: seems that my last "fixes" broke some tests, I will take a look later today to make them pass again! |
|
Thank you @acrobat. Changes are looking good to me (once you've fixed the failures). |
acrobat
force-pushed
the
fix-tests-for-symfony6
branch
from
bc3bea5 to
704fc28
Compare
|
Tests are passing again 🎉 |
|
Question to all the ACL users in this PR: Is I'm asking because making an argument nullable is I'm afraid a BC break. But if it's only used in a voter, that isn't that bad as these will get a |
We can document that and bump the major version. |
|
I've added a breakpoint in |
|
@wouterj now that I'm thinking about your comment of the nullable argument. I've did this change because of the deprecation in If that's the case we don't even need to make it nullable. EDIT: I've tested this in a new application with the new authentication setup and a |
Yes and no :) "anonymous is now represented by the absence of a token" is true for all parts of the application, except from the voter. This allows voters to vote on "anonymous" access (e.g. if some blog posts are premium only, but others can be read by anyone). |
I tried a search on the whole sonata codebase through github and we have no usage of that method. |
wouterj
force-pushed
the
fix-tests-for-symfony6
branch
from
3137202 to
3492ce6
Compare
|
Thank you Jeroen! |
This PR was merged into the 3.x-dev branch. Discussion ---------- Fix symfony 5.3 security incompatiblity Follow up of #100 The `AuthenticationTrustResolverInterface::isAuthenticated` method was only added in symfony 5.4 but the `AuthenticatedVoter::PUBLIC_ACCESS` constant was already available in symfony 5.3, this causes an error when using security-acl 3.3.0 with symfony 5.3.x https://github.com/symfony/security-acl/blob/04d6fadd671d72ff322e20840e510030753e008a/Domain/SecurityIdentityRetrievalStrategy.php#L81-L83 The first commit actually refactors the test case because even when executing the tests on symfony 5.3 they still pass as we mocked that class/method. I've also changed some things in the github ci workflow because I wasn't able to get symfony 5.3 dependencies with the` ramsey/composer-install` packages (lowest = install, highest = update but this would cause dev packages in this setup), so I'm not sure if this is the desired setup. Let me know if I need the change anything. The second commit actually fixes the problem (the first commit shows a failing test on symfony 5.3 first) Commits ------- 94c127b Fix symfony 5.3 incompatibility
See #99