* 4.1: (27 commits)
Added the Code of Conduct file
do not override custom access decision configs
[Security] Do not deauthenticate user when the first refreshed user has changed
fix a return type hint
invalidate stale commits for PRs too
add missing cache prefix seed attribute to XSD
fix command description
Fix class documentation
[Validator] Add a missing translation
[FrameworkBundle] Fix 3.4 tests
[DI] fix dumping inline services again
Rename consumer to receiver
Register messenger before the profiler
Fix phpdocs
[EventDispatcher] Remove template method in test case
Added LB translation for #27993 (UUID validator message translation)
Replace deprecated validateValue with validate
[FWBundle] Automatically enable PropertyInfo when using Flex
[Process] fix locking of pipe files on Windows
Correct PHPDoc type for float ttl
...
* 3.4: (21 commits)
Added the Code of Conduct file
do not override custom access decision configs
[Security] Do not deauthenticate user when the first refreshed user has changed
invalidate stale commits for PRs too
add missing cache prefix seed attribute to XSD
fix command description
Fix class documentation
[Validator] Add a missing translation
[FrameworkBundle] Fix 3.4 tests
[DI] fix dumping inline services again
Fix phpdocs
[EventDispatcher] Remove template method in test case
Added LB translation for #27993 (UUID validator message translation)
Replace deprecated validateValue with validate
[FWBundle] Automatically enable PropertyInfo when using Flex
[Process] fix locking of pipe files on Windows
Correct PHPDoc type for float ttl
bumped Symfony version to 3.4.18
updated VERSION for 3.4.17
updated CHANGELOG for 3.4.17
...
* 4.1: (21 commits)
[php_cs] disable fopen_flags
[DI] fix error in dumped container
[CS] Remove unused variables passed to closures
[DI] fix dumping setters before their inlined instances
[CS] Remove empty comment
[CS] Enforces null type hint on last position in phpDocs
[CS] Use combined assignment operators when possible
Fix a typo in error messages
Don't return early as this bypasses the auto exit feature
[Console] Add missing null to input values allowed types
[PHPUnitBridge] Fix microtime() format
bumped Symfony version to 4.1.6
updated VERSION for 4.1.5
updated CHANGELOG for 4.1.5
bumped Symfony version to 3.4.17
updated VERSION for 3.4.16
updated CHANGELOG for 3.4.16
bumped Symfony version to 2.8.47
update CONTRIBUTORS for 2.8.46
updated VERSION for 2.8.46
...
* 3.4:
[php_cs] disable fopen_flags
[DI] fix error in dumped container
[CS] Remove unused variables passed to closures
[DI] fix dumping setters before their inlined instances
[CS] Remove empty comment
[CS] Enforces null type hint on last position in phpDocs
[CS] Use combined assignment operators when possible
Fix a typo in error messages
Don't return early as this bypasses the auto exit feature
[Console] Add missing null to input values allowed types
[PHPUnitBridge] Fix microtime() format
bumped Symfony version to 3.4.17
updated VERSION for 3.4.16
updated CHANGELOG for 3.4.16
bumped Symfony version to 2.8.47
update CONTRIBUTORS for 2.8.46
updated VERSION for 2.8.46
updated CHANGELOG for 2.8.46
* 2.8:
[php_cs] disable fopen_flags
[CS] Remove unused variables passed to closures
[CS] Remove empty comment
[CS] Enforces null type hint on last position in phpDocs
[CS] Use combined assignment operators when possible
Fix a typo in error messages
[Console] Add missing null to input values allowed types
[PHPUnitBridge] Fix microtime() format
bumped Symfony version to 2.8.47
update CONTRIBUTORS for 2.8.46
updated VERSION for 2.8.46
updated CHANGELOG for 2.8.46
This PR was merged into the 4.2-dev branch.
Discussion
----------
[SecurityBundle] make remember-me cookies auto-secure + inherit their default config from framework.session.cookie_*
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #28338
| License | MIT
| Doc PR | -
Let's make it easier to have a good default security level, now for the remember-me cookie.
Commits
-------
6ec223bf6f [SecurityBundle] make remember-me cookies auto-secure + inherit their default config from framework.session.cookie_*
* 4.1:
Fix CS
Allow reuse of Session between requests
[MonologBridge] Re-add option option to ignore empty context and extra data
[Lock] remove useless code
[PhpUnitBridge] fix disabling DeprecationErrorHandler using phpunit.xml file
Provide debug_backtrace with proper args
[DI] fix infinite loop involving self-references in decorated services
forward false label option to nested types
[DI] fix dumping lazy services
forward the invalid_message option in date types
* 3.4:
Fix CS
Allow reuse of Session between requests
[MonologBridge] Re-add option option to ignore empty context and extra data
[Lock] remove useless code
[PhpUnitBridge] fix disabling DeprecationErrorHandler using phpunit.xml file
Provide debug_backtrace with proper args
[DI] fix infinite loop involving self-references in decorated services
forward false label option to nested types
forward the invalid_message option in date types
* 2.8:
Fix CS
Allow reuse of Session between requests
Provide debug_backtrace with proper args
forward false label option to nested types
forward the invalid_message option in date types
* 4.1:
[DI] configure inlined services before injecting them when dumping the container
Consistently throw exceptions on a single line
fix fopen calls
Update .editorconfig
* 3.4:
[DI] configure inlined services before injecting them when dumping the container
Consistently throw exceptions on a single line
fix fopen calls
Update .editorconfig
* 4.1:
fix merge
[travis][appveyor] use symfony/flex to accelerate builds
Add missing stderr redirection
clean up unused code
Remove the HTML5 validation from the profiler URL search form
[Filesystem] Add test to prevent regression when using array|resource with dumpFile
Add help texts for checkboxes in horizontal bootstrap 4 forms
[Security] Call AccessListener after LogoutListener
* 3.4:
[travis][appveyor] use symfony/flex to accelerate builds
Add missing stderr redirection
clean up unused code
[Filesystem] Add test to prevent regression when using array|resource with dumpFile
[Security] Call AccessListener after LogoutListener
* 4.1:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 4.0:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 3.4:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 2.8:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
This PR was merged into the 4.2-dev branch.
Discussion
----------
[DI] Add ServiceLocatorArgument to generate array-based locators optimized for OPcache shared memory
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | -
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Right now, to generate service locators, we use collections of closures described using `ServiceClosureArgument`. This works well, but it doesn't scale well when the number of services grows, because we have to load as many closures as there are services, even if we never call them.
This PR introduces `ServiceLocatorArgument`, which describes the same thing, but allows dumping optimized locators: instead of a collection of closures, this generates a static array that OPcache can put in shared memory (see fixtures for example.)
Once this PR is merged, we'll be able to update `ServiceLocatorPass::register()` to leverage it and generate these optimized locators everywhere. One particular I have in mind in the locator used by `ServiceArgumentResolver`, which can grow fast (it has as many entries as there are actions.)
Commits
-------
6c8e9576a3 [DI] Add ServiceLocatorArgument to generate array-based locators optimized for OPcache shared memory
This PR was squashed before being merged into the 4.2-dev branch (closes#27650).
Discussion
----------
[SecurityBundle] Add json login ldap
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Add a simple from_login_ldap on firewall types to let authenticate with ldap with json API
Commits
-------
2b2dfd2 [SecurityBundle] Add json login ldap
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Dont throw if "security.http_utils" is not found
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27445
| License | MIT
| Doc PR | -
The comment + test were misleading, the actual important thing is wiring `AddSessionDomainConstraintPass` before removing passes, which is already the case already.
Commits
-------
db88330448 [SecurityBundle] Dont throw if "security.http_utils" is not found
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Config] deprecate tree builders without root nodes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While reviewing #27472 I wondered if we really need support config trees without a root node. If we did not support it, users wouldn't create pseudo configuration classes when they were actually not needed.
Commits
-------
c2ce15301c deprecate tree builders without root nodes
* 4.1:
[TwigBundle][DX] Only add the Twig WebLinkExtension if the WebLink component is enabled
Add note about changed form processing when using PUT requests
[TwigBundle] bump lowest deps to fix issue with "double-colon" controller service refs
[SecurityBundle] Dont throw if "security.http_utils" is not found
[Di] Fix undefined variable found by Php Inspections (EA Ultimate)
[DI] Cleanup unused service_subscriber.locator tag
[DI] Resolve env placeholder in logs
The debug class loader is always loaded by Debug::enable().
[Intl] Update ICU data to 62.1
* 4.0:
[TwigBundle][DX] Only add the Twig WebLinkExtension if the WebLink component is enabled
Add note about changed form processing when using PUT requests
[SecurityBundle] Dont throw if "security.http_utils" is not found
[Di] Fix undefined variable found by Php Inspections (EA Ultimate)
[DI] Cleanup unused service_subscriber.locator tag
[DI] Resolve env placeholder in logs
The debug class loader is always loaded by Debug::enable().
[Intl] Update ICU data to 62.1
* 3.4:
[TwigBundle][DX] Only add the Twig WebLinkExtension if the WebLink component is enabled
Add note about changed form processing when using PUT requests
[SecurityBundle] Dont throw if "security.http_utils" is not found
[Di] Fix undefined variable found by Php Inspections (EA Ultimate)
[DI] Cleanup unused service_subscriber.locator tag
[DI] Resolve env placeholder in logs
The debug class loader is always loaded by Debug::enable().
