The AuthenticatorManager now performs the whole authentication process. This
allows for manual authentication without duplicating or publicly exposing parts
of the process.
This to remove confusion between the new system and Guard. When using the new
system, guard should not be installed. Guard did however influence the idea
behind the new system. Thus keeping the mentions of "guard" makes it confusing
to use the new system.
This allows more flexibility for the authentication manager (to e.g. implement
login throttling, easier remember me, etc). It is also a known design pattern
in Symfony HttpKernel.
This removes the introduced dependency on Guard from core. It also allows an
easier migration path, as the complete Guard subcomponent can now be deprecated
later in the 5.x life.
This is an iteration on the AuthenticatorInterface of the Guard, to allow more
flexibility so it can be used as a real replaced of the authentication
providers and listeners.
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | na
| License | MIT
| Doc PR | na
expectExceptionMessageRegExp is deprecated coming phpunit 8.5.3 see https://github.com/sebastianbergmann/phpunit/issues/4133
Not sure if I need to add something else lmk.
Commits
-------
cfd5a29eaf [PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Serializer] UnwrappingDenormalizer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
UnwrappingDenormalizer, registered with very high priority. Unwrapping the data if UNWRAP_PATH is provided.
Very often some APIs give nested responses in which we need only the child object. With UnwrappingDenormalizer we can get the needed object without creating unnecessary Model class that we don't really need.
Regarding to https://github.com/symfony/symfony/pull/28887 and https://github.com/symfony/symfony/pull/30894
Usage:
`$serialiser->deserialize('{"baz": {"foo": "bar", "inner": {"title": "value", "numbers": [5,3]}}}', Object::class, ['UnwrappingDenormalizer::UNWRAP_PATH' => '[baz][inner]'])`
Commits
-------
00d103d5f7 UnwrappingDenormalizer
* 5.0:
[appveyor] bump cache
[Twig][Mime] Removed extra quotes in missing package exception message
[DI] µfix
Allowing empty secrets to be set
[DI] add missing property declarations in InlineServiceConfigurator
[DI] fix detecting short service syntax in yaml
Supress error from fread when reading a unix pipe
[HttpClient] Fix scoped client without query option configuration
[Workflow] Use a strict comparison when retrieving raw marking in MarkingStore
[Workflow] Use a strict comparison when retrieving raw markin in MarkingStore
* 4.4:
[appveyor] bump cache
[Twig][Mime] Removed extra quotes in missing package exception message
[DI] µfix
Allowing empty secrets to be set
[DI] add missing property declarations in InlineServiceConfigurator
[DI] fix detecting short service syntax in yaml
Supress error from fread when reading a unix pipe
[HttpClient] Fix scoped client without query option configuration
[Workflow] Use a strict comparison when retrieving raw marking in MarkingStore
[Workflow] Use a strict comparison when retrieving raw markin in MarkingStore
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Fix scoped client without query option configuration
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The `query` key default value is an [empty array](https://github.com/symfony/symfony/blob/v4.4.7/src/Symfony/Component/Config/Definition/PrototypedArrayNode.php#L30) and because of that it is always set. Processing a configuration for a scoped HTTP client (which has a `scope` and does not have a `base_uri`) results in the configuration being invalid. The error message says that query parameters cannot be aplied to the base URI since it is not defined (which doesn't make sense since the query parameters don't exist because they are empty).
Commits
-------
a07578dba3 [HttpClient] Fix scoped client without query option configuration
* 5.0:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
[5.0][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 4.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 3.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpKernel] allow cache warmers to add to the list of preloaded classes and files
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
This PR makes cache warmers responsible for returning a list of classes or files to preload. It does so by adding the following to `WarmableInterface::warmUp()`:
`@return string[] A list of classes or files to preload on PHP 7.4+`
Of course, this return value is properly implemented so that we can see what this provides in practice. Here are the benchmarks on a simple Hello World rendered with Twig:
- without preloading: 360 req/s
- with preloading in master: 560 req/s (+55%)
- with preloading and this PR: 630 req/s (+75%)
Commits
-------
8ab75d99d4 [HttpKernel] allow cache warmers to add to the list of preloaded classes and files
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Security] Refactor logout listener to dispatch an event instead
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes (sort of...)
| New feature? | yes
| Deprecations? | yes
| Tickets | Fix#25212, Fix#22473
| License | MIT
| Doc PR | tbd
The current `LogoutListener` has some extension points, but they are not really DX-friendly (ref #25212). It requires hacking a `addMethodCall('addHandler')` in the container builder to register a custom logout handler.
