This PR was merged into the 3.4 branch.
Discussion
----------
[Security][Firewall] Passing the newly generated security token to the event during user switching
Event allows listeners to easily switch out the token if custom token updates are required
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Updated SwitchUserEvent to include the generated security Token. Allows the listeners to replace the token with their own (in case an application has some custom logic for token generation). The SwitchUserListener will now use the token returned by the event, so if token was not changed the self generated token will be used. If token was changed in the event then the new token would get used.
Reasons for this feature
--------------------------
In our current project users can have different Role sets depending on which organization they switch to. Our `User->getRoles()` always returns ["ROLE_USER"] and after login user is presented with choice of organizations they want to work in. Based on selected organization roles get updated with then stored token.
Without the change proposed in this PR. The only way we can setup the proper roles during user switch is by replacing `security.authentication.switchuser_listener` service with our own implementation of the listener.
With the proposed change, we can replace the security token with the one having all the roles we require directly inside our listener for `security.switch_user` event that gets thrown by Symfony's `SwitchUserListener`
Commits
-------
4205f1b Passing the newly generated security token to the event during user switching.
This PR was squashed before being merged into the 3.4 branch (closes#23485).
Discussion
----------
[Config] extracted the xml parsing from XmlUtils::loadFile into XmlUtils::parse
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I needed the xml parsing for an XML string generated in memory, so I extracted the actual parsing from XmlUtils::loadFile into XmlUtils::load.
Re-opened after I messed some things up in #23482
Commits
-------
7473981c14 [Config] extracted the xml parsing from XmlUtils::loadFile into XmlUtils::parse
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Add ability to configure catching exceptions for Client
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | todo
Debugging exceptions in functional tests is difficult as you need to look at the logs to see which exception was thrown. Disabling catching of exceptions in the client would allow the exception to bubble up to phpunit and make it easier to see what exception was thrown.
Commits
-------
4812e60 add ability to configure catching exceptions
This PR was squashed before being merged into the 3.4 branch (closes#22589).
Discussion
----------
Extract method refactoring for ResourceCheckerConfigCache
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Improves code readability.
Commits
-------
685c353 Extract method refactoring for ResourceCheckerConfigCache
This PR was squashed before being merged into the 3.4 branch (closes#24239).
Discussion
----------
[HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR removes functionality added in Symfony 2.1 as a compatibility layer with sessions from PHP <5.4.
- [x] Fix tests
Commits
-------
3deb3940ab [HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
This PR was squashed before being merged into the 3.4 branch (closes#23882).
Discussion
----------
[Security] Deprecated not being logged out after user change
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #17023
| License | MIT
| Doc PR | ~
This PR is an alternative approach to #19033. Due to a behavioral change that could break a lot of applications and websites, I've decided to trigger a deprecation instead of actually changing the behavior as that can be done for 4.0.
Whenever a user object is considered changed (`AbstractToken::hasUserChanged`) when setting a new user object after refreshing, it will now throw a deprecation, paving the way for a behavioral change in 4.0. The idea is that in 4.0 Symfony will simply trigger a logout when this case is encountered.
Commits
-------
22f525b [Security] Deprecated not being logged out after user change
This PR was submitted for the 3.3 branch but it was merged into the 3.4 branch instead (closes#24200).
Discussion
----------
Added an alias for FlashBagInterface in config
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
b6b6d31 Added an alias for FlashBagInterface in config
This PR was merged into the 3.3 branch.
Discussion
----------
[PropertyAccess] Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Same check as in https://github.com/symfony/symfony/pull/23390/files#diff-a5185cd58702e8e073786794a423cb27R112
Commits
-------
4a01cd8 Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
This PR was merged into the 2.7 branch.
Discussion
----------
Use correct verb form in the pull request template
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When "forget" is used with a gerund, it refers to an action that has already happened.
Commits
-------
484e3fd3f2 Use correct verb form in the pull request template
This PR was merged into the 2.7 branch.
Discussion
----------
Removed unused private property in the ContextListener
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23882#discussion_r141007315
| License | MIT
| Doc PR | ~
The context property is unused, the local variable (constructor argument) is only concatenated to a string inside (session key).
Commits
-------
6522c05 Removed unused private property
This PR was merged into the 2.7 branch.