[Intl] Update ICU data to 62.1
* 4.1:
[HttpKernel] fix PHP 5.4 compat
Fix surrogate not using original request
[Finder] Update RealIteratorTestCase
[Routing] remove unneeded dev dep on doctrine/common
[minor] SCA
[Validator] Remove BOM in some xlf files
Ensure updateTimestamp returns a boolean
Fix#27378: Error when rendering a DateIntervalType form with exactly 0 weeks
[HttpKernel] fix session tracking in surrogate master requests
* 4.0:
[HttpKernel] fix PHP 5.4 compat
Fix surrogate not using original request
[Finder] Update RealIteratorTestCase
[Routing] remove unneeded dev dep on doctrine/common
[minor] SCA
[Validator] Remove BOM in some xlf files
Fix#27378: Error when rendering a DateIntervalType form with exactly 0 weeks
[HttpKernel] fix session tracking in surrogate master requests
* 3.4:
[HttpKernel] fix PHP 5.4 compat
Fix surrogate not using original request
[Finder] Update RealIteratorTestCase
[Routing] remove unneeded dev dep on doctrine/common
[minor] SCA
[Validator] Remove BOM in some xlf files
Fix#27378: Error when rendering a DateIntervalType form with exactly 0 weeks
[HttpKernel] fix session tracking in surrogate master requests
This PR was squashed before being merged into the 3.4 branch (closes#27623).
Discussion
----------
[minor] SCA
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
New findings: language level, greedy regex, array_column usages
Commits
-------
5922507dc5 [minor] SCA
* 4.1:
remove HHVM code
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
[FrameworkBundle] give access to non-shared services when using test.service_container
Fix bad method call with guard authentication + session migration
Avoid calling eval when there is no script embedded in the toolbar
* 3.4:
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
Fix bad method call with guard authentication + session migration
* 4.1:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[HttpKernel] Log/Collect exceptions at prio 0
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
[Routing] fix matching host patterns, utf8 prefixes and non-capturing groups
* 4.0:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
* 3.4:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
* 4.1:
[FrameworkBundle] Fix test-container on kernel reboot, revert to returning the real container from Client::getContainer()
Remove mentions of "beta" in composer.json files
[DI] Ignore missing tree root nodes on validate
[WebProfilerBundle] fixed getSession when no session has been set deprecation warnings
bug #27299 [Cache] memcache connect should not add duplicate entries on sequential calls
[Router] regression when matching a route
[FrameworkBundle][SecurityBundle] Remove no-longer necessary Bundle::registerCommands override
[Routing] Don't reorder past variable-length placeholders
[DebugBundle] DebugBundle::registerCommands should be noop
[BrowserKit] Fix a BC break in Client affecting Panthère
[DX] Improve exception message when AbstractController::getParameter fails
simple-phpunit: remove outdated appveryor workaround
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] Fix test-container on kernel reboot, revert to returning the real container from Client::getContainer()
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | -
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27494
| License | MIT
| Doc PR | -
By making `Client::getContainer()` return the new test container, we broke BC, as spotted in linked issue.
Always use `static::$container` in your tests instead.
While reverting to returning the real container, I noticed we have a serious design issue in the way the test container currently works: because the kernel can be rebooted, we cannot inject the container directly, but have to go through the kernel all the time. Fixing this forces doing a BC break on the constructor of `TestContainer`. Since this is a new class and since it's mostly internal, I think we should do it now. I've marked the class as internal to further strengthen this.
Commits
-------
6764d4e012 [FrameworkBundle] Fix test-container on kernel reboot, revert to returning the real container from Client::getContainer()
This PR was squashed before being merged into the 4.2-dev branch (closes#26981).
Discussion
----------
No more support for custom anon/remember tokens based on FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26940
| License | MIT
| Doc PR | ~
This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required _if_ you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes.
Commits
-------
860d4549c2 No more support for custom anon/remember tokens based on FQCN
* 4.1: (26 commits)
Revert "bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp)"
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
bumped Symfony version to 4.0.12
[FrameworkBundle] Fix using test.service_container when Client is rebooted
[DI] never inline lazy services
updated VERSION for 4.0.11
updated CHANGELOG for 4.0.11
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
Tweak Argon2 test config
[HttpFoundation] Fix cookie test with xdebug
[FrameworkBundle] cleanup generated test container
[Serializer] Check the value of enable_max_depth if defined
...
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Security][SecurityBundle] FirewallMap/FirewallContext deprecations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes/no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Next to #24805.
Commits
-------
a71ba78478 [Security][SecurityBundle] FirewallMap/FirewallContext deprecations
* 4.1:
[SecurityBundle] fix test
[DI] Fix bad exception on uninitialized references to non-shared services
[HttpFoundation] Fix perf issue during MimeTypeGuesser intialization
* 3.4:
fix merge
[Security] Fix logout
Cleanup 2 tests for the HttpException classes
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Config] Fix tests when path contains UTF chars
[DI] Shared services should not be inlined in non-shared ones
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Cache][Lock] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
[DI] Display previous error messages when throwing unused bindings
Suppress warnings when open_basedir is non-empty
* 2.8:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 2.7:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 4.0:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Cache] fix logic for fetching tag versions on TagAwareAdapter
[FrameworkBundle] Remove dead code
[FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass
Hide short exception trace by default
[Doctrine Bridge] fix priority for doctrine event listeners
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
[Validator] fixes phpdoc reference to an interface that was removed in Symfony 3.0
* 3.4:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Cache] fix logic for fetching tag versions on TagAwareAdapter
[FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass
Hide short exception trace by default
[Doctrine Bridge] fix priority for doctrine event listeners
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
[Validator] fixes phpdoc reference to an interface that was removed in Symfony 3.0
This PR was merged into the 4.1-dev branch.
Discussion
----------
[DI][FrameworkBundle] Hide service ids that start with a dot
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26630
| License | MIT
| Doc PR | -
Now that services are private by default, `debug:container` should display them by default.
In fact, the public/private concept should not trigger a difference in visibility for this command.
Instead, I propose to handle service ids that start with a dot as hidden services.
PR should be ready.
(For reference, I tried using a tag instead in #26891, but that doesn't work in practice when working on the implementation.)
Commits
-------
cea051ee5e [DI][FrameworkBundle] Hide service ids that start with a dot
* 4.0:
[Form] Fix typo in Upgrade 3.4/4.0
[EventDispatcher] Dispatcher in stopEventPropagation test now registers correct listener
Update da translations
Fix Typo in Guard Factory
* 3.4:
[Form] Fix typo in Upgrade 3.4/4.0
[EventDispatcher] Dispatcher in stopEventPropagation test now registers correct listener
Update da translations
Fix Typo in Guard Factory
* 4.0:
[Routing] Fix throwing NoConfigurationException instead of 405
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[WebProfilerBundle] fix version check
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
* 3.4:
[Routing] Fix throwing NoConfigurationException instead of 405
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[WebProfilerBundle] fix version check
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
* 2.8:
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
* 4.0: (32 commits)
[Form] fix tests and deps
[Cache] Rely on mock for Doctrine ArrayCache
[FrameworkBundle] Respect debug mode when warm up annotations
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
...
* 3.4: (32 commits)
[Form] fix tests and deps
[Cache] Rely on mock for Doctrine ArrayCache
[FrameworkBundle] Respect debug mode when warm up annotations
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
...
* 2.8: (29 commits)
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
Php Inspections (EA Ultimate): address some of one-time used local variables
[Intl] Load locale aliases to support alias fallbacks
[CssSelector] Fix CSS identifiers parsing - they can start with dash
...
* 2.7:
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
[DomCrawler] extract(): fix a bug when the attribute list is empty
[Config] Backport string|null api for node names
* 4.0: (28 commits)
[DI] Add tests for EnvVarProcessor
typo
[Bridge\PhpUnit] Fix#26430 Cannot autoload listeners
Make sure we always render errors. Eventhough labels are disabled
Make sure form errors is valid HTML
[HttpKernel] Allow generators in registerBundle
[TwigBundle] document TwigRenderer BC break in UPGRADE-3.4
Extra line to bootstrap 3 horizontal layout
[Serializer] Remove const override
Update Client.php
[PhpUnitBridge] Ability to use different composer.json file
[DomCrawler] FormField: remove an useless return statement
[Config] ReflectionClassResource check abstract ServiceSubscriberInterface and EventSubscriberInterface
Display the Welcome Page when there is no homepage defined
[DI] Remove dead dumper check
Make KernelInterface docblock more fit for bundle-less environment
fix regression when extending the Container class without a constructor
fix the updating of timestamp in the MemcachedSessionHandler
[SecurityBundle] Make extra character non mandatory in regex
[Config] Add characters to the regex
...
* 3.4: (22 commits)
[DI] Add tests for EnvVarProcessor
[Bridge\PhpUnit] Fix#26430 Cannot autoload listeners
Make sure we always render errors. Eventhough labels are disabled
Make sure form errors is valid HTML
[HttpKernel] Allow generators in registerBundle
[TwigBundle] document TwigRenderer BC break in UPGRADE-3.4
Extra line to bootstrap 3 horizontal layout
[Serializer] Remove const override
Update Client.php
[PhpUnitBridge] Ability to use different composer.json file
[DomCrawler] FormField: remove an useless return statement
[Config] ReflectionClassResource check abstract ServiceSubscriberInterface and EventSubscriberInterface
Display the Welcome Page when there is no homepage defined
fix regression when extending the Container class without a constructor
fix the updating of timestamp in the MemcachedSessionHandler
[SecurityBundle] Make extra character non mandatory in regex
[Config] Add characters to the regex
bumped Symfony version to 3.4.7
updated VERSION for 3.4.6
updated CHANGELOG for 3.4.6
...
