This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Decouple passwords from UserInterface
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | #23081, helps with #39308
| License | MIT
| Doc PR | todo
This PR addresses a long-standing issue of the Security component: UserInterface is coupled to passwords.
It does it by moving the `getPassword()` method from `UserInterface` to a `PasswordAuthenticatedUserInterface`, and the `getSalt()` method to a `LegacyPasswordAuthenticatedUserInterface`.
Steps:
- In 5.3, we add the new interface and, at places where password-based authentication happens, trigger deprecation notices when a `UserInterface` object does not implement the new interface(s). The UserInterface is kept as-is until 6.0.
- In 6.0, we can remove the methods from `UserInterface` as well as support for using password authentication with user objects not implementing the new interface(s).
As a side-effect, some password-related interfaces (`UserPasswordHasherInterface` and `PasswordUpgraderInterface`) must change their signatures to type-hint against the new interface.
That is done in a BC way, which is to make the concerned methods virtual until 6.0, with deprecation notices triggered from callers and concrete implementations.
Benefits:
In 6.0, applications that use password-less authentication (e.g. login links) won't need to write no-op `getPassword()` and `getSalt()` in order to fulfil the `UserInterface` contract.
For applications that do use password-based authentication, they will need to opt-in explicitly by implementing the relevant interface(s).
This build on great discussions with @wouterj and @nicolas-grekas, and it is part of the overall rework of the Security component.
Commits
-------
2764225a38 [Security] Decouple passwords from UserInterface
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [OvhCloud] Add "sender"
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features --> (I'm waiting to see if the feature is accepted )
Add "sender" option to the DSN that allows configuring the sender of the message.
OVHCloud manages two cases for sending sms according to the [doc](https://docs.ovh.com/fr/sms/envoyer_des_sms_avec_lapi_ovh_en_php/):
> The senderForResponse parameter will allow the use of a short number, which allows you to send SMS directly without having to create an alphanumeric sender (for example: your name).
> Short numbers also allow you to receive responses from the recipients of your SMS, which can be useful for a satisfaction survey, a voting application, a game, etc.
![CleanShot 2021-03-05 at 13 26 33](https://user-images.githubusercontent.com/523981/110115554-84c5af80-7db6-11eb-815d-7e8bafa81e5d.png)
This PR introduces the management of these 2 cases with a new option `sender`:
* if `sender` is set, we use it
* if `sender` is not set, we use `senderForResponse` to get a short number (current behavior)
I took the logic implementedin the old official SDK : 52d279e112/src/Message.php (L161)
Commits
-------
c5a9b252ab [Notifier] [OvhCloud] Add "sender"
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Implement psr/container 1.1
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
The `psr/container` interfaces have been updated with type declarations. The lack of those is what kept us from adding property type declarations to the `get()` and `has()` methods of our own `ContainerInterface`.
A small BC break is that we have never prevented calling code from passing `null` as the service ID. Even without strict types, this will cause a `TypeError` after my changes. I already had to update `AutowirePass` because of that.
On the other hand, it was neither documented that we allow `null` here nor did the container do anything useful (`has(null)` always resulted in `false` and `get(null)` always returned `null`).
Commits
-------
d9095aa892 [DependencyInjection] Implement psr/container 1.1
* 5.2:
Backport psr/container 1.1/2.0 compatibility
Update notifier_transports.php
Dont lock tables or start transactions
Bump Symfony version to 5.2.5
Update VERSION for 5.2.4
Update CHANGELOG for 5.2.4
Bump Symfony version to 4.4.21
Update VERSION for 4.4.20
Update CONTRIBUTORS for 4.4.20
Update CHANGELOG for 4.4.20
* 4.4:
Backport psr/container 1.1/2.0 compatibility
Bump Symfony version to 4.4.21
Update VERSION for 4.4.20
Update CONTRIBUTORS for 4.4.20
Update CHANGELOG for 4.4.20
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Re-add accidentally removed property declarations
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
spotted while playing with psalm locally, mistake made in #39802
Commits
-------
bccf736b99 [Security] Readd accidentally removed property declarations
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[Messenger] Doctrine setup with migrations
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? |
| Deprecations? | no
| Tickets | Fix#40130
| License | MIT
| Doc PR |
This PR reverts parts of #40055.
When running these commands, You do need to be in a transaction:
- `doctrine:schema:create`
- `messenger:setup-transports`
- `doctrine:migrations:diff` and `doctrine:migrations:migrate`
Commits
-------
3371e1cf39 [Messenger] Doctrine setup with migrations
This PR was merged into the 4.4 branch.
Discussion
----------
Add missing translations for Belarusian
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#38727 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | N/A <!-- required for new features -->
Add translations for Belarusian
Commits
-------
1b84d5d23b Add translation for Belarusian
8e1d3285ed Adding templates for Belarusian
This PR was merged into the 4.4 branch.
Discussion
----------
[Serializer] zero parts can be omitted in date interval input
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35820
| License | MIT
| Doc PR |
Commits
-------
c316708669 zero parts can be omitted in date interval input
This PR was merged into the 4.4 branch.
Discussion
----------
MockResponse total_time should not be simulated when provided
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When you provide a `total_time` to a MockResponse, it is overriden. It should be simulated only when it is not provided I guess.
Ex: `new MockResponse('{"foo":"bar"}', ['total_time' => 0.4])`
Commits
-------
8dada95cbf fix: MockResponse total_time should not be simulated when provided
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Messenger] Add `rediss://` DSN scheme support for TLS to Redis transport
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets |
| License | MIT
| Doc PR |
This adds a support for `rediss://` DSN (as discussed in https://github.com/symfony/symfony/pull/39599) and deprecates the use of `tls` parameter introduced in https://github.com/symfony/symfony/pull/35503 so it can be standardized to single format.
Commits
-------
28e7b74b47 [Messenger] Add `rediss://` DSN scheme support for TLS to Redis transport
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Add server-commands support for Predis Replication Environments
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35867
| License | MIT
| Doc PR |
This fix is for predis MasterSlaveConnections which don't allow to run server commands.
Due to that it's not possible to e.g. clear a cache with cache:pool:clear.
PhpRedis and Predis do not have the same interface, so have to check which implementation is used.
Furthermore, the getClientFor('master') works only for replicated redis instances.
Commits
-------
2ae5c33c80 [Cache] Add server-commands support for Predis Replication Environments