This PR was squashed before being merged into the 2.8 branch (closes#27581).
Discussion
----------
Fix bad method call with guard authentication + session migration
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no (but there needs to be on master)
| Tests pass? | yes
| Fixed tickets | #27577
| License | MIT
| Doc PR | n/a
I messed up #27452 :/. Guard is the one class where the session migration is not on the listener, it's on the handler. The tricky part is that there is only ONE handler (unlike listeners where there is 1 listener per firewall). That means that implementing a session migration strategy that avoids stateless firewalls was a bit more tricky: I could only think to inject a map into `GuardAuthenticationHandler`. On the bright side, this also fixes session migration (not happening) when people call the `authenticateUserAndHandleSuccess()` method directly.
On master, we'll need to add a deprecation to make the 3rd argument of `authenticateWithToken()` required - it's optional now for BC. We may also need to re-order the constructor args.
I DID test this in a real 2.8 project, to make sure that things were properly wired up. Apologies for not doing that for the other PR.
Cheers!
Commits
-------
2c0ac93 Fix bad method call with guard authentication + session migration
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Cache] Use sub-second accuracy for internal expiry calculations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | not really
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Embeds #26929, #27009 and #27028, let's focus on the 4th commit for now.
This is my last significant PR in the Cache series :)
By using integer expiries internally, our current implementations are sensitive to abrupt transitions when time() goes to next second: `$s = time(); sleep(1); echo time() - $s;` *can* display 2 from time to time.
This means that we do expire items earlier than required by the expiration settings on items.
This also means that there is no way to have a sub-second expiry. For remote backends, that's fine, but for ArrayAdapter, that's a limitation we can remove.
This PR replaces calls to `time()` by `microtime(true)`, providing more accurate timing measurements internally.
Commits
-------
08554ea18c [Cache] Use sub-second accuracy for internal expiry calculations
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] fix for allowing single colon controller notation
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27522
| License | MIT
| Doc PR | -
This fixes a BC break introduced in https://github.com/symfony/symfony/pull/26085#pullrequestreview-126370222.
ping @Tobion
Commits
-------
1680674174 [FrameworkBundle] fix for allowing single colon controller notation
* 4.1:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[HttpKernel] Log/Collect exceptions at prio 0
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
[Routing] fix matching host patterns, utf8 prefixes and non-capturing groups
* 4.0:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
* 3.4:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Cache] Unconditionally use PhpFilesAdapter for system pools
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Now that we're about to leverage OPCache shared memory even for objects (see #27543), there's no reason anymore to use APCu for system caches. Let's remove some complexity here.
As a bonus, this makes system caches pruneable using the `cache:pool:prune` command.
Commits
-------
51381e530a [Cache] Unconditionally use PhpFilesAdapter for system pools
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Cache] Add stampede protection via probabilistic early expiration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR |
This PR implements [probabilistic early expiration](https://en.wikipedia.org/wiki/Cache_stampede#Probabilistic_early_expiration) on top of `$cache->get($key, $callback);`
It adds a 3rd arg to `CacheInterface::get`:
> float $beta A float that controls the likelyness of triggering early expiration. 0 disables it, INF forces immediate expiration. The default is implementation dependend but should typically be 1.0, which should provide optimal stampede protection.
Commits
-------
13523ad985 [Cache] Add stampede protection via probabilistic early expiration
This PR was squashed before being merged into the 3.4 branch (closes#27556).
Discussion
----------
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | Related to #27395
| License | MIT
| Doc PR | symfony/symfony-docs#9860
This is the sister PR to #27452, which covered all the other authentication listeners.
Commits
-------
c06f3229de Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
This PR was squashed before being merged into the 2.8 branch (closes#27452).
Discussion
----------
Avoid migration on stateless firewalls
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | Related to #27395
| License | MIT
| Doc PR | symfony/symfony-docs#9860
This is a proof-of-concept. Once we agree / are happy, I need to add this to all of the other authentication mechanisms that recently got the session migration code & add tests.
Basically, this avoids migrating the session if the firewall is stateless. There were 2 options to do this:
A) Make the `SessionAuthenticationStrategy` aware of all stateless firewalls. **This is the current approach**
or
B) Make each individual authentication listener aware whether or not *its* firewall is stateless.
Commits
-------
cca73bb564 Avoid migration on stateless firewalls
This PR was squashed before being merged into the 3.4 branch (closes#27326).
Discussion
----------
[Serializer] deserialize from xml: Fix a collection that contains the only one element
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27279
| License | MIT
| Doc PR |
In xml when parent node (`restaurants`) contains several children nodes with the same tag (`restaurant`) it is clear that the children form a collection:
```
restaurants = {array} [1]
restaurant = {array} [2]
0 = {array} [2]
name = "Some restaurant name"
type = "Chinese"
1 = {array} [2]
name = "Another restaurant name"
type = "Italian"
```
Afterwards the object denormalizer has no problem to create a collection of restaurants.
But when there is only one child (`restaurant`) the decoded normalized array will not contain a collection:
```
restaurants = {array} [1]
restaurant = {array} [2]
name = "Some restaurant name"
type = "Chinese"
```
In this situation the object denormalizer threw unexpected exception. This PR modifies `AbstractObjectNormalizer` that is it will fill a collection containing the sole element properly.
Commits
-------
1f346f446d [Serializer] deserialize from xml: Fix a collection that contains the only one element
This PR was squashed before being merged into the 4.1 branch (closes#27562).
Discussion
----------
[HttpKernel] Log/Collect exceptions at prio 0
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no, fixes one
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #27440
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
So that it runs after the security exception listener, which runs at prio 1.
Im not sure what to do with the (wrong) changelog entry for 4.1.0 at this point.. should we add a new entry for 4.1.1?
Commits
-------
85b832bcc9 [HttpKernel] Log/Collect exceptions at prio 0
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#27567).
Discussion
----------
[PhpUnitBridge] Fix error on some Windows OS
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27439
| License | MIT
Bug Fix on PHPUnit Bridge
Commits
-------
50979b5ea4 [PhpUnitBridge] Fix error on some Windows OS
* 4.1:
[FrameworkBundle] decouple some cache-warmer's test from internal details
bug #27405 [Cache] TagAwareAdapter should not corrupt memcached connection in ascii mode
Remove released semaphore
* 4.0:
[FrameworkBundle] decouple some cache-warmer's test from internal details
bug #27405 [Cache] TagAwareAdapter should not corrupt memcached connection in ascii mode
Remove released semaphore
* 3.4:
[FrameworkBundle] decouple some cache-warmer's test from internal details
bug #27405 [Cache] TagAwareAdapter should not corrupt memcached connection in ascii mode
Remove released semaphore
This PR was merged into the 3.4 branch.
Discussion
----------
[Lock] Remove released semaphore
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27356
| License | MIT
| Doc PR | NA
This PR remove the semaphore with `sem_remove`. By removing without releasing the semaphore, all pending blocking acquiring will fail that's why the acquire method has also been update to handle such case
Commits
-------
77b9f90a32 Remove released semaphore