* 4.0:
[Translation] Process multiple segments within a single unit.
Document the container.autowiring.strict_mode option
fix custom radios/inputs for checkbox/radio type
Another PR template tweak
[FrameworkBundle] Add missing XML config for circular_reference_handler. Add tests.
fix CS
[PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties
Clean calls to http_build_query()
[WebProfilerBundle] limit ajax request to 100 and remove the last one
Add support for URL-like DSNs for the PdoSessionHandler
removed version in @final @internal for version < 4.0
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
This PR was squashed before being merged into the 4.1-dev branch (closes#26085).
Discussion
----------
Deprecate bundle:controller:action and service:method notation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #25910
| License | MIT
| Doc PR |
The `a::b` notation had some awkward limitations. It supported `MyControllerClass::method` where `MyControllerClass` is either plain class or a service with the same name but the class must exists. This meant it did NOT support `my_service_controller_id::method` because the `class_exists` check would fail at the wrong point in time. But it did support services where class name == id, i.e. the new auto registration based psr naming. This made it very confusing.
I enhanced the `a::b` notation to be very straight forward:
- if `a` exists as a service then use `a` as a service
- otherwise try to use `a` as a class, i.e. `new $a()`
- otherwise check if a::b is a static method (only relevant when the class is abstract or has private contructor). this was potentially supported when using array controller syntax. it now works the same when using the `::` string syntax, like in php itself. since it only happens when nothing else works, it does not have any performance impact.
The old `a:b` syntax is deprecated and just forwards to `a::b` now internally, just as bundle:controller:action.
In general I was able to refactor the logic quite a bit because it always goes through `instantiateController` now.
Spotting deprecated usages is very easy as all outdated routing configs will trigger a deprecation with the DelegatingLoader and it will be normalized in the dumped routes. So you don't get a deprecation again in the ControllerResolver. But if the controller does not come from routing, e.g. twigs render controller function, then it will still be triggered there.
- [x] deprecate `a🅱️c`
- [x] deprecate `a:b`
- [x] update existing references to `a::b`
- [x] fix tests
- [x] fix/add support for static controllers
- [x] add support for closures as controllers
- [x] update Symfony\Component\Routing\Loader\ObjectRouteLoader
- [x] deprecate \Symfony\Bundle\FrameworkBundle\Controller\ControllerNameParser but we still need to use it in several places for BC.
- [x] add changelog/upgrade
- [x] update controller.service_arguments logic for double colon controller syntax
Commits
-------
f8a609cdbd Deprecate bundle:controller:action and service:method notation
* 4.0:
fix merge
Env var maps to undefined constant.
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
do not mock the container builder or definitions
fixed CS
[TwigBundle] Register TwigBridge extensions first
[WebProfilerBundle] Fix sub request link
PhpDocExtractor::getTypes() throws fatal error when type omitted
Fix misspelling variable
use libsodium to run Argon2i related tests
[DI] minor: use a strict comparision in setDecoratedService
[HttpKernel] fix FC
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 3.4:
Env var maps to undefined constant.
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
do not mock the container builder or definitions
fixed CS
[TwigBundle] Register TwigBridge extensions first
[WebProfilerBundle] Fix sub request link
PhpDocExtractor::getTypes() throws fatal error when type omitted
Fix misspelling variable
use libsodium to run Argon2i related tests
[DI] minor: use a strict comparision in setDecoratedService
[HttpKernel] fix FC
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 4.0:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.4:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.3:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
* 2.8:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
* 4.0:
[DI] fix param name cast
Remove randomness from dumped containers
fixed messages to be explicit about the package needed to be installed
[FrameworkBundle] Fix recommended composer command (add vendor)
[WebProfilerBundle] set the var in the right scope
[TwigBundle] fix lowest dep
[HttpKernel] Disable CSP header on exception pages
Use the default host even if context is empty and fallback to relative URL if empty host
Proposing Flex-specific error messages in the controller shortcuts
* 3.4:
Remove randomness from dumped containers
fixed messages to be explicit about the package needed to be installed
[FrameworkBundle] Fix recommended composer command (add vendor)
[WebProfilerBundle] set the var in the right scope
[TwigBundle] fix lowest dep
[HttpKernel] Disable CSP header on exception pages
Use the default host even if context is empty and fallback to relative URL if empty host
Proposing Flex-specific error messages in the controller shortcuts
* 4.0: (23 commits)
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
[#22749] fix version in changelog
Update LICENSE year... forever
fixed some deprecation messages
fixed CS
Fixes for Oracle in PdoSessionHandler
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
Remove dead code
[TwigBundle/Brige] catch missing requirements to throw meaningful exceptions
[DI] fix CS
[HttpKernel] Call Response->setPrivate() instead of sending raw header() when session is started
[FrameworkBundle] Make cache:clear "atomic" and consistent with cache:warmup
Suggest to write an implementation if the interface cannot be autowired
[Debug] Skip DebugClassLoader checks for already parsed files
...
* 3.4:
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
Update LICENSE year... forever
fixed some deprecation messages
fixed CS
Fixes for Oracle in PdoSessionHandler
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
[TwigBundle/Brige] catch missing requirements to throw meaningful exceptions
[HttpKernel] Call Response->setPrivate() instead of sending raw header() when session is started
[FrameworkBundle] Make cache:clear "atomic" and consistent with cache:warmup
Suggest to write an implementation if the interface cannot be autowired
[Debug] Skip DebugClassLoader checks for already parsed files
[2.7][DX] Use constant message contextualisation for deprecations
Remove group options without data and fix normalization
Remove redundant translation path
* 3.3:
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
Update LICENSE year... forever
This PR was merged into the 2.7 branch.
Discussion
----------
Update LICENSE year... forever
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | n/a
By using the same trick than Facebook: https://github.com/facebook/react/blob/master/LICENSE
Commits
-------
8ce8bd5 Update LICENSE year... forever
* 3.3:
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
[2.7][DX] Use constant message contextualisation for deprecations
* 4.0: (23 commits)
Add application/ld+json format associated to json
[HttpFoundation] Fix false-positive ConflictingHeadersException
remove flex-specific suggestion on 3.4
Add check for SecurityBundle in createAccessDeniedException
[WebServerBundle] Fix escaping of php binary with arguments
Error handlers' $context should be optional as it's deprecated
[Serializer] Correct typing mistake in DocBlock
[HttpKernel] fix cleaning legacy containers
Display n/a for sub-requests time when Stopwatch component is not installed
Updating message to inform the user how to install the component
[Config] Fix closure CS
[Console] Simplify parameters in DI
PHP CS Fixer: use PHPUnit Migration ruleset
[Process] Skip false-positive test on Windows/appveyor
Update MemcachedTrait.php
[Bridge/PhpUnit] thank phpunit/phpunit
allow auto_wire for SessionAuthenticationStrategy class
[Process] Fix setting empty env vars
Fixed 'RouterInteface' typo
[Process] Dont use getenv(), it returns arrays and can introduce subtle breaks accros PHP versions
...
* 3.4: (22 commits)
Add application/ld+json format associated to json
[HttpFoundation] Fix false-positive ConflictingHeadersException
remove flex-specific suggestion on 3.4
Add check for SecurityBundle in createAccessDeniedException
[WebServerBundle] Fix escaping of php binary with arguments
Error handlers' $context should be optional as it's deprecated
[Serializer] Correct typing mistake in DocBlock
[HttpKernel] fix cleaning legacy containers
Display n/a for sub-requests time when Stopwatch component is not installed
Updating message to inform the user how to install the component
[Config] Fix closure CS
PHP CS Fixer: use PHPUnit Migration ruleset
[Process] Skip false-positive test on Windows/appveyor
Update MemcachedTrait.php
[Bridge/PhpUnit] thank phpunit/phpunit
allow auto_wire for SessionAuthenticationStrategy class
[Process] Fix setting empty env vars
Fixed 'RouterInteface' typo
[Process] Dont use getenv(), it returns arrays and can introduce subtle breaks accros PHP versions
[WebServerBundle] fix a bug where require would not require the good file because of env
...
* 4.0:
[2.7] Fix issues found by PHPStan
[Command] Fix upgrade guide example
Add php_unit_dedicate_assert to PHPCS
[WebProfilerBundle] Let fetch() cast URL to string
improve FormType::getType exception message details
[Intl] Update ICU data to 60.2
[Console] fix a bug when you are passing a default value and passing -n would ouput the index
[FrameworkBundle] fix merge of 3.3 into 3.4
bumped Symfony version to 4.0.3
updated VERSION for 4.0.2
updated CHANGELOG for 4.0.2
bumped Symfony version to 3.4.3
updated VERSION for 3.4.2
updated CHANGELOG for 3.4.2
* 3.4:
[2.7] Fix issues found by PHPStan
[Command] Fix upgrade guide example
Add php_unit_dedicate_assert to PHPCS
[WebProfilerBundle] Let fetch() cast URL to string
improve FormType::getType exception message details
[Intl] Update ICU data to 60.2
[Console] fix a bug when you are passing a default value and passing -n would ouput the index
[FrameworkBundle] fix merge of 3.3 into 3.4
bumped Symfony version to 3.4.3
updated VERSION for 3.4.2
updated CHANGELOG for 3.4.2
* 3.3:
[2.7] Fix issues found by PHPStan
Add php_unit_dedicate_assert to PHPCS
[WebProfilerBundle] Let fetch() cast URL to string
improve FormType::getType exception message details
[Intl] Update ICU data to 60.2
[Console] fix a bug when you are passing a default value and passing -n would ouput the index
* 4.0:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
removed FIXME
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 3.4:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 4.0:
[Bridge/PhpUnit] Prefer ['argv'] over
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
[SecurityBundle] add note to info text of no-op config option logout_on_user_change
[DI] Register singly-implemented interfaces when doing PSR-4 discovery
Fix for missing whitespace control modifier in form layout
* 3.4:
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
[DI] Register singly-implemented interfaces when doing PSR-4 discovery
Fix for missing whitespace control modifier in form layout
This PR was squashed before being merged into the 3.4 branch (closes#25272).
