This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Added MarshallingSessionHandler
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | TODO
Added `MarshallingSessionHandler`, a decorator for session handlers which uses the cache marshaller in order to encrypt session data.
(This is an alternative solution to #35643)
To use it, we can simply decorate the session marshaller, after that all session data will be encrypted
```yaml
Symfony\Component\Cache\Marshaller\SodiumMarshaller:
decorates: 'session.marshaller'
arguments:
- ['%env(file:resolve:SODIUM_DECRYPTION_FILE)%']
- '@Symfony\Component\Cache\Marshaller\SodiumMarshaller.inner'
```
TODO:
- [x] unit tests
Commits
-------
155d980aea [HttpFoundation][Cache] Added MarshallingSessionHandler
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Deprecated ROLE_PREVIOUS_ADMIN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | n/a
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11487
`ROLE_PREVIOUS_ADMIN` is added to the token roles if the session is an impersonation. Since https://github.com/symfony/symfony/pull/31189 we have the `IS_IMPERSONATOR` attribute which can be used for the same reason. I propose to deprecate the `ROLE_PREVIOUS_ADMIN`:
* This is not what roles are for ([resulting in hacking this exception in `AbstractToken`](https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L275-L277))
* The role isn't very descriptive
* I don't like having 2 ways of doing exactly the same thing
* While every application with impersonation enabled probably needs to be updated, the update is as simple as replacing `ROLE_PREVIOUS_ADMIN` with `IS_IMPERSONATOR`: `find ./ -type f -exec sed -i 's/ROLE_PREVIOUS_ADMIN/IS_IMPERSONATOR/g' {} +`
---
I'm a bit unsure on how to deprecate this role, but I think having it in `RoleVoter` is probably the safest (`isGranted()` and variants + `AccessDecisionManager#decide()` all use this voter to check if the token has this role).
Commits
-------
dce55f352a Deprecated ROLE_PREVIOUS_ADMIN
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] Improve localized routes performances
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| License | MIT
Implementation of the following idea: https://github.com/symfony/symfony/pull/35735#pullrequestreview-360525593
Improve route matching performances by turning dynamic routes with fixed `_locale` to actual static routes.
Commits
-------
8e9eafe18b [Routing] Improve localized routes performances
This PR was merged into the 4.4 branch.
Discussion
----------
[4.4][DoctrineBridge] Use new Types::* constants and support new json types
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/pull/35817#issuecomment-590419754
| License | MIT
| Doc PR | -
Commits
-------
ddf33535d0 [4.4][DoctrineBridge] Use new Types::* constants and support new json type
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Use new IS_* attributes in the expression language functions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
#31189 has been merged which introduces some new attributes (`IS_ANONYMOUS` & friends). We can now modify the code behind the `is_*()` expression language functions to use these new attributes. This avoids any possibility of having them out of sync.
In case you - just like me - are interested why `isGranted("IS_AUTHENTICATED_FULLY")` wasn't used before: These functions were implemented without `auth_checker` being available. The auth checker variable was introduced in 4.2 by #27305, so now we can use this.
Commits
-------
3f0c599289 Use new IS_* attributes in the expression language functions
This PR was squashed before being merged into the 5.0 branch.
Discussion
----------
[Notifier] Dispatch message event in null transport
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
I think we should be able to log notifications via the `NotificationLoggerListener` even if they were sent to a null transport. The mailer component does it the same way.
Commits
-------
a0d99ce398 [Notifier] Dispatch message event in null transport
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Validator] add alpha3 option to Language constraint
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/35116#issuecomment-570038901
| License | MIT
| Doc PR |
Commits
-------
ce73b98e2c add alpha3 option to Language constraint
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Add IS_IMPERSONATOR, IS_ANONYMOUS and IS_REMEMBERED
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/29848
| License | MIT
| Doc PR | symfony/symfony-docs#11487
This continues work of @HeahDude and finally finishes one of the code PRs I've been working on during the ⭐️ EUFOSSA Hackathon.
Changes
---
The PRs modifies some of the attributes used by the `AuthenticatedVoter`:
* New `IS_IMPERSONATOR`, `IS_ANONYMOUS` and `IS_REMEMBERED` attributes are introduced to indicate the user either impersonated, anonymous or rembered.
