[SecurityBundle] Set request stateless when firewall is stateless

symfony · Dec 18, 2022 · ce458c6 · ce458c6
1 parent c79d4ab
commit ce458c6
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
 ---
 
  * Deprecate enabling bundle and not configuring it
+ * Add `_stateless` attribute to the request when firewall is stateless
 
 6.2
 ---

diff --git a/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php b/src/Symfony/Bundle/SecurityBundle/Security/FirewallMap.php
@@ -72,7 +72,14 @@ private function getFirewallContext(Request $request): ?FirewallContext
             if (null === $requestMatcher || $requestMatcher->matches($request)) {
                 $request->attributes->set('_firewall_context', $contextId);
 
-                return $this->container->get($contextId);
+                /** @var FirewallContext $context */
+                $context = $this->container->get($contextId);
+
+                if ($context->getConfig()?->isStateless()) {
+                    $request->attributes->set('_stateless', true);
+                }
+
+                return $context;
             }
         }
 

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallMapTest.php
@@ -54,6 +54,7 @@ public function testGetListenersWithInvalidParameter()
         $this->assertEquals([[], null, null], $firewallMap->getListeners($request));
         $this->assertNull($firewallMap->getFirewallConfig($request));
         $this->assertFalse($request->attributes->has(self::ATTRIBUTE_FIREWALL_CONTEXT));
+        $this->assertFalse($request->attributes->has('_stateless'));
     }
 
     public function testGetListeners()
@@ -62,8 +63,8 @@ public function testGetListeners()
 
         $firewallContext = $this->createMock(FirewallContext::class);
 
-        $firewallConfig = new FirewallConfig('main', 'user_checker');
-        $firewallContext->expects($this->once())->method('getConfig')->willReturn($firewallConfig);
+        $firewallConfig = new FirewallConfig('main', 'user_checker', null, true, true);
+        $firewallContext->expects($this->exactly(2))->method('getConfig')->willReturn($firewallConfig);
 
         $listener = function () {};
         $firewallContext->expects($this->once())->method('getListeners')->willReturn([$listener]);
@@ -88,5 +89,6 @@ public function testGetListeners()
         $this->assertEquals([[$listener], $exceptionListener, $logoutListener], $firewallMap->getListeners($request));
         $this->assertEquals($firewallConfig, $firewallMap->getFirewallConfig($request));
         $this->assertEquals('security.firewall.map.context.foo', $request->attributes->get(self::ATTRIBUTE_FIREWALL_CONTEXT));
+        $this->assertTrue($request->attributes->get('_stateless'));
     }
 }