Discussion
----------
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25267
| License | MIT
| Doc PR | -
As pointed out in https://github.com/symfony/symfony/issues/25267 the `setLogoutOnUserChange` method calls were added to the parent definition `security.context_listener` instead of the concrete child definitions `security.context_listener.*`.
ping @iltar @chalasr
Commits
-------
4eff146 [SecurityBundle] fix setLogoutOnUserChange calls for context listeners
* 4.0:
[Security] Adding a GuardAuthenticatorHandler alias
fixed tests
moved method to function
marked method as being internal
Disallow viewing dot-files in Profiler
* 3.4:
[Security] Adding a GuardAuthenticatorHandler alias
fixed tests
moved method to function
marked method as being internal
Disallow viewing dot-files in Profiler
* 4.0:
SCA with Php Inspections (EA Extended)
Add test case for #25264
Fixed the null value exception case.
Remove rc/beta suffix from composer.json files
Ensure services & aliases can be referred to with `__toString`able objects
Throw an exception is expression language is not installed
[DI] Cast ids to string, as done on 3.4
Fail as early and noisily as possible
[Console][DI] Fail gracefully
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[DI] Trigger deprecation when setting a to-be-private synthetic service
[Intl] Correct Typehint
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
* 3.4:
SCA with Php Inspections (EA Extended)
Add test case for #25264
Fixed the null value exception case.
Remove rc/beta suffix from composer.json files
Throw an exception is expression language is not installed
Fail as early and noisily as possible
[Console][DI] Fail gracefully
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[DI] Trigger deprecation when setting a to-be-private synthetic service
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
* 4.0:
[HttpFoundation] Add Session::isEmpty(), fix MockFileSessionStorage to behave like the native one
[HttpKernel] Add a better error messages when passing a private or non-tagged controller
Test the suggestion of already registered services
[VarDumper] Dont use empty(), it chokes on eg GMP objects
[Dotenv] Changed preg_match flags from null to 0
remove upgrade instructions for kernel.root_dir
[HttpKernel] Arrays with scalar values passed to ESI fragment renderer throw deprecation notice
[DependencyInjection] Add more information to the message when passing miss matching class.
[HttpKernel] add a test for FilterControllerEvents
* 3.4:
[HttpFoundation] Add Session::isEmpty(), fix MockFileSessionStorage to behave like the native one
[HttpKernel] Add a better error messages when passing a private or non-tagged controller
[VarDumper] Dont use empty(), it chokes on eg GMP objects
[Dotenv] Changed preg_match flags from null to 0
remove upgrade instructions for kernel.root_dir
[HttpKernel] Arrays with scalar values passed to ESI fragment renderer throw deprecation notice
[HttpKernel] add a test for FilterControllerEvents
This PR was merged into the 4.0-dev branch.
Discussion
----------
[SecurityBundle][Security][Translation] trigger some deprecations for legacy methods
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e3396ea trigger some deprecations for legacy methods
* 4.0:
[DI] Dont resolve envs in service ids
Add tests proving it can load annotated files
[WebProfilerBundle] Reset letter-spacing in toolbar
Prefer overflow-wrap to word-break
remove more kernel.root_dir parameter refs
[*Bundle] Replace some kernel.root_dir by kernel.project_dir
removed some phpdocs
[Routing] Fix "config-file-relative" annotation loader resources
Make search in debug:container command case-insensitive
`resolveEnvPlaceholders` will return a mixed value
Remove dead code, add missing test
Update translation commands to work with default paths
[FrameworkBundle] Fix AssetsInstallCommand
* 4.0:
[Form] Fixed ContextErrorException in FileType
[DI] Fix handling of inlined definitions by ContainerBuilder
[Security] remove unused variable
[DI] Fix infinite loop when analyzing references
[Lock][Process][FrameworkBundle] fix tests
Display a nice error message if the form/serializer component is missing.
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
Force phpunit-bridge update (bis)
[Bridge/PhpUnit] Fix disabling global state preservation
Incorrect dot on method loadChoices in upgrade doc
* 3.4:
[Lock][Process][FrameworkBundle] fix tests
Display a nice error message if the form/serializer component is missing.
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
Force phpunit-bridge update (bis)
[Bridge/PhpUnit] Fix disabling global state preservation
Incorrect dot on method loadChoices in upgrade doc
This PR was merged into the 3.4 branch.
Discussion
----------
[Lock][Process][FrameworkBundle] fix tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When running tests locally, I have several failures. This fixes them.
Commits
-------
878b08c [Lock][Process][FrameworkBundle] fix tests
* 3.4:
[Bridge/PhpUnit] Sync the bridge version installed in vendor/ and in phpunit clone
[DI] Analyze setter-circular deps more precisely
fixing that PropertyNormalizer supports parent properties
[SecurityBundle] Don't trigger auto-picking notice if provider is set per listener
[TwigBundle][FrameworkBundle] Remove the internals from debug autowiring
[DI] Skip hot_path tag for deprecated services as their class might also be
[Cache] Memcached options should ignore "lazy"
[FrameworkBundle] Dont create empty bundles directory
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle][FrameworkBundle] Remove the internals from debug autowiring
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? |no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24986
| License | MIT
| Doc PR |
#SymfonyConHackday2017
@nicolas-grekas @weaverryan @fabpot @stof It should be OK to review and to merge.
Commits
-------
491839b [TwigBundle][FrameworkBundle] Remove the internals from debug autowiring
This PR was squashed before being merged into the 3.4 branch (closes#25014).
Discussion
----------
Move deprecation under use statements
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Commits
-------
0a5b016 Move deprecation under use statements
* 3.4: (26 commits)
[Bridge\PhpUnit] Disable broken auto-require mechanism of phpunit
[Console] Fix disabling lazy commands
[DI] Remove scalar typehint in class used in test case
Remove the `server:log` command if monolog is not loaded
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
Throw on service:method factory notation in PHP-based DI configuration
Test that named arguments are prioritized over typehinted
bumped Symfony version to 3.3.14
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
Prove that change is working with tests
updated VERSION for 3.3.13
updated CHANGELOG for 3.3.13
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
[DI] Fix by-type args injection
...
* 3.3:
[Bridge\PhpUnit] Disable broken auto-require mechanism of phpunit
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 3.3.14
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
updated VERSION for 3.3.13
updated CHANGELOG for 3.3.13
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
* 2.8:
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
* 2.7:
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 2.7.39
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
* 3.4:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 3.3:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 3.4:
[3.4] Remove useless docblocks
[3.3] More docblock fixes
[2.7] More docblock fixes
[TwigBridge] Fix BC break due required twig environment
Random fixes
Docblock fixes
[DI] Fix cannot bind env var
Fix some signatures in PHP-DSLs
[HttpKernel] Enhance deprecation message
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA3
updated CHANGELOG for 3.4.0-BETA3
[SecurityBundle] Fix the datacollector to properly support decision.object being null
* 3.3:
Random fixes
Docblock fixes
[HttpKernel] Enhance deprecation message
[SecurityBundle] Fix the datacollector to properly support decision.object being null
* 3.4:
[TwigBridge] Bootstrap 4 form theme fixes
[VarDumper] HtmlDumper: fix collapsing nodes with depth <= maxDepth
Fixing a bug where non-existent classes would cause issues
Do not activate the cache if Doctrine's cache is not present
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
[HttpFoundation] Mark new methods on Response as final
Fixed a few spelling mistakes in Luxembourgish translation
[TwigBridge] Fix template paths in profiler
* 3.3:
Fixing a bug where non-existent classes would cause issues
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
Fixed a few spelling mistakes in Luxembourgish translation
* 2.8:
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
Fixed a few spelling mistakes in Luxembourgish translation
* 3.4:
Ensure DeprecationErrorHandler::collectDeprecations() is triggered
Config: mark builder property deprecated
fix CachePoolPrunerPass to use correct command service id
[TwigBridge] Re-add Bootstrap 3 Checkbox Layout
[FrameworkBundle] Allow to disable assets via framework:assets xml configuration
fixed $_ENV/$_SERVER precedence in test framework
[HttpFoundation] Fix FileBag issue with associative arrays
[DI] Throw when a service name or an alias contains dynamic values (prevent an infinite loop)
[HttpFoundation] Fix caching of session-enabled pages
[Guard] remove invalid deprecation notice
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 3.3:
Ensure DeprecationErrorHandler::collectDeprecations() is triggered
[FrameworkBundle] Allow to disable assets via framework:assets xml configuration
fixed $_ENV/$_SERVER precedence in test framework
[HttpFoundation] Fix FileBag issue with associative arrays
[DI] Throw when a service name or an alias contains dynamic values (prevent an infinite loop)
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 2.8:
[HttpFoundation] Fix FileBag issue with associative arrays
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 2.7:
[HttpFoundation] Fix FileBag issue with associative arrays
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 3.4:
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA1
updated CHANGELOG for 3.4.0-BETA1
Do not process bindings in AbstractRecursivePass
don't bind scalar values to controller method arguments
Add extra autowiring aliases
adding AdapterInterface alias for cache.app
Adding a new debug:autowiring command
[HttpFoundation] Make sessions secure and lazy
[Routing] Ensure uniqueness without repeated check
[Console] Sync ConsoleLogger::interpolate with the one in HttpKernel
* 3.4: (26 commits)
bumped Symfony version to 3.3.11
updated VERSION for 3.3.10
updated CHANGELOG for 3.3.10
bumped Symfony version to 2.8.29
updated VERSION for 2.8.28
updated CHANGELOG for 2.8.28
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
Added deprecation to cwd not existing Fixes#18249
[Session] fix MongoDb session handler to gc all expired sessions
Add changelog for deprecated DbalSessionHandler
[Security] Look at headers for switch user username parameter
Updated Test name and exception name to be more accurate
newline at end of file
changed exception message
Ahh, I see. It actually wants a newline!