Also, it is impossible to overwrite the default logout functionality from a bundle (ref #22473).
This PR introduces a `LogoutEvent` that replaces both the `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`. This provides a DX-friendly extension point and also cleans up the authentication factories (no more `addMethodCall()`'s).
In order to allow different logout handlers for different firewalls, I created a specific event dispatcher for each firewall (as also shortly discussed in #33558). The `dispatcher` tag attribute allows you to specify which dispatcher it should be registered to (defaulting to the global dispatcher). The `EventBubblingLogoutListener` also dispatches logout events on the global dispatcher, to be used for listeners that should run on all firewalls.
_@weaverryan and I discussed this feature while working on #33558, but figured it was unrelated and could be done while preservering BC. So that's why a separate PR is created._
Commits
-------
a9f096eb1f [Security] Refactor logout listener to dispatch an event instead
* 5.0:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 5.0.8
updated VERSION for 5.0.7
updated CHANGELOG for 5.0.7
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
* 4.4:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation][HttpKernel][Security] Improve UnexpectedSessionUsageException backtrace
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Improve `UnexceptedSessionUsageException` backtrace so that it leads to the place in the userland where it was told to use session.
Commits
-------
1e1d332c7c Improve UnexcpectedSessionUsageException backtrace
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Dump kernel extension configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #34756
| License | MIT
If the kernel is a container extension and defines a configuration, the `config:dump-reference` will now be able to dump it.
Commits
-------
2ccafb1eb3 [FrameworkBundle] Dump kernel extension configuration
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] dump factory files as classes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR is a performance improvement when using `bin/console` on the command line.
Once upon a time, we advised setting `container.dumper.inline_factories` to `false` so that the container could be chunked into many files. More recently, we turned this setting back to `true` in order to optimize for preloading. But this made `bin/console` back to slow: since the CLI cannot have opcache, PHP has to parse this potentially big file all the time. Previous data already showed this can grow big.
This PR fixes the issue by generating many files again. But instead of generating the inline code within each file, we now wrap this code inside a class. Then we list this class for preloading.
This way, we have the best of both worlds: a `bin/console` that scales no matter the size of the app and top perf when using preloading (I benched a small hello world before/after the patch with preloading enabled, there is no measurable difference.)
This should also fix a memory leak that happens when factory files contain closures.
Commits
-------
cedb5cd429 [DI] dump factory files as classes
* 5.0: (27 commits)
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add missing gitattributes for phpunit-bridge
add German translations
Bump Symfony version to 5.0.7
Update VERSION for 5.0.6
Update CHANGELOG for 5.0.6
...
* 4.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
* 3.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Allow setting cookie security settings for delete_cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/36243#discussion_r399646893
| License | MIT
| Doc PR | tbd
Similar to #36173 and #36175. This is needed for Chrome 80 compatibility.
My only question is whether we should introduce these specific settings, or somehow fetch them from `framework.session`?
Commits
-------
a696d1f3af [Security/Http] Allow setting cookie security settings for delete_cookies
* 5.0:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 4.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix deprecation message for booting a kernel twice
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
a0a6243a21 Fix deprecation messages
* 5.0:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
* 4.4:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix preloading script generation
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
(fabbot failure is a false positive)
On master, we should work on being able to preload more classes (esp. all cache-warmup artifacts).
But for 4.4, this is good enough. Submitted as a bug fix because 1. the current code that deals with preloading kinda-works, but only on "dev" mode... and 2. fixing it provides a nice boost!
Small bench on a hello world:
- before: 380 req/s
- after: 580 req/s
That's +50%!
Pro-tip: adding a few `class_exists()` as done in this PR for the classes that are always used in the implementations (e.g. `new Foo()` in the constructor) will help the preload-script generator to work optimally. Without them, it will discover the symbols to preload only if they're found on methods.
