This PR was squashed before being merged into the 2.1 branch (closes#5586).
Commits
-------
6b66bc3 [2.1] Added missing error return codes in commands
Discussion
----------
[2.1] Added missing error return codes in commands
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
See: #5585
---------------------------------------------------------------------------
by fabpot at 2012-09-24T12:10:47Z
Exit code values are standardized and some values have some well-defined meaning. Have a look here for more info: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Process/Process.php#L67
Commits
-------
39157a8 [Security] fixes multiple overlapping definitions of DefaultFailureHandler and DefaultSuccessHandler in AbstractFactory
Discussion
----------
[Security] fixes multiple overlapping definitions of DefaultFailureHandler and DefaultSuccessHandler in AbstractFactory
If more than one listener extends AbstractFactory, you'll have multiple calls to createAuthenticationFailureHandler and createAuthenticationSuccessHandler with the same id.
Implicitly it's going to use the one generated by the last factory generating unexpected behavior.
This is related to commits 915704c071 and c6aa392df7
Commits
-------
bb138da [Security] Fix regression after rebase. Target url should be firewall dependent
eb19f2c [Security] Add note to CHANGELOG about refactored authentication failure/success handling [Security] Various CS + doc fixes [Security] Exception when authentication failure/success handlers do not return a response [Security] Add authors + fix docblock
f9d5606 [Security] Update AuthenticationFailureHandlerInterface docblock. Never return null
915704c [Security] Move default authentication failure handling strategy to seperate class [Security] Update configuration for changes regarding default failure handler [Security] Fixes + add AbstractFactory test for failure handler
c6aa392 [Security] Move default authentication success handling strategy to seperate class [Security] Update configuration for changes regarding default success handler [Security] Fix + add AbstractFactory test
Discussion
----------
[Security] Refactor authentication success handling
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: [](http://travis-ci.org/asm89/symfony)
License of the code: MIT
This PR extracts the default authentication success handling to its own class as discussed in #4553. In the end the PR will basically revert #3183 (as suggested by @schmittjoh) and fix point one of #838.
There are a few noticeable changes in this PR:
- This implementation changes the constructor signature of the `AbstractAuthentictionListener` and `UsernamePasswordFormAuthenticationListener` by making the `AuthenticationSuccessHandler` mandatory (BC break). If this WIP is approved I will refactor the failure handling logic too and then this will also move one place in the constructor
- This PR reverts the change of making the returning of a `Response` optional in the `AuthenticationSuccessHandlerInterface`. Developers can now extend the default behavior themselves
@schmittjoh Any suggestions? Or a +1 to do the failure logic too?
---------------------------------------------------------------------------
by schmittjoh at 2012-06-17T23:53:07Z
+1 from me
@fabpot, what so you think?
---------------------------------------------------------------------------
by fabpot at 2012-06-19T08:15:48Z
Can you add a note in the CHANGELOG? Thanks.
---------------------------------------------------------------------------
by asm89 at 2012-06-19T10:22:20Z
I will, but I'll first do the same for the failure logic.
---------------------------------------------------------------------------
by travisbot at 2012-06-21T08:03:14Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1671555) (merged 17c8f66f into 55c6df99).
---------------------------------------------------------------------------
by asm89 at 2012-06-21T08:45:38Z
👍 thank you @stof. I think this is good to go now.
---------------------------------------------------------------------------
by travisbot at 2012-06-21T08:50:28Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1671817) (merged 8982c769 into 55c6df99).
---------------------------------------------------------------------------
by asm89 at 2012-06-21T14:23:58Z
@schmittjoh @fabpot The `LogoutListener` currently throws an exception when the successhandler doesn't return a `Response` ([link](9e9519913d/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php (L101))). Should this code check for this too?
---------------------------------------------------------------------------
by schmittjoh at 2012-06-21T14:26:49Z
Yes, this code was removed, but needs to be re-added here as well.
---------------------------------------------------------------------------
by travisbot at 2012-06-21T15:08:59Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1674437) (merged 5afa240d into 55c6df99).
