Skip to content

minor(live): add security tests #1460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 9, 2024
Merged

minor(live): add security tests #1460

merged 1 commit into from
Feb 9, 2024

Conversation

kbond
Copy link
Member

@kbond kbond commented Feb 5, 2024

Q A
Bug fix? no
New feature? no
Issues Could help solve/replicate #1124
License MIT

This PR adds some security-related tests:

  • Ensure IsGranted at the class level is respected.
  • Ensure #[CurrentUser] can be injected into actions/listeners.

@carsonbot carsonbot added the Status: Needs Review Needs to be reviewed label Feb 5, 2024
This was referenced Feb 5, 2024
Merged
Open
@weaverryan
Copy link
Member

Thanks Kevin!

@weaverryan weaverryan merged commit ca890f0 into symfony:2.x Feb 9, 2024
@smnandre
Copy link
Member

They fails on PHP 8.1 with old version of security: https://github.com/symfony/ux/actions/runs/7849800864/job/21423912123

Should we fix... or increase min version of security bundle ?

@kbond ?

@kbond
Copy link
Member Author

kbond commented Feb 10, 2024

I think I'm find bumping the dev dependency. It saves a bunch of extra compat code in the test fixtures and it should all still work in the old security system. @weaverryan, wdyt?

weaverryan added a commit that referenced this pull request Feb 21, 2024
@weaverryan
feature #1461 feat(live): improve TestLiveComponent::actingAs() (kb…
01a42fe 
…ond)

This PR was squashed before being merged into the 2.x branch.

Discussion
----------

feat(live): improve `TestLiveComponent::actingAs()`

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | no
| Issues        | n/a
| License       | MIT

_(depends on #1460)_

Currently, if you have a component that requires authentication for all actions (ie `#[IsGranted]` on the component class), in your tests, as soon as you call `$this->createLiveComponent(...)`, you'll get an access denied exception. You never get a chance to call `->actingAs()`.

This PR makes the initial request for the live component _lazy_. Only when the initial request is required (for other methods), is it made. This gives you the chance to call `->actingAs()` before the initial render.

Commits
-------

d0a4713 feat(live): improve `TestLiveComponent::actingAs()`
@kbond kbond deleted the minor/live-security-tests branch August 20, 2024 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Status: Needs Review Needs to be reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kbond @weaverryan @smnandre @carsonbot