Some of those `class_exists()` are mandatory, in relation to anonymous classes and https://bugs.php.net/79349
Commits
-------
a10fc4da5d [DI] fix preloading script generation
* 5.0:
fix merge
Fix more quotes in exception messages
Fix more quotes in exception messages
Fix more quotes in exception messages
[3.4] Minor fixes
[PropertyAccess] Improved errors when reading uninitialized properties
* 4.4:
Fix more quotes in exception messages
Fix more quotes in exception messages
[3.4] Minor fixes
[PropertyAccess] Improved errors when reading uninitialized properties
* 5.0:
[FrameworkBundle] start session on flashbag injection
[Validator] Remove commas in translations
[Console] Fallback to default answers when unable to read input
* 4.4:
[FrameworkBundle] start session on flashbag injection
[Validator] Remove commas in translations
[Console] Fallback to default answers when unable to read input
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] start session on flashbag injection
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix [#33084](https://github.com/symfony/symfony/issues/33084)
| License | MIT
This PR addresses an issue whereby if the FlashBag is injected into the application using the default service configuration, we cannot rely that the session has been started. This behaviour is in contradiction to [the docs](https://symfony.com/doc/current/session.html#avoid-starting-sessions-for-anonymous-users):
> Sessions are automatically started whenever you read, write or even check for the existence of data in the session.
This is because symfony ensures the session has been started on calls to getFlashBag() which is normally how the flashbag will be accessed but this is not called if you inject the FlashBag directly into the container.
I have addressed this issue by changing the way the Flashbag service is built so that it uses Session as a factory service and getFlashBag as a factory method. This means that anywhere in symfony where FlashBag is injected can now rely on the fact the session is started.
I have also added a new functional test to verify this behaviour.
Commits
-------
e8b4d35616 [FrameworkBundle] start session on flashbag injection
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[ErrorHandler][FrameworkBundle] better error messages in failing tests
| Q | A
| ------------- | ---
| Branch? | master for features
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#32752
| License | MIT
| Doc PR |
Purpose of this PR is to enhance tests by giving a way to report an exception that occured during the processing of the request.
The ErrorHandler will add an X-Debug-Exception, and the assertThat() method of WebTestCase will throw an exception if this header exists and status code is 5xx.
In practice, this adds the "Caused by" section in this example:
```
Time: 374 ms, Memory: 20.00 MB
There was 1 failure:
1) App\Tests\Controller\HomeControllerTest::testC
Failed asserting that the Response has header "Content-Type" with value "application/json".
/srv/symfony/src/Symfony/Bundle/FrameworkBundle/Test/BrowserKitAssertionsTrait.php:132
/srv/symfony/src/Symfony/Bundle/FrameworkBundle/Test/BrowserKitAssertionsTrait.php:66
/srv/blog/tests/Controller/HomeControllerTest.php:29
Caused by
Exception: This a test exception. in /the/file.php:139
Stack trace:
[...]
```
Commits
-------
0da9469ee2 [ErrorHandler][FrameworkBundle] better error messages in failing tests
* 5.0:
Add missing dots at the end of exception messages
Add missing dots at the end of exception messages
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
Fix bad merge
Add missing dots at the end of exception messages
* 4.4:
Add missing dots at the end of exception messages
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
Fix bad merge
Add missing dots at the end of exception messages
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Framework-Bundle] fixed kernel.secret not being overridden when loaded from extension using MicroKernelTrait
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Previously, when extending `Kernel::class` and using the `MicroKernelTrait::class` setting the `secret` like
```
protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader)
{
$container->loadFromExtension('framework', [ 'secret' => 'foo',]);
```
would not replace the `kernel.secret` parameter set by `$container->setParameter('kernel.secret', '%env(APP_SECRET)%');` in the `MicroKernelTrait`.
Initiating a service with a secret argument without a `APP_ENV` value set in `.env` would throw:
`Symfony\Component\DependencyInjection\Exception\EnvNotFoundException : Environment variable not found: "APP_SECRET".`
This PR allows the `kernel.secret` set in the `MicroKernelTrait::registerContainerConfiguration()` to be overridden in a class extending `Kernel` while using the trait.
Thanks @nicolas-grekas for the help on this one.
