* 4.3:
[Cache] replace getNsSeparator by NS_SEPARATOR on AbstractTrait
[Cache] fix versioning with SimpleCacheAdapter
[Messenger] fix AMQP delay queue to be per exchange
Fix expired lock not cleaned
[HttpClient] throw DecodingExceptionInterface when toArray() fails because of content-type error
[HttpFoundation] Fix SA/phpdoc JsonResponse
[DI] Show the right class autowired when providing a non-existing class in constructor
SimpleCacheAdapter fails to cache any item if a namespace is used
validate composite constraints in all groups
[Serializer] Handle true and false appropriately in CSV encoder
[Messenger] improve logs
[Messenger] fix delay delivery for non-fanout exchanges
Parameterize Mailgun's region
Fix binary operation `+`, `-` or `*` on string
[VarDumper] fix dumping objects that implement __debugInfo()
[HttpClient] Don't use CurlHttpClient on Windows when curl.cainfo is not set
Add statement to fileLink to ignore href code when no fileLink.
[Routing] fix absolute url generation when scheme is not known
* 4.2:
[Cache] replace getNsSeparator by NS_SEPARATOR on AbstractTrait
[Cache] fix versioning with SimpleCacheAdapter
Fix expired lock not cleaned
[HttpFoundation] Fix SA/phpdoc JsonResponse
SimpleCacheAdapter fails to cache any item if a namespace is used
validate composite constraints in all groups
[Serializer] Handle true and false appropriately in CSV encoder
Fix binary operation `+`, `-` or `*` on string
[VarDumper] fix dumping objects that implement __debugInfo()
[Routing] fix absolute url generation when scheme is not known
* 3.4:
Fix expired lock not cleaned
[HttpFoundation] Fix SA/phpdoc JsonResponse
SimpleCacheAdapter fails to cache any item if a namespace is used
validate composite constraints in all groups
[Serializer] Handle true and false appropriately in CSV encoder
Fix binary operation `+`, `-` or `*` on string
[VarDumper] fix dumping objects that implement __debugInfo()
[Routing] fix absolute url generation when scheme is not known
* 4.3:
[Serializer] Fix DataUriNormalizer deprecation (MIME type guesser is optional)
[DependencyInjection] fix the ValidateEnvPlaceHolderPassTest that was using a deprecated path for TreeBuilder
avoid service id conflicts with Swiftmailer
[Form] fix usage of legacy TranslatorInterface
[Serializer] Fix DataUriNormalizer docblock & composer suggest section
* 4.3:
[Validator] fix deprecation layer of ValidatorBuilder
[HttpKernel] Fix missing use for request and response classes
bumped Symfony version to 4.3.2
updated VERSION for 4.3.1
updated CHANGELOG for 4.3.1
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Improve TypeValidator to handle array of types
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31330
| License | MIT
| Doc PR | tbd.
The `@Type` constraint is now able to handle multiple types:
```php
/**
* @var string|array
* @Assert\Type(type={"string", "array"})
*/
private $name;
```
and will pass when `$name` is either of type `string` or `array`.
Commits
-------
c8100f34f8 [Validator] Improve TypeValidator to handle array of types
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Add compared value path to violation parameters
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
While it's not really useful to use as a placeholder in the violation message template (compared to hard-coding it into the message. Nor it is really user-friendly),
it becomes handy in conjunction with #29130 for any mapping logic on client-side.
Commits
-------
2da226a57f [Validator] Add compared value path to violation parameters
* 4.3:
[Translation] Fixed case sensitivity of lint:xliff command
fix type hint for salt in PasswordEncoderInterface
Simplify code - catch \Throwable capture all exceptions
Collect locale details earlier in the process in TranslationDataCollector
fix typo in PR #31802
update italian validator translation
Add missing translations
[TwigBridge] suggest Translation Component when TranslationExtension is used
* 4.2:
[Translation] Fixed case sensitivity of lint:xliff command
fix type hint for salt in PasswordEncoderInterface
Simplify code - catch \Throwable capture all exceptions
fix typo in PR #31802
update italian validator translation
Add missing translations
* 4.3:
[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords
[Validator] Fix TimezoneValidator default option
[Messenger] Inject RoutableMessageBus instead of bus locator
[DomCrawler] Fix type error with null Form::$currentUri
[Contracts] Fixed typos
do not enable validator auto mapping by default
[HttpClient] remove unused argument
This PR was squashed before being merged into the 4.3 branch (closes#31744).