Discussion
----------
Added null as explicit return type (?TokenInterface)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23882#discussion_r140704737
| License | MIT
| Doc PR | ~
This fixes the returntype in the `ContextListener` so it can be merged upwards.
/cc @chalasr
Commits
-------
1ba4dd9 Added null as explicit return type (?TokenInterface)
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix tracking of bound arguments when using autoconfiguration
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
An exception is currently thrown when using arguments bindings on an autoconfigured controller action.
This fixes the issue.
Commits
-------
091f943 [DI] Fix tracking of bound arguments when using autoconfiguration
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#24317).
Discussion
----------
Use PHP_MAXPATHLEN in Filesystem.php
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Relative to the use of fixed values, I think the use of PHP_MAXPATHLEN will be more robust.
Commits
-------
7a47559 Use PHP_MAXPATHLEN in Filesystem.
This PR was merged into the 3.4 branch.
Discussion
----------
[DI][DX] Throw exception on some ContainerBuilder methods used from extensions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no (unlikely, that would mean there already was an issue in userland code)
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24282 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Commits
-------
88549fff5b [DI][DX] Throw exception on some ContainerBuilder methods used from extensions
This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection][Routing][Serializer][Translations][Validator] use the parseFile() method of the YAML parser
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24253#issuecomment-331917180
| License | MIT
| Doc PR |
Commits
-------
8bf465f48d use the parseFile() method of the YAML parser
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] support parsing files
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24191#issuecomment-329975423
| License | MIT
| Doc PR | TODO
This PR adds a new flag `PARSE_FILE` which can be passed to the YAML parser. When given, the input will be interpreted as a filename whose contents will then be parsed. We already supported passing filenames in the past. Back then the features was not deterministic as it just relied on the string being an existing file or not. Now that we are able to control the behaviour of the parser by passing flags this can be done in a much cleaner way and allows to properly deal with errors (i.e. non existent or unreadable files).
This change will also allow to improve error/deprecation messages to include the filename being parsed and thus showing more descriptive error messages when people are using the YAML parser with a bunch of files (e.g. as part of the DependencyInjection or Routing component).
Commits
-------
9becb8a [Yaml] support parsing files
This PR was squashed before being merged into the 3.4 branch (closes#24290).
Discussion
----------
Adding Definition::addError() and a compiler pass to throw errors as exceptions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes & no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes (very minor)
| Tests pass? | yes
| Fixed tickets | #23606
| License | MIT
| Doc PR | Not needed
Hi guys!
Very simple: when there is an error with a Definition, we can now call `Definition::addError()` instead of throwing an exception. Then, a new compiler pass (after removal) actually throws an exception. The advantage is that we can avoid throwing exceptions for services that are ultimately removed from the container. That's important for auto-registration, where we commonly register all services in `src/`... but then many of them are removed later.
A few interesting notes:
- We can probably convert more things from exceptions to `Definition::addError()`. I've only converted autowiring errors and things in `CheckArgumentsValidityPass` (that was necessary because it was throwing exceptions in some cases due to autowiring failing... which was the true error)
- `Definition` can hold multiple errors, but I'm only showing the first error in the exception message. The reason is clarity: I think usually the first error is the most (or only) important. But having `Definition::addError()` avoids the possibility of a later error overriding an earlier one
Cheers!
Commits
-------
a85b37a Adding Definition::addError() and a compiler pass to throw errors as exceptions
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Fix Routing\DelegatingLoader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Spotted while reviewing: the default controller is not always a string, so parsing should only be done conditionally.
Commits
-------
a69c1b2 [FrameworkBundle] Fix Routing\DelegatingLoader
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Spotted while doing a SF4 workshop :)
Discovery of `@required` methods should be split from AutowirePass so that bindings can apply to these methods also when autowiring is enabled.
Commits
-------
dc55dd2 [DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] Add ResettableInterface to allow resetting any pool's local state
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To allow pools to leverage #24155 so that they can be used in multi-request loops.
Commits
-------
14c91f2 [Cache] Add ResettableInterface to allow resetting any pool's local state
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpKernel] Make array vs "::" controller definitions consistent
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Defining a controller using `[Foo::class, 'someAction']` vs `App\Controller\Foo::someAction` should end up produce the same result: a container lookup.
Commits
-------
f0f9a6691c [HttpKernel] Make array vs "::" controller definitions consistent
