This PR was merged into the 5.2-dev branch.
Discussion
----------
[Form] Implement Twig helpers to get field variables
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/14308
Designing Symfony Forms has always been difficult, especially for developers not comfortable with Symfony or Twig. The reason behind this difficulty is that the current `form_*` helper functions, while providing a way to quickly render a form, are hiding the generated HTML behind a notation specific to Symfony.
HTML standards introduced many new attributes since the Form component was created, from new constraints to how should inputs be displayed, treated by screen readers, etc.
I propose to introduce a series of new Twig functions to help create more flexible forms without the hurdle of having to use `form_*` functions. I called these methods `field_*` because they aim at rendering only the tiny bits of strings necessary to map forms to the Symfony backend.
The functions introduced are:
* `field_name` returns the name of the given field
* `field_value` returns the current value of the given field
* `field_label` returns the label of the given field, translated if possible
* `field_help` returns the help of the given field, translated if possible
* `field_errors` returns an iterator of strings for each of the errors of the given field
* `field_choices` returns an iterator of choices (the structure depending on whether the field uses or doesn't use optgroup) with translated labels if possible as keys and values as values
A quick example of usage of these functions could be the following:
``` twig
<input
name="{{ field_name(form.username) }}"
value="{{ field_value(form.username) }}"
placeholder="{{ field_label(form.username) }}"
class="form-control"
/>
<select name="{{ field_name(form.country) }}" class="form-control">
<option value="">{{ field_label(form.country) }}</option>
{% for label, value in field_choices(form.country) %}
<option value="{{ value }}">{{ label }}</option>
{% endfor %}
</select>
<select name="{{ field_name(form.stockStatus) }}" class="form-control">
<option value="">{{ field_label(form.stockStatus) }}</option>
{% for groupLabel, groupChoices in field_choices(form.stockStatus) %}
<optgroup label="{{ groupLabel }}">
{% for label, value in groupChoices %}
<option value="{{ value }}">{{ label }}</option>
{% endfor %}
</optgroup>
{% endfor %}
</select>
{% for error in field_errors(form.country) %}
<div class="text-danger mb-2">
{{ error }}
</div>
{% endfor %}
```
There are several advantages to using these functions instead of their `form_*` equivalents:
* they are much easier to use for developers not knowing Symfony: they rely on native HTML with bits of logic inside, instead of relying on specific tools needing to be configured to display proper HTML
* they allow for better integration with CSS frameworks or Javascript libraries as adding a new HTML attribute is trivial (no need to look at the documentation)
* they are easier to use in contexts where one would like to customize the rendering of a input in details: having the label as placeholder, displaying a select empty field, ...
The `form_*` functions are still usable of course, but I'd argue this technique is actually easier to read and understand.
Commits
-------
3941d70928 [Form] Implement Twig helpers to get field variables
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Lock] Fix StoreFactory to accept same DSN syntax as AbstractAdapter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35350
| License | MIT
| Doc PR |
Updates `Symfony\Component\Lock\Store\StoreFactory` to accept same DSN syntax as `Symfony\Component\Cache\Adapter\AbstractAdapter` which is used to create Redis class instance.
Commits
-------
4ebbe3d86b [Lock] Fix StoreFactory to accept same DSN syntax as AbstractAdapter
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Security] Magic login link authentication
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | none
| License | MIT
| Doc PR | TODO
Hi!
This adds a Slack-style "magic link" login authenticator to the new login system: (A) enter your email into a form, (B) receive an email with a link in it (C) click that link and you are authenticated!
