This PR was squashed before being merged into the 3.4 branch (closes#24300).
Discussion
----------
[HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR provides a minimalist PSR-3 logger that is always available when FrameworkBundle is installed.
By default, it writes errors on `stderr`, regular logs on `stdout` and discards debug data (this is configurable).
This approach has several benefits:
- It's what expect from an app logging systems of major containerization and orchestration tools including [Docker](https://docs.docker.com/engine/admin/logging/view_container_logs/) and [Kubernetes](https://kubernetes.io/docs/concepts/cluster-administration/logging/), as well as most cloud providers such as [Heroku](https://devcenter.heroku.com/articles/logging#writing-to-your-log) and [Google Container Engine](https://kubernetes.io/docs/tasks/debug-application-cluster/logging-stackdriver/). If the app follows this standard (and it's not currently the case with Symfony by default) logs will be automatically collected, aggregated and stored.
- It's in sync with the "back to Unix roots" philosophy of Flex
- Logs are directly displayed in the console when running the integrated PHP web server (`bin/console server:start` or Flex's `make serve`), Create React App also do that for instance.
- It fixes a common problem when installing Flex recipes: many bundles expect a logger service but currently there is none available by default, and you usually get a `"logger" service not found error` (because packages depend of the PSR, but the PSR doesn't provide a logger service).
Commits
-------
9a06513ec7 [HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix precision of MoneyToLocalizedStringTransformer's divisions and multiplications
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| License | MIT
There is a [PHP Bug](https://bugs.php.net/bug.php?id=75004) with the accuracy of divisions and multiplications when `/=` and `*=` are used.
Here is the proof: https://3v4l.org/u1DkX
It would be better to use `bcmul()` and `bcdiv()` in the `MoneyToLocalizedStringTransformer.php` to prevent this bug.
Commits
-------
ab47c7878e Added improvement for accuracy in MoneyToLocalizedStringTransformer.
* 3.4:
Argon2i Password Encoder
[DI] EnvVarProcessorInterface: fix missing use
[FrameworkBundle] Use PhpExtractor from Translation
[DowCrawler] Default to UTF-8 when possible
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Argon2i Password Encoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | WIP
Since the [libsodium RFC](https://wiki.php.net/rfc/libsodium) passed with flying colours, I'd like to kick start a discussion about adding Argon2i as a password encoder to the security component. The initial code proposal in this PR supports both the upcoming public API confirmed for PHP 7.2, and the [libsodium PECL extension](https://pecl.php.net/package/libsodium) for those below 7.2 (available for PHP 5.4+).
#### Concerns
- Should the test cover hash length? At the moment the result of Argon2i is 96 characters, but because the hashing parameters are included in the result (`$argon2i$v=19$m=32768,t=4,p=1$...`) this is not guaranteed.
- I've used one password encoder class because the result *should* be the same whether running natively in 7.2 or from the PECL extension, but should the logic be split out into separate private methods (like `Argon2iPasswordEncoder::encodePassword()`) or not (like in `Argon2iPasswordEncoder::isPasswordValid()`)? Since I can't really find anything concrete on Symfony choosing one way over another I'm assuming it's down to personal preference?
#### The Future
Whilst the libsodium RFC has been approved and the public API confirmed, there has been no confirmation of Argon2i becoming an official algorithm for `passhword_hash()`. If that is confirmed, then the implementation should *absolutely* use the native `password_*` functions since the `sodium_*` functions do not have an equivalent to the `password_needs_rehash()` function.
Any feedback would be greatly appreciated 😃
Commits
-------
be093dd79a Argon2i Password Encoder
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Use PhpExtractor from Translation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The FrameworkBundle's one is legacy, so triggers a deprecation notice.
Commits
-------
3d19fd9837 [FrameworkBundle] Use PhpExtractor from Translation
This PR was merged into the 3.4 branch.
Discussion
----------
[DowCrawler] Default to UTF-8 when possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17258
| License | MIT
| Doc PR | -
This can't be ambiguous, let's use UTF-8 when possible.
