* 4.3:
[Cache] replace getNsSeparator by NS_SEPARATOR on AbstractTrait
[Cache] fix versioning with SimpleCacheAdapter
[Messenger] fix AMQP delay queue to be per exchange
Fix expired lock not cleaned
[HttpClient] throw DecodingExceptionInterface when toArray() fails because of content-type error
[HttpFoundation] Fix SA/phpdoc JsonResponse
[DI] Show the right class autowired when providing a non-existing class in constructor
SimpleCacheAdapter fails to cache any item if a namespace is used
validate composite constraints in all groups
[Serializer] Handle true and false appropriately in CSV encoder
[Messenger] improve logs
[Messenger] fix delay delivery for non-fanout exchanges
Parameterize Mailgun's region
Fix binary operation `+`, `-` or `*` on string
[VarDumper] fix dumping objects that implement __debugInfo()
[HttpClient] Don't use CurlHttpClient on Windows when curl.cainfo is not set
Add statement to fileLink to ignore href code when no fileLink.
[Routing] fix absolute url generation when scheme is not known
* 4.2:
[Cache] replace getNsSeparator by NS_SEPARATOR on AbstractTrait
[Cache] fix versioning with SimpleCacheAdapter
Fix expired lock not cleaned
[HttpFoundation] Fix SA/phpdoc JsonResponse
SimpleCacheAdapter fails to cache any item if a namespace is used
validate composite constraints in all groups
[Serializer] Handle true and false appropriately in CSV encoder
Fix binary operation `+`, `-` or `*` on string
[VarDumper] fix dumping objects that implement __debugInfo()
[Routing] fix absolute url generation when scheme is not known
* 3.4:
Fix expired lock not cleaned
[HttpFoundation] Fix SA/phpdoc JsonResponse
SimpleCacheAdapter fails to cache any item if a namespace is used
validate composite constraints in all groups
[Serializer] Handle true and false appropriately in CSV encoder
Fix binary operation `+`, `-` or `*` on string
[VarDumper] fix dumping objects that implement __debugInfo()
[Routing] fix absolute url generation when scheme is not known
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Improve TypeValidator to handle array of types
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31330
| License | MIT
| Doc PR | tbd.
The `@Type` constraint is now able to handle multiple types:
```php
/**
* @var string|array
* @Assert\Type(type={"string", "array"})
*/
private $name;
```
and will pass when `$name` is either of type `string` or `array`.
Commits
-------
c8100f34f8 [Validator] Improve TypeValidator to handle array of types
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Add compared value path to violation parameters
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
While it's not really useful to use as a placeholder in the violation message template (compared to hard-coding it into the message. Nor it is really user-friendly),
it becomes handy in conjunction with #29130 for any mapping logic on client-side.
Commits
-------
2da226a57f [Validator] Add compared value path to violation parameters
This PR was squashed before being merged into the 4.3-dev branch (closes#31060).
Discussion
----------
[Validator] Make API endpoint for NotCompromisedPasswordValidator configurable
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes, but acceptable [1]
| Deprecations? | no [1]
| Tests pass? | yes
| Fixed tickets | #30871, #31054
| License | MIT
| Doc PR | symfony/symfony-docs#... (TODO)
Makes the API endpoint for the `NotCompromisedPasswordValidator` configurable. The endpoint includes the placeholder which will be replaced with the first digits of the password hash for k-anonymity.
The endpoint can either be set via constructor injection of the validator if the component is used standalone, or via the framework configuration of symfony/framework-bundle.
[1] As discussed in #31054, the validator is not in a stable release yet, therefore the BC break is considered acceptable. No deprecation / BC layer is necessary.
Commits
-------
f6a80c214d [Validator] Make API endpoint for NotCompromisedPasswordValidator configurable
This PR was merged into the 4.3-dev branch.
Discussion
----------
Make the exception messages consistent across the board
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
84c67193bc made the esception messages consistent across the board
This PR was squashed before being merged into the 4.3-dev branch (closes#31354).
Discussion
----------
[Intl][Validator] Handle alias locales/timezones
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes (including intl-data group)
| Fixed tickets | #31022
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
both timezones and locales have aliases (either thru deprecation/migration/etc.)
for locales we compile a mapping, for timezones we dont. yet we can benefit partial alias support thru DateTimeZone, which knows about most timezone IDs already.
both the timezone + locale validator already support aliases. Connsequently, we should support aliases in `Timezones::exists()` + `Locales::exists()` as well IMHO.
so far so good; the catch is; with this PR `Locales::getName()` supports aliases, whereas `Timezones::getName()` doesnt. I think it's reasonable for now, until we compile the timezone mapping so we can widen the timezone ID conversion here.
Commits
-------
0a9be0df6e [Intl][Validator] Handle alias locales/timezones
This PR was squashed before being merged into the 4.3-dev branch (closes#28846).
Discussion
----------
[Intl] Simplify API
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #18368
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/11221
Simplifies the Intl API. It greatly reduces the no. of boilerplate classes in this component. Very over complicated, much wow :)
Solving (IMHO):
```php
class LanguageBundle extends LanguageDataProvider implements LanguageBundleInterface
```
Which seems very over complicated just to provide static data.
