* 5.1:
[5.1] Ignore more deprecations for Mockery mocks
[PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
This PR was merged into the 5.1 branch.
Discussion
----------
[PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
https://github.com/symfony/symfony/pull/38031 caused an unwanted regression: if the frame `class` matches `SymfonyTestsListenerFor` it used to always return, now it continues so the `originClass` and `originMethod` properties are set. Therefore, the deprecation is considered as coming from the test listener. It ends up in the "legacy" group and muted because the test listeners contains the word "Legacy" in their namespaces.
Example test:
```php
<?php
namespace App\Tests;
use PHPUnit\Framework\TestCase;
use Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher;
final class FooTest extends TestCase
{
public function test(): void
{
// ExtractingEventDispatcher is @internal
new class extends ExtractingEventDispatcher {};
$this->assertTrue(true);
}
}
```
On 4.4:
```
Other deprecation notices (1)
1x: The "Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher" class is considered internal. It may change without further notice. You should not use it from "Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher@anonymous".
```
On 5.1:
```
Legacy deprecation notices (1)
```
Commits
-------
1ba06a0f86 [PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
* 4.4:
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
* 3.4:
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] propagate validation groups to subforms
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38300
| License | MIT
| Doc PR |
Commits
-------
04f5698e29 propagate validation groups to subforms
e2c7c3373d [Form] [Validator] Add failing testcase to demonstrate group sequence issue
* 5.1:
[HttpClient] fix using proxies with NativeHttpClient
[4.4] Ignore more deprecations for Mockery mocks
[Routing] fix using !important and defaults/reqs in inline route definitions
[ErrorHandler][DebugClassLoader] Do not check Mockery mocks classes
[HttpClient] Fix using https with proxies
[TwigBundle] Only remove kernel exception listener if twig is used
[DI] Fix changelog
Remove CHANGELOG files for 4.x
Adjust expired range check
Fix redis connection error message
[DI] fix dumping non-shared lazy services
* 4.4:
[HttpClient] fix using proxies with NativeHttpClient
[4.4] Ignore more deprecations for Mockery mocks
[Routing] fix using !important and defaults/reqs in inline route definitions
[ErrorHandler][DebugClassLoader] Do not check Mockery mocks classes
[HttpClient] Fix using https with proxies
[TwigBundle] Only remove kernel exception listener if twig is used
Adjust expired range check
Fix redis connection error message
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix using proxies with NativeHttpClient
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/38368#issuecomment-702272737, we cannot use local DNS resolution with HTTP proxies.
Commits
-------
28f301bf03 [HttpClient] fix using proxies with NativeHttpClient
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] fix using !important and defaults/reqs in inline route definitions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33224
| License | MIT
| Doc PR | -
Commits
-------
826db225b7 [Routing] fix using !important and defaults/reqs in inline route definitions
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[RateLimiter] Fix cache storage (use namespaced pool + remove \Serializable)
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38365, fix#38338
| License | MIT
| Doc PR | -
Commits
-------
251c202874 Use a dedicated cache.rate_limiter cache pool
5dc562a318 Use __sleep/__wakeup instead of Serializable
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Messenger] Added ErrorDetailsStamp
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32311
| License | MIT
| Doc PR | No doc changes are needed
#SymfonyHackday
This PR is part of the work started in #32341. That PR has a workaround for showing exceptions added to a previous retry. This PR stores error messages in a separate stamp, so they're more easily accessed.
I also added the exceptionClass as a separate string (independant of FlattenException), so that information is always available, even if the trace is not (due to FlattenException not being available).
Duplicated exceptions (compared to the last one) are not stored separately.
**Questions:**
- Should we limit the total amount of exceptions (remove the oldest when adding a new one)?
- Yes, but in a new PR
- The current implementation adds this stamp in the Worker instead of the listeners to prevent duplicate code (due to the immutability of the envelope in the event). Is this the proper way to do this?
- No, create a new listener and a way to add stamps to the envelope inside the event.
- When adding details of a `HandlerFailedException`, should we add a stamp per wrapped `Throwable`? There can be multiple errors wrapped by a single `HandlerFailedException`.
- Yes, but in a later PR
**Todo:**
- [x] only add new information if it differs from the previous exception
- [x] add deprecations
- [x] fall back to old stamp data if no new stamp is available
- [x] rebase and retarget to master
- [x] update CHANGELOG.md
- [x] check for docs PR
**BC Breaks:**
When this PR is merged, RedeliveryStamps will no longer be populated with exception data. Any implementations that use `RedeliveryStamp::getExceptionMessage()` or `RedeliveryStamp::getFlattenedException()` will receive an empty string or `null` respectively for stamps added after this update. They should rely on `ErrorDetailsStamp` instead.
**New stuff:**
- New stamp `ErrorDetailsStamp`.
- New event subscriber `AddErrorDetailsStampListener`.
- New method `AbstractWorkerMessageEvent::addStamps`.