* <s>`IS_AUTHENTICATED_ANONYMOUSLY` actually meant "is authenticated, either anonymous or fully". As this is confusing, it is replaced by `IS_AUTHENTICATED`.</s>
* <s>All `is_*()` functions in expressions are deprecated in favor of `is_granted('IS_*')`. It's not worth duplicating the `AuthenticatedVoter` logic in two places now we have shorter `IS_*` attributes</s>
**Before**
```php
if ($authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN')) {
// ...
}
```
<s>
```yaml
security:
# ...
access_control:
- { path: ^/protected, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' }
```
</s>
**After**
```php
if ($authorizationChecker->isGranted('IS_IMPERSONATOR')) {
// ...
}
```
<s>
```yaml
security:
# ...
access_control:
- { path: ^/protected, roles: 'IS_AUTHENTICATED' }
```
</s>
<s>Discussion
---
The only thing I'm wondering is how we combine this with the `is_authenticated()` expression function:
98929dc292/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php (L33-L37)
As you can see, the `IS_AUTHENTICATED` attribute and `is_authenticated()` expression function do not have the same meaning. Should we somehow deprecate the current behavior of `is_authenticated()` or should we find another name for `IS_AUTHENTICATED` (that would be a shame imo).</s>
Commits
-------
6c522a7d98 Added IS_ANONYMOUS, IS_REMEMBERED, IS_IMPERSONATOR
* 5.0: (28 commits)
[DoctrineBridge] Use new Types::* constants and support new json type
Fix bad merge in README of Nexmo Notifier bridge
[Debug][ErrorHandler] improved deprecation notices for methods new args and return type
[BrowserKit] Nested file array prevents uploading file
[ExpressionLanguage] Fixed collisions of character operators with object properties
remove usage of already deleted Symfony\Component\EventDispatcher\Event
[Notifier] Add correct tags for NullTransportFactory
[Validator] Remove specific check for Valid targets
[PhpUnitBridge] Use trait instead of extending deprecated class
Fix versioned namespace clears
fix remember me
Use strict assertion in asset tests
[DoctrineBridge][DoctrineExtractor] Fix indexBy with custom and some core types
Do not rely on the current locale when dumping a Graphviz object
fix typo
[Ldap] force default network timeout
[Config] don't throw on missing excluded paths
Docs: Typo, grammar
[Validator] Add the missing translations for the Polish ("pl") locale
[PhpUnitBridge] Add compatibility to PHPUnit 9 #35662
...
* 4.4: (25 commits)
[DoctrineBridge] Use new Types::* constants and support new json type
[Debug][ErrorHandler] improved deprecation notices for methods new args and return type
[BrowserKit] Nested file array prevents uploading file
[ExpressionLanguage] Fixed collisions of character operators with object properties
[Validator] Remove specific check for Valid targets
[PhpUnitBridge] Use trait instead of extending deprecated class
Fix versioned namespace clears
fix remember me
Use strict assertion in asset tests
[DoctrineBridge][DoctrineExtractor] Fix indexBy with custom and some core types
Do not rely on the current locale when dumping a Graphviz object
fix typo
[Ldap] force default network timeout
[Config] don't throw on missing excluded paths
Docs: Typo, grammar
[Validator] Add the missing translations for the Polish ("pl") locale
[PhpUnitBridge] Add compatibility to PHPUnit 9 #35662
[Routing] Add locale requirement for localized routes
[Console] Inline exact-match handling with 4.4
Set previous exception when rethrown from controller resolver
...
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Fix versioned namespace atomic clears
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
When using namespace versioning to achieve atomic cache clears, only delete cache keys matching the old/current version.
This resolves tag inconsistency issues whereby the process running the clear would delete keys set against the new version by more recently spawned concurrent processes. Most seriously this could result in newly set data keys remaining, but with empty associated tag sets meaning the invalidation via tags was no longer possible.
Clearing specific prefixes is not supported when using versioned namespaces as it is desirable to clear all old keys as they will no longer be used and would otherwise eventually fill cache memory.
Commits
-------
971b177d27 Fix versioned namespace clears
This PR was merged into the 3.4 branch.
Discussion
----------
[3.4][DoctrineBridge] Use new Types::* constants and support new json type
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
All `Type::*` constants were moved and deprecated. This PR makes sure we use the good ones when they exist so we are prepared for their removal. It allows to be deprecation free. If deprecated constants could be detected, we would have failing tests 😄
Also, `json_array` was deprecated and renamed to `json`, so I added support for this new type.
Some new components also use these constants on upper branches, so I will submit PRs there.