Commits
-------
73eda66b99 [DowCrawler] Default to UTF-8 when possible
Add the Argon2i hashing algorithm provided by libsodium as a core encoder in the Security component, and enable it in the SecurityBundle.
Credit to @chalasr for help with unit tests.
* 3.4:
Fix conflicts between Bridge/PhpUnit and Debug fixtures
[DI] Fix typehint
[PhpUnitBridge] Make CoverageListenerTest more robust when xdebug is not available
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] include file and line number in deprecation
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In #23108 we removed line numbers from deprecation messages created by the YAML parser because those numbers were quite useless without the file being parsed. I suggest to revert this change and add the file being parsed to the deprecation message.
Commits
-------
cf03552 include file and line number in deprecation
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] Make CoverageListenerTest more robust when xdebug is not available
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
9fac290 [PhpUnitBridge] Make CoverageListenerTest more robust when xdebug is not available
* 3.4:
Moved PhpExtractor and PhpStringTokenParser to Translation component
[Asset] Provide default context
[HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
Add exclusive Twig namespace for bundles path
Share connection factories between cache and lock
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] Improve the overriding of bundle templates
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17557
| License | MIT
| Doc PR | -
### [Overriding a Template that also extends itself](https://twig.symfony.com/doc/2.x/recipes.html#overriding-a-template-that-also-extends-itself)
Now that bundles inheritance is deprecated and removed (#24160, #24161), I'm wondering if we can solve this old issue defining an exclusive namespace only for root bundles in `3.4` just bundles in `4.0`:
```yaml
twig:
paths:
# adding paths behind the scene into TwigExtension
app/Resources/FooBundle/views: Foo
vendor/acme/foo-bundle/Resources/views: Foo
vendor/acme/foo-bundle/Resources/views: !Foo # exclusive
```
Thus, one can decide when use the exclusive namespace to avoid the issue and then [we could to say also](http://symfony.com/doc/current/templating/overriding.html):
> To override the bundle template partially (which contains `block`) creates a new `index.html.twig` template in `app/Resources/AcmeBlogBundle/views/Blog/index.html.twig` and extends from `@!AcmeBlogBundle/Blog/index.html.twig` to customize the bundle template:
```twig
{# app/Resources/FooBundle/views/layout.html.twig #}
{# this does not work: circular reference to itself #}
{% extends '@Foo/layout.html.twig' %}
{# this will work: load bundle layout template #}
{% extends '@!Foo/layout.html.twig' %}
{% block title 'New title' %}
```
I hear other suggestions about the excluse namespace.
We will need to update http://symfony.com/doc/current/templating.html#referencing-templates-in-a-bundle too to add this convention.
WDYT?
Commits
-------
0a658c6eef Add exclusive Twig namespace for bundles path
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
More code that we can drop :)
Commits
-------
fa62e5068e [HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
This PR was merged into the 3.4 branch.
Discussion
----------
[Lock] Use cache connection factories in lock
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no (feature removal)
| BC breaks? | no (if merged in 3.4)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
An alternative to https://github.com/symfony/symfony/pull/24267 to share code between cache and lock.
Commits
-------
95358ac98f Share connection factories between cache and lock
This PR was squashed before being merged into the 3.4 branch (closes#21027).
Discussion
----------
[Asset] Provide default context
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19396
| License | MIT
| Doc PR | should be noted somewhere, ill create an issue
Allows configuring the default asset context to make things works on CLI for example. Same approach as the routing component.
Introduces
```yaml
# parameters.yml
asset.request_context.base_path: '/base/path'
asset.request_context.secure: false
```
Commits
-------
9137d57ecd [Asset] Provide default context
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Reference tagged services in config
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12269
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/8404
This is a proof of concept to reference a sequence of tagged services.
The problem bugs me for some time, and at first i thought the solution was to have some super generic compiler pass. If it could replace a lot of compilers in core.. perhaps worth it, but eventually each tag comes with it's own logic, including how to deal with tag attributes.
However, writing the passes over and over again becomes tedious for the most basic usecase. So given the recent developments, this idea came to mind.