Commits
-------
76d398851f fixed kernel.secret not being overridden when loaded from extension
* 5.0: (36 commits)
Add test for tagged iterator with numeric index
Fix container lint command when a synthetic service is used in combination with the expression language
Fix Travis script
[Validator][Range] Fix typos
[SecurityBundle] Minor fix in LDAP config tree builder
[HttpClient] fix requests to hosts that idn_to_ascii() cannot handle
Revert "minor #35559 [FrameworkBundle] remove mention of the old Controller class (nicolas-grekas)"
[FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
[Mime] remove phpdoc mentioning Utf8AddressEncoder
Add missing phpdoc
Remove int return type from FlattenException::getCode
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
[Form] Handle false as empty value on expanded choices
[Messenger] Add ext-redis min version req to tests
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Add new packages on the link script
...
* 4.4: (34 commits)
Add test for tagged iterator with numeric index
Fix container lint command when a synthetic service is used in combination with the expression language
[Validator][Range] Fix typos
[SecurityBundle] Minor fix in LDAP config tree builder
[HttpClient] fix requests to hosts that idn_to_ascii() cannot handle
[FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
[Mime] remove phpdoc mentioning Utf8AddressEncoder
Add missing phpdoc
Remove int return type from FlattenException::getCode
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
[Form] Handle false as empty value on expanded choices
[Messenger] Add ext-redis min version req to tests
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Add new packages on the link script
[DI] fix dumping errored definitions
[DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait
...
* 3.4:
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form"
Add Spanish translation
Fix typo
[Validator] add Japanese translation
Fix typo
Add Polish translation
[SecurityBundle] Minor fixes in configuration tree builder
bumped Symfony version to 3.4.39
updated VERSION for 3.4.38
update CONTRIBUTORS for 3.4.38
updated CHANGELOG for 3.4.38
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DX][Testing] Added a loginUser() method to test protected resources
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#26839
| License | MIT
| Doc PR | tbd
This finishes https://github.com/symfony/symfony/pull/32850 original description:
> I know this won't work for 100% of our users ... but the goal is to make life easier to *most* of them. Thanks!
A custom `ConcreteToken` test-object is created as suggested by @linaori, to not bind this token to any specific implementation (as other implementations aren't fully compatible with eachother).
Commits
-------
2980a680d4 Added special test token and implemented 'real' functional tests
f516829d99 [DX][Testing] Added a loginUser() method to test protected resources
* 5.0:
register only existing transport factories
prevent deprecation being triggered from assertion
bumped Symfony version to 5.0.6
updated VERSION for 5.0.5
updated CHANGELOG for 5.0.5
bumped Symfony version to 4.4.6
updated VERSION for 4.4.5
updated CHANGELOG for 4.4.5
* 4.4:
register only existing transport factories
prevent deprecation being triggered from assertion
bumped Symfony version to 4.4.6
updated VERSION for 4.4.5
updated CHANGELOG for 4.4.5
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle][HttpKernel] Add session usage reporting in stateless mode
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | TODO
https://github.com/orgs/symfony/projects/1#card-30506005
Provide a `@Stateless` annotation that forbid session usage for annotated controllers (or classes).
## Implementations
**v1**
- ~~New session proxy that allows session to be marked as disabled~~
- ~~New default route attribute: `_stateless` (automatically set by `@Stateless`)~~
- ~~On kernel controller event, if `_stateless` is `true`, session is marked as disabled~~
- ~~Session listener is able to check if the session is disabled and prevent its creation~~
**v2**
- New default route attribute: `_stateless` (automatically set by `@Stateless`)
- On kernel response, check the session usage and if session was used when `_stateless` attribute is set to `true`: Either throw an exception (debug enabled) or log a warning (debug disabled)
Commits
-------
bc48db2424 [FrameworkBundle][HttpFoundation] Add `_stateless`
* 5.0:
minor #35833 [FrameworkBundle] Add missing items in the unused tag pass whitelist (fabpot)
[HttpClient][DX] Add URL context to JsonException messages
[Routing] Improve localized routes performances
[4.4][DoctrineBridge] Use new Types::* constants and support new json type
[Validator] Add missing translations
[Notifier] Dispatch message event in null transport
[Messenger] Use Doctrine DBAL new Types::* constants
* 4.4:
minor #35833 [FrameworkBundle] Add missing items in the unused tag pass whitelist (fabpot)
[HttpClient][DX] Add URL context to JsonException messages
[Routing] Improve localized routes performances
[4.4][DoctrineBridge] Use new Types::* constants and support new json type
[Validator] Add missing translations
[Messenger] Use Doctrine DBAL new Types::* constants
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Add missing items in the unused tag pass whitelist
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
We have some missing tags in the whitelist. I've added a script that adds the missing ones, and added a test to avoid forgetting about updating the whitelist.