Commits
-------
3e35fa59ea [DoctrineBridge] Use new Types::* constants and support new json type
* 3.4:
[ExpressionLanguage] Fixed collisions of character operators with object properties
[Validator] Remove specific check for Valid targets
[PhpUnitBridge] Use trait instead of extending deprecated class
fix remember me
Use strict assertion in asset tests
[DoctrineBridge][DoctrineExtractor] Fix indexBy with custom and some core types
Do not rely on the current locale when dumping a Graphviz object
fix typo
[Ldap] force default network timeout
[Config] don't throw on missing excluded paths
Docs: Typo, grammar
[Validator] Add the missing translations for the Polish ("pl") locale
[Console] Inline exact-match handling with 4.4
Set previous exception when rethrown from controller resolver
[VarDumper] fixed DateCaster not displaying additional fields
[HttpKernel] fix registering DebugHandlersListener regardless of the PHP_SAPI
This PR was merged into the 4.4 branch.
Discussion
----------
[Debug][ErrorHandler] improved deprecation notices for methods new args and return type
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
~I don't know if this should be considered a bug fix or a feature.~
Commits
-------
83d4aa7683 [Debug][ErrorHandler] improved deprecation notices for methods new args and return type
This PR was merged into the 5.0 branch.
Discussion
----------
Fix bad merge in README of Nexmo Notifier bridge
| Q | A
| ------------- | ---
| Branch? | 5.0
| License | MIT
[Bad merge](85f793bec6 (diff-ba05e8af79b613430b91ba4d4ccbea0d)) made b52b7b9fd6 end up in Nexmo README :)
Commits
-------
a8d0c5b1d7 Fix bad merge in README of Nexmo Notifier bridge
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Remove specific check for Valid targets
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
As covered by `ClassMetadataTest::testAddConstraintDoesNotAcceptValid`, this check is useless, as `Valid` already accepts only properties as targets.
This check is a [leftover of a time](9b07b0c672) `Valid` was extending `Traverse` which was allowing classes & properties.
The `Valid` targets are properly checked by the lines above, the same way as other constraints.
Commits
-------
0086562c77 [Validator] Remove specific check for Valid targets
This PR was merged into the 4.4 branch.
Discussion
----------
[BrowserKit] Nested file array prevents uploading file
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | n/a
The HttpBrowser doesn't play nicely with Symfony\Component\DomCrawler::getPhpFiles().
The former assumes a flat array structure, while the latter explicitly un-flattens it, causing files to silently get ignored by the DomCrawler's submitForm.
Commits
-------
e15f05e03f [BrowserKit] Nested file array prevents uploading file
This PR was merged into the 5.0 branch.
Discussion
----------
[Notifier] Add correct tags for NullTransportFactory
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
I tried to disable the delivery of notifications in `dev` environment with the following configuration:
```
framework:
notifier:
chatter_transports:
slack: 'null://null'
texter_transports:
twilio: 'null://null'
channel_policy:
urgent: ['chat/slack', 'sms/twilio']
high: ['email']
medium: ['email']
low: ['email']
```
While sending the notification like this:
```
$notification = (new Notification())
->subject('Test subject')
->importance(Notification::IMPORTANCE_URGENT)
->content('Test content')
;
$this->notifier->send($notification);
```
I got an `UnsupportedSchemeException`: The "null" scheme is not supported.
After some digging I figured out that this Exception occurred because the `NullTransportFactory` was not tagged with the `chatter.transport_factory` and `texter.transport_factory` tags. Which is the reason the `NullTransportFactory` was not injected in the `Transport` class and so the `NullTransport` couldn't be used.
This PR should fix this Bug.
Commits
-------
1ff5e3c83f [Notifier] Add correct tags for NullTransportFactory
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Fixed Mime dependency missing error
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | kinda
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
Follows #35642, by adding a missing exception and a note in the UPGRADE file (CHANGELOG in HttpFoundation was already up to date).
Reported in symfony/symfony-docs#1307
Commits
-------
fef0de3eb6 [HttpFoundation] Fixed Mimes dependency missing error
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[ExpressionLanguage] Fixed collisions of character operators with object properties
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Expression `foo.not in [bar]` compiles to invalid php code:
```
$foo->not in[$bar]
```
Added check for absence of a dot before of the character operators.
PS. I apologize for not starting the issue before create PR. I considered this bug is minor, but obvious.
Commits
-------
4b83ae7547 [ExpressionLanguage] Fixed collisions of character operators with object properties