* 4.3:
chown and chgrp should also accept int as owner and group
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
fix PHP const mapping keys using the inline notation
Fix that no-cache requires positive validation with the origin, even for fresh responses
* 3.4:
chown and chgrp should also accept int as owner and group
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
fix PHP const mapping keys using the inline notation
Fix that no-cache requires positive validation with the origin, even for fresh responses
* 4.3:
[Debug] fix ClassNotFoundFatalErrorHandler
[Routing] Fix using a custom matcher & generator dumper class
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[HttpClient] Added missing sprintf
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Messenger] Added check if json_encode succeeded
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
[Security\Guard] Fix missing typehints
* 3.4:
[Debug] fix ClassNotFoundFatalErrorHandler
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
* 4.3:
[Mailer] Remove line breaks in email attachment content
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove $testsWithWarnings stack
[Mailer][MailchimpBridge] Fix missing attachments when sending via Mandrill API
[Mailer][MailchimpBridge] Fix incorrect sender address when sender has name
[HttpClient] fix capturing SSL certificates with NativeHttpClient
[TwigBridge][Form] Added missing help messages in form themes
Update year in license files
Update year in license files
[HttpClient] fix typo
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
[Routing] Fix i18n routing when the url contains the locale
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
* 3.4:
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
Update year in license files
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
This PR was merged into the 3.4 branch.
Discussion
----------
Use `::class` constants instead of `__NAMESPACE__` when possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Related to #34987
| License | MIT
| Doc PR | no
Form component has a lot of built-in form types. Some of them were implemented from the very beginning. In most of them there is a such method
```php
/**
* {@inheritdoc}
*/
public function getParent()
{
return __NAMESPACE__.'\TextType';
}
```
This `getParent()` method was refactored in Symfony 2.8. The upgrade instructions are given here https://github.com/symfony/symfony/blob/2.8/UPGRADE-2.8.md#form
I think the `__NAMESPACE__.'\TextType';` expression was used because Symfony 2.8 was using `"php": ">=5.3.9"`, and the constant `::class` was added only in PHP 5.5
Now this line can be refactored into
```php
/**
* {@inheritdoc}
*/
public function getParent()
{
return TextType::class;
}
```
For example new form types, that were added later, already using the `::class` constant.
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Core/Type/ColorType.php#L23https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Core/Type/TelType.php#L23
So, in this pull request I propose to refactor all old form types to use `::class` constant. It will give a benefit during the future refactoring, because IDE or static analysers will find all usages of parent class. Unlike the `__NAMESPACE__.'\TextType';` line, which doesn't show the real link to the class for IDE or static analysers, and it could complicate finding all usages of parent class.
Commits
-------
32bf50abca Use `::class` constants instead of `__NAMESPACE__` when possible
* 4.3:
fix merge
CS
[Serializer] Skip uninitialized (PHP 7.4) properties in PropertyNormalizer and ObjectNormalizer
stop using deprecated Doctrine persistence classes
[Cache] Fix wrong classname in deprecation message
Fix regex lookahead syntax in ApplicationTest
Fixed syntax in comment
[SecurityBundle][FirewallMap] Remove unused property
[Messenger][AMQP] Use delivery_mode=2 by default
[DI] Improve performance of processDefinition
Fix invalid Windows path normalization
[Validator][ConstraintValidator] Safe fail on invalid timezones
[DoctrineBridge] Fixed submitting invalid ids when using queries with limit
[FrameworkBundle] Add info & example to auto_mapping config
fix comparisons with null values at property paths
This PR was merged into the 3.4 branch.