Commits
-------
d1bcc0fc5e [FrameworkBundle] Add a script that checks for missing items in the unused tag whitelist
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Add missing items in the unused tag pass whitelist
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
We have some missing tags in the whitelist. I've added a script that adds the missing ones, and added a test to avoid forgetting about updating the whitelist.
Commits
-------
d1bcc0fc5e [FrameworkBundle] Add a script that checks for missing items in the unused tag whitelist
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Added MarshallingSessionHandler
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | TODO
Added `MarshallingSessionHandler`, a decorator for session handlers which uses the cache marshaller in order to encrypt session data.
(This is an alternative solution to #35643)
To use it, we can simply decorate the session marshaller, after that all session data will be encrypted
```yaml
Symfony\Component\Cache\Marshaller\SodiumMarshaller:
decorates: 'session.marshaller'
arguments:
- ['%env(file:resolve:SODIUM_DECRYPTION_FILE)%']
- '@Symfony\Component\Cache\Marshaller\SodiumMarshaller.inner'
```
TODO:
- [x] unit tests
Commits
-------
155d980aea [HttpFoundation][Cache] Added MarshallingSessionHandler
* 5.0: (28 commits)
[DoctrineBridge] Use new Types::* constants and support new json type
Fix bad merge in README of Nexmo Notifier bridge
[Debug][ErrorHandler] improved deprecation notices for methods new args and return type
[BrowserKit] Nested file array prevents uploading file
[ExpressionLanguage] Fixed collisions of character operators with object properties
remove usage of already deleted Symfony\Component\EventDispatcher\Event
[Notifier] Add correct tags for NullTransportFactory
[Validator] Remove specific check for Valid targets
[PhpUnitBridge] Use trait instead of extending deprecated class
Fix versioned namespace clears
fix remember me
Use strict assertion in asset tests
[DoctrineBridge][DoctrineExtractor] Fix indexBy with custom and some core types
Do not rely on the current locale when dumping a Graphviz object
fix typo
[Ldap] force default network timeout
[Config] don't throw on missing excluded paths
Docs: Typo, grammar
[Validator] Add the missing translations for the Polish ("pl") locale
[PhpUnitBridge] Add compatibility to PHPUnit 9 #35662
...
This PR was merged into the 5.0 branch.
Discussion
----------
[Notifier] Add correct tags for NullTransportFactory
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
I tried to disable the delivery of notifications in `dev` environment with the following configuration:
```
framework:
notifier:
chatter_transports:
slack: 'null://null'
texter_transports:
twilio: 'null://null'
channel_policy:
urgent: ['chat/slack', 'sms/twilio']
high: ['email']
medium: ['email']
low: ['email']
```
While sending the notification like this:
```
$notification = (new Notification())
->subject('Test subject')
->importance(Notification::IMPORTANCE_URGENT)
->content('Test content')
;
$this->notifier->send($notification);
```
I got an `UnsupportedSchemeException`: The "null" scheme is not supported.
After some digging I figured out that this Exception occurred because the `NullTransportFactory` was not tagged with the `chatter.transport_factory` and `texter.transport_factory` tags. Which is the reason the `NullTransportFactory` was not injected in the `Transport` class and so the `NullTransport` couldn't be used.
This PR should fix this Bug.
