symfony-docs icon indicating copy to clipboard operation
symfony-docs copied to clipboard

Published 20 hours ago verified publisher icon symfony

[Security] Use instanceof NullToken in voters

Open l-vo opened this issue 3 years ago • 1 comments

To test if the user is not logged.

l-vo avatar Aug 10 '22 12:08 l-vo

@OskarStark changes applied, thank you :)

l-vo avatar Sep 05 '22 15:09 l-vo

Sorry to ping you again @chalasr but could you please review if this security-related proposal is correct? Thanks.

javiereguiluz avatar Oct 04 '22 14:10 javiereguiluz

(No worry @javiereguiluz, don't hesitate!)

I'm not totally sure about this change. Technically, the current code is correct as it covers the NullToken case as well as any eventual "unauthenticated" custom token (ref https://github.com/symfony/symfony/pull/42650). With that in mind and given "use NullToken but only in voters" makes it way more complicated, I think it's better to keep the example it as-is.

Having @wouterj's point of view would be good though.

chalasr avatar Oct 04 '22 17:10 chalasr

Indeed... Actually I'm not sure about my change anymore 😁

l-vo avatar Oct 04 '22 18:10 l-vo

OK, let's close this then. Thank you all for the reviews 🙏

javiereguiluz avatar Oct 05 '22 14:10 javiereguiluz