This PR was squashed before being merged into the 3.2-dev branch (closes#20405).
Discussion
----------
[SecurityBundle] Display firewall in debug bar even if not authenticated
| Q | A
| ------------- | ---
| Branch? | master
| Tests pass? | yes
| License | MIT
Before:
After:
I will take any input to improve the result, I feel it not optimal.
Commits
-------
d81da79 [SecurityBundle] Display firewall in debug bar even if not authenticated
This PR was merged into the 3.2-dev branch.
Discussion
----------
[SecurityBundle] Make the FirewallConfig class final
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
I suggest to make the `FirewallConfig` class final. This value object is only built by the `SecurityExtension` from the `SecurityBundle` and is not meant to be an extension point.
ping @chalasr
Commits
-------
5963627 [SecurityBundle] Make the FirewallConfig class final
This PR was merged into the 3.2-dev branch.
Discussion
----------
[DependencyInjection] fixed ini file values conversion
| Q | A |
| --- | --- |
| Branch? | master |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no-ish |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | n/a |
| License | MIT |
| Doc PR | n/a |
When using the ini format to load parameters in the Container, the parameter values were converted by PHP directly (`'true'` => `1` for instance). But when using the YAML or XML format, the conversions are much broader and more precise (`'true'` => `true` for instance). This PR fixed fixes this discrepancy by using the same rules as XML (we could use `INI_SCANNER_TYPED` for recent versions of PHP but the rules are not exactly the same, so I prefer consistency here).
One might argue that this is a new feature and that this should be merged into master, which I can accept as well. In master, the `XmlUtils::phpize()` method should be deprecated and replaced by a more generic phpize class.
ping @symfony/deciders
Commits
-------
4ccfce6 [DependencyInjection] fixed ini file values conversion
This PR was merged into the 3.2-dev branch.
Discussion
----------
[SecurityBundle] Fix case sensitive use
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? |no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
310e31d [SecurityBundle] Fix case sensitive use
This PR was merged into the 3.2-dev branch.
Discussion
----------
[DX][SecurityBundle] Introduce a FirewallConfig class accessible from FirewallContext
| Q | A |
| --- | --- |
| Branch? | master |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | yes but it should not have any impact in userland |
| Tests pass? | yes |
| Fixed tickets | #15294 |
| License | MIT |
| Doc PR | todo |
With this, the `FirewallContext` class now has a `getConfig()` method returning a `FirewallConfig` object representing the firewall configuration.
Also this adds a `getContext()` method to the `FirewallMap` class of the `SecurityBundle`, to be able to retrieve the current context.
In a next time, this could be useful to display some firewall related informations to the Profiler, as pointed out in #15294.
Also, it can be useful to be able to access the current firewall configuration from an AuthenticationListener, especially for third party bundles (I can develop on demand).
Commits
-------
52d25ed Introduce a FirewallConfig class
This PR was merged into the 3.2-dev branch.
Discussion
----------
[HttpKernel] Base DataCollector throws warning on unsupported scheme strings
| Q | A |
| --- | --- |
| Branch? | master |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | N/A |
| License | MIT |
| Doc PR | N/A |
The issue concerns any collector based on the abstract `Symfony\Component\HttpKernel\DataCollector\DataCollector` class using `cloneVar` on a string containing a unsupported scheme.
The easiest way to reproduce the issue is to add a simple query parameter like `?uri=foo://bar` on any url of your application:
> ContextErrorException in DataCollector.php line 134:
> Warning: file_exists(): Unable to find the wrapper "foo" - did you forget to enable it when you configured PHP?
This PR simply fixes the issue by muting the warning on `file_exists`. But maybe there is a better strategy.
Commits
-------
52faa00 Fix base DataCollector throws warning on unsupported scheme strings
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml] Clean some messages + add test case
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Related to #20335 on 3.2.
Commits
-------
7520f7b [Yaml] Clean some messages + add test case
This PR was merged into the 3.2-dev branch.
Discussion
----------
Don't trim long strings in the profiler logs
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20371
| License | MIT
| Doc PR | -
Commits
-------
7a17080 Don't trim long strings in the profiler logs
This PR was merged into the 3.1 branch.
Discussion
----------
[SecurityBundle] Fix term width in UserPasswordEncoderCommandTest
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
e342056 [SecurityBundle] Fix term width in UserPasswordEncoderCommandTest
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] simplified code
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | ~no~ yes (even if the output is "better" with this PR)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Instead of adding blank character for shorter lines and having to keep the max length of messages, I propose to clear the line via an ANSI sequence like done in the progress bar.
Code is cleaner and output is better as currently, then cursor can be "away" from the last character which is unexpected.
Actually, this is a bug fix as the current code does not work well when using styles in the indicator message.
Commits
-------
0aca9bf [Console] simplified code
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#20342).
Discussion
----------
[Form] Fix UrlType transforms valid protocols
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
According to https://tools.ietf.org/html/rfc3986#section-3.1:
<details>
<summary>`scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )`</summary>
> Each URI begins with a scheme name that refers to a specification for
assigning identifiers within that scheme. As such, the URI syntax is
a federated and extensible naming system wherein each scheme's
specification may further restrict the syntax and semantics of
identifiers using that scheme.
> Scheme names consist of a sequence of characters beginning with a
letter and followed by any combination of letters, digits, plus
("+"), period ("."), or hyphen ("-"). Although schemes are case-
insensitive, the canonical form is lowercase and documents that
specify schemes must do so with lowercase letters. An implementation
should accept uppercase letters as equivalent to lowercase in scheme
names (e.g., allow "HTTP" as well as "http") for the sake of
robustness but should only produce lowercase scheme names for
consistency.
</details>
~~Fixing the regex to add missing chars could solve the issue. However according to the RFC, we should not allow underscores. But `\w+` permits it (removing it would be a minor BC break anyway).~~
~~IMHO, we should not care in this listener if the scheme is valid or not (a validator should be used instead), so I'd suggest to simply check if a scheme is provided or not.~~ I'm not using `parse_url($string, PHP_URL_SCHEME)` because `http:/symfony.com` or `http:symfony.com` is considered valid as containing a scheme.
Actually, I changed my mind about previous fix (28f816a) and went back to the regex, in order to have strings like `symfony.com?uri=http://example.com` properly transformed to `symfony.com?uri=http://example.com`
Commits
-------
46dd3b9 [Form] Fix UrlType transforms valid protocols
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#20301).
Discussion
----------
[SecurityBundle] Changed encoder configuration example to bcrypt
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Simple change in the configuration example to help developers to not use `sha512` as encoder when using `config:dump-reference`.
Commits
-------
a55058f [SecurityBundle] Changed encoder configuration example to bcrypt