Discussion
----------
CS for AccessDecisionManager
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #34548
| License | MIT
| Doc PR | -
As discussed in #34548 with @nicolas-grekas here's a CS change for the `AccessDecisionManager`
Commits
-------
b3742ec493 CS
* 4.3:
[DotEnv] Remove `usePutEnv` property default value
Set up typo fix
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] fix resolving bindings for named TypedReference
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 4.3.10
updated VERSION for 4.3.9
updated CHANGELOG for 4.3.9
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
Add test on ServerLogHandler
* 3.4:
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
* 4.3:
[Messenger] add tests to FailedMessagesShowCommand
Fix the translation commands when a template contains a syntax error
[Security] Fix clearing remember-me cookie after deauthentication
[Validator] Update Slovenian translations
[Config][ReflectionClassResource] Handle parameters with undefined constant as their default values
fix dumping number-like string parameters
Fix CI
[Console] Fix autocomplete multibyte input support
[Config] don't break on virtual stack frames in ClassExistenceResource
more robust initialization from request
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Http] call auth listeners/guards eagerly when they "support" the request
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34614, Fix#34679
| License | MIT
| Doc PR | -
This fixes the form authenticator linked to #34614.
Since laziness is here to provide compatibility with HTTP caching, it should be disabled when the request cannot be cached.
Tests don't pass yet, but I'm on the path to something here.
The PR now introduces a new `AbstractListener` that splits the handling logic in two:
- `supports(Request): ?bool` is always called eagerly and tells whether the listener matches the request for an earger call or a lazy call
- `authenticate(RequestEvent)` does the rest of the job when `supports()` allows so - lazily or not depending on the return value of `supports()`.
Of course, this remains compatible with non-lazy logics, see `AbstractListener::__invoke()`.
Commits
-------
b20ebe6b90 [Security/Http] call auth listeners/guards eagerly when they "support" the request
* 4.3:
[FWBundle] Remove unused parameter
[Intl] [Workflow] fixes English grammar typos
[Filesystem] [Serializer] fixes English grammar typo
[Messenger] Adding exception to amqp transport in case amqp ext is not installed
[Monolog Bridge] Fixed accessing static property as non static.
Improve Symfony description
Add DateTimeZoneNormalizer into Dependency Injection
[Messenger] Error when specified default bus is not among the configured
[Validator] Add Japanese translation
[Workflow] Apply the same logic of precedence between the apply() and the buildTransitionBlockerList() method
Remove some unused methods parameters
Avoid empty \"If-Modified-Since\" header in validation request
[Security] Fix SwitchUser is broken when the User Provider always returns a valid user
Fix error message according to the new regex
compatibility with DoctrineBundle 2
[Validator] ConstraintValidatorTestCase: add missing return value to mocked validate method calls
* 4.3:
[Console] Constant STDOUT might be undefined.
Allow returning null from NormalizerInterface::normalize
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] make ExceptionEvent able to propagate any throwable
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
An alternative to #34306.
As a reminder, the goal of this series of PRs is to remove the `FatalThrowableError` wrapper that we introduced to seamlessly handle throwables when they were introduced in PHP 7.
From the changelog of `HttpKernel`:
* Deprecated methods `ExceptionEvent::get/setException()`, use `get/setThrowable()` instead
* Deprecated class `ExceptionListener`, use `ErrorListener` instead
And the final target: removed `Symfony\Component\ErrorHandler\Exception\ErrorException` (`FatalThrowableError` is already deprecated.)
Commits
-------
6f67f0e0c0 [HttpKernel] make ExceptionEvent able to propagate any throwable
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Fix defining multiple roles per access_control rule
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12371 needs to be reverted
#33584 deprecated passing multiple attributes to `AccessDecisionManager::decide()`, but this change must not impact `access_control` as you cannot define multiple rules with the same criteria for request matching (the first match wins).
Commits
-------
338b3dfd9f [Security] Fix defining multiple roles per access_control rule
* 4.3:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 3.4:
#30432 fix an error message
fix paths to detect code owners
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
Remove unused local variables in tests
Make sure to collect child forms created on *_SET_DATA events
do not render errors for checkboxes twice
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Allow to stick to a specific password hashing algorithm
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33054
| License | MIT
| Doc PR | todo
Allows using `argon2i`, `argon2id` and `bcrypt`.
Commits
-------
6712d1e504 [Security] Allow to set a fixed algorithm
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
* 3.4:
[Intl] Update the ICU data to 65.1
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
* 4.3:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
* 3.4:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] add "anonymous: lazy" mode to firewalls
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#26769 et al.
| License | MIT
| Doc PR | -
Contains #33663 until it is merged.
