Disable security firewall in test environment on Symfony2

Question

I'm trying to disable a security firewall for a test environment in Symfony2, but i'm not having luck. Here's what i have in config_test.yml:

security:
    firewalls:
        web:
            pattern: .*
            security: false
            anonymous: ~

However, this is not disabling security. Any ideas how i can completely disable security for a certain firewall when in test env?

Answer 1

If you want to switch-off a particular firewall in a particular environment then the following solution may help.

In a Symfony 5.x app, I have an API that's usually protected by "basic" HTTP auth. I wanted to switch-off authentication in the "test" environment. Here's what my security.yaml looks like:

when@test:
    security:
        firewalls:
            rest_api:
                security: false

security:
    # ...

    firewalls:
        rest_api:
            pattern: ^/api/v\d+/
            provider: rest_api_users
            http_basic:
                realm: "REST API"

The important bit is at the top: the when@test bit. It's pretty intuitive: that instruction starts a section in which you can override the 'default' config, defined elsewhere -- later on in the file in this case. You can read about when@ in https://symfony.com/doc/5.x/configuration.html#configuration-environments -- look for "You can also define options for different environments in a single configuration file using the special when keyword".

Answer 2

Do not change security.yml, instead make an ad hoc rule for testing purposes.

You have to disable all the security firewalls configuration on your config_test.yml:

  imports:
      - { resource: config_dev.yml }

  framework:
      test: ~
      session:
          storage_id: session.storage.mock_file
      profiler:
          collect: false

  web_profiler:
      toolbar: false
      intercept_redirects: false

  swiftmailer:
      disable_delivery: true

  security:
      firewalls:
          dev:
              pattern:  ^/
              security: false

Note

Mind that config_test.yml imports config_dev.yml, which imports config.yml. So you must override all the basic configuration on test config file to make it works.

Answer 3

As mentioned in similar topic turn off firewall when developing put following rule in Your security.yml:

firewalls:
    dev:
        pattern:  ^/
        security: false

Answer 4

Possible solution

You could extract from config.yml this part of code:

imports:
    - { resource: security.yml }

And put it separately to config_dev.yml and config_prod.yml. In this case config_test.yml will not import security configuration and, as result, you'll have no security in test environment.