Removed newline
Created new Exception to throw and modified tests.
...
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Look at headers for switch_user username
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24260
| License | MIT
| Doc PR | n/a
Allowing `switch_user.parameter` config node to be a header name.
It's supported by SwitchUserStatelessBundle and I think it makes sense.
Forgotten in #24260 so targets 3.4 but not a blocker.
Commits
-------
3c801951c8 [Security] Look at headers for switch user username parameter
* 3.4:
[Bridge\Doctrine][FrameworkBundle] Deprecate some remaining uses of ContainerAwareTrait
[FrameworkBundle] Fix bad interface hint in AbstractController
[VarDumper] deprecate MongoCaster
[HttpFoundation] deprecate using with the legacy mongo extension; use it with the mongodb/mongodb package and ext-mongodb instead
Fix BC layer
Reset profiler.
[DI] Improve some deprecation messages
[DI] remove inheritdoc from dumped container
[Config] Fix dumped files invalidation by OPCache
[Security] Add Guard authenticator <supports> method
[Cache] Fix race condition in TagAwareAdapter
[DI] Allow setting any public non-initialized services
[Yaml] parse references on merge keys
treat trailing backslashes in multi-line strings
[FrameworkBundle] Expose dotenv in bin/console about
fix refreshing line numbers for the inline parser
fix version in changelog
[FrameworkBundle] Make Controller helpers final
[DoctrineBridge] Deprecate DbalSessionHandler
* 3.4: (33 commits)
Remove remaining `@experimental` annotations
Tests and fix for issue in array model data in EntityType field with multiple=true
[Validator] Add unique entity violation cause
[Lock] Automaticaly release lock when user forget it
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
fixed CS
[FrameworkBundle] Don't clear app pools on cache:clear
Hide label button when its setted to false
removed useless PHPDoc
[HttpFoundation] Return instance in StreamedResponse
[Form] Fix FormInterface::submit() annotation
[PHPUnitBridge] don't remove when set to empty string
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
...
* 3.3: (23 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
[PHPUnitBridge] don't remove when set to empty string
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
...
* 2.8: (22 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
[Filesystem] Fixed makePathRelative
...
* 2.7: (22 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
[Filesystem] Fixed makePathRelative
...
* 3.4:
[FrameworkBundle] Register a NullLogger from test kernels
[SecurityBundle] Deprecate auto picking the first provider
[Security] Add user impersonation support for stateless authentication
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Deprecate auto picking the first provider
when no provider is explicitly configured on a firewall
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | yes <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://symfony-devs.slack.com/archives/C3A2XAQ20/p1506626210000345 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
From @Pierstoval on Slack:
> Hey, guys, I learnt a few days ago that if you don't specify a user provider in a firewall configuration, the security will use the first one in the list. Don't anyone think specifying the user provider should be mandatory ? Or at least mandatory if we have more than one provider registered?
- [x] UPGRADE files
- [x] CHANGELOG
- [x] Fix other tests
- [x] Removal PR #24380
Commits
-------
2d1e3347a6 [SecurityBundle] Deprecate auto picking the first provider
* 3.4:
Argon2i Password Encoder
[DI] EnvVarProcessorInterface: fix missing use
[FrameworkBundle] Use PhpExtractor from Translation
[DowCrawler] Default to UTF-8 when possible
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Argon2i Password Encoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | WIP
Since the [libsodium RFC](https://wiki.php.net/rfc/libsodium) passed with flying colours, I'd like to kick start a discussion about adding Argon2i as a password encoder to the security component. The initial code proposal in this PR supports both the upcoming public API confirmed for PHP 7.2, and the [libsodium PECL extension](https://pecl.php.net/package/libsodium) for those below 7.2 (available for PHP 5.4+).
#### Concerns
- Should the test cover hash length? At the moment the result of Argon2i is 96 characters, but because the hashing parameters are included in the result (`$argon2i$v=19$m=32768,t=4,p=1$...`) this is not guaranteed.
- I've used one password encoder class because the result *should* be the same whether running natively in 7.2 or from the PECL extension, but should the logic be split out into separate private methods (like `Argon2iPasswordEncoder::encodePassword()`) or not (like in `Argon2iPasswordEncoder::isPasswordValid()`)? Since I can't really find anything concrete on Symfony choosing one way over another I'm assuming it's down to personal preference?
#### The Future
Whilst the libsodium RFC has been approved and the public API confirmed, there has been no confirmation of Argon2i becoming an official algorithm for `passhword_hash()`. If that is confirmed, then the implementation should *absolutely* use the native `password_*` functions since the `sodium_*` functions do not have an equivalent to the `password_needs_rehash()` function.
Any feedback would be greatly appreciated 😃
Commits
-------
be093dd79a Argon2i Password Encoder
Add the Argon2i hashing algorithm provided by libsodium as a core encoder in the Security component, and enable it in the SecurityBundle.
Credit to @chalasr for help with unit tests.
This PR was squashed before being merged into the 3.4 branch (closes#24337).
Discussion
----------
Adding a shortcuts for the main security functionality
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | Big ol' TODO
I'd like one class that I can inject (especially with autowiring) to get access to the User and `isGranted()` methods. This is *really* important... because to get the User currently, you need to type-hint `TokenStorageInterface`... and there are *two*! That's really bad DX!
Questions:
A) I hi-jacked the existing `Security` class... I wanted a simple class called Security
B) I called the service `security.helper`... for lack of a better id.
C) I did not make `Security` implement the 2 other interfaces (`TokenStorageInterface`, `AuthorizationCheckerInterface`... but I suppose we could?)
Cheers!
Commits
-------
0851189 Adding a shortcuts for the main security functionality
* 3.4:
fixed CS
[Serializer] Add Support for in CustomNormalizer
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
[Lock] Include lock component in framework bundle
[WebProfilerBundle] Render file links for twig templates
CsvEncoder handling variable structures and custom header order
Saltless Encoder Interface
[Serializer] throw more specific exceptions
# Conflicts:
# src/Symfony/Bundle/FrameworkBundle/composer.json
# src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php
# src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
# src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php
# src/Symfony/Component/Serializer/Serializer.php
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Saltless Encoder Interface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A new interface for encoders that do not require a user-generated salt (generate their own built-in) as suggested by @stof ([comment](https://github.com/symfony/symfony/pull/21604/files#r101225470)), this will become useful as more password encoders are added in the future (such as symfony/symfony#21604).
Commits
-------
7c4aa0bccb Saltless Encoder Interface
* 3.4:
[PhpUnitBridge] Added a CoverageListener to enhance the code coverage report
Add a method to check if any results were found
[SecurityBundle] Deprecate ACL related code
[FrameworkBundle] Enable assets with templates only if the Asset component is installed
* 3.4:
Passing the newly generated security token to the event during user switching.
Fix changelog and minor tweak for #23485
[Config] extracted the xml parsing from XmlUtils::loadFile into XmlUtils::parse
[Security][SecurityBundle] Deprecate the HTTP digest auth
add ability to configure catching exceptions
Extract method refactoring for ResourceCheckerConfigCache
This PR was squashed before being merged into the 3.4 branch (closes#23882).
Discussion
----------
[Security] Deprecated not being logged out after user change
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #17023
| License | MIT
| Doc PR | ~
This PR is an alternative approach to #19033. Due to a behavioral change that could break a lot of applications and websites, I've decided to trigger a deprecation instead of actually changing the behavior as that can be done for 4.0.
Whenever a user object is considered changed (`AbstractToken::hasUserChanged`) when setting a new user object after refreshing, it will now throw a deprecation, paving the way for a behavioral change in 4.0. The idea is that in 4.0 Symfony will simply trigger a logout when this case is encountered.
Commits
-------
22f525b [Security] Deprecated not being logged out after user change
* 3.4:
use the parseFile() method of the YAML parser
[Yaml] support parsing files
Adding Definition::addError() and a compiler pass to throw errors as exceptions
[DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
[Cache] Add ResettableInterface to allow resetting any pool's local state
[DI][DX] Throw exception on some ContainerBuilder methods used from extensions
added missing @author tag for new class
allow forms without translations and validator
[VarDumper] Make `dump()` a little bit more easier to use
[Form] Add ambiguous & exception debug:form tests
Reset the authentication token between requests.
[Serializer] Getter for extra attributes in ExtraAttributesException
[DI] Dont use JSON_BIGINT_AS_STRING
# Conflicts:
# src/Symfony/Component/Routing/composer.json
# src/Symfony/Component/Translation/composer.json
# src/Symfony/Component/Yaml/Inline.php
# src/Symfony/Component/Yaml/Tests/ParserTest.php
# src/Symfony/Component/Yaml/Yaml.php
* 3.4:
[DI] Turn services and aliases private by default, with BC layer
[WebProfiler] Fix z-index for pinned AJAX block
Require v3.4+ of the var-dumper component
* 2.8:
[CS][2.7] yoda_style, no_unneeded_curly_braces, no_unneeded_final_method, semicolon_after_instruction
[Filesystem] mirror - fix copying content with same name as source/target.