This PR allows defining a firewall as such:
```yaml
security:
firewalls:
main:
anonymous: lazy
```
This means that the corresponding area should not start the session / load the user unless the application actively gets access to it. On pages that don't fetch the user at all, this means the session is not started, which means the corresponding token neither is. Lazily, when the user is accessed, e.g. via a call to `is_granted()`, the user is loaded, starting the session if needed.
See #27817 for previous explanations on the topic also.
Note that thanks to the logic in #33633, this PR doesn't have the drawback spotted in #27817: here, the profiler works as expected.
Recipe update pending at https://github.com/symfony/recipes/pull/649
Commits
-------
5cd1d7b4cc [Security] add "anonymous: lazy" mode to firewalls
* 4.3:
[Security/Http] fix typo in deprecation message
Various tweaks 3.4
Various tweaks 4.3
[PhpUnit] Fix usleep mock return value
[Lock] use Predis\ClientInterface instead of Predis\Client
Fix version typo in deprecation notice
Make legacy "wrong" RFC2047 encoding apply only to one header
This PR was merged into the 4.3 branch.
Discussion
----------
[Security/Http] fix typo in deprecation message
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
spotted by @stof in #33676
Commits
-------
e70057aed4 [Security/Http] fix typo in deprecation message
This PR was squashed before being merged into the 4.4 branch (closes#33584).
Discussion
----------
[Security] Deprecate isGranted()/decide() on more than one attribute
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | tbd
While I expect it not be used much, it is currently possible to call `isGranted()` on more than one attribute:
```php
if ($this->authorizationChecker->isGranted(['ROLE_USER', 'ROLE_ADMIN'])) {
// ...
}
```
Supporting this includes a couple of problems/questions:
- It is not clear whether this is `OR` or `AND`;
- In fact, this is left over to the voter to decide upon. So it can vary for each voter and writers of new voters need to consider this (otherwise, you get issues like https://github.com/LeaseWeb/LswSecureControllerBundle/issues/4 );
- It promotes to vote over roles instead of actions.
I think we can do better. In the past, we've created all tooling for this to be self-explaining and easier:
```php
// ExpressionLanguage component (also includes other functions, like `is_granted('EDIT')`)
if ($this->authorizationChecker->isGranted("has_role('ROLE_USER') or has_role('ROLE_ADMIN')")) {
// ...
}
// calling it multiple times in PHP (may reduce performance)
if ($this->authorizationChecker->isGranted('ROLE_USER')
|| $this->authorizationChecker->isGranted('ROLE_ADMIN')
) {
// ...
}
// or by using Role Hierarchy, if a user really wants to vote on roles
```
This PR deprecates passing more than one attribute to `isGranted()` and `decide()` to remove this confusing bit in Security usage.
Backwards compatiblity help
---
I need some help in how to approach changing the `VoterInterface::vote(TokenInterface $token, $subject, array $attributes)` method in a backwards compatible way. Removing `array` breaks all Voters, so does changing it to `string` and removed the parameter all together.
Commits
-------
c64b0beffb [Security] Deprecate isGranted()/decide() on more than one attribute
* 4.3:
[Twig] Remove dead code
Add gitignore file for Symfony 4.3
Add gitignore file for Symfony 3.4
[Inflector] Add .gitignore file
[Messenger] Fix exception message of failed message is dropped on retry
Add default value for Accept header
[HttpClient] Add .gitignore file
[Finder] Adjust regex to correctly match comments in gitignore contents
[Security] Removed unused argument in Test
[Console] Get dimensions from stty on windows if possible
[Inflector] add support 'see' to 'ee' for singularize 'fees' to 'fee'
* 3.4:
[Twig] Remove dead code
Add gitignore file for Symfony 3.4
[Inflector] Add .gitignore file
[Security] Removed unused argument in Test
[Console] Get dimensions from stty on windows if possible
[Inflector] add support 'see' to 'ee' for singularize 'fees' to 'fee'
After #32998 there was a minor left over, the `testHandleAuthenticationClearsToken`
`$tokenClass` argument is no longer used and can be safely removed.
This PR was merged into the 4.4 branch.