Commits
-------
cd27b863f9 [Messenger] Added FailedMessageErrorDetailsStamp
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Messenger] dispatch event when a message is retried
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
Hello,
i'm working on a bundle which helps to monitor messenger queues (add some stats for queues/transports + ability to manage failed messages from the browser)
https://github.com/SymfonyCasts/messenger-monitor-bundle/
and we're missing some hooks in the messaging system:
1. a way to know when a message has been retried (fixed by dispatching a new `WorkerMessageRetriedEvent` in `SendFailedMessageForRetryListener::onMessageFailed()`)
2. a way to update the enveloppe in worker message events (fixed by adding `AbstractWorkerMessageEvent::setEnvelope()`)
if needed i can provide some precise use cases.
thanks.
Commits
-------
55bddcb721 [Messenger] dispatch event when a message is retried
This PR was merged into the 5.2-dev branch.
Discussion
----------
[HttpClient] provide response body to the RetryDecider
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes but for not-yet released 5.2 feature
| Tickets | /
| License | MIT
| Doc PR | TODO
Some servers, like AWS, does not always return standard HTTP code. The strategy needs to parse the body to take a decision.
example:
```
400
x-amzn-requestid: XXXXX
content-type: application/x-amz-json-1.1
content-length: 58
date: Thu, 24 Sep 2020 11:17:35 GMT
connection: close
{"__type":"ThrottlingException","message":"Rate exceeded"}
````
This PR update the `RetryDeciderInterface` interface to let the decider notifying the Client when it need the body to take a decision. in that case, the Client, fetch te client, and call again the decider with the full body.
usage
```php
class Decider implements RetryDeciderInterface {
public function shouldRetry(string $requestMethod, string $requestUrl, array $requestOptions, int $responseCode, array $responseHeaders, ?string $responseContent, \Throwable $throwable = null): ?bool
{
if (null !== $throwable) {
return true;
}
if (in_array($responseCode, [423, 425, 429, 500, 502, 503, 504, 507, 510])) {
return true;
}
if (
$responseCode !== 400
|| $headers['content-type'][0] ?? null !== 'application/x-amz-json-1.1'
|| (int) $headers['content-length'][0] ?? '0' > 1024
) {
return false;
}
if (null === $responseContent) {
return null; // null mean no decision taken and need to be called again with the body
}
$data = json_decode($responseContent, true);
return $data['__type'] ?? '' === 'ThrottlingException';
}
}
```
Commits
-------
321be5884d [HttpClient] provide response body to the RetryDecider
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[TwigBundle] Only remove kernel exception listener if twig is used
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/contao/contao/issues/1527
| License | MIT
| Doc PR |
In a setup using the template engine but not twig as the template engine no exceptions are logged. This is caused by the twig-bundle which removes the `exception_listener` service. For my understanding this should only happen if twig is used as template engine. This PR fixes the logic that only for the case where twig is enabled as template engine the http kernel exception listener is removed. Otherwise the twig exception listener got removed now.
Disclaimer: I'm not too deep into the details, so maybe I oversee something why it's implemented the way it is.
Commits
-------
7c34f6e866 [TwigBundle] Only remove kernel exception listener if twig is used
This PR was merged into the 3.4 branch.
Discussion
----------
[BrowserKit] Cookie expiration at current timestamp
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
In `Symfony\Component\BrowserKit\Cookie` a cookie is expired if the `expires` timestamp is in the past. I would like to change it to also be expired if the `expires` timestamp equals the current exact timestamp. This would still be in line with [RFC 6265](https://tools.ietf.org/html/rfc6265#section-4.1.2.1), as it states `The Expires attribute indicates the maximum lifetime of the cookie, represented as the date and time at which the cookie expires`.
Reason for this change: Cookies usually both have `expires` and `Max-Age` set, and Symfony sets `Max-Age` to zero if a cookie is expired (in `Symfony\Component\HttpFoundation\Cookie`). When converting cookies between string and object representations, `Max-Age` is the preferred source of truth for the expiration, but `Max-Age` set to zero is converted to an `expires` timestamp at this exact second, currently making the cookie not expired in `Symfony\Component\BrowserKit\Cookie`, even though it should be.
I noticed this discrepancy in my tests when checking if a cookie no longer existed after deleting it, yet it was still there, because `Cookie` thought it would only expire after the `expires` timestamp had passed. I am also thinking of raising an issue for `Symfony\Component\HttpFoundation\Cookie`, as importing and exporting an expired cookie (via strings) changes the `expired` value. I thought this change was a simpler one for now, and should have no negative/unexpected impact.
Commits
-------
9d187c0d1a Adjust expired range check
This PR was merged into the 5.1 branch.
Discussion
----------
[DI] fix dumping non-shared lazy services
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38327
| License | MIT
| Doc PR | -
It took me a while to get this correct, but here we are.
Commits
-------
e33a0b0f94 [DI] fix dumping non-shared lazy services
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security][RateLimiter] Added request rate limiter to prevent breadth-first attacks
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This allows limiting on different elements of a request. The normal `CompoundLimiter` requires the same key for all its limiters.
This request limiter is useful to e.g. prevent breadth-first attacks, by allowing to enforce a limit on both IP and IP+username. It can also be useful for applications using some sort of API request limiting (or e.g. file upload limiting).