```yml
services:
a:
class: stdClass
properties: { a: true }
tags: [foo]
b:
class: stdClass
properties: { b: true }
tags: [foo]
c:
class: stdClass
properties:
#stds: !tagged_services foo (see #22198)
stds: !tagged_services
foo
```
```
dump(iterator_to_array($this->get('c')->stds));
```
```
array:2 [▼
0 => {#5052 ▼
+"a": true
}
1 => {#4667 ▼
+"b": true
}
]
```
Given the _basic_ example at https://symfony.com/doc/current/service_container/tags.html, this could replace that.
Any thoughts?
Commits
-------
979e58f [DI] Reference tagged services in config
This PR was squashed before being merged into the 3.4 branch (closes#24337).
Discussion
----------
Adding a shortcuts for the main security functionality
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | Big ol' TODO
I'd like one class that I can inject (especially with autowiring) to get access to the User and `isGranted()` methods. This is *really* important... because to get the User currently, you need to type-hint `TokenStorageInterface`... and there are *two*! That's really bad DX!
Questions:
A) I hi-jacked the existing `Security` class... I wanted a simple class called Security
B) I called the service `security.helper`... for lack of a better id.
C) I did not make `Security` implement the 2 other interfaces (`TokenStorageInterface`, `AuthorizationCheckerInterface`... but I suppose we could?)
Cheers!
Commits
-------
0851189 Adding a shortcuts for the main security functionality
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] register an identity translator as fallback
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24303#issuecomment-331864529
| License | MIT
| Doc PR |
The Form component can be used without the Translation component.
However, to be able to use the default form themes provided by the
TwigBridge you need to have the `trans` filter to be available.
This change ensure that there will always be a `trans` filter which as
a fallback will just return the message key if no translator is present.
Commits
-------
f0876e5927 register an identity translator as fallback
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] include file and line no in deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Now that we know the filename being parsed we can improve deprecation messages which is especially useful when trying to find the DI config file that triggers a particular deprecation.
Commits
-------
f618e43234 include file and line no in deprecation message
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] minor translation text fix
Update validators.cs.xlf - Fix czech translation for "This field was not expected"
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | none
| License | none
| Doc PR | none
This commit fixes grammatical issue for czech translation only.
Commits
-------
fbe7148000 Fix translation for "This field was not expected"
* 3.4:
[DI] Fix missing use + minor tweaks
[Routing] Enhance PHP DSL traits docblocks
Fix AclSchemaListener deprecation
Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
Minor reword
[HttpKernel] Make array vs "::" controller definitions consistent
Fix tests
[TwigBundle] Remove profiler related scripting
[TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
[WebProfilerBundle] Hide inactive tabs from CSS
[TwigBundle] Make deprecations scream in logs
[TwigBundle] Hide logs if unavailable, i.e. webprofiler
[TwigBundle] Break long lines in exceptions
[WebProfilerBundle] Added missing link to profile token
[DI] Fix decorated service merge in ResolveInstanceofConditionalsPass
Preserve URI fragment in HttpUtils::generateUri()
[PhpUnitBridge] do not require an error context
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] register class metadata factory alias
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24296
| License | MIT
| Doc PR |
Commits
-------
d0235a00cc register class metadata factory alias
* 3.3:
Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
Minor reword
[HttpKernel] Make array vs "::" controller definitions consistent
Fix tests
[TwigBundle] Remove profiler related scripting
[TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
[WebProfilerBundle] Hide inactive tabs from CSS
[TwigBundle] Make deprecations scream in logs
[TwigBundle] Hide logs if unavailable, i.e. webprofiler
[TwigBundle] Break long lines in exceptions
[WebProfilerBundle] Added missing link to profile token
[DI] Fix decorated service merge in ResolveInstanceofConditionalsPass
Preserve URI fragment in HttpUtils::generateUri()
[PhpUnitBridge] do not require an error context
This PR was squashed before being merged into the 2.7 branch (closes#24243).
