Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Allow switching to another user when already switched #35839

Merged
merged 1 commit into from Feb 26, 2020
Merged

[Security] Allow switching to another user when already switched #35839

merged 1 commit into from Feb 26, 2020

Conversation

chalasr
Copy link
Member

@chalasr chalasr commented Feb 23, 2020
edited

Q A
Branch? 3.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #34690
License MIT
Doc PR -

@chalasr chalasr added this to the next milestone Feb 23, 2020
@chalasr chalasr force-pushed the sec-multi-switchuser branch 2 times, most recently from 07d4598 to ee219ef Compare February 23, 2020 22:58
noniagriconomie
noniagriconomie approved these changes Feb 24, 2020
View reviewed changes
Copy link
Contributor

@noniagriconomie noniagriconomie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thx

wouterj
wouterj approved these changes Feb 24, 2020
View reviewed changes
Copy link
Member

@wouterj wouterj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks!

@nicolas-grekas
Copy link
Member

What would be the drawback of always allowing the switch? Adding a new option should be thought twice.

@ogizanagi
Copy link
Member

We've discussed a bit about this with @chalasr. It's not easy to provide a satisfying default out-of-the-box
to show an explanation about the error to the user anyway. I'd be in favor of always allowing the switch, and this could even be considered a bug fix to me.

@chalasr chalasr force-pushed the sec-multi-switchuser branch 2 times, most recently from 1564985 to a17cdc3 Compare February 24, 2020 16:23
nicolas-grekas
nicolas-grekas approved these changes Feb 25, 2020
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would work as a bug fix on 4.4 to me.

@chalasr
Copy link
Member Author

chalasr commented Feb 25, 2020

@nicolas-grekas Did you mean 3.4?

@nicolas-grekas
Copy link
Member

3.4 then yes :)

@chalasr chalasr changed the base branch from master to 3.4 February 26, 2020 00:10
@chalasr chalasr modified the milestones: next, 3.4 Feb 26, 2020
@chalasr chalasr force-pushed the sec-multi-switchuser branch 2 times, most recently from 89effcf to 5b5848c Compare February 26, 2020 00:11
@chalasr chalasr added Bug and removed Feature labels Feb 26, 2020
@chalasr
Copy link
Member Author

chalasr commented Feb 26, 2020

Rebased. Failing build expected with deps=high

@nicolas-grekas
Copy link
Member

Thank you @chalasr.

@nicolas-grekas nicolas-grekas merged commit 6f95125 into symfony:3.4 Feb 26, 2020
@chalasr chalasr deleted the sec-multi-switchuser branch February 26, 2020 10:13
@noniagriconomie
Copy link
Contributor

Thanks for merging it into 3.4

@aschempp aschempp mentioned this pull request Feb 26, 2020
Closed
This was referenced Feb 29, 2020
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@wouterj wouterj wouterj approved these changes

@ogizanagi ogizanagi ogizanagi approved these changes

@noniagriconomie noniagriconomie noniagriconomie approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.

[Security] Allow to switch user when already switching
6 participants
@chalasr @nicolas-grekas @ogizanagi @noniagriconomie @wouterj @carsonbot