.php_cs.dist - simplify config
[WebProfilerBundle] fixed TemplateManager when using Twig 2 without compat interfaces
* 3.4:
[SecurityBundle] Fix valid provider considered undefined
Revert "bug #24105 [Filesystem] check permissions if dump target dir is missing (xabbuh)"
[Filesystem] skip tests if not applicable
[Fabbot] Do not run php-cs-fixer if there are no change in src/
[ExpressionLanguage] make a proposal in SyntaxError message
[Security] Fix exception when use_referer option is true and referer is not set or empty
[HttpKernel] "controller.service_arguments" services should be public
Get KERNEL_DIR through $_ENV too for KernelTestCase
Get KERNEL_CLASS through $_ENV too
check permissions if dump target dir is missing
* 3.4:
Do not display short exception trace for built-in console exceptions
Deprecated the web_profiler.position option
[DI] rename ResolveDefinitionTemplatesPass to ResolveChildDefinitionsPass
Throw a meaningful exception when an undefined user provider is used inside a firewall
[DI] Allow processing env vars
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Throw a meaningful exception when an undefined user provider is used inside a firewall
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Before
> The service "security.authentication.manager" has a dependency on a non-existent service "security.user.provider.concrete.undefined_provider".
After
> Invalid firewall "main": user provider "undefined_provider" not found.
Commits
-------
b884c6612d Throw a meaningful exception when an undefined user provider is used inside a firewall
* 2.7:
[travis] update to trusty
Fix ArrayInput::toString() for VALUE_IS_ARRAY options/args
[ExpressionLanguage] throws an exception on calling uncallable method
* 3.4:
[3.4][DI] Inline trivial services
sync upgrade file for Symfony 4.0 between branches
Fix ability to deprecate a config node
[DI] Minor fix in dumped code
[Console] Display file and line on Exception
Fix deprecations regarding core commands registered as services
#24046 added check for ext-dom to XmlUtil::loadFile
* 3.4:
[Console] Add protected static $defaultName to set the default name of a Command
removed sf2 references
[Console] Allow commands to provide a default name for compile time registration
[DI] Case sensitive parameter names
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Allow commands to provide a default name for compile time registration
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23796
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/8147
Commits
-------
eda7d42955 [Console] Add protected static $defaultName to set the default name of a Command
5d9ae6b56f [Console] Allow commands to provide a default name for compile time registration
* 3.4:
[Webprofiler] Added blocks that allows extension of the profiler page.
[Dotenv] Get env using $_SERVER to work with fastcgi_param and workaround thread safety issues
[Dotenv][WebServerBundle] Override previously loaded variables
Create an interface for TranslationWriter
[Translation] Adding the ability do dump <notes> in xliff2.0
[DI] Use GlobResource for non-tracked directories
[DI] Fix resolving env vars when compiling a ContainerBuilder
[SecurityBundle] resolve class name parameter inside AddSecurityVotersPass
[FrameworkBundle] Add soft conflict rule of "cache:clear" + HttpKernel 3.4
[WebProfilerBundle] Re add missing link to the controller
This PR was squashed before being merged into the 3.4 branch (closes#23862).
Discussion
----------
[SecurityBundle] resolve class name parameter inside AddSecurityVotersPass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23733
| License | MIT
Commits
-------
a86bf52 [SecurityBundle] resolve class name parameter inside AddSecurityVotersPass
* 3.4:
Made some SecurityBundle tests case-insensitive to prepare for future Symfony versions
[Console] Added a case-insensitive fallback for console command names
fix merge
[DI] Fix dumping abstract with YamlDumper
restrict reflection doc block
[DI] Fix YamlDumper not dumping abstract and autoconfigure
* 3.4: (23 commits)
[DI] Allow dumping inline services in Yaml
fixed CS
[2.8] Modify 2.8 upgrade doc - key option is deprecated.
Fix lock failling test
[Debug] Correctly detect methods not from the same vendor
[HttpKernel] Deprecated commands auto-registration
Fix minors in date caster
[FrameworkBundle] Catch Fatal errors in commands registration
[Debug] Detect internal and deprecated methods
[Profiler] Make the validator toolbar item consistent with the form one
[DebugBundle] Reword an outdated comment about var dumper wiring
updated CHANGELOG
[HttpFoundation] Remove length limit on ETag
[DI] Fix some docblocks
[DI] Fix some docblocks
Fixed the exception page design in responsive mode
[Console] Log exit codes as debug messages instead of errors
Fixed UPGRADE-4.0 about Container::set
Ignore memcached missing key error on dession destroy
[FrameworkBundle] Allow micro kernel to subscribe events easily
...
* 3.4:
[FrameworkBundle] Commands as a service
[Config] Enable cannotBeEmpty along with requiresAtLeastOneElement
Remove leading 0 in ms of date caster
[Workflow] feature: add getter in workflow
[Workflow] do not emit not needed guard events
add groups support to the Valid constraint
This PR was squashed before being merged into the 3.4 branch (closes#23624).
Discussion
----------
[FrameworkBundle] Commands as a service
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Next step towards #23488
It's a work in progress if we want to do all commands at once (im fine :)). But i think we should review `assets:install` first.
Also im assuming framework commands can rely on `getApplication()->getKernel()` from the framework application (we already do that in some commands). That saves a dep on `@kernel`.
And filesystem as a service; perhaps drop that as well :)
Commits
-------
de1dc0b [FrameworkBundle] Commands as a service
* 3.4:
[Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
Consistently use 7 chars of sha256 for hash-based id generation
Docblock improvement
bumped Symfony version to 2.8.27
updated VERSION for 2.8.26
updated CHANGELOG for 2.8.26
bumped Symfony version to 2.7.34
updated VERSION for 2.7.33
update CONTRIBUTORS for 2.7.33
updated CHANGELOG for 2.7.33
This PR was merged into the 3.4 branch.
Discussion
----------
Consistently use 7 chars of sha256 for hash-based id generation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This prevents generating over long service ids, and for filesystem-related changes, makes the Windows 258 chars limit farther.
Commits
-------
bc22cdd034 Consistently use 7 chars of sha256 for hash-based id generation
* 3.3:
Removed useless argument $definition
Fix comment
[Config] Fix checking class existence freshness
bumped Symfony version to 3.3.7
updated VERSION for 3.3.6
updated CHANGELOG for 3.3.6
Bump minimal PHP version to ^5.5.9|>=7.0.8
* 3.3:
[DI] use assertStringEqualsFile when possible
[VarDumper] Adapt to php 7.2 changes
[DI] Fix using private services in expressions
[Form][TwigBridge] Don't render _method in form_rest() for a child form
[Form] Static call TimezoneType::getTimezones
Removed references for non existent validator constraints
Suggest using quotes instead of Yaml::PARSE_KEYS_AS_STRINGS
[DI] Fix test
[Cache] Handle unserialization failures for Memcached
Remove unused prop + added @deprecated
Remove unused mocks/vars
[DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables
[Validator] Fix IbanValidator for ukrainian IBANs
Router: allow HEAD method to be defined first
[WebProfilerBundle] Display trace and context in the logger profiler
Fixing a bug where if a core class was autowired, autowiring tried to autowire optional args as if they were required
* 3.4: (22 commits)
Fix lazy commands registration
[TwigBridge] deprecate TwigRenderer
[FrameworkBundle] Set default public directory on install assets
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Stopwatch] Fix precision for root section
[Cache] add constructor docblocks for clarity
[WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
[WebServerBundle] remove duplicate code
[SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
[Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
[Profiler] Fix data collector getCasters() call
[VarDumper] Added setMinDepth to VarCloner
remove symfony/process suggestion
[DI] Remove unused dynamic property
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[Process] Fixed issue between process builder and exec
non-conflicting anonymous service ids across files
...
* 3.3:
[FrameworkBundle] Set default public directory on install assets
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Cache] add constructor docblocks for clarity
[WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
[WebServerBundle] remove duplicate code
[SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 3.4:
Add TokenProcessor
[DI] Handle root namespace in service definitions
Add support for command lazy-loading
Use rawurlencode() to transform the Cookie into a string
[TwigBundle] Added a RuntimeExtensionInterface to take advantage of autoconfigure
[Process] Fix parsing args on Windows
Add exculde verbosity test
[HttpKernel][VarDumper] Truncate profiler data & optim perf
[DI] Allow imports in string format for YAML
[Validator] Allow to use a property path to get value to compare in comparison constraints
[Security] Fix authentication.failure event not dispatched on AccountStatusException
add option to define the access decision manager
Add support for doctrin/dbal 2.6 types
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Add support for command lazy-loading
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/12063https://github.com/symfony/symfony/pull/16438https://github.com/symfony/symfony/pull/13946#21781
| License | MIT
| Doc PR | todo
This PR adds command lazy-loading support to the console, based on PSR-11 and DI tags.
(https://github.com/symfony/symfony/issues/12063#issuecomment-57173784)
Commands registered as services which set the `command` attribute on their `console.command` tag are now instantiated when calling `Application::get()` instead of all instantiated at `run()`.
__Usage__
```yaml
app.command.heavy:
tags:
- { name: console.command, command: app:heavy }
```
This way private command services can be inlined (no public aliases, remain really private).