Discussion
----------
HttpCache does not consider ESI resources in HEAD requests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Due to this shortcut:
3b42d8859e/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php (L634-L642)
... the `HttpCache` never looks at the response body for `HEAD` requests. This makes it completely miss ESI-related tweaks like computing the correct TTL, removing validation headers or updating the `Content-Length`.
From RFC2616 (https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.4):
> The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request.
Although it says "SHOULD", I think it can be misleading at best when HEAD requests do, for example, return different (greater) `s-maxage` values than a corresponding GET request.
Commits
-------
4dd0e53171 HttpCache does not consider ESI resources in HEAD requests
The Form component can be used without the Translation component.
However, to be able to use the default form themes provided by the
TwigBridge you need to have the `trans` filter to be available.
This change ensure that there will always be a `trans` filter which as
a fallback will just return the message key if no translator is present.
* 3.4:
fixed CS
[Serializer] Add Support for in CustomNormalizer
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
[Lock] Include lock component in framework bundle
[WebProfilerBundle] Render file links for twig templates
CsvEncoder handling variable structures and custom header order
Saltless Encoder Interface
[Serializer] throw more specific exceptions
# Conflicts:
# src/Symfony/Bundle/FrameworkBundle/composer.json
# src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php
# src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
# src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php
# src/Symfony/Component/Serializer/Serializer.php
This PR was squashed before being merged into the 3.4 branch (closes#21716).
Discussion
----------
[Serializer] Add Support for `object_to_populate` in CustomNormalizer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21715
| License | MIT
| Doc PR | n/a
This pulls a trait out of `AbstractNormalizer` with a method to extract the object to populate and adds some tests for it. Then uses that trait in both `AbstractNormalizer` and `CustomNormalizer` so both can support the `object_to_populate` key.
Commits
-------
ec9242d1ee [Serializer] Add Support for in CustomNormalizer
This PR was squashed before being merged into the 3.4 branch (closes#21960).
Discussion
----------
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no/possibly
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | symfony/symfony-docs#7587
Based on a discussion in the docs, users should not really extend classes in the `Tests` namespace. This means that if you want to unit test forms, you need to extend the `Test\TypeTestCase` class which doesn't have the validation logic (Not adding the validator extension gives an error if you use the `constraints` option in your forms).
So I propose to remove the `Validator\TypeTestCase` class (or it can possibly be deprecated if it is wrongly used by someone), and add the validator extension logic to the base `TypTestCase` class.
The benefit is that there is only one class to extend (both for internal or userland tests), and it makes it easy to add more core extensions if necessary.
The one part that I don't like too much at the moment, is keeping the extension in the `getExtensions` method. This means that you extend the class and need to register custom extensions, that you would need to do `return array_merge(parent::getExtensions(), ... ` (only in the case when you want core extensions enabled). So I don't know if we rather want to add a private method like `getCoreExtensions`?
Commits
-------
5ab50103ae Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
This PR was merged into the 4.0-dev branch.
Discussion
----------
[HttpFoundation] Removed compatibility layer for PHP <5.4 sessions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This is a follow-up of https://github.com/symfony/symfony/pull/24239. This PR removes the compatibility layer added for sessions for PHP <5.4.
Commits
-------
37d1a212f9 Removed compatibility layer for PHP <5.4 sessions
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] throw more specific exceptions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20534
| License | MIT
| Doc PR |
Commits
-------
aa30d04243 [Serializer] throw more specific exceptions
This PR was squashed before being merged into the 3.4 branch (closes#24256).
Discussion
----------
CsvEncoder handling variable structures and custom header order
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23278
| License | MIT
| Doc PR | TBD
This PR improves the CsvEncoder to handle variable nesting structures and adds a context option that allows custom csv header order.
Commits
-------
d173494e48 CsvEncoder handling variable structures and custom header order
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Saltless Encoder Interface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A new interface for encoders that do not require a user-generated salt (generate their own built-in) as suggested by @stof ([comment](https://github.com/symfony/symfony/pull/21604/files#r101225470)), this will become useful as more password encoders are added in the future (such as symfony/symfony#21604).