Discussion
----------
[Validator] Fix TimezoneValidator default option
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
ee71cdbae4 [Validator] Fix TimezoneValidator default option
* 4.3:
[Intl] Improve the error message when country code is wrong
Fix tests
[Intl][4.3] Cleanup internal api
[HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Mapping
bumped Symfony version to 4.2.10
updated VERSION for 4.2.9
updated CHANGELOG for 4.2.9
Use AsserEquals for floating-point values
* 4.3: (23 commits)
minor: add some test in the ldap component
[Workflow] Update MethodMarkingStore
[Bridge\ProxyManager] isProxyCandidate() does not take into account interfaces
adding experimental note
[HttpClient] add missing argument check
[Messenger] Fix undefined index on read timeout
[Workflow] use method marking store
[Routing][AnnotationClassLoader] fix utf-8 encoding in default route name
fixed a phpdoc
[Debug] Wrap call to require_once in a try/catch
[EventDispatcher] Removed "callable" type hint from WrappedListener constructor
prevent deprecation when filesize matches error code
[PropertyInfo] Add missing documentation link in Readme
Use the current working dir as default first arg in 'link' binary
Respect parent class contract in ContainerAwareDoctrineEventManager
[WebProfilerBundle][Form] The form data collector return serialized object when profiler bundle attends object
[Validator] Add the missing translations for the Danish ("da") locale
[PropertyAccess] Add missing property to PropertyAccessor
[Cache] fix saving unrelated keys in recursive callback calls
[Serializer] Fix denormalization of object with variadic constructor typed argument
...
* 4.2:
minor: add some test in the ldap component
[Bridge\ProxyManager] isProxyCandidate() does not take into account interfaces
[Routing][AnnotationClassLoader] fix utf-8 encoding in default route name
fixed a phpdoc
[Debug] Wrap call to require_once in a try/catch
prevent deprecation when filesize matches error code
[PropertyInfo] Add missing documentation link in Readme
Use the current working dir as default first arg in 'link' binary
Respect parent class contract in ContainerAwareDoctrineEventManager
[Validator] Add the missing translations for the Danish ("da") locale
[PropertyAccess] Add missing property to PropertyAccessor
[Cache] fix saving unrelated keys in recursive callback calls
[Serializer] Fix denormalization of object with variadic constructor typed argument
Allow set 'None' on samesite cookie flag
Making cache rebuild correctly with MessageSubscriberInterface return values
Fix finding parent definition
* origin/4.3:
deprecate calling createChildContext without the format parameter
[EventDispatcher] Fix interface name used in error messages
[FrameworkBundle] Add cache configuration for PropertyInfo
Update dependencies in the main component
Drop useless executable bit
[Doctrine][PropertyInfo] Detect if the ID is writeable
Add transport in subscriber's phpdoc
[Validator] Autovalidation: skip readonly props
[DI] default to service id - *not* FQCN - when building tagged locators
[Cache] Log a more readable error message when saving into cache fails
Update WorkflowEvents.php
[Messenger] On failure retry, make message appear received from original sender
[Messenger] remove send_and_handle option which can be achieved with SyncTransport
Fixing tests - passing pdo is not wrapped for some reason in dbal
Changing how RoutableMessageBus fallback bus works
[Serializer] Fix BC break: DEPTH_KEY_PATTERN must be public
[FrameworkBundle] Fixed issue when a parameter container a '%'
Fix the interface incompatibility of EventDispatchers
[TwigBundle] fixed Mailer integration in Twig
[Form] Add intl/choice_translation_locale option to TimezoneType
This PR was merged into the 4.3 branch.
Discussion
----------
[Validator] Autovalidation: skip readonly props
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Read-only properties (such as an autogenerated ID) must be skipped during the validation (it makes no sense to validate a RO property anyway).
This is an allowed BC break because this feature will be introduced in 4.3.
Commits
-------
e7dc5e1045 [Validator] Autovalidation: skip readonly props
* 4.2:
[Console] Fix auto-complete for ChoiceQuestion (multi-select answers)
Translated form, security, validators resources into Belarusian (be)
[WebProfilerBundle] Don't filter submitted IP values
[Intl] Cleanup
bumped Symfony version to 4.2.9
updated VERSION for 4.2.8
updated CHANGELOG for 4.2.8
bumped Symfony version to 3.4.28
updated VERSION for 3.4.27
update CONTRIBUTORS for 3.4.27
updated CHANGELOG for 3.4.27
This PR was squashed before being merged into the 4.3-dev branch (closes#31060).