The default login throttling limiter will allow `max_attempts` (default: 5) attempts per minute for `username + IP` and `5 * max_attempts` for `IP`. Customizing this will require creating a new service that extends `AbstractRequestRateLimiter` and implementing `getLimiters(Request $request): LimiterInterface[]`.
Commits
-------
5d03afea99 Added request rate limiters and improved login throttling
This PR was squashed before being merged into the 5.2-dev branch (closes#38351).
Discussion
----------
[Console] clone stream on multiline questions so EOT doesn't close input
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This fixes a bug in the multiline question feature that was introduced in #37683.
Today, @epitre commented on https://github.com/symfony/symfony/pull/37683#issuecomment-700666826:
> If I ask a question AFTER using the multiline option in a previous question, then it seems that the ctrl+d is kind of saved, and the command gets aborted.
I'm honestly not sure how I missed this while working on #37683, since I was testing it with multiple questions, but I think it might have resulted from some of the back-and-forth and the lack of ability to effectively test the EOT character from a unit test.
The solution was to _clone_ the input stream resource and use the clone to read the multiline input and capture the EOT byte. In this way, the primary input stream is not closed by the EOT.
This is similar to @epitre's solution in https://github.com/symfony/symfony/pull/38345, but I'm using the `uri` and `mode` from `stream_get_meta_data()` to create the new stream, and if the existing stream has any data and is seekable and writable (like the streams used in the tests), I add the data to the clone and seek to the same offset.
I've ensured that this solution works on a question that is in the middle of a series of other questions, and I've tested in on *nix and Windows. I've also improved the tests for multiline questions. While I'm unable to test (with a unit test) that an EOT character effectively stops reading from STDIN while continuing to the next question and prompt, I feel confident that the tests here provide sufficient coverage.
Commits
-------
ec688a361e [Console] clone stream on multiline questions so EOT doesn't close input
This allows limiting on different elements of a request. This is usefull to
e.g. prevent breadth-first attacks, by allowing to enforce a limit on both IP
and IP+username.
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Validator] Constraints as php 8 Attributes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #38096
| License | MIT
| Doc PR | TODO
This is my attempt to teach the validator to load constraints from PHP attributes. Like we've done it for the `Route` attribute, I've hooked into the existing `AnnotationLoader`, so we can again mix and match annotations and attributes.
### Named Arguments
An attribute declaration is basically a constructor call. This is why, in order to effectively use a constraint as attribute, we need to equip it with a constructor that works nicely with named arguments. This way, IDEs like PhpStorm can provide auto-completion and guide a developer when declaring a constraint without the need for additional plugins. Right now, PhpStorm supports neither attributes nor named arguments, but I expect those features to be implemented relatively soon.
To showcase this, I have migrated the `Range` and `Choice` constraints. The example presented in #38096 works with this PR.
```php
#[Assert\Choice(
choices: ['fiction', 'non-fiction'],
message: 'Choose a valid genre.',
)]
private $genre;
```
A nice side effect is that we get a more decent constructor call in php 8 in situations where we directly instantiate constraints, for instance when attaching constraints to a form field via the form builder.
```php
$builder->add('genre, TextType::class, [
'constraints' => [new Assert\Choice(
choices: ['fiction', 'non-fiction'],
message: 'Choose a valid genre.',
)],
]);
```
The downside is that all those constructors generate the need for some boilerplate code that was previously abstracted away by the `Constraint` class.
The alternative to named arguments would be leaving the constructors as they are. That would basically mean that when declaring a constraint we would have to emulate the array that Doctrine annotations would crate. We would lose IDE support and the declarations would be uglier, but it would work.
```php
#[Assert\Choice([
'choices' => ['fiction', 'non-fiction'],
'message' => 'Choose a valid genre.',
])]
private $genre;
```
### Nested Attributes
PHP does not support nesting attributes (yet?). This is why I could not recreate composite annotations like `All` and `Collection`. I think it's okay if they're not included in the first iteration of attribute constraints and we can work on a solution in a later PR. Possible options:
* A later PHP 8.x release might give us nested attributes.
* We could find a way to flatten those constraints so we can recreate them without nesting.
* We could come up with a convention for a structure that lets us emulate nested attributes in userland.
### Repeatable attributes
In order to attach two instances of the same attribute class to an element, we explicitly have to allow repetition via the flag `Attribute::IS_REPEATABLE`. While we could argue if it really makes sense to do this for certain constraints (like `NotNull` for instance), there are others (like `Callback`) where having two instances with different configurations could make sense. On the other hand, the validator certainly won't break if we repeat any of the constraints and all other ways to configure constraints allow repetition. This is why I decided to allow repetition for all constraints I've marked as attributes in this PR and propose to continue with that practice for all other constraints.
### Migration Path
This PR only migrates a handful of constraints. My plan is to discuss the general idea with this PR first and use it as a blueprint to migrate the individual constraints afterwards. Right now, the migration path would look like this:
* Attach the `#[Attribute]` attribute.
* Recreate all options of the constraint as constructor arguments.
* Add test cases for constructor calls with named arguments to the test class of the constraint's validator.
Commits
-------
d1cb2d6354 [Validator] Constraints as php 8 Attributes.