---------------------------------------------------------------------------
by asm89 at 2012-06-26T06:01:02Z
@fabpot Can you make a final decision on this? If you decide on point 3, this code can be merged. I agree with the arguments of @stof about the option handling and it 'only' being a BC break for direct users of the security component. I even think these direct users should be really careful anyway, since the behavior of the success and failurehandlers now change back to how they acted in 2.0.
Now I am thinking about it, can't the optional parameters of this class move to setters anyway? That will make it cleaner to extend.
---------------------------------------------------------------------------
by asm89 at 2012-06-28T10:29:50Z
ping @fabpot
---------------------------------------------------------------------------
by fabpot at 2012-06-28T17:23:02Z
I'm ok with option 1 (the BC break). After doing the last changes, can you squash your commits before I merge? Thanks.
---------------------------------------------------------------------------
by asm89 at 2012-07-06T21:59:54Z
@fabpot I rebased the PR, added the authors and also ported the fix that was done in 8ffaafa867 to be contained in the default success handler. I also squashed all the CS and 'small blabla fix' commits. Is it ok now?
Edit: travisbot will probably say that the tests in this PR fail, but that is because current master fails on form things
---------------------------------------------------------------------------
by asm89 at 2012-07-08T18:53:05Z
I rebased the PR, tests are green now: [](http://travis-ci.org/asm89/symfony).
[Security] Various CS + doc fixes
[Security] Exception when authentication failure/success handlers do not return a response
[Security] Add authors + fix docblock
Commits
-------
d9439ab made the charset overridable (closes#2072)
Discussion
----------
made the charset overridable (closes#2072)
The charset was configurable in a configuration file but it never worked:
framework:
charset: ISO-8859-1
Now, like for the cache and log dirs, you can configure the charset by
overriding the getCharset() method in the app kernel:
public function getCharset()
{
return 'ISO-8859-1';
}
---------------------------------------------------------------------------
by fabpot at 2012-07-03T07:26:04Z
See #2072 for the previous attempts to fix this issue.
The charset was configurable in a configuration file but it never worked:
framework:
charset: ISO-8859-1
Now, like for the cache and log dirs, you can configure the charset by
overriding the getCharset() method in the app kernel:
public function getCharset()
{
return 'ISO-8859-1';
}
Commits
-------
8ffaafa Make the session entry for the target url firewall dependent.
Discussion
----------
[Security] Make the session entry for the target url firewall dependent.
Bug fix: yes
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets:
License of the code: MIT
If there are two firewalls (eg. main and admin), calling an protected admin url
will direct you to the login form of the admin. If I ignore this and go to the login
form of the main firewall directly I will end up being redirected to the stored
admin target url, which will lead me to the admin login form again.
---------------------------------------------------------------------------
by travisbot at 2012-05-25T09:33:44Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1431566) (merged 8ffaafa8 into 45849ce3).
---------------------------------------------------------------------------
by uwej711 at 2012-06-09T08:05:54Z
Doesn't this make sense or did this slip through? Or is there something missing?
If there are two firewalls (eg. main and admin), calling an protected admin url
will direct you to the login form of the admin. If I ignore this and go to the login
form of the main firewall directly I will end up being redirected to the stored
admin target url. This is not what you usually want to happen.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Currently the ports in RetryAuthenticationEntryPoint are fixed in the constructor call, there is no way to set them when you run your application on different ports.
With this fix the ports are taken from the router configuration.
Commits
-------
75c7d3a Fixed the link to the method with onclick event.
ecbabec renamed 'Request handler' to 'Controller' and 'Route ID' to 'Route name'.
3c5ede4 Add a new query to display all information.
f6a866b Merged CSS for the toolbar in both embedded mode (on each page) and profiler.
306533b Updated the responsive design in addition to the scenario with authenticated users and exception notification.
4a3312b Updated the toolbar with the responsive design (normal-to-large scenario).
1eec2a2 Updated the toolbar with the responsive design (normal-to-small scenario).
03c8213 Refactored the CSS code for the toolbar out of the template.
37843b3 Updated with PHP logo (only the text).
d5e0ccc Made the toolbar to show the version, memory usage, the state of security (both a abbreviation and an associate description) and number of DB requests and request time.
