Merge branch '5.2' into 5.x

* 5.2: (23 commits) [Console] Fix Windows code page support [SecurityBundle] Allow ips parameter in access_control accept comma-separated string [Form] Add TranslatableMessage support to choice_label option of ChoiceType Remove code that deals with legacy behavior of PHP_Incomplete_Class [Config][DependencyInjection] Uniformize trailing slash handling [PropertyInfo] Make ReflectionExtractor correctly extract nullability [PropertyInfo] fix attribute namespace with recursive traits [PhpUnitBridge] Fix tests with `@doesNotPerformAssertions` annotations Check redis extension version [Security] Update Russian translations [Notifier] Fix return SentMessage then Messenger not used [VarExporter] Add support of PHP enumerations [Security] Added missing Japanese translations [Security] Added missing Polish translations [Security] Add missing Italian translations #41051 [Security] Missing translations pt_BR getProtocolVersion may return null Fix return type on isAllowedProperty method Make FailoverTransport always pick the first transport [TwigBridge] Fix HTML for translatable custom-file label in Bootstrap 4 theme ...
symfony · May 7, 2021 · 139674d · 139674d
2 parents 8dbe8cb + f409175
commit 139674d
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 1 deletion.
diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php
@@ -1026,7 +1026,7 @@ private function createRequestMatcher(ContainerBuilder $container, string $path
             foreach ($ips as $ip) {
                 $container->resolveEnvPlaceholders($ip, null, $usedEnvs);
 
-                if (!$usedEnvs && !$this->isValidIp($ip)) {
+                if (!$usedEnvs && !$this->isValidIps($ip)) {
                     throw new \LogicException(sprintf('The given value "%s" in the "security.access_control" config option is not a valid IP address.', $ip));
                 }
 
@@ -1084,6 +1084,25 @@ public function getConfiguration(array $config, ContainerBuilder $container)
         return new MainConfiguration($this->factories, $this->userProviderFactories);
     }
 
+    private function isValidIps($ips): bool
+    {
+        $ipsList = array_reduce((array) $ips, static function (array $ips, string $ip) {
+            return array_merge($ips, preg_split('/\s*,\s*/', $ip));
+        }, []);
+
+        if (!$ipsList) {
+            return false;
+        }
+
+        foreach ($ipsList as $cidr) {
+            if (!$this->isValidIp($cidr)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
     private function isValidIp(string $cidr): bool
     {
         $cidrParts = explode('/', $cidr);

diff --git a/Tests/DependencyInjection/SecurityExtensionTest.php b/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -388,6 +388,33 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same
         $this->assertEquals($secure, $definition->getArgument(3)['secure']);
     }
 
+    /**
+     * @dataProvider acceptableIpsProvider
+     */
+    public function testAcceptableAccessControlIps($ips)
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'providers' => [
+                'default' => ['id' => 'foo'],
+            ],
+            'firewalls' => [
+                'some_firewall' => [
+                    'pattern' => '/.*',
+                    'http_basic' => [],
+                ],
+            ],
+            'access_control' => [
+                ['ips' => $ips, 'path' => '/somewhere', 'roles' => 'IS_AUTHENTICATED_FULLY'],
+            ],
+        ]);
+
+        $container->compile();
+
+        $this->assertTrue(true, 'Ip addresses is successfully consumed: '.(\is_string($ips) ? $ips : json_encode($ips)));
+    }
+
     public function testCustomRememberMeHandler()
     {
         $container = $this->getRawContainer();
@@ -430,6 +457,16 @@ public function sessionConfigurationProvider()
         ];
     }
 
+    public function acceptableIpsProvider(): iterable
+    {
+        yield [['127.0.0.1']];
+        yield ['127.0.0.1'];
+        yield ['127.0.0.1, 127.0.0.2'];
+        yield ['127.0.0.1/8, 127.0.0.2/16'];
+        yield [['127.0.0.1/8, 127.0.0.2/16']];
+        yield [['127.0.0.1/8', '127.0.0.2/16']];
+    }
+
     public function testSwitchUserWithSeveralDefinedProvidersButNoFirewallRootProviderConfigured()
     {
         $container = $this->getRawContainer();