Commits
-------
7c4aa0bccb Saltless Encoder Interface
* 3.4:
[PhpUnitBridge] Added a CoverageListener to enhance the code coverage report
Add a method to check if any results were found
[SecurityBundle] Deprecate ACL related code
[FrameworkBundle] Enable assets with templates only if the Asset component is installed
This PR was squashed before being merged into the 3.3 branch (closes#24244).
Discussion
----------
TwigBundle exception/deprecation tweaks
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
- 1st commit) if you view a exception in the profiler, there is no logger available. Making the tab useless, disabled state is now triggered at zero log messages. There's a specialized panel here.
- 2nd commit) when an exception occurs this highlights deprecations in the log table outside the profiler with a warning status. This follows the same signal colors in the profiler.
- 3rd commit) hide the default inactive tabs from CSS to avoid scrollbar flickering.
- 4th commit) favors document.DOMContentLoaded over window.load, we dont want to wait for images to be loaded
Further out-of-scope improvements could be;
- From https://github.com/symfony/symfony/pull/24191; i think the logs table should show a direct `View file` link for every error/deprecation/red or yellow line in here. Traversing with `Show context` is tedious.
- links to file.php for your trigger_error() calls
- links to config.yml for trigger_error() calls by SF
- From #24151; having the same tooling on both sides is nice
- Events/Translations logs is noise, we have specialized panels for those. To further reduce the overall page size container logs can be moved away too, linked from Configuration and/or Logs. Also see #23247
Commits
-------
1c595fcf48 [TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
ea4b0966ab [WebProfilerBundle] Hide inactive tabs from CSS
0c10f97f98 [TwigBundle] Make deprecations scream in logs
03cd9e553b [TwigBundle] Hide logs if unavailable, i.e. webprofiler
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Enable assets with templates only if the Asset component is installed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
Commits
-------
5bc0b0527e [FrameworkBundle] Enable assets with templates only if the Asset component is installed
This PR was merged into the 3.3 branch.
Discussion
----------
[TwigBundle] Remove profiler related scripting
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
For sanity.
Also in case of an exception page we conflict with the profiler scripting/css.
```
Uncaught TypeError: Cannot set property 'className' of null
```
Happens because `Sfjs.createTabs` from the profiler tries to process tabs again, which twig has already done. The code doesnt handle this gracefully.
In case of ajax request (edgy yes) we see the CSS conflicting;
![image](https://user-images.githubusercontent.com/1047696/30712781-7680c8d2-9f0d-11e7-8a6c-27f460c1e780.png)
Note the table borders. Not sure how and if we want to solve this nor what it might affect otherwise; open for now.
Commits
-------
eb520e1e5b Minor reword
02dcdca014 [TwigBundle] Remove profiler related scripting
This PR was merged into the 3.4 branch.
Discussion
----------
[Finder] Add a method to check if any results were found
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
If I want to know if any results were found, but I don't want to start trawling through them, I have to do the rather ugly:
```php
$found = false;
foreach ($finder as $thing) {
$found = true;
break;
}
if ($found) {
```
This PR enables the much more readable:
```php
if ($finder->found()) {
```
This seemed like an obvious thing to me, so I suspect there might be a reason this doesn't exist already, but I couldn't find any previous discussion. If it'll be accepted then I'll glady create a docs PR
Commits
-------
24dcb5202c Add a method to check if any results were found
This PR was squashed before being merged into the 3.4 branch (closes#23149).
Discussion
----------
[PhpUnitBridge] Added a CoverageListener to enhance the code coverage report
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/8416
---
The code coverage computed by PHPUnit is not very accurate by default as it marks a line as tested as soon as it has been executed.
For example, if you have two classes A and B where A is using B and you write test only for the class A then the class B will be marked as tested.
You can fix this issue by adding `@covers A` on top of the class ATest, but it's a bit boring.
This Listener add this annotation on each test if it's applicable:
* If an annotation already exists, we do nothing.
* We try to find the SUT thanks to the Test class name, if it does not exist, we do nothing
---
If you wan to see it in action: https://github.com/lyrixx/phpunit-auto-cover
---
The PR is not finished, I think we could add this listener to symfony itself.
