This PR was squashed before being merged into the 3.4 branch (closes#35657).
Discussion
----------
[Security] Fix exception name in doc comments
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
f10098e9f1 [Security] Fix exception name in doc comments
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Use supportsClass in addition to UnsupportedUserException
| Q | A
| ------------- | ---
| Branch? | 3.4+
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35045
| License | MIT
| Doc PR | ~
This PR fixes the issue where user providers rely on just the UnsupportedUserException from `refreshUser()`, causing a flow where users are wrongfully re-authenticated.
There's one issue where `refreshUser()` can do far more sophisticated checks on the user class, which it will never reach if the class is not supported. As far as I know it was never intended to support instances that are rejected by `supportsClass()`, though people could've implemented this (by accident). So the question is more if we should add a BC layer for this; for example:
```php
try {
$refreshedUser = $provider->refreshUser($user);
$newToken = clone $token;
$newToken->setUser($refreshedUser);
if (!$provider->supportsClass($userClass)) {
if ($this->shouldCheckSupportsClass) {
continue;
}
// have to think of a proper deprecation here for 6.0
@trigger_error('Provider %s does not support user class %s via supportsClass() while it does support it via refreshUser .. please set option X and fix %s::supportsUser() ', E_USER_DEPRECATED);
}
```
This would prevent behavior from breaking but also means we can't fix this on anything less than 5.1.
Commits
-------
d3942cbe17 Use supportsClass where possible
This PR was merged into the 3.4 branch.
Discussion
----------
Use `::class` constants instead of `__NAMESPACE__` when possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Related to #34987
| License | MIT
| Doc PR | no
Form component has a lot of built-in form types. Some of them were implemented from the very beginning. In most of them there is a such method
```php
/**
* {@inheritdoc}
*/
public function getParent()
{
return __NAMESPACE__.'\TextType';
}
```
This `getParent()` method was refactored in Symfony 2.8. The upgrade instructions are given here https://github.com/symfony/symfony/blob/2.8/UPGRADE-2.8.md#form
I think the `__NAMESPACE__.'\TextType';` expression was used because Symfony 2.8 was using `"php": ">=5.3.9"`, and the constant `::class` was added only in PHP 5.5
Now this line can be refactored into
```php
/**
* {@inheritdoc}
*/
public function getParent()
{
return TextType::class;
}
```
For example new form types, that were added later, already using the `::class` constant.
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Core/Type/ColorType.php#L23https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Core/Type/TelType.php#L23
So, in this pull request I propose to refactor all old form types to use `::class` constant. It will give a benefit during the future refactoring, because IDE or static analysers will find all usages of parent class. Unlike the `__NAMESPACE__.'\TextType';` line, which doesn't show the real link to the class for IDE or static analysers, and it could complicate finding all usages of parent class.
Commits
-------
32bf50abca Use `::class` constants instead of `__NAMESPACE__` when possible
This PR was merged into the 3.4 branch.
Discussion
----------
CS for AccessDecisionManager
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #34548
| License | MIT
| Doc PR | -
As discussed in #34548 with @nicolas-grekas here's a CS change for the `AccessDecisionManager`
Commits
-------
b3742ec493 CS
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Improve fa (persian) translation
| Q | A
| ------------- | ---
| Branch? | >= 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
4afdfd765d Improve fa (persian) translation
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix AuthenticationException::getToken typehint
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
The token may be not set when throwing AuthenticationException.
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
a9705a0143 Fix AuthenticationException::getToken typehint