Discussion
----------
[Validator] Make API endpoint for NotCompromisedPasswordValidator configurable
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes, but acceptable [1]
| Deprecations? | no [1]
| Tests pass? | yes
| Fixed tickets | #30871, #31054
| License | MIT
| Doc PR | symfony/symfony-docs#... (TODO)
Makes the API endpoint for the `NotCompromisedPasswordValidator` configurable. The endpoint includes the placeholder which will be replaced with the first digits of the password hash for k-anonymity.
The endpoint can either be set via constructor injection of the validator if the component is used standalone, or via the framework configuration of symfony/framework-bundle.
[1] As discussed in #31054, the validator is not in a stable release yet, therefore the BC break is considered acceptable. No deprecation / BC layer is necessary.
Commits
-------
f6a80c214d [Validator] Make API endpoint for NotCompromisedPasswordValidator configurable
* 3.4:
[Console] Fix auto-complete for ChoiceQuestion (multi-select answers)
Translated form, security, validators resources into Belarusian (be)
[WebProfilerBundle] Don't filter submitted IP values
bumped Symfony version to 3.4.28
updated VERSION for 3.4.27
update CONTRIBUTORS for 3.4.27
updated CHANGELOG for 3.4.27
This PR was merged into the 4.3-dev branch.
Discussion
----------
Make the exception messages consistent across the board
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
84c67193bc made the esception messages consistent across the board
This PR was squashed before being merged into the 4.3-dev branch (closes#31354).
Discussion
----------
[Intl][Validator] Handle alias locales/timezones
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes (including intl-data group)
| Fixed tickets | #31022
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
both timezones and locales have aliases (either thru deprecation/migration/etc.)
for locales we compile a mapping, for timezones we dont. yet we can benefit partial alias support thru DateTimeZone, which knows about most timezone IDs already.
both the timezone + locale validator already support aliases. Connsequently, we should support aliases in `Timezones::exists()` + `Locales::exists()` as well IMHO.
so far so good; the catch is; with this PR `Locales::getName()` supports aliases, whereas `Timezones::getName()` doesnt. I think it's reasonable for now, until we compile the timezone mapping so we can widen the timezone ID conversion here.
Commits
-------
0a9be0df6e [Intl][Validator] Handle alias locales/timezones
* 4.2:
Revert "bug #30620 [FrameworkBundle][HttpFoundation] make session service resettable (dmaicher)"
[Workflow] Fixed dumping when many transition with same name exist
relax assertions in tests
fix ConsoleFormatter - call to a member function format() on string
Made `debug:container` and `debug:autowiring` ignore starting backslash in service id
[Validator] Translate messages into Japanese
Fix Thai translation in validators.th.xlf
[FramworkBundle] mark any env vars found in the ide setting as used
* 3.4:
relax assertions in tests
[Validator] Translate messages into Japanese
Fix Thai translation in validators.th.xlf
[FramworkBundle] mark any env vars found in the ide setting as used
* 4.2:
[TwigBridge] Require twig ^1.40|^2.9
[Serializer] Fix tests
Use the apply tag instead of the filter tag
Updated some translation files
[Translator] Preserve default domain when extracting strings from php files
* 3.4:
[TwigBridge] Require twig ^1.40|^2.9
[Serializer] Fix tests
Use the apply tag instead of the filter tag
Updated some translation files
[Translator] Preserve default domain when extracting strings from php files
* 4.2:
Fix url matcher edge cases with trailing slash
[Form] Fix author tag + exception messages
[TwigBridge] Fix deprecation on twig 2.9
Fix left-associative ternary deprecation warnings for PHP 7.4
[Validator] Fixed imprecise translations
[Validator] Add Dutch translations
[Security] Cleanup "Digest nonce has expired." translation
Intercept redirections only for HTML format
[PhpUnitBridge] fix reading phpunit.xml on bootstrap
resolve class name parameters
Fix name and phpdoc of ContainerBuilder::removeBindings
[Intl] Update the ICU data to 64.2
* 3.4:
[Form] Fix author tag + exception messages
[TwigBridge] Fix deprecation on twig 2.9
[Validator] Fixed imprecise translations
[Validator] Add Dutch translations
Intercept redirections only for HTML format
Fix name and phpdoc of ContainerBuilder::removeBindings
[Intl] Update the ICU data to 64.2
* 4.2:
[HttpFoundation] fix tests
[Routing] fix trailing slash matching with empty-matching trailing vars
[Routing] fix matching trailing vars with defaults
[Validator] fix LegacyTranslatorProxy
call method with Translator component only
bumped Symfony version to 4.2.8
updated VERSION for 4.2.7
updated CHANGELOG for 4.2.7
bumped Symfony version to 3.4.27
updated VERSION for 3.4.26
updated CHANGELOG for 3.4.26
* 4.2:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper] fix tests with ICU 64.1
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
Fix get session when the request stack is empty
[Routing] fix trailing slash redirection with non-greedy trailing vars
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31092, #31025
| License | MIT
| Doc PR | -
This allows defining a translator that implements only the new interface and use it with ValidatorBuilder.