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Notifier] Add Dsn test case
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
6a0510d859 Add Dsn test case
* 4.4:
Revert "bug #38063 [FrameworkBundle] generate preload.php in src/ to make opcache.preload predictable (nicolas-grekas)"
[PhpUnitBridge] Fix class_alias() for PHPUnit\Framework\Error\Error
This PR was merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] Fixed class_alias() for PHPUnit\Framework\Error\Error
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
PHPUnit 6.x removed the PHPUnit_Framework_* classes in favor of PHP namespaces, but one error class did not map the same as the others: `PHPUnit_Framework_Error`.
Instead of mapping to `PHPUnit\Framework\Error` in the same way that `PHPUnit_Framework_Error_Warning` mapped to `PHPUnit\Framework\Error\Warning`, this base class was replaced with `PHPUnit\Framework\Error\Error`, so we cannot map it using simple string replacement like its descendants.
Commits
-------
8e607b58df [PhpUnitBridge] Fix class_alias() for PHPUnit\Framework\Error\Error
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Contracts] add TranslatableInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #38319
| License | MIT
| Doc PR | -
An alternative to #38328:
- `TranslatableInterface` is added to symfony/contracts;
- `Translatable`, still in the component, implements it (and is not final as it makes no sense for a value-object)
- the `t()` function is kept in the component - it doesn't fit in the contracts IMHO;
- `Translatable::trans()` is not static anymore;
- the domain is nullable instead of defaulting to "messages";
- the `t()` function moved in the `Symfony\Component\Translation` namespace (for reference, the `s()` function from String is also namespaced.);
- the Twig extension is made strictly polymorphic: if you pass a Translatable, you cannot pass arguments/domain/count.
Commits
-------
9224f7ac5b [Contracts] add TranslatableInterface
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Validator] Add Ulid constraint and validator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#38152
| License | MIT
ULID constraint and validator as mentioned in ticket #38103
I checked for it ulid specifications https://github.com/ulid/spec
Commits
-------
e36fd559da [Validator] Add Ulid constraint and validator
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Uid] make UUIDv6 always return truly random nodes to prevent leaking the MAC of the host
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As explained in http://gh.peabody.io/uuidv6/, the wording of the UUIDv1 spec suggests that using the MAC of the host is preferred to compute the "node" field of UUIDs. This is what the uuid extension does, and the reason why the 12 last chars of the UUIDv1 it generates are stable. But this is a privacy leak. There are stories in the wild about how knowing the MAC has been abused in the past.
UUIDv6 prefers putting a secure random number there.
So here is the PR to do so.
Commits
-------
b9c61ca86c [Uid] make UUIDv6 always return truly random nodes to prevent leaking the MAC of the host
PHPUnit 6.x removed the PHPUnit_Framework_* classes in favor of PHP namespaces, but one error class did not map the same as the others: `PHPUnit_Framework_Error`.
Instead of mapping to `PHPUnit\Framework\Error` in the same way that `PHPUnit_Framework_Error_Warning` mapped to `PHPUnit\Framework\Error\Warning`, this base class was replaced with `PHPUnit\Framework\Error\Error`.
* 5.1:
[Filesystem] fix for PHP 8
[Cache] fix DBAL v3 compat
Bump Symfony version to 5.1.7
Update VERSION for 5.1.6
Update CHANGELOG for 5.1.6
Bump Symfony version to 4.4.15
Update VERSION for 4.4.14
Update CHANGELOG for 4.4.14
Bump Symfony version to 3.4.46
Update VERSION for 3.4.45
Update CONTRIBUTORS for 3.4.45
Update CHANGELOG for 3.4.45
* 4.4:
[Filesystem] fix for PHP 8
[Cache] fix DBAL v3 compat
Bump Symfony version to 4.4.15
Update VERSION for 4.4.14
Update CHANGELOG for 4.4.14
Bump Symfony version to 3.4.46
Update VERSION for 3.4.45
Update CONTRIBUTORS for 3.4.45
Update CHANGELOG for 3.4.45
* 5.1:
[ErrorHandler] Return false directly and remove unused variable
[OptionsResolver] Assert that the error type is valid in deprecations test
[OptionsResolver] Fix deprecation message access
[HttpClient] Allow bearer token with colon
[Form] Fix custom formats deprecation with HTML5 widgets
[Translator] Optional Intl dependency
[Contracts][Translation] Optional Intl dependency
[ErrorHandler] Escape JSON encoded log context
update missing translations arabic
[Yaml] simplify the test
fix test by letting mock throw the actual expected exception
* 4.4:
[ErrorHandler] Return false directly and remove unused variable
[OptionsResolver] Assert that the error type is valid in deprecations test
[HttpClient] Allow bearer token with colon
[Form] Fix custom formats deprecation with HTML5 widgets
[Translator] Optional Intl dependency
[Contracts][Translation] Optional Intl dependency
[ErrorHandler] Escape JSON encoded log context
update missing translations arabic
[Yaml] simplify the test
fix test by letting mock throw the actual expected exception
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[lock] Provides default implementation when store does not supports the behavior
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | /
| License | MIT
| Doc PR | /
All stores does not provide the same behaviors. Some are blocking, some allows shared Locks, ...
