Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
minor #54086 [Security][Tests] Update functional tests to better refl…
…ect end-user scenarios (llupa) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Security][Tests] Update functional tests to better reflect end-user scenarios | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Issues | N/A | License | MIT Pinging `@wouterj` This PR is related to #53851 's Context. > A person going through Symfony docs for the first time wanted to create their own LoginFormType as a next step in their learning Symfony journey and noticed that you can submit empty username/password with form login. > > They wanted to disallow this and tried to add validation. To validate a login form is not so straight forward as it either needs to be done with a custom authenticator (complex validation) or user provider if the data checks are simple. Following comments: #53851 (comment) > Given the broken high-deps build, I wonder if this shouldn't even be done with a deprecation notice before making it throw in 8.0? #53851 (comment) > These are 3 tests submitting an empty login form to trigger a CSRF token error. This new condition now takes precedence, meaning it returns the wrong error. I don't think that is something we have to worry about (in both situations, login errors), it rather reveals a bad test in our codebase. I can't think of a use-case that would result in success and will become a failure after this merge. #53851 (comment) > I think we need consensus on whether we find this a hard BC break that deserves a smooth upgrade path, but the test need to be fixed whatever the conclusion Commits ------- 4155f66 [Security][Tests] Update functional tests to better reflect end-user scenarios
- Loading branch information