What do you think?
Commits
-------
e17206debd [PhpUnitBridge] Added a CoverageListener to enhance the code coverage report
This PR was merged into the 3.4 branch.
Discussion
----------
Forward compatibility for the removal of bundle inheritance in 4.0
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Compat layer so that 3.4 and master combinations of framework/twig bundles and http-kernel work together.
Commits
-------
fba7e543d1 added foward compatibility for the removal of bundle inheritance in 4.0
* 3.4:
Passing the newly generated security token to the event during user switching.
Fix changelog and minor tweak for #23485
[Config] extracted the xml parsing from XmlUtils::loadFile into XmlUtils::parse
[Security][SecurityBundle] Deprecate the HTTP digest auth
add ability to configure catching exceptions
Extract method refactoring for ResourceCheckerConfigCache
This PR was merged into the 3.4 branch.
Discussion
----------
[Security][Firewall] Passing the newly generated security token to the event during user switching
Event allows listeners to easily switch out the token if custom token updates are required
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Updated SwitchUserEvent to include the generated security Token. Allows the listeners to replace the token with their own (in case an application has some custom logic for token generation). The SwitchUserListener will now use the token returned by the event, so if token was not changed the self generated token will be used. If token was changed in the event then the new token would get used.
Reasons for this feature
--------------------------
In our current project users can have different Role sets depending on which organization they switch to. Our `User->getRoles()` always returns ["ROLE_USER"] and after login user is presented with choice of organizations they want to work in. Based on selected organization roles get updated with then stored token.
Without the change proposed in this PR. The only way we can setup the proper roles during user switch is by replacing `security.authentication.switchuser_listener` service with our own implementation of the listener.
With the proposed change, we can replace the security token with the one having all the roles we require directly inside our listener for `security.switch_user` event that gets thrown by Symfony's `SwitchUserListener`
Commits
-------
4205f1b Passing the newly generated security token to the event during user switching.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Add ability to configure catching exceptions for Client
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | todo
Debugging exceptions in functional tests is difficult as you need to look at the logs to see which exception was thrown. Disabling catching of exceptions in the client would allow the exception to bubble up to phpunit and make it easier to see what exception was thrown.
Commits
-------
4812e60 add ability to configure catching exceptions
This PR was squashed before being merged into the 3.4 branch (closes#22589).
Discussion
----------
Extract method refactoring for ResourceCheckerConfigCache
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Improves code readability.
Commits
-------
685c353 Extract method refactoring for ResourceCheckerConfigCache
This PR was squashed before being merged into the 3.4 branch (closes#24239).
Discussion
----------
[HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR removes functionality added in Symfony 2.1 as a compatibility layer with sessions from PHP <5.4.
- [x] Fix tests
Commits
-------
3deb3940ab [HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
This PR was squashed before being merged into the 3.4 branch (closes#23882).
Discussion
----------
[Security] Deprecated not being logged out after user change
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #17023
| License | MIT
| Doc PR | ~
This PR is an alternative approach to #19033. Due to a behavioral change that could break a lot of applications and websites, I've decided to trigger a deprecation instead of actually changing the behavior as that can be done for 4.0.
Whenever a user object is considered changed (`AbstractToken::hasUserChanged`) when setting a new user object after refreshing, it will now throw a deprecation, paving the way for a behavioral change in 4.0. The idea is that in 4.0 Symfony will simply trigger a logout when this case is encountered.
Commits
-------
22f525b [Security] Deprecated not being logged out after user change
This PR was merged into the 2.7 branch.
Discussion
----------
Added null as explicit return type (?TokenInterface)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23882#discussion_r140704737
| License | MIT
| Doc PR | ~
This fixes the returntype in the `ContextListener` so it can be merged upwards.
/cc @chalasr
Commits
-------
1ba4dd9 Added null as explicit return type (?TokenInterface)
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix tracking of bound arguments when using autoconfiguration
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
An exception is currently thrown when using arguments bindings on an autoconfigured controller action.
