Badge Resolution in the Profiler

Hubert Lenoir
Contributed by Hubert Lenoir in #51585

The Symfony Profiler provides detailed information about the security such as the user token details, the security listeners related to the request and the access decision log.

In Symfony 6.4 we're improving it to also display how the security badges are resolved. In this example, the user input their credentials wrong, so the PasswordCredentials badge is not resolved correctly:

Symfony Profiler - Error when resolving security badges

In this other example, user authentication was successful:

Symfony Profiler Security - Resolution of security badges during successful authentication

Safer Security Logs

Florent Morselli
Contributed by Florent Morselli in #51434

When using the login throttling in your application (via the RateLimiter component) Symfony generates certain log messages. Those logs include information such as the IP address the username. These could be considered as PII (Personally Identifiable Information) and that's why we're hashing them with a cryptographically secure hash function.

You only need to upgrade to Symfony 6.4 or higher and Symfony will start hashing the IP address and the username using the kernel secret of your application.

Arrays of Patterns in Firewalls

Grégoire Pineau
Contributed by Grégoire Pineau in #51128

The pattern option of the security firewall defines the regular expression used to decide if the incoming request matches the firewall. Sometimes, a single firewall matches multiple paths, which can make the regular expression hard to maintain. In Symfony 6.4, we're improving this option so you can also pass an array of regular expressions:

1
2
3
4
5
6
7
8
# config/packages/security.html.twig
 security:
     firewalls:
         no_security:
-            pattern: "^/(register|documentation)$"
+            pattern:
+                - "^/register$"
+                - "^/documentation$"
Published in #Living on the edge