Discussion
----------
fix tests mocking final events
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR |
Fix tests in 4.4 extracted from #33297
Commits
-------
637461fd51 fix tests mocking final events
* 4.3:
Fix more bad tests
Fix test fixtures with deprecated method signatures.
Fix 4.3 tests forward compat
[Messenger] fix empty amqp body returned as false
Fix routing cache broken when using generator_class
This PR was merged into the 4.4 branch.
Discussion
----------
Mark all dispatched event classes as final
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets |
| License | MIT
| Doc PR |
I think we should mark all our Event classes as final. There is no point in people extending them as the libraries that use the event, will only dispatch this event. So extending events in user-land achieves nothing as the subclasses won't be dispatched.
I'm not talking about the base events that are meant to be extended like KernelEvent, but the leaf events like ExceptionEvent, ResponseEvent etc.
Then we can also make them real final in 5.0 as the events are value objects that should not be mocked.
Commits
-------
4bb38eec89 Mark all dispatched event classes as final
* 4.3:
Do not extend the new SF 4.3 ControllerEvent so we can make it final
Backported return type violation bugfixes.
[FrameworkBundle] Fix BrowserKit assertions to make them compatible with Panther
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Core] UserInterface::getPassword() can return null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Our very own `User` class can return null already.
Commits
-------
00d7f8cde7 [Security/Core] UserInterface::getPassword() can return null
* 4.3:
[Routing] Add a param annotation for $annot.
[DI] fix docblock
[Console] fix docblock
Add missing translations for Armenian locale
[Process] Added missing return type.
[Process] Doc block backport.
Added doc block for Registry::supports().
[Cache] Fix predis test
Don't duplicate addresses in Sendgrid Transport
Remove unnecessary statement
Fix some docblocks.
[Messenger] make delay exchange and queues durable like the normal ones by default
Cancel delayed message if handler fails
Added tests for #32370
* 3.4:
[Routing] Add a param annotation for $annot.
[DI] fix docblock
Add missing translations for Armenian locale
[Process] Doc block backport.
Fix some docblocks.
* 4.3:
cs fix
Fix return statements
[TwigBridge] add missing dep
Add false type to ChoiceListFactoryInterface::createView $label argument
Update UPGRADE guide of 4.3 for EventDispatcher
[SecurityBundle] display the correct class name on the deprecated notice
* 4.3:
cleanups
Disable PHPUnit result cache on the CI
[Security] Cleanup "Digest nonce has expired." translation
[Translation] Highlight invalid translation status
Added translations in validator for Serbian Cyrillic
Added translations in validator for Serbian Latin
[EventDispatcher] wrong Request class
[DependencyInjection] improved exception message
This PR was merged into the 4.4 branch.
Discussion
----------
remove some more useless phpdocs
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Fix some leftovers from #32974 and #32786
Commits
-------
9be4d171e0 remove some more useless phpdocs
* 4.3:
Fix inconsistent return points.
pass translation parameters to the trans filter
[Mime] fixed wrong mimetype
[ProxyManagerBridge] Polyfill for unmaintained version
[HttpClient] Declare `$active` first to prevent weird issue
Remove deprecated assertContains
[HttpClient] fix tests
SCA: dropped unused mocks, duplicate import and a function alias usage
Added correct plural for box -> boxes
[Config] fix test
Fix remaining tests
Improve fa (persian) translation
* 3.4:
[ProxyManagerBridge] Polyfill for unmaintained version
SCA: dropped unused mocks, duplicate import and a function alias usage
[Config] fix test
Improve fa (persian) translation
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Improve fa (persian) translation
| Q | A
| ------------- | ---
| Branch? | >= 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
4afdfd765d Improve fa (persian) translation
* 4.3:
bump phpunit-bridge cache-id
Use assertStringContainsString when needed
Use assert assertContainsEquals when needed
Use assertEqualsWithDelta when required
* 3.4:
bump phpunit-bridge cache-id
Use assertStringContainsString when needed
Use assert assertContainsEquals when needed
Use assertEqualsWithDelta when required
This PR was merged into the 4.4 branch.
Discussion
----------
[Ldap] Add security LdapUser and provider
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Moves `LdapUserProvider` from `Security\Core` to the Ldap component, the provider now deals with a new `LdapUser` aware of its ldap `Entry` (should help in #31843).