Commits
-------
1ff5e3c83f [Notifier] Add correct tags for NullTransportFactory
* 5.0:
fix unix root dir issue
sync validator translation files with master
fix anchor
fix links to releases page (formerly known as "roadmap")
[Console] Don't load same-namespace alternatives on exact match found
[HttpKernel] Fix method name in doc comments
* 4.4:
fix unix root dir issue
sync validator translation files with master
[HttpFoundation] fix not sending Content-Type header for 204 responses
[ErrorHandler] silence warning when zend.assertions=-1
fix anchor
[Console] Handle zero row count in appendRow() for Table
fix links to releases page (formerly known as "roadmap")
[Console] Don't load same-namespace alternatives on exact match found
* 3.4:
fix unix root dir issue
sync validator translation files with master
fix anchor
fix links to releases page (formerly known as "roadmap")
[Console] Don't load same-namespace alternatives on exact match found
This PR was squashed before being merged into the 5.1-dev branch (closes#33968).
Discussion
----------
[Notifier] Add Firebase bridge
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | See #33687
| License | MIT
This would add [Firebase](https://firebase.google.com) integration for the Notifier component. With Firebase you can send push notifications to the users of you Android and iOS app and website (formerly known as Google Cloud messaging).
I'm not sure if it's possible to have this merged, like the other bridges. Or if I should create a stand-alone repository? That'd be fine too.
Also it's now using the `ChatMessage` as implementation of `Symfony\Component\Notifier\Message\MessageInterface`, but I feel like this component could use a `PushMessage` or something similar. Although I'm not sure if it would contain more than `subject` that the `ChatMessage` does.
Commits
-------
2776d2f811 [Notifier] Add Firebase bridge
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Add SQS transport
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | TODO
This PR add the AWS SQS transport in messenger.
It also add a `DisconnectedReceiverInterface` that allows the worker to release not-proceeded message (which are not automatically released in SQS and have to wait a TTL). Tell me if you prefer to move it in a dedicated PR.
accepted DNS:
- `sqs://default/accountId/queueName`
- `sqs://default/queueName`
- `sqs://default/queueName?region=us-east-2`
- `sqs://my_custome_endpoint:12345/queueName?sslmode=disabled`
To reduce AWS costs, the implementation performs a long polling call and prefetch several messages.
TO get ~real time worker, one could use `./bin/console messenger:consume --sleep 0.001`
Commits
-------
c226479d5f [Messenger] Add SQS transport
* 5.0:
[FrameworkBundle] fix "samesite" in XSD
[Console] Consider STDIN interactive
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
* 4.4:
[FrameworkBundle] fix "samesite" in XSD
[Console] Consider STDIN interactive
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
* 3.4:
[FrameworkBundle] fix "samesite" in XSD
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35520
| License | MIT
| Doc PR | -
This PR cherry-picks #28168 on 3.4, with a rationale given by @ConneXNL in https://github.com/symfony/symfony/issues/35520#issuecomment-582296847:
> I hope I am wrong but I see the impact of not making any changes to Symfony 3.4 will have a tons of sites break if we cannot set the cookie's samesite setting (in the framework session and remember me) before Chrome pushes this update.
>
> Very soon all existing cookies are no longer going to work with cross-domains if you do not specify 'None' for the cookie_samesite. All external APIs that use cookies and are running SF 3.4 will break and devs will have no quick solution to fix their auth process.
>
> If you are using PHP 7.4, yes you can most likely use ini_set to workaround this issue.
>
> However, ini_set('cookie_samesite') does not work in PHP Version <= 7.2.
I am not even sure PHP 7.3 supports the value 'None' as php.watch/articles/PHP-Samesite-cookies says it has support for 'Lax' and 'Scrict'.
>
> This effectively means SF 3.4 on PHP 7.2 (or PHP 7.3) is no longer supported for cross domain APIs with cookies. People would have to either update PHP to 7.4 (if they even can?) or go to Symfony 4 (with a dead live site is going to be a complete disaster).
>
> Since the impact of the change that chrome is about to roll out is so fundamentally changing our way to set cookies, I consider configuring samesite configuration in the framework an absolute requirement, not a feature, especially since SF 3.4 is still supported.
>
> What am i missing?
>
> Note: SF3 HTTPFoundation already supports the new cookie settings, it's just the framework that doesn't support it.
Our BC policy embeds the promise that one should be able to keep the same app on a newest infrastructure (eg that's why supporting a PHP version is a bug fix). I think we can consider this for browsers here also. WDYT?
Commits
-------
f46e6cb8a0 [HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