Issue is: When people use `lock` to use a behavior that is not supported by the store, they get an `UnsuportedException`, but they don't have any way to know if the store supports or not the behavior they want to use.
ie: when using the FrameworkBundle
```yaml
framework:
lock: '%env(LOCK_DSN)%'
```
User (or bundle) can't use safely `$lock->acquire(true)` or `$lock->acquireRead()`.
Given it's very easy to provide an fallback implementation to those behavior, this PR
- use fallback implementation when store does not support the behavior
- deprecate the RetryTillSaveStore (not needed anymore)
Commits
-------
575b391b9b [lock] Provides default implementation when store does not supports the behavior
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Notifier] Add Sendinblue notifier.
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | no <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | todo <!-- required for new features -->
Add Sendinblue SMS notifier bridge.
Commits
-------
e7300a8580 Add Sendinblue notifier.
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Messenger] Fix misleading comment about time-limit
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
The current explanation of the time-limit option of the `messenger:consume` command is misleading as it lets you think that this is an enforced hard limit.
For instance, you may think that a command started with `--time-limit=10` will stop once 10 seconds are elapsed, no matter what.
Actually, two things happen:
- Once 10 seconds have elapsed, then the worker won't receive and handle any other message
- The worker will keep running until the currently handled message is fully handled so it can last way longer than 10 seconds, then it will stop.
I'm not sure this is behavior is actually a bug or not, but the current documentation does not describe the current behavior
Commits
-------
21176646e9 [Messenger] Fix misleading comment about time-limit
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Translation] Allow Translatable objects to be used as strings
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Allow Translatable objects to be used as strings.
Commits
-------
0ba206420e [Translation] Allow Translatable objects to be used as strings
This PR was merged into the 5.2-dev branch.
Discussion
----------
[DomCrawler] Add checkbox assertions for functional tests
| Q | A
| ------------- | ---
| Branch? | master for features
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Add new assertions for checkboxes, to use in functional tests.
Example:
```php
public function testAssertCheckboxChecked()
{
$this->visit('/edit-form');
$this->client->submitForm('Save', [
'activateMembership' => 'on',
]);
self::assertResponseIsSuccessful();
// Check that the field is checked after the form was submitted
self::assertCheckboxChecked('activateMembership');
}
```
This wasn't possible to achieve with the existing `self::assertInputValueSame()` assertion.
Commits
-------
f26758e1c0 [DomCrawler] Add `assertCheckboxChecked()`
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Validator] Add invalid datetime message in Range validator
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
When the validated value is invalid (it isn't a number nor a datetime), but `min` or `max` option indicate that the `Range` constraint is being used to validate a datetime, the displayed message will be `This value should be a valid datetime` instead of `This value should be a valid number`. This PR replaces #35998.
Commits
-------
c77730699e [Validator] Add invalid datetime message in Range validator
This PR was merged into the 5.2-dev branch.
Discussion
----------
[HttpKernel] Auto-register kernel as an extension
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Symfony already supports having the kernel as an extension. This is evident by the fact that the [`config:dump-reference` and `debug:config`](https://github.com/symfony/symfony/pull/36186) commands check whether the kernel implements the `ExtensionInterface`. Nonetheless, it's still required to register the kernel manually as an extension.
With this PR the kernel will be automatically registered as an extension if it implements the `ExtensionInterface`. This is the same logic as when the kernel implements the `CompilerPassInterface`.
Commits
-------
9c34980869 Auto-register kernel as an extension
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Mailer] Added Sendinblue bridge
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | [https://github.com/symfony/symfony-docs/pull/14272](https://github.com/symfony/symfony-docs/pull/14272)
| Recipe | [https://github.com/symfony/recipes/pull/822](https://github.com/symfony/recipes/pull/822)
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
N.B. I had a little help from [Pierre TONDEREAU](https://github.com/ptondereau) for the API.
Commits
-------
836a20350b [Mailer] Added Sendinblue bridge
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Form] Added "html5" option to both MoneyType and PercentType
| Q | A
| ------------- | ---
| Branch? | master for features
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TBD
Hello,
In the same way that [NumberType](https://symfony.com/doc/current/reference/forms/types/number.html) offers a `html5` option to render a `number` input instead of a `text` input, this PR adds the same option to both `MoneyType` and `PercentType`. Number inputs offer a better UI, especially on mobile (specific keyboard), and they accept extra HTML attributes, such as `max=100`, which are quite useful.
The challenge is that `number` inputs need a "raw" value, nor formatted nor localized.
Format is described here https://www.w3.org/TR/html51/sec-forms.html#date-time-and-number-formats (non-normative, but tested on a few browsers). It matches number formatting for `en` locale (which is great, since it is the one provided by Symfony Intl polyflil), without grouping.
Implementation was done in a manner similar to `NumberType` for `MoneyType`.
`PercentType` required to modify `PercentToLocalizedStringTransformer` too.
As a bonus, `PercentType` had no tests at all, I added a few.