For most users, implementing this would require:
A) Create a [controller](https://github.com/weaverryan/symfony-magic-login-link-example/blob/master/src/Controller/MagicLinkLoginController.php) with the "enter your email" form and a route for the "check" functionality (similar to `form_login`)
B) Activate in `security.yaml`:
```yml
security:
enable_authenticator_manager: true
# ...
firewalls:
# ...
main:
# ...
login_link:
check_route: 'magic_link_verify'
# this is an important and powerful option
# An array of properties on your User that are used to sign the link.
# If any of these change, all existing links will become invalid
# tl;dr If you want the modification of ANY field to invalidate ALL existing magic links immediately,
# then you can add it to this list. You could even add a "lastLoginLinkSentAt" to invalid
# all existing login links when a new one is sent.
signature_properties: [id, password, email]
# optional - by default, links can be reused but have a 10 minute lifetime
#max_uses: 3
#used_link_cache: cache.app
```
Done! This will generate a URL that looks something like this:
> https://127.0.0.1:9033/login/verify?user=weaverryan@gmail.com&expires=1601342578&hash=YzE1ZDJlYjM3YTMyMjgwZDdkYzg2ZjFlMjZhN2E5ZWRmMzk3NjAxNjRjYThiMjMzNmIxYzAzYzQ4NmQ2Zjk4NA%3D%3D
We would implement a Maker command this config + login/controller. The implementation is done via a "signed URL" and an optional cache pool to "expire" links. The hash of the signed URL can contain any user fields you want, which give you a powerful mechanism to invalidate magic tokens on user data changes. See `signature_properties` above.
#### Security notes:
There is a LOT of variability about how secure these need to be:
* A) Many/most implementation only allow links to be used ONE time. That is *possible* with this implementation, but is not the *default*. You CAN add a `max_uses` config which stores the expired links in a cache so they cannot be re-used. However, to make this work, you need to do more work by adding some "page" between the link the users clicks and *actually* using the login link. Why? Because unless you do this, email clients may follow the link to "preview" it and will "consume" the link.
* B) Many implementations will invalidate all other login links for a user when a new one is created. We do *not* do that, but that IS possible (and we could even generate the code for it) by adding a `lastLoginLinkSentAt` field to `User` and including this in `signature_properties`.
* C) We *do* invalidate all links if the user's email address is changed (assuming the `email` is included in `signature_properties`, which it should be). You can also invalidate on password change or whatever you want.
* D) Some implementations add a "state" so that you can only use the link on the same device that created it. That is, in many cases, quite annoying. We do not currently support that, but we could in the future (and the user could add it themselves).
Thanks!
#### TODOS:
* [x] A) more tests: functional (?) traits
* [ ] B) documentation
* [ ] C) MakerBundle PR
* [ ] D) Make sure we have what we need to allow that "in between" page
* [ ] E) Create a new cache pool instead of relying on cache.app?
Commits
-------
a8afe109d8 [Security] Magic login link authentication
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[HttpFoundation] Add Request::toArray() for JSON content
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | ni
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The past few months I've been working more and more with javascript and APIs. I've written controllers that parse json from the request body. I've found myself copying code between projects so I looked at the possibility to add this code to the `Request` class itself.
### Usage
```http
POST /add-user
Content-Type: application/json
{"name": "Tobias", "email": "tobias.nyholm@gmail.com"}
```
```php
use Symfony\Component\HttpFoundation\Exception\JsonException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\JsonResponse;
class MyController
// ...
public function addUser(Request $request): JsonResponse
{
try {
$data = $request->toArray();
} catch (JsonException $e) {
return new JsonResponse(['message'=>'Request does not contain valid json'], 415);
}
$command = new AddUser($data['email'] ?? '', $data['name'] ?? '');
try {
$this->commandBus->dispatch($command);
} catch (ValidationFailedException $e) {
return new JsonResponse(['message' => 'Unexpected JSON body'], 400);
}
return new JsonResponse(['message' => 'User successfully added']);
}
}
```
----------
I've searched but I have not found that this has been proposed before.. With is strange.. ¯\\_(ツ)_/¯
Commits
-------
83c1a2666d [HttpFoundation] Add Request::toArray() for JSON content
This PR was merged into the 5.2-dev branch.
Discussion
----------
[PropertyInfo] Fix failure over array<string,mixed> PhpDoc type
| Q | A
| ------------- | ---
| Branch? | master (issue introduced in master)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | /
**Background**
Since a few days ago ([this commit](80e5a7fbd8)), PropertyInfo 5.2 component supports array PhpDoc types, such as `array<string,string>`.
