The AuthenticatorManager now performs the whole authentication process. This
allows for manual authentication without duplicating or publicly exposing parts
of the process.
This to remove confusion between the new system and Guard. When using the new
system, guard should not be installed. Guard did however influence the idea
behind the new system. Thus keeping the mentions of "guard" makes it confusing
to use the new system.
This allows more flexibility for the authentication manager (to e.g. implement
login throttling, easier remember me, etc). It is also a known design pattern
in Symfony HttpKernel.
This removes the introduced dependency on Guard from core. It also allows an
easier migration path, as the complete Guard subcomponent can now be deprecated
later in the 5.x life.
This is an iteration on the AuthenticatorInterface of the Guard, to allow more
flexibility so it can be used as a real replaced of the authentication
providers and listeners.
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Routing] Deal with hosts per locale
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#30617
| License | MIT
| Doc PR | TODO
Allow to define a different host for each locale in routing.
It's now possible to define this kind of configuration:
```yaml
controllers:
resource: ../../src/Controller/
type: annotation
host:
fr: www.example.fr
en: www.example.com
```
It's still possible to define an unique host (`host: wwww.example.com`) and if a host is defined for a given route directly, it's not overridden.
To be done:
- [x] YamlLoader
- [x] XmlLoader
- [x] PhpLoader?
- [x] Documentation
- [x] Changelog
Commits
-------
4751a732f2 [Routing] Deal with hosts per locale
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] CacheItem with tag is never a hit after expired
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes/no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36458
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
It seems like a tag cacheItem is never a hit again. Not sure how fix this but the cache component is really hard to debug 🙈 .
It need to be somewhere generally as all TagAware caches are effected:
```
1) Symfony\Component\Cache\Tests\Adapter\FilesystemTagAwareAdapterTest::testRefreshAfterExpires
Failed asserting that false is true.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:194
2) Symfony\Component\Cache\Tests\Adapter\PredisTagAwareClusterAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
3) Symfony\Component\Cache\Tests\Adapter\RedisTagAwareAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
4) Symfony\Component\Cache\Tests\Adapter\RedisTagAwareClusterAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
```
Commits
-------
d082eca7dd Add reproducer to for hit after update expire cacheItem
f815b011c3 [Cache] fix FilesystemTagAwareAdapter failing when a tag link preexists
* 4.4:
[HttpFoundation] workaround PHP bug in the session module
[SecurityBundle] fix accepting env vars in remember-me configurations
[Form] Fixed handling groups sequence validation
[Cache] Avoid memory leak in TraceableAdapter::reset()
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] workaround PHP bug in the session module
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Current tests fail after https://github.com/php/php-src/pull/5305
Which itself is a patch for a bug in the session module.
This PR works around the issue in older versions of PHP and fixes the tests.
Commits
-------
0cbca19edc [HttpFoundation] workaround PHP bug in the session module
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Fixed broken master build
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | n/a
The build failures are caused by these lines (line 100 specically):
2460ca59af/src/Symfony/Component/Security/Http/Firewall/ContextListener.php (L97-L108)
Since #34363, `$request->cookies->get()` is typehinted as `string|null`. On Travis with PHP=7.4, this doc typehint is transformed into PHP return type: `get(): ?string`.
On tests, the session cookie is set to `true`. See #36118 for some background on why this is necessary.
There are a couple possible solutions:
1. Update the `InputBag::get()` PHPdoc to use `@return scalar|null`
2. Use `$request->cookie->all()[$session->getName()]` in `ContextListener`
3. Allow pre-configuring the session ID in `MockArraySessionStorage`.
I've implemented solution (1). The method is actually using `is_scalar()` to check if a deprecation notice should be triggered, so it is expected to return a scalar in Symfony 6.
_I've had to update the `DebugClassLoader` to not convert this to `get(): ?scalar`, as that doesn't exists in PHP. I'm not sure if my changes are correct (but they work)._
Commits
-------
94f47630ba Fixed fetching sessionId from InputBag