I wanted to get some feedback on the idea first, remaining steps:
- update `CHANGELOG.md`
- update the doc
Commits
-------
f7312a48ea [Form] Added "html5" option to both MoneyType and PercentType
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[HttpClient] Allow bearer token with colon
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
The JetBrains Hub (YouTrack API) creates tokens with a `perm:` prefix. This doesn't work right now, because HttpClient doesn't allow a colon in the bearer token.
As far as I can see, there is no reason to disallow the use of the semicolon in the bearer token, so this PR fixes it.
Example of a token: `perm:c3RlcGhhbg==.NTUtMw==.NiZw16agafhsQAShTvclhb78hyJh2H`
Commits
-------
82ed1ec20a [HttpClient] Allow bearer token with colon
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] Fix custom formats deprecation with HTML5 widgets
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/37698
| License | MIT
| Doc PR | -
1. The options resolver only show the deprecations for user defined (overidden) options.
2. The default value of the `html5` option is enough to pass the logical condition of the callback.
That means that only setting the `format` option (like in the reproducer) does not trigger the deprecation while it should. I think we need a feature in the options resolver component to handle those kind of cases 🤷♂️
Meanwhile, we can fix the issue by "deprecating" all the concerned options of the logical condition of the callback.
Commits
-------
d28182f99b [Form] Fix custom formats deprecation with HTML5 widgets
This PR was merged into the 5.2-dev branch.
Discussion
----------
Always require SQL comment hint
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The `GuidType` does not always return true, because it is mapped to the native uuid type if available. But `AbstractBinaryUidType` and `AbstractUidType` are not mapped like that, so they always requires the comment hint to avoid issues when diffing the schema (the DB introspection would detect a `GuidType` and so a change would be needed).
Commits
-------
33e78b43a4 Always require SQL comment hint
This PR was merged into the 4.4 branch.
Discussion
----------
[Contracts][Translation] Optional Intl dependency
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
same as #38283, and should help streamlining #38230
Commits
-------
d65d39da14 [Contracts][Translation] Optional Intl dependency
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Translator] Optional Intl dependency
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38279
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
i decided to cast $locale at construct, given its property is documented to be string
Commits
-------
a2eb263457 [Translator] Optional Intl dependency
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Escape JSON encoded log context
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | eno <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Fixes https://github.com/symfony/symfony/issues/35569#issuecomment-581317792
Fixes https://github.com/symfony/symfony/issues/35569#issuecomment-696767559
The initial issue remains though (the webprofiler showing the logs tab in the exception panel), i'll try to give it another look sometime, but this is a quick win nevertheless.
cc @yceruto
Commits
-------
5572a68ed7 [ErrorHandler] Escape JSON encoded log context
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Config] Adding the "info" to a missing option error messages
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | None
| License | MIT
| Doc PR | Not needed
New error:
<img width="1063" alt="Screen Shot 2020-09-13 at 10 51 32 AM" src="https://user-images.githubusercontent.com/121003/93021186-6329ff00-f5af-11ea-83c6-98581b12ef75.png">
I used the missing `class` just as an example. I hit this while building a new feature in Symfony. It occurred to me that if, for example, you activate some feature in config and that feature has a required sub-key, why not print the `info()` for that sub key to make it discoverable?
Commits
-------
3780f122c7 adding the description to a missing option
This PR was merged into the 5.2-dev branch.
Discussion
----------
Return AbstractUid as string
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Should return AbstractUidType as string.
Commits
-------
1a9d76a869 Return AbstractUid as string
This PR was merged into the 5.2-dev branch.
Discussion
----------
replace expectExceptionMessageRegExp() with expectExceptionMessageMat…
…ches()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
593a94c932 replace expectExceptionMessageRegExp() with expectExceptionMessageMatches()
* 5.1: (25 commits)
stop using the deprecated at() PHPUnit matcher
fix lowest allowed version of the HTTP client contracts
fix lowest allowed version for the PHPUnit bridge
fix merge
fix merge
drop logger mock in favor of using the BufferingLogger
catch ValueError thrown on PHP 8
[Yaml Parser] Fix edge cases when parsing multiple documents
fix parsing comments not prefixed by a space
[Translator] Make sure a null locale is handled properly
deal with errors being thrown on PHP 8
loadRoutes shoud receive RoutingPhpFileLoader
[Cache] Allow cache tags to be objects implementing __toString()
[HttpKernel] Do not override max_redirects option in HttpClientKernel
Log notice when no entry point is configured
remove superfluous cast
[HttpClient] Support for CURLOPT_LOCALPORT.
Upgrade PHPUnit to 8.5 (php 7.2) and 9.3 (php >= 7.3).
Fixed exception message formatting
[FrameworkBundle] Fix error in xsd which prevent to register more than one metadata
...
This PR was merged into the 5.1 branch.
Discussion
----------
[Validator] stop using the deprecated at() PHPUnit matcher
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
0d0f92b7c6 stop using the deprecated at() PHPUnit matcher
This PR was merged into the 5.1 branch.