While testing SF 5.2 over my project, it was failing over:
```php
class SomeDoctrineEntityProxy implements \Doctrine\ORM\Proxy\Proxy
{
/**
* @var array<string, mixed> default values of properties to be lazy loaded, with keys being the property names
*
* @see \Doctrine\Common\Proxy\Proxy::__getLazyProperties
*/
public static $lazyPropertiesDefaults = array();
}
```
Upon investigation, it appears `array<string,mixed>` is causing the issue: `mixed` type is not handled.
**Expected behavior**
PropertyInfo component should not guess anything for `mixed` type (return `NULL`), but it should not throw any exception.
**Comment about my fix**
I added a test case (`arrayOfMixed`) you can use to reproduce the issue.
Since array PhpDoc types were not tested at all, I also added a test case over `array<string,string>`.
Commits
-------
590177ff8e [PropertyInfo] Fix failure over array<string,mixed> PhpDoc type
This PR was merged into the 5.2-dev branch.
Discussion
----------
[HttpClient] Fix exception triggered with AsyncResponse
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/pull/38289#issuecomment-702573975
| License | MIT
| Doc PR | /
When a request is replayed with the AsyncResponse and the 2nd request failed, users get an exception even when they pass `$throw=false`.
In fact, there are 2 exceptions:
1. Cannot get the content of the response twice: buffering is disabled.
73ca97c97a/src/Symfony/Component/HttpClient/Response/CommonResponseTrait.php (L51-L68)
Because CommonResponseTrait::$content is null and `self::stream` yield only the LastChunk. The content is stays null
2. HTTP/2 429 returned for "https://httpbin.org/status/429"
73ca97c97a/src/Symfony/Component/HttpClient/Response/AsyncResponse.php (L209-L225)
Because on the second request passthru is null, it didn't disable the the exception thrown on destruct for the wrapped response.
This
Commits
-------
3aedb51dd8 [HttpClient] Fix exception triggered with AsyncResponse
* 5.1:
[5.1] Ignore more deprecations for Mockery mocks
[PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
This PR was merged into the 5.1 branch.
Discussion
----------
[PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
https://github.com/symfony/symfony/pull/38031 caused an unwanted regression: if the frame `class` matches `SymfonyTestsListenerFor` it used to always return, now it continues so the `originClass` and `originMethod` properties are set. Therefore, the deprecation is considered as coming from the test listener. It ends up in the "legacy" group and muted because the test listeners contains the word "Legacy" in their namespaces.
Example test:
```php
<?php
namespace App\Tests;
use PHPUnit\Framework\TestCase;
use Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher;
final class FooTest extends TestCase
{
public function test(): void
{
// ExtractingEventDispatcher is @internal
new class extends ExtractingEventDispatcher {};
$this->assertTrue(true);
}
}
```
On 4.4:
```
Other deprecation notices (1)
1x: The "Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher" class is considered internal. It may change without further notice. You should not use it from "Symfony\Component\EventDispatcher\DependencyInjection\ExtractingEventDispatcher@anonymous".
```
On 5.1:
```
Legacy deprecation notices (1)
```
Commits
-------
1ba06a0f86 [PhpUnitBridge] Fix Deprecation file when it comes from the TestsListener
* 4.4:
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
* 3.4:
disallow FrameworkBundle 4.4+
propagate validation groups to subforms
[Form] [Validator] Add failing testcase to demonstrate group sequence issue
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] propagate validation groups to subforms
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38300
| License | MIT
| Doc PR |
Commits
-------
04f5698e29 propagate validation groups to subforms
e2c7c3373d [Form] [Validator] Add failing testcase to demonstrate group sequence issue
* 5.1:
[HttpClient] fix using proxies with NativeHttpClient
[4.4] Ignore more deprecations for Mockery mocks
[Routing] fix using !important and defaults/reqs in inline route definitions
[ErrorHandler][DebugClassLoader] Do not check Mockery mocks classes
[HttpClient] Fix using https with proxies
[TwigBundle] Only remove kernel exception listener if twig is used
[DI] Fix changelog
Remove CHANGELOG files for 4.x
Adjust expired range check
Fix redis connection error message
[DI] fix dumping non-shared lazy services
* 4.4:
[HttpClient] fix using proxies with NativeHttpClient
[4.4] Ignore more deprecations for Mockery mocks
[Routing] fix using !important and defaults/reqs in inline route definitions
[ErrorHandler][DebugClassLoader] Do not check Mockery mocks classes
[HttpClient] Fix using https with proxies
[TwigBundle] Only remove kernel exception listener if twig is used
Adjust expired range check
Fix redis connection error message
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix using proxies with NativeHttpClient
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/38368#issuecomment-702272737, we cannot use local DNS resolution with HTTP proxies.