This fixes the issue.
Commits
-------
091f943 [DI] Fix tracking of bound arguments when using autoconfiguration
* 3.4:
use the parseFile() method of the YAML parser
[Yaml] support parsing files
Adding Definition::addError() and a compiler pass to throw errors as exceptions
[DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
[Cache] Add ResettableInterface to allow resetting any pool's local state
[DI][DX] Throw exception on some ContainerBuilder methods used from extensions
added missing @author tag for new class
allow forms without translations and validator
[VarDumper] Make `dump()` a little bit more easier to use
[Form] Add ambiguous & exception debug:form tests
Reset the authentication token between requests.
[Serializer] Getter for extra attributes in ExtraAttributesException
[DI] Dont use JSON_BIGINT_AS_STRING
# Conflicts:
# src/Symfony/Component/Routing/composer.json
# src/Symfony/Component/Translation/composer.json
# src/Symfony/Component/Yaml/Inline.php
# src/Symfony/Component/Yaml/Tests/ParserTest.php
# src/Symfony/Component/Yaml/Yaml.php
This PR was merged into the 3.4 branch.
Discussion
----------
[DI][DX] Throw exception on some ContainerBuilder methods used from extensions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no (unlikely, that would mean there already was an issue in userland code)
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24282 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Commits
-------
88549fff5b [DI][DX] Throw exception on some ContainerBuilder methods used from extensions
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Lock] Add missing methods in LockInterface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (because 3.4 is not yet released)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | /
Add methods to the LockInterface
Commits
-------
e66e5381d3 Add missing methods in LockInterface
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] support parsing files
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24191#issuecomment-329975423
| License | MIT
| Doc PR | TODO
This PR adds a new flag `PARSE_FILE` which can be passed to the YAML parser. When given, the input will be interpreted as a filename whose contents will then be parsed. We already supported passing filenames in the past. Back then the features was not deterministic as it just relied on the string being an existing file or not. Now that we are able to control the behaviour of the parser by passing flags this can be done in a much cleaner way and allows to properly deal with errors (i.e. non existent or unreadable files).
This change will also allow to improve error/deprecation messages to include the filename being parsed and thus showing more descriptive error messages when people are using the YAML parser with a bunch of files (e.g. as part of the DependencyInjection or Routing component).
Commits
-------
9becb8a [Yaml] support parsing files
This PR was squashed before being merged into the 3.4 branch (closes#24290).
Discussion
----------
Adding Definition::addError() and a compiler pass to throw errors as exceptions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes & no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes (very minor)
| Tests pass? | yes
| Fixed tickets | #23606
| License | MIT
| Doc PR | Not needed
Hi guys!
Very simple: when there is an error with a Definition, we can now call `Definition::addError()` instead of throwing an exception. Then, a new compiler pass (after removal) actually throws an exception. The advantage is that we can avoid throwing exceptions for services that are ultimately removed from the container. That's important for auto-registration, where we commonly register all services in `src/`... but then many of them are removed later.
A few interesting notes:
- We can probably convert more things from exceptions to `Definition::addError()`. I've only converted autowiring errors and things in `CheckArgumentsValidityPass` (that was necessary because it was throwing exceptions in some cases due to autowiring failing... which was the true error)
- `Definition` can hold multiple errors, but I'm only showing the first error in the exception message. The reason is clarity: I think usually the first error is the most (or only) important. But having `Definition::addError()` avoids the possibility of a later error overriding an earlier one
Cheers!
Commits
-------
a85b37a Adding Definition::addError() and a compiler pass to throw errors as exceptions
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Spotted while doing a SF4 workshop :)
Discovery of `@required` methods should be split from AutowirePass so that bindings can apply to these methods also when autowiring is enabled.
Commits
-------
dc55dd2 [DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] Add ResettableInterface to allow resetting any pool's local state
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To allow pools to leverage #24155 so that they can be used in multi-request loops.
Commits
-------
14c91f2 [Cache] Add ResettableInterface to allow resetting any pool's local state