Discussion
----------
[HttpClient] fix lowest allowed version of the HTTP client contracts
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
fixes `deps=low` builds for the HttpClient component by making sure that the installed version of the HTTP client contracts package contains the changes from #37831
Commits
-------
edca581889 fix lowest allowed version of the HTTP client contracts
* 4.4:
fix merge
drop logger mock in favor of using the BufferingLogger
catch ValueError thrown on PHP 8
[Yaml Parser] Fix edge cases when parsing multiple documents
fix parsing comments not prefixed by a space
[Translator] Make sure a null locale is handled properly
deal with errors being thrown on PHP 8
[Cache] Allow cache tags to be objects implementing __toString()
[HttpKernel] Do not override max_redirects option in HttpClientKernel
remove superfluous cast
[HttpClient] Support for CURLOPT_LOCALPORT.
Upgrade PHPUnit to 8.5 (php 7.2) and 9.3 (php >= 7.3).
Fixed exception message formatting
[FrameworkBundle] Fix error in xsd which prevent to register more than one metadata
[Console] work around disabled putenv()
[PhpUnitBridge] Fix error with ReflectionClass
[HttpClient][HttpClientTrait] don't calculate alternatives if option is auth_ntlm
Change 'cache_key' to AbstractRendererEngine::CACHE_KEY_VAR
Upgrade PHPUnit to 8.5 (php 7.2) and 9.3 (php >= 7.3).
* 3.4:
drop logger mock in favor of using the BufferingLogger
[Yaml Parser] Fix edge cases when parsing multiple documents
fix parsing comments not prefixed by a space
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] catch ValueError thrown on PHP 8
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
see php/php-src@95f4ee38bb
Commits
-------
fb0d7beaaf catch ValueError thrown on PHP 8
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml Parser] Fix edge cases when parsing multiple documents
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I identified some edge cases when parsing multiple YAML documents with the same parser instance, because the totalNumberOfLines was not reset and so any subsequent parsing considered the number of lines of the first document.
Consider this document:
```yaml
a:
b: |
row
row2
c: d
```
Normally, `a.b` would be parsed as `row\nrow2\n`. But if the parser parsed a shorter document before, the `\n` after row2 was missing, as the parser considered it as the end of the file (that's why the `c: d` at the end is important).
So this fix resets the `totalNumberOfLines` in the YAML parser to `null` so that any subsequent parsing will initialize the value for the new document and does not use the file length of the first parsed document.
I stumbled upon this because of a flickering unit test that was using the translation component. Sometimes the translated string contained a trailing `\n` and sometimes not. In the end it was based on this bug, as the translation files were not loaded in the same order every time (not really sure why. It's somehow related to the cache state, but even with a warm cache it was not totally deterministic).
Commits
-------
012ee4fa59 [Yaml Parser] Fix edge cases when parsing multiple documents
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] fix parsing comments not prefixed by a space
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38223
| License | MIT
| Doc PR |
Commits
-------
35b223aaa4 fix parsing comments not prefixed by a space
This PR was merged into the 5.2-dev branch.
Discussion
----------
[MonologBridge] Use composition instead of inheritance in monolog bridge
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
In order to allow better customization in monolog activation strategy, this PR introduce composition instead of inheritance for these 2 classes :
- HttpCodeActivationStrategy
- NotFoundActivationStrategy
Commits
-------
0fb14394ca Use composition instead of inheritance in HttpCodeActivationStrategy
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Translator] Make sure a null locale is handled properly
| Q | A
| ------------- | ---
| Branch? | 4.4<!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#38124 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
080ea5a0f7 [Translator] Make sure a null locale is handled properly
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Cache] Allow cache tags to be objects implementing __toString()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | maybe
| New feature? | maybe
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
`\Symfony\Contracts\Cache\CacheInterface::get(string $key, …)` implicitly converts objects with `__toString` while `CacheItem::tag()` will throw an exception. That’s a bit of a sharp edge.
Commits
-------
c2c03e050f [Cache] Allow cache tags to be objects implementing __toString()
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Do not override max_redirects option in HttpClientKernel
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38207
| License | MIT
| Doc PR | -
As [proposed](https://github.com/symfony/symfony/issues/38207#issuecomment-693382336) by @nicolas-grekas this pull request removes the `max_redirects` setting in the `\Symfony\Component\HttpKernel\HttpClientKernel::handle` method.
It solves the issue that requests made by the `\Symfony\Component\HttpClient\CachingHttpClient` wouldn't follow redirects as described in the linked issue.
Commits
-------
981a11beed [HttpKernel] Do not override max_redirects option in HttpClientKernel
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[HttpClient] Added RetryHttpClient
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | TODO
This PR adds a new HttpClient decorator to automatically retry failed requests.
When calling API, A very small % of requests are expected to timeout due to transient network issues. Some providers like AWS recommends retrying these requests and use a lower connection timeout so that the clients can fail fast and retry.
I used the almost the same configuration as Messenger
```yaml
framework:
http_client:
default_options:
retry_failed:
enabled: true // default false
decider_service: null
backoff_service: null
http_codes: [423, 425, 429, 500, 502, 503, 504, 507, 510]
max_retries: 3
delay: 1000
multiplier: 2
max_delay: 0
response_header: true
scoped_clients:
github:
scope: 'https://api\.github\.com'
retry_failed:
max_delay: 2000
```
Commits
-------
712ac5999d [HttpClient] Added RetryHttpClient
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Support for CURLOPT_LOCALPORT
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/38081#issuecomment-688166943
| License | MIT
| Doc PR | N/A
Commits
-------
45fa6b8f24 [HttpClient] Support for CURLOPT_LOCALPORT.
