Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

review all Security code blocks #5486

Merged
merged 1 commit into from
Jul 21, 2015
Merged

Conversation

xabbuh
Copy link
Member

@xabbuh xabbuh commented Jul 5, 2015

Q A
Doc fix? yes
New docs? no
Applies to all
Fixed tickets #4606 (comment)

As I promised @weaverryan I now found some time to review all the security-related code blocks. :)

<rule path="^/admin" roles="ROLE_USER_IP" ip="127.0.0.1" />
<rule path="^/admin" roles="ROLE_USER_HOST" host="symfony\.com$" />
<rule path="^/admin" roles="ROLE_USER_METHOD" methods="POST, PUT" />
<rule path="^/admin" roles="ROLE_USER" />
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rule and access_control do have the same semantic meaning in XML (actually access_control is the pluralised form of rule). In fact, nesting access-control and rule was a mistake we made in the documentation and only worked if we had only one rule.

The resulting array after processing the configuration would have been an array with rule as the key. This only worked because the extension just loops the array and doesn't deal with its keys. Though obviously this will break as soon as you have more than one rule.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I am not sure if we should really use the rule element at all. Would it be more clear if we simply used multiple access-control elements?

@xabbuh xabbuh force-pushed the security-code-blocks branch 7 times, most recently from 3b08fb1 to 49e589c Compare July 5, 2015 11:07
@javiereguiluz
Copy link
Member

@xabbuh first, thank you very much for this huge work! I have a question: do you still consider this PR as WIP? I'm asking because I've reviewed it and it looks ready to be merged.

@xabbuh
Copy link
Member Author

xabbuh commented Jul 7, 2015

Yeah, there five or six files from the cookbook section I didn't look at yet.

@xabbuh xabbuh force-pushed the security-code-blocks branch from 49e589c to 04fc6a6 Compare July 7, 2015 19:22
@xabbuh xabbuh changed the title [WIP] review all Security code blocks review all Security code blocks Jul 7, 2015
@xabbuh
Copy link
Member Author

xabbuh commented Jul 7, 2015

This is ready to be reviewed.

<config>
<!-- ... -->

<firewall name="wsse_secured" pattern="/api/.*" stateless="true">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the examples above, we usually define the pattern as ^/api instead of /api/.* Is there any reason for using this other format?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know the reason for this (maybe just a matter of taste of the initial author of that file). I changed it for consistency.

@javiereguiluz
Copy link
Member

@xabbuh I've reviewed this PR again and I love it. Thank you and congrats on this huge work.

@xabbuh xabbuh force-pushed the security-code-blocks branch from 04fc6a6 to 2159bda Compare July 8, 2015 06:57
@OskarStark
Copy link
Contributor

Thank you @xabbuh!

👍

@xabbuh xabbuh force-pushed the security-code-blocks branch from 2159bda to 34f7859 Compare July 16, 2015 20:27
@xabbuh xabbuh force-pushed the security-code-blocks branch from 34f7859 to 9099cf2 Compare July 16, 2015 20:29
<!-- ... -->

<acl>
<connection>default</connection>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

while this works, we always use attributes for non-array nodes (making this <acl connection="default"/>

@wouterj wouterj merged commit 9099cf2 into symfony:2.3 Jul 21, 2015
wouterj added a commit that referenced this pull request Jul 21, 2015
This PR was merged into the 2.3 branch.

Discussion
----------

review all Security code blocks

| Q             | A
| ------------- | ---
| Doc fix?      | yes
| New docs?     | no
| Applies to    | all
| Fixed tickets | #4606 (comment)

As I promised @weaverryan I now found some time to review all the security-related code blocks. :)

Commits
-------

9099cf2 review all Security code blocks
@xabbuh xabbuh deleted the security-code-blocks branch July 21, 2015 14:50
wouterj added a commit that referenced this pull request Jul 21, 2015
@wouterj
Copy link
Member

wouterj commented Jul 21, 2015

Wow! Merged it as "minor", but this PR really is major! 😃 Good job Christian!

I did a very quick review of the code blocks in the cookbook and fixed my comments in this PR as well. See 77555a6, let me know if anything is wrong.

@weaverryan
Copy link
Member

Awesome!

@xabbuh
Copy link
Member Author

xabbuh commented Jul 21, 2015

👍 looks good @wouterj and I also like your reasoning about the position of the closing angle brackets (even if it looks not really pretty ;))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants