feature #38149 [SecurityBundle] Comma separated ips for security.access_control (a-menshchikov)

fabpot · fabpot · commit 9724559a3a6a · 2020-09-12T07:06:14.000+02:00
This PR was squashed before being merged into the 5.2-dev branch. Discussion ---------- [SecurityBundle] Comma separated ips for security.access_control | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | | License | MIT | Doc PR | symfony/symfony-docs#14219 There is currently no way to use env vars to configure `security.access_control` ips with multiple values. Ability to use comma separated ips make it able. Commits ------- 0412e91060 [SecurityBundle] Comma separated ips for security.access_control
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ CHANGELOG
  * Added `FirewallListenerFactoryInterface`, which can be implemented by security factories to add firewall listeners
  * Added `SortFirewallListenersPass` to make the execution order of firewall listeners configurable by
    leveraging `Symfony\Component\Security\Http\Firewall\FirewallListenerInterface`
+ * Added ability to use comma separated ip address list for `security.access_control`
 
 5.1.0
 -----
diff --git a/Tests/Functional/app/StandardFormLogin/config.yml b/Tests/Functional/app/StandardFormLogin/config.yml
@@ -3,6 +3,7 @@ imports:
 
 parameters:
     env(APP_IP): '127.0.0.1'
+    env(APP_IPS): '127.0.0.1, ::1'
 
 security:
     encoders:
@@ -47,7 +48,9 @@ security:
         - { path: ^/secured-by-one-real-ip-with-mask$, ips: '203.0.113.0/24', roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/secured-by-one-real-ipv6$, ips: 0:0:0:0:0:ffff:c633:6400, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/secured-by-one-env-placeholder-multiple-ips$, ips: '%env(APP_IPS)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/highly_protected_resource$, roles: IS_ADMIN }
         - { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
         - { path: .*, roles: IS_AUTHENTICATED_FULLY }