With console+PSR11 implem only:
```php
$application = new Application();
$container = new ServiceLocator(['heavy' => function () { return new Heavy(); }]);
$application->setCommandLoader(new ContainerCommandLoader($container, ['app:heavy' => 'heavy']);
```
Implementation is widely inspired from Twig runtime loaders (without the definition/runtime separation which is not needed here).
Commits
-------
7f97519 Add support for command lazy-loading
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] make it possible to configure a custom access decision manager service
| Q | A |
| --- | --- |
| Branch? | 3.4 |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #942, #14049, #15295, #16828, #16843, |
| License | MIT |
| Doc PR | TODO |
These changes will make it possible to let users define their own voting strategies without the need for custom compiler passes that replace the built-in `AccessDecisionManager` (see linked issues in the PR table for some use cases).
Commits
-------
e0913a2 add option to define the access decision manager
* 3.4: (23 commits)
Don't display the Symfony debug toolbar when printing the page
[Routing] also add matched params for redirect due to trailing slash
do not wire namespaces for the ArrayAdapter
check _controller attribute is a string before parsing it
[Cache] Added test for ApcuAdapter when using in CLI
[Validator] sync upgrade file with latest code changes
allow to configure custom formats in XML configs
[HttpKernel] fix DumpDataCollector tests
[FrameworkBundle] fix changelog
[WebProfilerBundle] Cleanup profiler leftover
[Routing] Add matched and default parameters to redirect responses
[DotEnv] Fix variable substitution
require the XML PHP extension
Fix phpdoc for serializer normalizers exceptions
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
...
* 3.3:
Don't display the Symfony debug toolbar when printing the page
do not wire namespaces for the ArrayAdapter
check _controller attribute is a string before parsing it
[Cache] Added test for ApcuAdapter when using in CLI
allow to configure custom formats in XML configs
[HttpKernel] fix DumpDataCollector tests
[FrameworkBundle] fix changelog
[WebProfilerBundle] Cleanup profiler leftover
[DotEnv] Fix variable substitution
require the XML PHP extension
Fix phpdoc for serializer normalizers exceptions
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 3.2:
Don't display the Symfony debug toolbar when printing the page
do not wire namespaces for the ArrayAdapter
[Cache] Added test for ApcuAdapter when using in CLI
allow to configure custom formats in XML configs
[HttpKernel] fix DumpDataCollector tests
[FrameworkBundle] fix changelog
[WebProfilerBundle] Cleanup profiler leftover
require the XML PHP extension
Fix phpdoc for serializer normalizers exceptions
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 2.8:
Don't display the Symfony debug toolbar when printing the page
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 2.7:
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 3.3: (33 commits)
Preserve HttpOnly value when deserializing a header
[DX] [TwigBundle] Enhance the new exception page design
Fix deprecated message
[DI][Security] Prevent unwanted deprecation notices when using Expression Languages
bumped Symfony version to 3.3.5
updated VERSION for 3.3.4
updated CHANGELOG for 3.3.4
[VarDumper] Reduce size of serialized Data objects
bumped Symfony version to 3.2.12
updated VERSION for 3.2.11
updated CHANGELOG for 3.2.11
fixed bad merge
Fix indent of methods
[Cache] Handle APCu failures gracefully
[DoctrineBridge] Use normalizedIds for resetting entity manager services
[FrameworkBundle] Do not remove files from assets dir
[FrameworkBundle] 3.3: Don't get() private services from debug:router
bumped Symfony version to 3.3.4
updated VERSION for 3.3.3
updated CHANGELOG for 3.3.3
...
* 3.3: (21 commits)
fixed bad merge
Fix indent of methods
[Cache] Handle APCu failures gracefully
[FrameworkBundle] Do not remove files from assets dir
[FrameworkBundle] 3.3: Don't get() private services from debug:router
bumped Symfony version to 3.3.4
updated VERSION for 3.3.3
updated CHANGELOG for 3.3.3
bumped Symfony version to 3.2.11
updated VERSION for 3.2.10
updated CHANGELOG for 3.2.10
bumped Symfony version to 2.8.24
updated VERSION for 2.8.23
updated CHANGELOG for 2.8.23
Don't access private services from container aware commands (deprecated)
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30
call setContainer() for autowired controllers
...
* 3.4:
fixed tests
swiftmailer bridge is gone
respect the API in FirewallContext map
[TwigBundle] add back exception check
Dont call count on non countable object
Fix undefined variable $filesystem
* 3.3:
fixed tests
swiftmailer bridge is gone
respect the API in FirewallContext map
[TwigBundle] add back exception check
Dont call count on non countable object
Fix undefined variable $filesystem
* 3.4: (83 commits)
add missing version attribute
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
[SecurityBundle] Add user impersonation info and exit action to the profiler
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
Fix Predis client cluster with pipeline
[Dotenv] Test load() with multiple paths
[Console] Fix catching exception type in QuestionHelper
Improved the exception page when there is no message
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Profiler][Validator] Add a validator panel in profiler
[Validator] replace hardcoded service id
[Routing] Fix XmlFileLoader exception message
Remove duplicate changelog entries
[DI] Dedup tags when using instanceof/autoconfigure
[Translation] Fix FileLoader::loadResource() php doc
[Serializer] Fix workaround min php version
...
* 3.3: (64 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
Fix Predis client cluster with pipeline
[Dotenv] Test load() with multiple paths
[Console] Fix catching exception type in QuestionHelper
Improved the exception page when there is no message
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Validator] replace hardcoded service id
[Routing] Fix XmlFileLoader exception message
[DI] Dedup tags when using instanceof/autoconfigure
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
fixed CS
[WebProfilerBundle] Fix the icon for the Cache panel
[WebServerBundle] Fix router script path and check existence
...
* 3.2: (42 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
fixed bad merge
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
...
* 2.8: (40 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
[Filesystem] added workaround in Filesystem::rename for PHP bug
...
This PR was squashed before being merged into the 3.4 branch (closes#22629).
Discussion
----------
[Security] Trigger a deprecation when a voter is missing the VoterInterface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Right now it's possible to add voters to the access decision manager that do not have a `VoterInterface`.
- No Interface, no `vote()` method, and it will give a PHP error.
- No Interface, but `vote()` method, it will still work.
- If I don't implement the interface _and_ have no `vote()` method, I will get weird exception that's not meaningful: `Attempted to call an undefined method named "vote" of class "App\Voter\MyVoter".`
This PR will deprecate the ability to use voters without the interface, it will also throw a proper exception when missing the interface _and_ the `vote()` method. Why when using and not when setting? Due to the fact that the voters can be set lazily via the `IteratorArgument`. The SecurityBundle will trigger a deprecation if the interface is not implemented and an exception if there's not even a `vote()` method present (to prevent exceptions at run-time).
This should have full backwards compatibility with 3.3, but give more meaningful errors. The only behavioral difference, might be that the container will throw an exception instead of maybe succeeding in voting when 1 voter would be broken at the end of the list (based on strategy). This case however, will be detected during development and deployment, rather than run-time.
Commits
-------
9c253e1ff6 [Security] Trigger a deprecation when a voter is missing the VoterInterface
* 3.2:
[SecurityBundle] Move cache of the firewall context into the request parameters
Fix Usage with anonymous classes
[Workflow] Added more keywords in the composer.json
[Cache] APCu isSupported() should return true when apc.enable_cli=Off
[PropertyAccess] Do not silence TypeErrors from client code.
* 3.4:
[FrameworkBundle] Deprecate useless --no-prefix option
Add Doctrine Cache to dev dependencies to fix failing unit tests.
Give info about called security listeners in profiler
Fix the usage of FrameworkBundle in debug mode without Stopwatch
* 3.4:
[FrameworkBundle] removed doctrine/cache as a dependency
drop hard dependency on the Stopwatch component
Fix the conditional definition of the SymfonyTestsListener
[DI] Fix keys resolution in ResolveParameterPlaceHoldersPass
[FrameworkBundle] Fix colliding service ids
[FrameworkBundle] deprecated validator.mapping.cache.doctrine.apc
remove now useless condition
Lazy load security listeners
[EventDispatcher] Remove dead code in WrappedListener
[Process] Deprecate ProcessBuilder
Fix non-dumped voters in security panel
search case insensitive
[VarDumper] Cyclic searching dumps
[Yaml] Remove line number in deprecation notices
[SecurityBundle] Made 2 service aliases private
Automatically enable the routing annotation loader
[FrameworkBundle] KernelTestCase: deprecate not using KERNEL_CLASS
* 3.3:
Fix the conditional definition of the SymfonyTestsListener
[DI] Fix keys resolution in ResolveParameterPlaceHoldersPass
[EventDispatcher] Remove dead code in WrappedListener
Fix non-dumped voters in security panel
[Yaml] Remove line number in deprecation notices
[SecurityBundle] Made 2 service aliases private
* 2.7:
bumped Symfony version to 2.7.30
Cache ipCheck
updated VERSION for 2.7.29
update CONTRIBUTORS for 2.7.29
updated CHANGELOG for 2.7.29
show unique inherited roles
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] Show unique Inherited roles in profile panel
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
When more than one assigned role reaches the same inherited role then it's duplicated in the "Inherited roles" list.