ping @dvdknaap, @snebes since you were affected.
Commits
-------
a12656eaad [FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
* 3.4:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
* 4.2:
bumped Symfony version to 4.2.7
updated VERSION for 4.2.6
updated CHANGELOG for 4.2.6
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
[DoctrineBridge] [DX] Update exception text in ManagerRegistry::resetService to avoid confusion.
Missing Lithuanian translations added to validator component.
* 3.4:
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
Missing Lithuanian translations added to validator component.
This PR was squashed before being merged into the 4.3-dev branch (closes#28846).
Discussion
----------
[Intl] Simplify API
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #18368
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/11221
Simplifies the Intl API. It greatly reduces the no. of boilerplate classes in this component. Very over complicated, much wow :)
Solving (IMHO):
```php
class LanguageBundle extends LanguageDataProvider implements LanguageBundleInterface
```
Which seems very over complicated just to provide static data.
```php
// before
Intl::getLanguageBundle()->getLanguageName() // string | null
// after
Languages::getName() // string
Languages::exists() // bool
```
I left out Canonicalization on puropose, that's a new topic to me.
- [x] Languages
- [x] Locales
- [x] Currencies
- [x] Regions
- [x] Scripts
- [ ] Timezones (#28831)
- [x] Update constraints
- [x] Update form types
Thoughts?
Commits
-------
d6b67d469a [Intl] Simplify API
* 4.2:
Catch empty deprecation.log silently (fixes#31050)
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
* 3.4:
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
* 4.2:
fixed bad merge
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
[Serializer] Add default object class resolver
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
[VarExporter] support PHP7.4 __serialize & __unserialize
Rework firewall access denied rule
MetadataAwareNameConverter: Do not assume that property names are strings
[VarExporter] fix exporting classes with private constructors
fixed CS
Fix missing $extraDirs when open_basedir returns
* 3.4:
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
Rework firewall access denied rule
fixed CS
Fix missing $extraDirs when open_basedir returns
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
This PR was merged into the 4.3-dev branch.
Discussion
----------
Prepare for the new serialization mechanism
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
#eufossa
Should I maybe split this component by component ?
https://wiki.php.net/rfc/custom_object_serialization has been accepted.
Best viewed in "split" mode.
This work is kind of required for https://github.com/symfony/symfony/issues/30304 so we don't trigger 30 deprecations from our own code base.
Commits
-------
d412e77a9c Prepare for the new serialization mechanism
* 4.2:
fix tests
fix PHPUnit 4.8 compatibility
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
sync validator translations
* 3.4:
fix PHPUnit 4.8 compatibility
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
sync validator translations
* 4.2:
fix translating file validation error message
[Validator] Add missing Hungarian translations
Improving deprecation message of the Twig templates directory src/Resources/views
[3.4] [Validator] Add missing french validation translations.
[Validator] Only traverse arrays that are cascaded into
Handle case where no translations were found
[Validator] Translate unique collection message to Hungarian
fix tests
Run test in separate process
Use a class name that does not actually exist
[Profiler] Fix dark theme elements color
fix horizontal spacing of inlined Bootstrap forms
[Translator] Warm up the translations cache in dev
turn failed file uploads into form errors
* 3.4:
fix translating file validation error message
[Validator] Add missing Hungarian translations
[3.4] [Validator] Add missing french validation translations.
[Validator] Only traverse arrays that are cascaded into
Handle case where no translations were found
[Validator] Translate unique collection message to Hungarian
fix tests
Run test in separate process
Use a class name that does not actually exist
fix horizontal spacing of inlined Bootstrap forms
[Translator] Warm up the translations cache in dev
turn failed file uploads into form errors
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Translate unique collection message to Hungarian
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
6a732dc031 [Validator] Translate unique collection message to Hungarian
This PR was squashed before being merged into the 4.3-dev branch (closes#30901).
