-
-
Notifications
You must be signed in to change notification settings - Fork 868
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(symfony): query parameter validation after authentication (#5473)
- Loading branch information
1 parent
cfdc9ad
commit 42c5c3e
Showing
3 changed files
with
53 additions
and
1 deletion.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
features/authorization/deny_authentication_before_filter.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| Feature: Authorization checking | ||
| In order to use the API | ||
| I need to be authorized to access a given resource. | ||
|
|
||
| @!mongodb | ||
| @createSchema | ||
| Scenario: An anonymous user retrieves a secured resource | ||
| When I add "Accept" header equal to "application/ld+json" | ||
| When I am on "/secured_dummy_with_filters?required=&required-allow-empty=&arrayRequired[foo]=" | ||
| Then the response status code should be 401 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
tests/Fixtures/TestBundle/Entity/SecuredDummyWithFilter.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * This file is part of the API Platform project. | ||
| * | ||
| * (c) Kévin Dunglas <dunglas@gmail.com> | ||
| * | ||
| * For the full copyright and license information, please view the LICENSE | ||
| * file that was distributed with this source code. | ||
| */ | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| namespace ApiPlatform\Tests\Fixtures\TestBundle\Entity; | ||
|
|
||
| use ApiPlatform\Metadata\ApiResource; | ||
| use ApiPlatform\Tests\Fixtures\TestBundle\Filter\ArrayRequiredFilter; | ||
| use Doctrine\ORM\Mapping as ORM; | ||
|
|
||
| /** | ||
| * Secured resource. | ||
| * | ||
| * @author Kévin Dunglas <dunglas@gmail.com> | ||
| */ | ||
| #[ApiResource( | ||
| security: 'is_granted(\'ROLE_USER\')', | ||
| filters: [ArrayRequiredFilter::class], | ||
| )] | ||
| #[ORM\Entity] | ||
| class SecuredDummyWithFilter | ||
| { | ||
| #[ORM\Column(type: 'integer')] | ||
| #[ORM\Id] | ||
| #[ORM\GeneratedValue(strategy: 'AUTO')] | ||
| private ?int $id = null; | ||
|
|
||
| public function getId(): ?int | ||
| { | ||
| return $this->id; | ||
| } | ||
| } |