The changes in the test case show the unexpected result before fix it:
```console
There was 1 failure:
1) Symfony\Bundle\SecurityBundle\Tests\DataCollector\SecurityDataCollectorTest::testCollectAuthenticationTokenAndRoles with data set #4 (array('ROLE_ADMIN', 'ROLE_OPERATOR'), array('ROLE_ADMIN', 'ROLE_OPERATOR'), array('ROLE_USER', 'ROLE_ALLOWED_TO_SWITCH'))
Failed asserting that Array &0 (
0 => 'ROLE_USER'
1 => 'ROLE_ALLOWED_TO_SWITCH'
2 => 'ROLE_USER'
) is identical to Array &0 (
0 => 'ROLE_USER'
1 => 'ROLE_ALLOWED_TO_SWITCH'
)
```
Commits
-------
7061bfbf3a show unique inherited roles
* 3.3:
Fix optional cache warmers are always instantiated whereas they should be lazy-loaded
add some \ on PHP_VERSION_ID for 2.8
[Di] Remove closure-proxy arguments
[PropertyInfo][DoctrineBridge] The bigint Doctrine's type must be converted to string
* 3.2:
Fix optional cache warmers are always instantiated whereas they should be lazy-loaded
add some \ on PHP_VERSION_ID for 2.8
[PropertyInfo][DoctrineBridge] The bigint Doctrine's type must be converted to string
This PR was merged into the 3.4 branch.
Discussion
----------
[3.4] Allow 4.* deps
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22756
| License | MIT
| Doc PR | -
This is implementing option 3 as described in #22756.
See #22769 for corresponding PR on 2.8: everything goes well and this allows catching a few more potential mistakes.
Commits
-------
c3e1646af8 [3.4] Allow 4.* deps
* 3.4:
[DI] prepare for signature change in 4.0
[DI] Add missing deprecation on Extension::getClassesToCompile
[Lock] Re-add the Lock component in 3.4
[Routing] remove an unused routing fixture
[Yaml] fix multiline block handling
[WebProfilerBundle] Fix sub-requests display in time profiler panel
[FrameworkBundle] Handle project dir in cache:clear command
[WebServerBundle] Mark ServerCommand as internal
[DI] Fix autowire error for inlined services
Close PHP code in phpt file
[Profiler][VarDumper] Fix searchbar css when in toolbar
Prevent auto-registration of UserPasswordEncoderCommand
[Process] Fixed incorrectly escaping arguments on Windows when inheritEnvironmentVariables is set to false
avoid double blanks while rendering form attributes
use getProjectDir() when possible
[PhpUnitBridge] add a changelog file
[FrameworkBundle][Validator] Deprecate passing validator instances/aliases over using the service locator
* 3.3:
[DI] prepare for signature change in 4.0
[DI] Add missing deprecation on Extension::getClassesToCompile
[Routing] remove an unused routing fixture
[Yaml] fix multiline block handling
[WebProfilerBundle] Fix sub-requests display in time profiler panel
[FrameworkBundle] Handle project dir in cache:clear command
[WebServerBundle] Mark ServerCommand as internal
[DI] Fix autowire error for inlined services
Close PHP code in phpt file
[Profiler][VarDumper] Fix searchbar css when in toolbar
Prevent auto-registration of UserPasswordEncoderCommand
[Process] Fixed incorrectly escaping arguments on Windows when inheritEnvironmentVariables is set to false
avoid double blanks while rendering form attributes
use getProjectDir() when possible
[PhpUnitBridge] add a changelog file
[FrameworkBundle][Validator] Deprecate passing validator instances/aliases over using the service locator
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security] add Request type json check in json_login
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no, unreleased feature
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
follow up to https://github.com/symfony/symfony/pull/22425 to limit the `UsernamePasswordJsonAuthenticationListener` to only requests with appropriate JSON content type.
I am not entirely happy with this implementation but mostly because Symfony out of the box only provides very limited content type negotiation. I guess anyone that wants to tweak the content negotiation will simply need to ensure the Request::$format is set accordingly before the code is triggered.
Commits
-------
045a36b303 add Request type json check in json_login
This PR was merged into the 3.3-dev branch.
Discussion
----------
[SecurityBundle] Enhance FirewallContext::getListeners()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/20417#discussion_r91704023, https://github.com/symfony/symfony/pull/20417#discussion_r91704145
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
I think @stof is right.. and the fact we can do this on master currently without the hassle.
cc @chalasr
Commits
-------
ba650783f5 [SecurityBundle] Enhance FirewallContext::getListeners()
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security] Fix json_login default success/failure handling
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (master only)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22483
| License | MIT
| Doc PR | n/a
This makes the `json_login` listener default configuration stateless oriented by:
- Not using the default (redirect based) failure handler, it returns a 401 (json) response containing the failure reason instead
- Not using the default (redirect based) success handler, just let the original request continue instead (reaching the targeted resource without being redirected).
- Setting `require_previous_session` to `false` by default (I have to set it on `form-login` each time I want it to be stateless)
- Removing the options related to redirections (`default_target_path`, `login_path`, ...) from the listener factory, if one wants redirections then one has to write its own handlers, not the inverse
Commits
-------
9749618ff5 Fix json_login default success/failure handling
This PR was squashed before being merged into the 3.3-dev branch (closes#22234).
Discussion
----------
[DI] Introducing autoconfigure: automatic _instanceof configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes (mostly, a continuation of a new feature)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/7538
This is a proposal to allow the user to opt into some automatic `_instanceof` config. Suppose I want to auto-tag all of my voters and event subscribers
```yml
# current
services:
_defaults:
autowire: true
_instanceof:
Symfony\Component\Security\Core\Authorization\Voter\VoterInterface:
tags: [security.voter]
Symfony\Component\EventDispatcher\EventSubscriberInterface:
tags: [kernel.event_subscriber]
# services using the above tags
AppBundle\Security\PostVoter: ~
AppBundle\EventListener\CheckRequirementsSubscriber: ~
```
If I'm registering a service with a class that implements `VoterInterface`, when would I ever *not* want that to be tagged with `security.voter`? Here's the proposed code:
```yml
# proposed
services:
_defaults:
autowire: true
autoconfigure: true
# services using the auto_configure_instanceof functionality
AppBundle\Security\PostVoter: ~
AppBundle\EventListener\CheckRequirementsSubscriber: ~
```
The user must opt into this and it only applies locally to this configuration file. It works because each enabled bundle would have the opportunity to add one or more "automatic instanceof" definitions - e.g. SecurityBundle would add the `security.voter` instanceof config, FrameworkBundle would add the `kernel.event_subscriber` instanceof config, etc.
For another example, you can check out the proposed changes to `symfony-demo` - symfony/symfony-demo#483 - the `_instanceof` section is pretty heavy: 81694ac21e/app/config/services.yml (L20)
Thanks!
Commits
-------
18627bf9f6 [DI] Introducing autoconfigure: automatic _instanceof configuration
* 3.2:
[Bridge\Doctrine] Fix change breaking doctrine-bundle test suite
[WebProfilerBundle] Include badge status in translation tabs
[FrameworkBundle] Cache pool clear command requires at least 1 pool
[HttpFoundation][bugfix] should always be initialized
MockArraySessionStorage: updated phpdoc for $bags so that IDE autocompletion would work
normalize paths before making them relative
removed test that does not test anything
fixed tests
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
[WebProfilerBundle] Fix for CSS attribute at Profiler Translation Page
Set Date header in Response constructor already
[Validator] fix URL validator to detect non supported chars according to RFC 3986
[Security] Fixed roles serialization on token from user object
* 2.8:
removed test that does not test anything
fixed tests
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
[WebProfilerBundle] Fix for CSS attribute at Profiler Translation Page
Set Date header in Response constructor already
[Validator] fix URL validator to detect non supported chars according to RFC 3986
[Security] Fixed roles serialization on token from user object
* 2.7:
removed test that does not test anything
fixed tests
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
[Validator] fix URL validator to detect non supported chars according to RFC 3986
[Security] Fixed roles serialization on token from user object
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security][SecurityBundle] Enhance automatic logout url generation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This should help whenever:
- [the token does not implement the `getProviderKey` method](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Http/Logout/LogoutUrlGenerator.php#L89-L99)
- you've got multiple firewalls sharing a same context but a logout listener only define on one of them.
##### Behavior:
> When not providing the firewall key:
>
>- Try to find the key from the token (unless it's an anonymous token)
>- If found, try to get the listener from the key. If the listener is found, stop there.
>- Try from the injected firewall key. If the listener is found, stop there.
>- Try from the injected firewall context. If the listener is found, stop there.
>
>The behavior remains unchanged when providing explicitly the firewall key. No fallback.
Commits
-------
5b7fe852aa [Security][SecurityBundle] Enhance automatic logout url generation
* 3.2:
[Yaml] CS
[DI] Fix PhpDumper generated doc block
#20411 fix Yaml parsing for very long quoted strings
[Workflow] add Phpdoc for better IDE support
fix package name in conflict rule
improve message when workflows are missing
[Doctrine Bridge] fix priority for doctrine event listeners
Use PHP functions as array_map callbacks when possible
[Validator] revert wrong Phpdoc change
Use proper line endings
* 2.8:
[DI] Fix PhpDumper generated doc block
#20411 fix Yaml parsing for very long quoted strings
[Doctrine Bridge] fix priority for doctrine event listeners
Use PHP functions as array_map callbacks when possible
[Validator] revert wrong Phpdoc change
Use proper line endings
* 2.7:
#20411 fix Yaml parsing for very long quoted strings
[Doctrine Bridge] fix priority for doctrine event listeners
Use PHP functions as array_map callbacks when possible
[Validator] revert wrong Phpdoc change
Use proper line endings
* 3.2:
[Workflow] Delete dead code
Rename StackOverflow to Stack Overflow
[travis] Test with hhvm 3.18
[Workflow] Fixed marking state on leave and enter events