Commits
-------
28f301bf03 [HttpClient] fix using proxies with NativeHttpClient
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] fix using !important and defaults/reqs in inline route definitions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33224
| License | MIT
| Doc PR | -
Commits
-------
826db225b7 [Routing] fix using !important and defaults/reqs in inline route definitions
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[RateLimiter] Fix cache storage (use namespaced pool + remove \Serializable)
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38365, fix#38338
| License | MIT
| Doc PR | -
Commits
-------
251c202874 Use a dedicated cache.rate_limiter cache pool
5dc562a318 Use __sleep/__wakeup instead of Serializable
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Messenger] Added ErrorDetailsStamp
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32311
| License | MIT
| Doc PR | No doc changes are needed
#SymfonyHackday
This PR is part of the work started in #32341. That PR has a workaround for showing exceptions added to a previous retry. This PR stores error messages in a separate stamp, so they're more easily accessed.
I also added the exceptionClass as a separate string (independant of FlattenException), so that information is always available, even if the trace is not (due to FlattenException not being available).
Duplicated exceptions (compared to the last one) are not stored separately.
**Questions:**
- Should we limit the total amount of exceptions (remove the oldest when adding a new one)?
- Yes, but in a new PR
- The current implementation adds this stamp in the Worker instead of the listeners to prevent duplicate code (due to the immutability of the envelope in the event). Is this the proper way to do this?
- No, create a new listener and a way to add stamps to the envelope inside the event.
- When adding details of a `HandlerFailedException`, should we add a stamp per wrapped `Throwable`? There can be multiple errors wrapped by a single `HandlerFailedException`.
- Yes, but in a later PR
**Todo:**
- [x] only add new information if it differs from the previous exception
- [x] add deprecations
- [x] fall back to old stamp data if no new stamp is available
- [x] rebase and retarget to master
- [x] update CHANGELOG.md
- [x] check for docs PR
**BC Breaks:**
When this PR is merged, RedeliveryStamps will no longer be populated with exception data. Any implementations that use `RedeliveryStamp::getExceptionMessage()` or `RedeliveryStamp::getFlattenedException()` will receive an empty string or `null` respectively for stamps added after this update. They should rely on `ErrorDetailsStamp` instead.
**New stuff:**
- New stamp `ErrorDetailsStamp`.
- New event subscriber `AddErrorDetailsStampListener`.
- New method `AbstractWorkerMessageEvent::addStamps`.
Commits
-------
cd27b863f9 [Messenger] Added FailedMessageErrorDetailsStamp
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
[Messenger] dispatch event when a message is retried
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
Hello,
i'm working on a bundle which helps to monitor messenger queues (add some stats for queues/transports + ability to manage failed messages from the browser)
https://github.com/SymfonyCasts/messenger-monitor-bundle/
and we're missing some hooks in the messaging system:
1. a way to know when a message has been retried (fixed by dispatching a new `WorkerMessageRetriedEvent` in `SendFailedMessageForRetryListener::onMessageFailed()`)
2. a way to update the enveloppe in worker message events (fixed by adding `AbstractWorkerMessageEvent::setEnvelope()`)
if needed i can provide some precise use cases.
thanks.
Commits
-------
55bddcb721 [Messenger] dispatch event when a message is retried