Merge branch '4.4'

xabbuh · xabbuh · commit 1b452e40c7e6 · 2019-11-11T12:15:58.000+01:00
* 4.4:
  [HttpKernel] make ExceptionEvent able to propagate any throwable
  [Security] Avoid unnecessary usage of Reflection
  Disallow symfony/contracts v2.
  minor add missing loop break
  [Security] Add migrating encoder configuration
  [Security] Fix defining multiple roles per access_control rule
diff --git a/Firewall/AccessListener.php b/Firewall/AccessListener.php
@@ -66,7 +66,15 @@ public function __invoke(RequestEvent $event)
             $this->tokenStorage->setToken($token);
         }
 
-        if (!$this->accessDecisionManager->decide($token, $attributes, $request)) {
+        $granted = false;
+        foreach ($attributes as $key => $value) {
+            if ($this->accessDecisionManager->decide($token, [$key => $value], $request)) {
+                $granted = true;
+                break;
+            }
+        }
+
+        if (!$granted) {
             $exception = new AccessDeniedException();
             $exception->setAttributes($attributes);
             $exception->setSubject($request);
diff --git a/Firewall/ExceptionListener.php b/Firewall/ExceptionListener.php
@@ -90,7 +90,7 @@ public function unregister(EventDispatcherInterface $dispatcher)
      */
     public function onKernelException(ExceptionEvent $event)
     {
-        $exception = $event->getException();
+        $exception = $event->getThrowable();
         do {
             if ($exception instanceof AuthenticationException) {
                 $this->handleAuthenticationException($event, $exception);
@@ -128,13 +128,13 @@ private function handleAuthenticationException(ExceptionEvent $event, Authentica
             $event->setResponse($this->startAuthentication($event->getRequest(), $exception));
             $event->allowCustomResponseCode();
         } catch (\Exception $e) {
-            $event->setException($e);
+            $event->setThrowable($e);
         }
     }
 
     private function handleAccessDeniedException(ExceptionEvent $event, AccessDeniedException $exception)
     {
-        $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
+        $event->setThrowable(new AccessDeniedHttpException($exception->getMessage(), $exception));
 
         $token = $this->tokenStorage->getToken();
         if (!$this->authenticationTrustResolver->isFullFledged($token)) {
@@ -148,7 +148,7 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied
 
                 $event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException));
             } catch (\Exception $e) {
-                $event->setException($e);
+                $event->setThrowable($e);
             }
 
             return;
@@ -177,7 +177,7 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied
                 $this->logger->error('An exception was thrown when handling an AccessDeniedException.', ['exception' => $e]);
             }
 
-            $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
+            $event->setThrowable(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
         }
     }
 
diff --git a/Tests/Firewall/ExceptionListenerTest.php b/Tests/Firewall/ExceptionListenerTest.php
@@ -39,7 +39,7 @@ public function testAuthenticationExceptionWithoutEntryPoint(\Exception $excepti
         $listener->onKernelException($event);
 
         $this->assertNull($event->getResponse());
-        $this->assertEquals($eventException, $event->getException());
+        $this->assertEquals($eventException, $event->getThrowable());
     }
 
     /**
@@ -58,7 +58,7 @@ public function testAuthenticationExceptionWithEntryPoint(\Exception $exception)
 
         $this->assertEquals('Forbidden', $event->getResponse()->getContent());
         $this->assertEquals(403, $event->getResponse()->getStatusCode());
-        $this->assertSame($exception, $event->getException());
+        $this->assertSame($exception, $event->getThrowable());
     }
 
     public function getAuthenticationExceptionProvider()
@@ -85,8 +85,8 @@ public function testExceptionWhenEntryPointReturnsBadValue()
         $listener = $this->createExceptionListener(null, null, null, $entryPoint);
         $listener->onKernelException($event);
         // the exception has been replaced by our LogicException
-        $this->assertInstanceOf('LogicException', $event->getException());
-        $this->assertStringEndsWith('start() method must return a Response object (string returned)', $event->getException()->getMessage());
+        $this->assertInstanceOf('LogicException', $event->getThrowable());
+        $this->assertStringEndsWith('start() method must return a Response object (string returned)', $event->getThrowable()->getMessage());
     }
 
     /**
@@ -100,7 +100,7 @@ public function testAccessDeniedExceptionFullFledgedAndWithoutAccessDeniedHandle
         $listener->onKernelException($event);
 
         $this->assertNull($event->getResponse());
-        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious());
+        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
     }
 
     /**
@@ -123,7 +123,7 @@ public function testAccessDeniedExceptionFullFledgedAndWithoutAccessDeniedHandle
 
         $this->assertEquals('Unauthorized', $event->getResponse()->getContent());
         $this->assertEquals(401, $event->getResponse()->getStatusCode());
-        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious());
+        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
     }
 
     /**
@@ -140,7 +140,7 @@ public function testAccessDeniedExceptionFullFledgedAndWithAccessDeniedHandlerAn
         $listener->onKernelException($event);
 
         $this->assertEquals('error', $event->getResponse()->getContent());
-        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious());
+        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
     }
 
     /**
@@ -157,7 +157,7 @@ public function testAccessDeniedExceptionNotFullFledged(\Exception $exception, \
         $listener->onKernelException($event);
 
         $this->assertEquals('OK', $event->getResponse()->getContent());
-        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious());
+        $this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
     }
 
     public function getAccessDeniedExceptionProvider()

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ public function unregister(EventDispatcherInterface $dispatcher)`
`90`	`90`	`*/`
`91`	`91`	`public function onKernelException(ExceptionEvent $event)`
`92`	`92`	`{`
`93`		`- $exception = $event->getException();`
	`93`	`+ $exception = $event->getThrowable();`
`94`	`94`	`do {`
`95`	`95`	`if ($exception instanceof AuthenticationException) {`
`96`	`96`	`$this->handleAuthenticationException($event, $exception);`
`@@ -128,13 +128,13 @@ private function handleAuthenticationException(ExceptionEvent $event, Authentica`
`128`	`128`	`$event->setResponse($this->startAuthentication($event->getRequest(), $exception));`
`129`	`129`	`$event->allowCustomResponseCode();`
`130`	`130`	`} catch (\Exception $e) {`
`131`		`- $event->setException($e);`
	`131`	`+ $event->setThrowable($e);`
`132`	`132`	`}`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`private function handleAccessDeniedException(ExceptionEvent $event, AccessDeniedException $exception)`
`136`	`136`	`{`
`137`		`- $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));`
	`137`	`+ $event->setThrowable(new AccessDeniedHttpException($exception->getMessage(), $exception));`
`138`	`138`
`139`	`139`	`$token = $this->tokenStorage->getToken();`
`140`	`140`	`if (!$this->authenticationTrustResolver->isFullFledged($token)) {`
`@@ -148,7 +148,7 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied`
`148`	`148`
`149`	`149`	`$event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException));`
`150`	`150`	`} catch (\Exception $e) {`
`151`		`- $event->setException($e);`
	`151`	`+ $event->setThrowable($e);`
`152`	`152`	`}`
`153`	`153`
`154`	`154`	`return;`
`@@ -177,7 +177,7 @@ private function handleAccessDeniedException(ExceptionEvent $event, AccessDenied`
`177`	`177`	`$this->logger->error('An exception was thrown when handling an AccessDeniedException.', ['exception' => $e]);`
`178`	`178`	`}`
`179`	`179`
`180`		`- $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));`
	`180`	`+ $event->setThrowable(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));`
`181`	`181`	`}`
`182`	`182`	`}`
`183`	`183`