* 2.7:
[Twig+FrameworkBundle] Fix forward compat with Form 2.8
[2.6] Static Code Analysis for Components
[Security/Http] Fix test relying on a private property
[Serializer] Fix bugs reported in b5990be491 (commitcomment-12301266)
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php
This PR was squashed before being merged into the 2.8 branch (closes#15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
* 2.3:
Minor fixes
Towards 100% HHVM compat
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet.
load user by UserInterface instead of username
* 2.3:
Fix quoting style consistency.
[DependencyInjection] Fail when dumping a Definition with no class nor factory
Normalizing recursively - see #9096
No change - the normalizeParams is a copy-and-paste of the earlier logic
fixes issue with logging array of non-utf8 data
fix validation for Maestro UK card numbers
* 2.7: (36 commits)
[DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader
[Serializer] Fixed typo in comment
[Form] Fixed: Filter non-integers when selecting entities by int ID
Fix merge
Fix merge
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Console] Fix tests on Windows
[2.7] Fix unsilenced deprecation notices
[2.3][Debug] Fix fatal-errors handling on HHVM
[Debug] fix debug class loader case test on windows
Standardize the name of the exception variables
[Debug+VarDumper] Fix handling of PHP7 exception/error model
Do not trigger deprecation error in ResolveParameterPlaceHoldersPass
[2.3] Static Code Analysis for Components
Added a small Upgrade note regarding security.context
added missing deprecation in CHANGELOG
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
* 2.3:
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
* 2.7:
[Console] SymfonyStyle : Fix blocks wordwrapping
[Console] SymfonyStyle : Fix blocks output is broken on windows cmd
[Validator] remove partial deprecation annotation
Updated UPGRADE-2.4.md
[Form] Support DateTimeImmutable in transform()
Show the FormType and FormTypeExtension in case of deprecated use of setDefaultOptions
[FrameworkBundle] Document form.csrf_provider service deprecation
[Form] add test to avoid regression of #14891
without this change allways the legacy code get called
[Form] Fix call to removed method (BC broken in 2.3)
Fix ask and askHidden methods
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Change error message to reflect SecurityContext deprecation.
fixed merge
Issue #14815
[Console] SymfonyStyle : fix & automate block gaps.
[Console] SymfonyStyle : Improve EOL consistency by relying on output instance
Improved duplicated code in FileLocator
* 2.7: (95 commits)
[DependencyInjection] provide better error message when using deprecated configuration options
[console][TableCell] get cell width without decoration.
Improve the config validation in TwigBundle
[VarDumper] Changed tooltip to expand-all keybinding in OS X
[Bridge\PhpUnit] Fix composer installed phpunit detection
[VarDumper] Fix generic casters calling order
[2.7][SecurityBundle] Remove SecurityContext from Compile
[WebProfilerBundle][logger] added missing deprecation message.
Fix profiler CSS
[Security][Acl] enforce string identifiers
[FrameworkBundle] make `templating.helper.router` service available again for BC reasons
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.7.1
updated VERSION for 2.7.0
updated CHANGELOG for 2.7.0
bumped Symfony version to 2.6.10
updated VERSION for 2.6.9
updated CHANGELOG for 2.6.9
fixed tests
bumped Symfony version to 2.3.31
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Loader/JsonFileLoader.php
* 2.6: (30 commits)
[Translation] fixed JSON loader on PHP 7 when file is empty
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
fixed typo
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
[2.6] Fix HTML escaping of to-source links
Fix HTML escaping of to-source links
ExceptionHandler: More Encoding
Fix the rendering of deprecation log messages
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
Fixed the indentation in the compiled template for the DumpNode
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/Debug/ExceptionHandler.php
* 2.3:
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
Fix HTML escaping of to-source links
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
fixed typo
Update README.md
[HttpKernel] Handle an array vary header in the http cache store
[Security][Translation] fixes#14584
[Framework] added test for Router commands.
Handled bearer authorization header in REDIRECT_ form
Conflicts:
src/Symfony/Component/Debug/ExceptionHandler.php
This PR was squashed before being merged into the 2.3 branch (closes#14670).
Discussion
----------
[Security] TokenBasedRememberMeServices test to show why encoding username is required
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
241538d shows that it's not actually tested, 257b796 reimplements it with test.
I can remove the POC commit if it's not needed.
Commits
-------
63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
This PR was squashed before being merged into the 2.3 branch (closes#14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Removed unnecessary statement
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Removed unnecessary statement from `PersistentTokenBasedRememberMeServices.php`.
`$series` comes from `$cookieParts` and `$this->tokenProvider->loadTokenBySeries($series);` is supposed to find the token with that value. Doing `$persistentToken->getSeries();` should give us exactly the same value, so it is an unnecessary statement.
Why?
* We don't need it? We won't miss it when it's gone.
* It confuses a code reader who starts guessing why would that be needed (at least I did and lost time because of that).
Unless…
It actually is needed, as we want `TokenProviderInterface` implementations to have a possibility to give a `PersistentTokenInterface` with a different series value than asked… I can make a PR to the testing class so that such requirement is checked upon.
I don't believe that this is BC, as this behaviour isn't documented anywhere and no existing (known to me) implementations return different series than the asked ones (and current tests pass successfully).
Commits
-------
c7a91f1 Removed unnecessary statement from PersistentTokenBasedRememberMeServices.php
* 2.7:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.6:
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Component/Finder/Expression/Glob.php
* 2.3:
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php
src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
* 2.7: (70 commits)
[travis] Use container-based infrastructure
[HttpKernel] use ConfigCache::getPath() method when it exists
[PropertyAccess] Fix setting public property on a class having a magic getter
[Routing] Display file which contain deprecated option
ContainerInterface: unused exception dropped
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
...
Conflicts:
src/Symfony/Bundle/DebugBundle/composer.json
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/Loader/CsvFileLoader.php
src/Symfony/Component/Translation/Loader/IniFileLoader.php
src/Symfony/Component/Translation/Loader/MoFileLoader.php
src/Symfony/Component/Translation/Loader/PhpFileLoader.php
src/Symfony/Component/Translation/Loader/PoFileLoader.php
src/Symfony/Component/Translation/Loader/YamlFileLoader.php
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Translation/Translator.php
src/Symfony/Component/Validator/README.md
* 2.6: (21 commits)
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
[Translation] simplify getMessages.
[Framework][Translation] added test for debug command.
Run tests on hhvm instead of hhvm-nightly
Use HTTPS in README and some other fixes
add more entropy to generated classnames
...
Conflicts:
.travis.yml
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
PhpDoc fix in AbstractRememberMeServices
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.7: (40 commits)
[Debug] Fix ClassNotFoundFatalErrorHandler candidates lookups
[2.6][Translator] Extend, refactor and simplify Translator tests.
Update DebugClassLoader.php
inject asset packages in assets helper service
[travis] Do not exclude legacy tests on 2.7
[HttpFoundation] remove getExtension method
[2.6][Translation] fix legacy tests.
[Form] Removed remaining deprecation notices in the test suite
[Form] Moved deprecation notice triggers to file level
[Debug] Map PHP errors to LogLevel::CRITICAL
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Initialize translator with the default locale.
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[2.7][Translation] remove duplicate code for loading catalogue.
[2.6][Translation] remove duplicate code for loading catalogue.
[HttpKernel] Cleanup ExceptionListener
CS fixes
[DependencyInjection] Show better error when the Yaml component is not installed
[2.3] SCA for Components - reference mismatches
...