Commits
-------
6736cdfec3 [Ldap] Add security LdapUser and provider
This PR was merged into the 4.3 branch.
Discussion
----------
Sync "not implementing the method" deprecations messages
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Suggested in https://github.com/symfony/symfony/pull/32747#discussion_r309307289
Useful for consistency and for future reference for similar messages.
Commits
-------
f6fae1c361 Sync "not implementing the method" deprecations messages
* 4.3:
Fix assertInternalType deprecation in phpunit 9
Ensure signatures for setUp|tearDown|setUpAfterClass|tearDownAfterClass methods in tests are compatible with phpunit 8.2
This PR was merged into the 4.4 branch.
Discussion
----------
add parameter type declarations to private methods
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
1b2aaa4a06 add parameter type declarations to private methods
This PR was squashed before being merged into the 4.4 branch (closes#32831).
Discussion
----------
[Security] Revise UserPasswordEncoderInterface::needsRehash()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
This reuses the encoded password from the user for the `UserPasswordEncoderInterface`, similar we dont pass the encoded string to `isPasswordValid()`.
This differs from the non-user aware `PasswordEncoderInterface`
cc @nicolas-grekas did i miss something?
Commits
-------
c5a283d417 [Security] Revise UserPasswordEncoderInterface::needsRehash()
* 4.3:
Fix travis script
minor fix for wrong case
[HttpFoundation] Fix `getMaxFilesize`
[Cache] fix warning on PHP 7.4
[Console] fix warning on PHP 7.4
Don't add value of (default/static) objects to the signature
fix(yml): fix comment in milti line value
Make sure trace_level is always defined
Fix bindings and tagged_locator
Recompile container when translations directory changes
* 3.4:
Fix travis script
minor fix for wrong case
[HttpFoundation] Fix `getMaxFilesize`
[Cache] fix warning on PHP 7.4
[Console] fix warning on PHP 7.4
Don't add value of (default/static) objects to the signature
fix(yml): fix comment in milti line value
* 4.3:
[Security/Core] align defaults for sodium with PHP 7.4
fix inline handling when dumping tagged values
[HttpClient] fix canceling responses in a streaming loop
[Messenger] Flatten collection of stamps collected by the traceable middleware
[PropertyAccess] Fix PropertyAccessorCollectionTest
[HttpClient] rewind stream when using Psr18Client
Typo in web profiler
[4.3] Remove dead test fixtures
[Routing] Fix CHANGELOG
relax some date parser patterns
Avoid getting right to left style
* 4.3:
[FrameworkBundle] [SecurityBundle] Rename internal WebTestCase to avoid confusion
ignore not existing translator service
[FrameworkBundle] [SecurityBundle] Rename internal WebTestCase to avoid confusion
revert private properties handling
[HttpFoundation] Fix URLs
[VarDumper] finish PHP 7.4 support and add tests
[VarDumper] Use \ReflectionReference for determining if a key is a reference (php >= 7.4)
Ignore missing translation dependency in FrameworkBundle
[Security/Http] Don't mark AbstractAuthenticationListener as internal
Remove dead tests fixtures
Remove more dead tests fixtures
[Mime] Add missing changelog entry for BC-break
[Messenger] fix transport_name option not passing validation
Remove dead tests fixtures
[Debug][ExceptionHandler] Add tests for custom handlers
* 4.2:
[FrameworkBundle] [SecurityBundle] Rename internal WebTestCase to avoid confusion
ignore not existing translator service
[FrameworkBundle] [SecurityBundle] Rename internal WebTestCase to avoid confusion
revert private properties handling
[HttpFoundation] Fix URLs
[VarDumper] finish PHP 7.4 support and add tests
[VarDumper] Use \ReflectionReference for determining if a key is a reference (php >= 7.4)
Ignore missing translation dependency in FrameworkBundle
Remove dead tests fixtures
Remove more dead tests fixtures
Remove dead tests fixtures
[Debug][ExceptionHandler] Add tests for custom handlers
* 4.3: (26 commits)
Fix Twig 1.x compatibility
[Translator] Improve farsi(persian) translations for Form
Improve fa translations
Spell "triggering" properly
Added tests to cover the possibility of having scalars as services.