```php
// before
Intl::getLanguageBundle()->getLanguageName() // string | null
// after
Languages::getName() // string
Languages::exists() // bool
```
I left out Canonicalization on puropose, that's a new topic to me.
- [x] Languages
- [x] Locales
- [x] Currencies
- [x] Regions
- [x] Scripts
- [ ] Timezones (#28831)
- [x] Update constraints
- [x] Update form types
Thoughts?
Commits
-------
d6b67d469a [Intl] Simplify API
* 4.2:
fix translating file validation error message
[Validator] Add missing Hungarian translations
Improving deprecation message of the Twig templates directory src/Resources/views
[3.4] [Validator] Add missing french validation translations.
[Validator] Only traverse arrays that are cascaded into
Handle case where no translations were found
[Validator] Translate unique collection message to Hungarian
fix tests
Run test in separate process
Use a class name that does not actually exist
[Profiler] Fix dark theme elements color
fix horizontal spacing of inlined Bootstrap forms
[Translator] Warm up the translations cache in dev
turn failed file uploads into form errors
* 3.4:
fix translating file validation error message
[Validator] Add missing Hungarian translations
[3.4] [Validator] Add missing french validation translations.
[Validator] Only traverse arrays that are cascaded into
Handle case where no translations were found
[Validator] Translate unique collection message to Hungarian
fix tests
Run test in separate process
Use a class name that does not actually exist
fix horizontal spacing of inlined Bootstrap forms
[Translator] Warm up the translations cache in dev
turn failed file uploads into form errors
This PR was squashed before being merged into the 4.3-dev branch (closes#30901).
Discussion
----------
Renamed NotPwned to NotCompromisedPassword
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | -
| License | MIT
| Doc PR | -
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
2f648b04ae Renamed NotPwned to NotCompromisedPassword
* 4.2: (45 commits)
[Form] various minor fixes
Ensure the parent process is always killed
bugfix: the terminal state was wrong and not reseted
[Console] Fix inconsistent result for choice questions in non-interactive mode
Define null return type for Constraint::getDefaultOption()
[Routing] Fix: annotation loader ignores method's default values
[HttpKernel] Fix DebugHandlersListener constructor docblock
Skip Glob brace test when GLOB_BRACE is unavailable
bumped Symfony version to 4.2.6
updated VERSION for 4.2.5
updated CHANGELOG for 4.2.5
bumped Symfony version to 3.4.25
updated VERSION for 3.4.24
update CONTRIBUTORS for 3.4.24
updated CHANGELOG for 3.4.24
[EventDispatcher] cleanup
fix testIgnoredAttributesInContext
Re-generate icu 64.1 data
Improve PHPdoc / IDE autocomplete for config tree builder
[Bridge][Twig] DebugCommand - fix escaping and filter
...
This PR was squashed before being merged into the 4.3-dev branch (closes#27738).
Discussion
----------
[Validator] Add a HaveIBeenPwned password validator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | todo
This PR adds a new `Pwned` validation constraint to prevent users to choose passwords that have been leaked in public data breaches.
The validator uses the https://haveibeenpwned.com/ API. The implementation is similar to the one used by [Firefox Monitor](https://blog.mozilla.org/futurereleases/2018/06/25/testing-firefox-monitor-a-new-security-tool/). It allows to not expose the password hash using a k-anonymity model. The specific implementation for HaveIBeenPwned has been [described in depth by Cloudflare](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/).
Usage:
```php
// Rejects the password if is present in any number of times in any data breach
class User
{
/** @Pwned */
public $plainPassword;
}
// Rejects the password if is present more than 5 times in data breaches
class User
{
/** @Pwned(maxCount=5) */
public $plainPassword;
}
// Customize the error message
class User
{
/** @Pwned(message='Please select another password, this one has already been hacked.') */
public $plainPassword;
}
```
Commits
-------
ec1ded898a [Validator] Add a HaveIBeenPwned password validator
* 4.2: (26 commits)
Apply php-cs-fixer rule for array_key_exists()
[Cache] fix warming up cache.system and apcu
[Security] Change FormAuthenticator if condition
handles multi-byte characters in autocomplete
speed up tests running them without debug flag
[Translations] added missing Croatian validators
Fix getItems() performance issue with RedisCluster (php-redis)
[VarDumper] Keep a ref to objects to ensure their handle cannot be reused while cloning
IntegerType: reject submitted non-integer numbers
be keen to newcomers
[HttpKernel] Fix possible infinite loop of exceptions
fixed CS
[Validator] Added missing translations for Afrikaans
do not validate non-submitted form fields in PATCH requests
Update usage example in ArrayInput doc block.
[Console] Prevent ArgvInput::getFirstArgument() from returning an option value
[Validator] Fixed duplicate UUID
fixed CS
[EventDispatcher] Fix unknown priority
Avoid mutating the Finder when building the iterator
...