This PR was merged into the 4.4 branch.
Discussion
----------
Upgrade PHPUnit to 8.5 (php 7.2) and 9.3 (php >= 7.3)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #37564
| License | MIT
| Doc PR | N/A
This is #38103 on the 4.4 branch.
Commits
-------
73647e5ffe Upgrade PHPUnit to 8.5 (php 7.2) and 9.3 (php >= 7.3).
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Amqp] Add amqps support
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#37002
| License | MIT
| Doc PR | symfony/symfony-docs#... TODO <!-- required for new features -->
### Cases
_Case 1 (simple):_
I want to set up my app with a locally installed amqp broker supporting SSL. No auth is needed, no vhost, only SSL certificate file located at /etc/ssl/cafile.
'amqps://'
_Case 2 (complex):_
I use a special port, special file locations for SSL. I pass it through php.ini or configuration.
### Questions
1) Actually AmqpTransportFactory use `supports` function to see if 'amqp://' is contained in dsn string and accept cacert argument to use SSL
How are we supposed to cover AMQPS's case in your opinion?
cacert argument is settable through php.ini and code.
### Observations
I think this PR should aim at:
- Having correct defaults ssl values in case of 'amqps://' eg : case 1
- Being able to pass cacert file path and verify argument. eg : case 2
- Test: but test what?
#### EDIT
As discuted with @nicolas-grekas, we should check that cacert is existing in php.ini or is passed in configuration and throw an exception to give a nice feedback about what's wrong. Php amqp lib isn't actually precise about why it fails when you forget it.
### Steps
- [x] Ensure AMQPS can be used out of the box without DSN.
- [x] If not, try to modify vendor directly to fix it.
- [x] Modify vendor to make AMQPS works with DSN.
- [x] Check cacert to throw a better exception.
- [x] Add test related to last point.
- [ ] Pass CI
Commits
-------
99fc3f3b89 [Amqp] Add amqps support
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[RFC] Introduce a RateLimiter component
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Refs #37444
| License | MIT
| Doc PR | tbd
Based on the discussions in #37444, I decided to write a general purpose RateLimiter component. This implementation uses the token bucket algorithm, inspired by the [Go's time/rate](3af7569d3a/rate/rate.go) library and the [PHP `bandwidth-throttle/token-bucket` package](https://github.com/bandwidth-throttle/token-bucket) (which is [unmaintained for years](https://github.com/bandwidth-throttle/token-bucket/issues/19)).
### Usage
The component has two main methods:
* `Limiter::reserve(int $tokens, int $maxTime)`, allocates `$tokens` and returns a `Reservation` containing the wait time. Use this method if your process wants to wait before consuming the token.
* `Limiter::consume(int $tokens)`, checks if `$tokens` are available now and discards the reservation if that's not the case. Use this method if you want to skip when there are not enough tokens at this moment.
The component uses the Lock component to make sure it can be used in parallel processes.
Example:
```php
<?php
namespace App\EventListener;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\RateLimiter\LimiterFactory;
class LimitListener
{
private $limiterFactory;
public function __construct(LimiterFactory $apiLimiterFactory)
{
$this->limiterFactory = $apiLimiterFactory;
}
public function __invoke(RequestEvent $event)
{
$ip = $event->getRequest()->getClientIp();
$limiter = $this->limiterFactory->createLimiter(preg_replace('/[^a-zA-Z0-9]/', '-', $ip));
if (!$limiter->consume()) {
$event->setResponse(new Response('Too many requests', 429));
}
}
}
```
### Usefullness of the component
I think a generic rate limiter is usefull in quite some places:
* Add a login throttling feature in Symfony
* <s>Rate limiting outgoing API calls (e.g. HttpClient), to prevent hitting upstream API limits.</s> See #37471 (and https://blog.heroku.com/rate-throttle-api-client )
* Allowing users to easily implement API rate limits in their own Symfony-based APIs.
### State of the art
There are some rate limiting packages in PHP, but I think there is no precendent for this component:
* [`graham-campbell/throttle`](https://github.com/GrahamCampbell/Laravel-Throttle) is heavily relying on Laravel. It is however very popular, proofing there is a need for such feature
* [`nikolaposa/rate-limit`](https://github.com/nikolaposa/rate-limit) does not implement reservation of tokens and as such less feature complete. Also its architecture combines the rate limiter and storage, making it harder to implement different storages.
### Todo
If it is agreed that this component can bring something to Symfony, it needs some more love:
* [x] Add more tests
* [x] Integrate with the FrameworkBundle
* [x] Add sliding window implementation
* [x] Add integration with the Security component
* <s>Maybe add more storage implementations? I didn't want to duplicate storage functionalities already existing in the Lock and Cache component, thus I for now focused mostly on integrating the Cache adapters. But maybe a special Doctrine adapter makes sense?</s>
Commits
-------
67417a693e [RFC] Introduce a RateLimiter component