fixed tests on old PHP versions
[FrameworkBundle] Inform the user when save_path will be ignored
fixed CS
[SecurityBundle] Fix profiler dump for non-invokable security listeners
fixed CS
[Messenger] Doctrine Transport: Support setting auto_setup from DSN
[Translator] Load plurals from po files properly
[Serializer]: AbstractObjectNormalizer ignores the property types of discriminated classes
[EventDispatcher] Add tag kernel.rest on 'debug.event_dispatcher' service
[Console] Update to inherit and add licence
Add missing test for workflow dump description
[Intl] Remove --dev from intl compile autoloader
[Messenger] fix publishing headers set on AmqpStamp
Remove call to deprecated method
[Intl] Init compile tmp volume
...
This PR was merged into the 4.4 branch.
Discussion
----------
[SECURITY] AbstractAuthenticationListener.php error instead info. Rebase of #28462
| Q | A
| ------------- | ---
| Branch? | 4.4
| -- | --
| Bug fix? | yes
| New feature? | no
| BC breaks? | no I think
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ...
| License | MIT
Rebase of #28462. Origin description:
> ```
> [2018-09-13 20:43:38] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException(code: 0): An exception occurred while executing
> ...
> Doctrine\\DBAL\\Driver\\PDOException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 't0.phone' in 'field list' at
> ```
>
> Definitely I think this is NOT info, but error.
> And since it's info, it's not logged in production because of `fingers_crossed` with `action_level: error` - so to actually see the real error behind `Authentication request could not be processed due to a system problem.` I had to debug on production. Very bad practice IMHO.
Commits
-------
867eb78cfe [SECURITY] AbstractAuthenticationListener.php error instead info. Rebase of #28462
* 4.3:
[Mailer] fixed tests on Windows
[PhpUnitBridge] fix tests
[Mailer] fixed error message when connecting to a stream raises an error before connect()
[Mailer] fixed timeout type hint
improve error messages in the event dispatcher
[Security/Core] work around sodium_compat issue
bumped Symfony version to 4.3.3
updated VERSION for 4.3.2
updated CHANGELOG for 4.3.2
bumped Symfony version to 4.2.11
updated VERSION for 4.2.10
updated CHANGELOG for 4.2.10
bumped Symfony version to 3.4.30
updated VERSION for 3.4.29
update CONTRIBUTORS for 3.4.29
updated CHANGELOG for 3.4.29
Fixed type annotation.
* 4.2:
[Security/Core] work around sodium_compat issue
bumped Symfony version to 4.2.11
updated VERSION for 4.2.10
updated CHANGELOG for 4.2.10
bumped Symfony version to 3.4.30
updated VERSION for 3.4.29
update CONTRIBUTORS for 3.4.29
updated CHANGELOG for 3.4.29
* 3.4:
[Security/Core] work around sodium_compat issue
bumped Symfony version to 3.4.30
updated VERSION for 3.4.29
update CONTRIBUTORS for 3.4.29
updated CHANGELOG for 3.4.29
* 4.3: (34 commits)
[PhpunitBridge] Read environment variable from superglobals
[Bridge/PhpUnit] Fix PHP5.5 compat
[PhpUnitBridge] More accurate grouping
fixed CS
Extract unrecoverable exception to interface
[FrameworkBundle] Fix calling Client::getProfile() before sending a request
Fix type error
[Security/Core] require libsodium >= 1.0.14
[Workflow] re-add workflow.definition tag to workflow services
[Security/Core] Don't use ParagonIE_Sodium_Compat
revert #30525 due to performance penalty
collect called listeners information only once
[Lock] fix missing inherit docs in RedisStore
[Messenger] fix retrying handlers using DoctrineTransactionMiddleware
[Mailgun Mailer] fixed issue when using html body
[HttpClient] fix timing measurements with NativeHttpClient
[HttpClient] fix dealing with 1xx informational responses
add test to avoid regressions
fix mirroring directory into parent directory
fix typos
...
