How to do test the access control system in Symfony 5?

Question

I am using the new Symfony authorization system.

In the security.yaml file I have set the following access restrictions.

security:
    enable_authenticator_manager: true

    //....

    role_hierarchy:
        ROLE_ADMIN: [ROLE_USER]

    access_control:
        - { path: ^/login, roles: PUBLIC_ACCESS }
        - { path: ^/signup, roles: PUBLIC_ACCESS }
        - { path: ^/reset, roles: PUBLIC_ACCESS }
        - { path: ^/, roles: ROLE_USER }

In my test, I'm trying to catch a 302 redirect.

$client = static::createClient();
$client->request('GET', '/');
$this->assertSame(302, $client->getResponse()->getStatusCode());

But I get the following error message.

Failed asserting that 500 is identical to 302.

Please note that I am getting 500 error instead of 403 redirect code.

Then I try to trace the request with.

$client->catchExceptions(false);

And I see the following request stack.

There was 1 error:

1. App\Tests\Functional\HomeTest::testGuest Symfony\Component\Security\Core\Exception\AccessDeniedException: Access Denied.

C:\Users\webgr\projects\project-manager\manager\vendor\symfony\security-http\Firewall\AccessListener.php:112 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\security-http\Firewall\AccessListener.php:106 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\security-bundle\Debug\WrappedLazyListener.php:49 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\security-bundle\Security\LazyFirewallContext.php:60 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\security-bundle\Debug\TraceableFirewallListener.php:59 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\security-http\Firewall.php:86 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\event-dispatcher\Debug\WrappedListener.php:117 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\event-dispatcher\EventDispatcher.php:230 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\event-dispatcher\EventDispatcher.php:59 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\event-dispatcher\Debug\TraceableEventDispatcher.php:151 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\http-kernel\HttpKernel.php:132 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\http-kernel\HttpKernel.php:78 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\http-kernel\Kernel.php:199 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\http-kernel\HttpKernelBrowser.php:65 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\framework-bundle\KernelBrowser.php:169 C:\Users\webgr\projects\project-manager\manager\vendor\symfony\browser-kit\AbstractBrowser.php:402 C:\Users\webgr\projects\project-manager\manager\tests\Functional\HomeTest.php:15

Why I can't do test the "access control"?

Why am I getting a 500 server error instead of a simple redirect 302 while testing?

I would be glad to any suggestion.

Thank you in advance.

Here's another thing I would like to add, it is quite possible that this information can be decisive. My site is running with https.

Answer 1

Finally, I figured out what the problem was I added the following lines to framework.yaml and everything worked.

when@test:
    framework:
        test: true
        session:
            storage_factory_id: session.storage.factory.mock_file