Discussion
----------
Renamed NotPwned to NotCompromisedPassword
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | -
| License | MIT
| Doc PR | -
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
2f648b04ae Renamed NotPwned to NotCompromisedPassword
* 4.2: (45 commits)
[Form] various minor fixes
Ensure the parent process is always killed
bugfix: the terminal state was wrong and not reseted
[Console] Fix inconsistent result for choice questions in non-interactive mode
Define null return type for Constraint::getDefaultOption()
[Routing] Fix: annotation loader ignores method's default values
[HttpKernel] Fix DebugHandlersListener constructor docblock
Skip Glob brace test when GLOB_BRACE is unavailable
bumped Symfony version to 4.2.6
updated VERSION for 4.2.5
updated CHANGELOG for 4.2.5
bumped Symfony version to 3.4.25
updated VERSION for 3.4.24
update CONTRIBUTORS for 3.4.24
updated CHANGELOG for 3.4.24
[EventDispatcher] cleanup
fix testIgnoredAttributesInContext
Re-generate icu 64.1 data
Improve PHPdoc / IDE autocomplete for config tree builder
[Bridge][Twig] DebugCommand - fix escaping and filter
...
* 3.4:
[Form] various minor fixes
bugfix: the terminal state was wrong and not reseted
[Console] Fix inconsistent result for choice questions in non-interactive mode
Define null return type for Constraint::getDefaultOption()
[HttpKernel] Fix DebugHandlersListener constructor docblock
Skip Glob brace test when GLOB_BRACE is unavailable
bumped Symfony version to 3.4.25
updated VERSION for 3.4.24
update CONTRIBUTORS for 3.4.24
updated CHANGELOG for 3.4.24
[EventDispatcher] cleanup
This PR was squashed before being merged into the 4.3-dev branch (closes#27738).
Discussion
----------
[Validator] Add a HaveIBeenPwned password validator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | todo
This PR adds a new `Pwned` validation constraint to prevent users to choose passwords that have been leaked in public data breaches.
The validator uses the https://haveibeenpwned.com/ API. The implementation is similar to the one used by [Firefox Monitor](https://blog.mozilla.org/futurereleases/2018/06/25/testing-firefox-monitor-a-new-security-tool/). It allows to not expose the password hash using a k-anonymity model. The specific implementation for HaveIBeenPwned has been [described in depth by Cloudflare](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/).
Usage:
```php
// Rejects the password if is present in any number of times in any data breach
class User
{
/** @Pwned */
public $plainPassword;
}
// Rejects the password if is present more than 5 times in data breaches
class User
{
/** @Pwned(maxCount=5) */
public $plainPassword;
}
// Customize the error message
class User
{
/** @Pwned(message='Please select another password, this one has already been hacked.') */
public $plainPassword;
}
```
Commits
-------
ec1ded898a [Validator] Add a HaveIBeenPwned password validator
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Validator][DoctrineBridge][FWBundle] Automatic data validation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes<!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11132
This feature automatically adds some validation constraints by inferring existing metadata. To do so, it uses the PropertyInfo component and Doctrine metadata, but it has been designed to be easily extendable.
Example:
```php
use Doctrine\ORM\Mapping as ORM;
/**
* @ORM\Entity
*/
class Dummy
{
/**
* @ORM\Id
* @ORM\GeneratedValue(strategy="AUTO")
* @ORM\Column(type="integer")
*/
public $id;
/**
* @ORM\Column(nullable=true)
*/
public $columnNullable;
/**
* @ORM\Column(length=20)
*/
public $columnLength;
/**
* @ORM\Column(unique=true)
*/
public $columnUnique;
}
$manager = $this->managerRegistry->getManager();
$manager->getRepository(Dummy::class);
$firstOne = new Dummy();
$firstOne->columnUnique = 'unique';
$firstOne->columnLength = '0';
$manager->persist($firstOne);
$manager->flush();
$dummy = new Dummy();
$dummy->columnNullable = 1; // type mistmatch
$dummy->columnLength = '012345678901234567890'; // too long
$dummy->columnUnique = 'unique'; // not unique
$res = $this->validator->validate($dummy);
dump((string) $res);
/*
Object(App\Entity\Dummy).columnUnique:\n
This value is already used. (code 23bd9dbf-6b9b-41cd-a99e-4844bcf3077f)\n
Object(App\Entity\Dummy).columnLength:\n
This value is too long. It should have 20 characters or less. (code d94b19cc-114f-4f44-9cc4-4138e80a87b9)\n
Object(App\Entity\Dummy).id:\n
This value should not be null. (code ad32d13f-c3d4-423b-909a-857b961eb720)\n
Object(App\Entity\Dummy).columnNullable:\n
This value should be of type string. (code ba785a8c-82cb-4283-967c-3cf342181b40)\n
*/
```
It also works for DTOs:
```php
class MyDto
{
/** @var string */
public $name;
}
$dto = new MyDto();
$dto->name = 1; // type error
dump($validator->validate($dto));
/*
Object(MyDto).name:\n
This value should be of type string. (code ba785a8c-82cb-4283-967c-3cf342181b40)\n
*/
```
Supported constraints currently are:
* `@NotNull` (using PropertyInfo type extractor, so supports Doctrine metadata, getters/setters and PHPDoc)
* `@Type` (using PropertyInfo type extractor, so supports Doctrine metadata, getters/setters and PHPDoc)
* `@UniqueEntity` (using Doctrine's `unique` metadata)
* `@Length` (using Doctrine's `length` metadata)
Many users don't understand that the Doctrine mapping doesn't validate anything (it's just a hint for the schema generator). It leads to usability and security issues (that are not entirely fixed by this PR!!).