* 4.2:
[FrameworkBundle] Fix calling Client::getProfile() before sending a request
Fix type error
[Security/Core] Don't use ParagonIE_Sodium_Compat
collect called listeners information only once
add test to avoid regressions
fix typos
Turkish translation added to Form Component
* 3.4:
[FrameworkBundle] Fix calling Client::getProfile() before sending a request
Fix type error
[Security/Core] Don't use ParagonIE_Sodium_Compat
collect called listeners information only once
add test to avoid regressions
fix typos
Turkish translation added to Form Component
This PR was merged into the 4.4 branch.
Discussion
----------
[Ldap] Add users extraFields in ldap component
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | yes <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #28873, #19329 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | todo when validated, before merge <!-- required for new features -->
As I'm using ldap too in some personal project, It seems that this feature is a really good nice to have IMHO.
Adding the wanted field in the `user_metadata` array transform them as field -> value in the `metadata` field of the user.
Commits
-------
bcfff04797 [Ldap] Add users extra_fields in ldap component
* 4.3:
fix translation domain
tag the FileType service as a form type
don't validate IP addresses from env var placeholders
[Validator] Fix GroupSequenceProvider annotation
[Messenger] fix delay exchange recreation after disconnect
Update ajax security cheat sheet link
Fix AuthenticationException::getToken typehint
* 4.2:
fix translation domain
tag the FileType service as a form type
[Validator] Fix GroupSequenceProvider annotation
Update ajax security cheat sheet link
Fix AuthenticationException::getToken typehint
* 3.4:
fix translation domain
tag the FileType service as a form type
[Validator] Fix GroupSequenceProvider annotation
Update ajax security cheat sheet link
Fix AuthenticationException::getToken typehint
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix AuthenticationException::getToken typehint
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
The token may be not set when throwing AuthenticationException.
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
a9705a0143 Fix AuthenticationException::getToken typehint
* 4.3:
fixed CS
fixed CS
fixed CS
Do not log or call the proxy function when the locale is the same
Added missing required dependencies on psr/cache and psr/container in symfony/cache-contracts and symfony/service-contracts respectively.
[HttpClient] fix closing debug stream prematurely
[Mailer] made code more robust
Restore compatibility with php 5.5
fixed sender/recipients in SMTP Envelope
collect called listeners information only once
[HttpKernel] Remove TestEventDispatcher.
* 4.3:
[Cache] Fixed undefined variable in ArrayTrait
[HttpClient] revert bad logic around JSON_THROW_ON_ERROR
[HttpKernel] Fix handling non-catchable fatal errors
Fix json-encoding when JSON_THROW_ON_ERROR is used
[HttpFoundation] work around PHP 7.3 bug related to json_encode()
[HttpClient] add $response->cancel()
[Security] added support for updated \"distinguished name\" format in x509 authentication
* 4.2:
[HttpKernel] Fix handling non-catchable fatal errors
Fix json-encoding when JSON_THROW_ON_ERROR is used
[HttpFoundation] work around PHP 7.3 bug related to json_encode()
[Security] added support for updated \"distinguished name\" format in x509 authentication
* 3.4:
Fix json-encoding when JSON_THROW_ON_ERROR is used
[HttpFoundation] work around PHP 7.3 bug related to json_encode()
[Security] added support for updated \"distinguished name\" format in x509 authentication
* 4.3:
[Translation] Fixed case sensitivity of lint:xliff command
fix type hint for salt in PasswordEncoderInterface
Simplify code - catch \Throwable capture all exceptions
Collect locale details earlier in the process in TranslationDataCollector
fix typo in PR #31802
update italian validator translation
Add missing translations
[TwigBridge] suggest Translation Component when TranslationExtension is used
* 4.2:
[Translation] Fixed case sensitivity of lint:xliff command
fix type hint for salt in PasswordEncoderInterface
Simplify code - catch \Throwable capture all exceptions
fix typo in PR #31802
update italian validator translation
Add missing translations
* 4.3:
[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords
[Validator] Fix TimezoneValidator default option
[Messenger] Inject RoutableMessageBus instead of bus locator
[DomCrawler] Fix type error with null Form::$currentUri
[Contracts] Fixed typos
do not enable validator auto mapping by default
[HttpClient] remove unused argument