This PR was squashed before being merged into the 3.4 branch (closes#23624).
Discussion
----------
[FrameworkBundle] Commands as a service
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Next step towards #23488
It's a work in progress if we want to do all commands at once (im fine :)). But i think we should review `assets:install` first.
Also im assuming framework commands can rely on `getApplication()->getKernel()` from the framework application (we already do that in some commands). That saves a dep on `@kernel`.
And filesystem as a service; perhaps drop that as well :)
Commits
-------
de1dc0b [FrameworkBundle] Commands as a service
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] make it possible to configure a custom access decision manager service
| Q | A |
| --- | --- |
| Branch? | 3.4 |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #942, #14049, #15295, #16828, #16843, |
| License | MIT |
| Doc PR | TODO |
These changes will make it possible to let users define their own voting strategies without the need for custom compiler passes that replace the built-in `AccessDecisionManager` (see linked issues in the PR table for some use cases).
Commits
-------
e0913a2 add option to define the access decision manager
* 3.3: (33 commits)
Preserve HttpOnly value when deserializing a header
[DX] [TwigBundle] Enhance the new exception page design
Fix deprecated message
[DI][Security] Prevent unwanted deprecation notices when using Expression Languages
bumped Symfony version to 3.3.5
updated VERSION for 3.3.4
updated CHANGELOG for 3.3.4
[VarDumper] Reduce size of serialized Data objects
bumped Symfony version to 3.2.12
updated VERSION for 3.2.11
updated CHANGELOG for 3.2.11
fixed bad merge
Fix indent of methods
[Cache] Handle APCu failures gracefully
[DoctrineBridge] Use normalizedIds for resetting entity manager services
[FrameworkBundle] Do not remove files from assets dir
[FrameworkBundle] 3.3: Don't get() private services from debug:router
bumped Symfony version to 3.3.4
updated VERSION for 3.3.3
updated CHANGELOG for 3.3.3
...
* 3.3:
fixed tests
swiftmailer bridge is gone
respect the API in FirewallContext map
[TwigBundle] add back exception check
Dont call count on non countable object
Fix undefined variable $filesystem
* 3.3: (64 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
Fix Predis client cluster with pipeline
[Dotenv] Test load() with multiple paths
[Console] Fix catching exception type in QuestionHelper
Improved the exception page when there is no message
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Validator] replace hardcoded service id
[Routing] Fix XmlFileLoader exception message
[DI] Dedup tags when using instanceof/autoconfigure
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
fixed CS
[WebProfilerBundle] Fix the icon for the Cache panel
[WebServerBundle] Fix router script path and check existence
...
* 3.2: (42 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
fixed bad merge
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
...
* 2.8: (40 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
[Filesystem] added workaround in Filesystem::rename for PHP bug
...
This PR was squashed before being merged into the 3.4 branch (closes#22629).
Discussion
----------
[Security] Trigger a deprecation when a voter is missing the VoterInterface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Right now it's possible to add voters to the access decision manager that do not have a `VoterInterface`.
- No Interface, no `vote()` method, and it will give a PHP error.
- No Interface, but `vote()` method, it will still work.
- If I don't implement the interface _and_ have no `vote()` method, I will get weird exception that's not meaningful: `Attempted to call an undefined method named "vote" of class "App\Voter\MyVoter".`
This PR will deprecate the ability to use voters without the interface, it will also throw a proper exception when missing the interface _and_ the `vote()` method. Why when using and not when setting? Due to the fact that the voters can be set lazily via the `IteratorArgument`. The SecurityBundle will trigger a deprecation if the interface is not implemented and an exception if there's not even a `vote()` method present (to prevent exceptions at run-time).
This should have full backwards compatibility with 3.3, but give more meaningful errors. The only behavioral difference, might be that the container will throw an exception instead of maybe succeeding in voting when 1 voter would be broken at the end of the list (based on strategy). This case however, will be detected during development and deployment, rather than run-time.
Commits
-------
9c253e1ff6 [Security] Trigger a deprecation when a voter is missing the VoterInterface
* 3.2:
[SecurityBundle] Move cache of the firewall context into the request parameters
Fix Usage with anonymous classes
[Workflow] Added more keywords in the composer.json
[Cache] APCu isSupported() should return true when apc.enable_cli=Off
[PropertyAccess] Do not silence TypeErrors from client code.
* 2.7:
bumped Symfony version to 2.7.30
Cache ipCheck
updated VERSION for 2.7.29
update CONTRIBUTORS for 2.7.29
updated CHANGELOG for 2.7.29
show unique inherited roles
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security] add Request type json check in json_login
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no, unreleased feature
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
follow up to https://github.com/symfony/symfony/pull/22425 to limit the `UsernamePasswordJsonAuthenticationListener` to only requests with appropriate JSON content type.
I am not entirely happy with this implementation but mostly because Symfony out of the box only provides very limited content type negotiation. I guess anyone that wants to tweak the content negotiation will simply need to ensure the Request::$format is set accordingly before the code is triggered.
Commits
-------
045a36b303 add Request type json check in json_login
This PR was merged into the 3.3-dev branch.
Discussion
----------
[SecurityBundle] Enhance FirewallContext::getListeners()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/20417#discussion_r91704023, https://github.com/symfony/symfony/pull/20417#discussion_r91704145
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
I think @stof is right.. and the fact we can do this on master currently without the hassle.
cc @chalasr
Commits
-------
ba650783f5 [SecurityBundle] Enhance FirewallContext::getListeners()
* 3.2:
[Yaml] CS
[DI] Fix PhpDumper generated doc block
#20411 fix Yaml parsing for very long quoted strings
[Workflow] add Phpdoc for better IDE support
fix package name in conflict rule
improve message when workflows are missing
[Doctrine Bridge] fix priority for doctrine event listeners
Use PHP functions as array_map callbacks when possible
[Validator] revert wrong Phpdoc change
Use proper line endings
* 2.8:
[DI] Fix PhpDumper generated doc block
#20411 fix Yaml parsing for very long quoted strings
[Doctrine Bridge] fix priority for doctrine event listeners
Use PHP functions as array_map callbacks when possible
[Validator] revert wrong Phpdoc change
Use proper line endings
* 2.7:
#20411 fix Yaml parsing for very long quoted strings
[Doctrine Bridge] fix priority for doctrine event listeners
Use PHP functions as array_map callbacks when possible
[Validator] revert wrong Phpdoc change
Use proper line endings