Even the ones who add constraints often omit important ones like `@Length`, or `@Type` (important when building web APIs).
This PR aims to improve things a bit, and ease the development process in RAD and when prototyping. It provides an upgrade path to use proper validation constraints.
I plan to make it opt-in, disabled by default, but enabled in the default Flex recipe. (= off by default when using components, on by default when using the full stack framework)
TODO:
* [x] Add configuration flags
* [x] Move the Doctrine-related DI logic from the extension to DoctrineBundle: doctrine/DoctrineBundle#831
* [x] Commit the tests
Commits
-------
2d64e703c2 [Validator][DoctrineBridge][FWBundle] Automatic data validation
This PR was squashed before being merged into the 3.4 branch (closes#30737).
Discussion
----------
[Validator] Improve constraint default option check
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Any constraint without default option used as annotation with unnamed first argument (for example, `@Assert\Collection(1)`) throws an exception with an ugly message `The options "" do not exist in constraint Collection`.
This PR makes constraint check the default option in the annotation case in the same way it checks it in the "real" code case. So the exception will be `No default option is configured for constraint Collection.`
Commits
-------
915912e18e [Validator] Improve constraint default option check
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Validator] Add constraint on unique elements collection(Assert\Unique)
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no <!-- please add some, will be required by reviewers -->
| Fixed tickets | #26535
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
d0eb13e55a Rebase and update to latest CS
fc66683cf2 Add UniqueCollection constraint and validator
* 4.2:
[Phpunit] fixed support for PHP 5.3
Response prepare method update
[Workflow] Added missing license header
Fix case when multiple loaders are providing paths for the same namespace
Check if Client exists when test.client does not exist, to provide clearer exception message
throw TypeErrors to prepare for type hints in 5.0
[Form] Preventing validation of children if parent with Valid constraint has no validation groups
[Form] Added ResetInterface to CachingFactoryDecorator
Remove deprecated usage
[Tests] fixed compatbility of assertEquals(): void
Fixed usage of TranslatorInterface in form extension (fixes#30591)
[Intl][4.2] Fix test
[Intl] Fix test
[Validator] Add the missing translations for the Arabic (ar) locale
[Intl] Add compile binary
Fix DebugCommand when chain loader is involved
[Form] Fixed some phpdocs
* 3.4:
[Phpunit] fixed support for PHP 5.3
Response prepare method update
[Workflow] Added missing license header
Check if Client exists when test.client does not exist, to provide clearer exception message
[Form] Preventing validation of children if parent with Valid constraint has no validation groups
[Tests] fixed compatbility of assertEquals(): void
[Intl] Fix test
[Validator] Add the missing translations for the Arabic (ar) locale
[Intl] Add compile binary
[Form] Fixed some phpdocs
* 4.2:
Fix Cache error while using anonymous class
[Cache] fix LockRegistry
Update validators.cs.xlf
Make translations consistent with other translations.
Correct language code for ukrainian language in security translations.
Fix return type of Request::getRequestFormat
[Cache] Fix perf when using RedisCluster by reducing roundtrips to the servers
* 3.4:
Make translations consistent with other translations.
Correct language code for ukrainian language in security translations.
Fix return type of Request::getRequestFormat
[Cache] Fix perf when using RedisCluster by reducing roundtrips to the servers