[Security] Authenticator methods description #20090

smnandre · 2024-08-02T18:16:14Z

At first i just wanted to reword this sentence i found missleading.. in the Custom Authenticator page.

If null is returned, the request continues like normal (i.e. the controller matching the login route is called).

I think it should be:

- (i.e. the controller matching the login route is called)
+ (i.e. the controller matching the current route is called)

Because it can be the login route for some Authenticators, but it's not for stateless requests, Header tokens, remember me...

I then realize the "if / if" was the reason I found things a bit unclear at first sight.

onAuthenticationSuccess(Request $request, ...)

    If the user is authenticated, (...)

    If ``null`` is returned, (...)

I read this as some sort of "if / else" ... but the first "if" englobes the whole paragraph (it's true again in the second one).

So i tried to rewrite a bit (using the docblocks from the AuthenticatorInterface as inspiration)

javiereguiluz · 2024-12-06T08:27:50Z

Simon, sorry we missed this contribution. It's merged now. Thanks!

carsonbot added Status: Needs Review Security labels Aug 2, 2024

javiereguiluz requested a review from wouterj August 6, 2024 15:31

javiereguiluz added Status: Reviewed and removed Status: Needs Review labels Dec 6, 2024

javiereguiluz added this to the 6.4 milestone Dec 6, 2024

[Security] Authenticator methods description

236e419

javiereguiluz changed the base branch from 7.1 to 6.4 December 6, 2024 08:27

javiereguiluz requested review from xabbuh and OskarStark as code owners December 6, 2024 08:27

carsonbot added Status: Needs Review and removed Status: Reviewed labels Dec 6, 2024

javiereguiluz force-pushed the patch-14 branch from d49154c to 236e419 Compare December 6, 2024 08:27

javiereguiluz merged commit 26e89cc into symfony:6.4 Dec 6, 2024
3 checks passed

Provide feedback