* 4.0:
[Bridge/PhpUnit] Prefer ['argv'] over
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
[SecurityBundle] add note to info text of no-op config option logout_on_user_change
[DI] Register singly-implemented interfaces when doing PSR-4 discovery
Fix for missing whitespace control modifier in form layout
This PR was submitted for the master branch but it was squashed and merged into the 3.3 branch instead (closes#25304).
Discussion
----------
[Bridge/PhpUnit] Prefer $_SERVER['argv'] over $argv
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This makes the script usable even if it is wrapped into another script, which is what some IDEs like PHPStorm do.
Commits
-------
1ff22e6acc [Bridge/PhpUnit] Prefer ['argv'] over
* 3.4:
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
[DI] Register singly-implemented interfaces when doing PSR-4 discovery
Fix for missing whitespace control modifier in form layout
This PR was merged into the 4.0 branch.
Discussion
----------
[SecurityBundle] add note to info text of no-op config logout_on_user_change
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While discussing the "deprecation path" of the `logout_on_user_change` security option with @chalasr I got a bit confused.
- on 3.4 we added the option (default=false) and triggered a deprecation in case it's false
- on 4.0 the default became true **and the option is no-op** (does not change anything if its set to false)
- on 4.1 the option is additionally also deprecated
So maybe we should change the info text of the config node to mention that its effectively no-op since 4.0. WDYT?
Commits
-------
dec77f1 [SecurityBundle] add note to info text of no-op config option logout_on_user_change
This PR was squashed before being merged into the 3.4 branch (closes#25272).
Discussion
----------
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25267
| License | MIT
| Doc PR | -
As pointed out in https://github.com/symfony/symfony/issues/25267 the `setLogoutOnUserChange` method calls were added to the parent definition `security.context_listener` instead of the concrete child definitions `security.context_listener.*`.
ping @iltar @chalasr
Commits
-------
4eff146 [SecurityBundle] fix setLogoutOnUserChange calls for context listeners
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Register singly-implemented interfaces when doing PSR-4 discovery
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I'm feeling bad for not having this idea before 3.4.0 went out, therefore submitting on 3.4, despite this being a new feature, technically. On a DX pov still, this is a bugfix :) I'll let you accept the argument or not...
So, when doing PSR-4-based service registration, we keep only classes as services.
This systematically leads to the question: "But what about interfaces, shouldn't we type-hint against abstractions and not classes?!"
And the answer has invariably been: "Well, just create an alias!"
Which means doing configuration manually.
I fear that if we leave things as is, we're going to grow a "generation" of devs that will hijack autowiring and abuse hinting for classes instead of interfaces.
BUT, here is the idea implemented by this PR: let's create an alias for every singly-implemented interface we discover while looking for classes!
Plain local, simple, and obvious, isn't it?
Votes pending :)
Commits
-------
fcd4aa7807 [DI] Register singly-implemented interfaces when doing PSR-4 discovery
* 4.0:
[Security] Adding a GuardAuthenticatorHandler alias
fixed tests
moved method to function
marked method as being internal
Disallow viewing dot-files in Profiler
* 3.4:
[Security] Adding a GuardAuthenticatorHandler alias
fixed tests
moved method to function
marked method as being internal
Disallow viewing dot-files in Profiler
This PR was submitted for the master branch but it was squashed and merged into the 3.4 branch instead (closes#25274).
Discussion
----------
[Security] Adding a GuardAuthenticatorHandler alias
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | kinda
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | This feature is not currently documented
The `security.authentication.guard_handler` service *is* actually meant to be available for users to use. Specifically, the `authenticateUserAndHandleSuccess()` method is useful to auto-login the user after, for example, registration, but maintain all the behavior of a normal login (success behavior, trigger the login event).
So, it should have an autowiring alias.
Commits
-------
844c402171 [Security] Adding a GuardAuthenticatorHandler alias
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25193
| License | MIT
| Doc PR | none
You can see in the [reproducer](e6509ffcb4) when running `bin/console debug:container` that there an error in the ouput (like in the issue) when using a class with `\` in the service name.
This PR fix this wrong output. (even if that feels more developer thingy when there are xml everywhere ;)
Commits
-------
890edf7c38 [FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
* 4.0:
[DI] Fix missing unset leading to false-positive circular ref
[DI] Fix deep-inlining of non-shared refs
parse newlines in quoted multiline strings
Fix collision between view properties and form fields
Fix collision between view properties and form fields
[SecurityBundle] Fix compat with HttpFoundation >=3.4
[DI] turn $private to protected in dumped container, to make cache:clear BC
Fix collision between view properties and form fields