37ad8a6 Removed the check for verbose and adjusted the style when the toolbar is on the top of the page.
67b0532 Redesigned the WDT.
Discussion
----------
Re-design the debugging toolbar
The toolbar is very useful and containing lots of information. However, as there are too much information, it is very distracting and the toolbar area somehow ends up taking too much space and then becomes something like a panel.
The main purpose of this pull request is to hide any information and show only whenever the user wants to see, except the status code and response time.
This is based on [the pull request #3833](https://github.com/symfony/symfony/pull/3833) with the feedbacks and for 2.1 (master).
The testing app is available at http://home.shiroyuki.com.
---------------------------------------------------------------------------
by stof at 2012-04-10T06:24:36Z
@shiroyuki your testing app denies the access because of the restriction in app_dev.php
---------------------------------------------------------------------------
by shiroyuki at 2012-04-10T06:27:27Z
@stof: I'm sorry. It should be working now.
---------------------------------------------------------------------------
by stof at 2012-04-10T06:45:39Z
Moving the toolbar to the top of the page means it will hide some content of the page. You should keep it at the bottom
---------------------------------------------------------------------------
by shiroyuki at 2012-04-10T06:48:28Z
Just a moment ago, I changed the position of the toolbar via `config_dev` so I could check when WDT is on the top.
I just reverted the config file. :D
---------------------------------------------------------------------------
by fabpot at 2012-04-10T06:55:16Z
Some comments:
* I would have kept the number of database request as this number is probably the one everybody should have a look at on every page.
* I would have used the original PHP logo (in black and white) instead of a non-standard one
But overall, this is a very nice improvement.
---------------------------------------------------------------------------
by stloyd at 2012-04-10T06:55:43Z
There is an issue with "bubbling" at Firefox 11 (at least), when you hover `<a>` element, the hover event seems to be "launched" twice.
---------------------------------------------------------------------------
by fabpot at 2012-04-10T06:56:13Z
As the verbose mode has been removed from the template, it should also be removed from the configuration (I can do that after merging if you don't know how to do that).
---------------------------------------------------------------------------
by shiroyuki at 2012-04-10T07:05:31Z
@stloyd I noticed that too. As I couldn't find the same issue on Webkit-based browsers and all effects on this toolbar heavily relies on CSS, it could have been a glitch on Firefox.
@fabpot I'll see what I can do with the number of DB request and the logo.
---------------------------------------------------------------------------
by asm89 at 2012-04-10T07:26:28Z
Will there be options to somehow keep the debug toolbar 'expanded' or something? I guess the folding of the sf and php information makes sense, but I personally look at the request/time/memory/security and query parts of the toolbar a lot. As my browser window is big enough to show all information at once, this would be a huge step backwards imo.
---------------------------------------------------------------------------
by XWB at 2012-04-10T07:28:38Z
Agreed with @asm89, I also want the option to show all the information on my screen.
---------------------------------------------------------------------------
by fabpot at 2012-04-10T08:28:00Z
I tend to agree too with @asm89. What about reusing the `verbose` option for that. This was already its purpose anyway.
---------------------------------------------------------------------------
by shiroyuki at 2012-04-10T14:56:45Z
How about using media query?
---------------------------------------------------------------------------
by shiroyuki at 2012-04-11T02:20:32Z
Please note that the latest commit still doesn't have the new logo for PHP.
As DoctrineBundle now has its own repository, the change to show the number of DB requests is already done via DoctrineBundle's [PR 57](https://github.com/doctrine/DoctrineBundle/pull/57).
---------------------------------------------------------------------------
by guilhermeblanco at 2012-04-11T02:50:47Z
@fabpot @shiroyuki as soon as this patch is merged I will do the same on DoctrineBundle.
All you need to do is look at me over our desks' separator. =D
---------------------------------------------------------------------------
by shiroyuki at 2012-04-11T03:17:41Z
The last commit has the updated PHP logo. Unfortunately as @stloyd and @guilhermeblanco pointed out, the flicking on the toolbar when the mouse is over might have been due to the CSS issue on Firefox.
---------------------------------------------------------------------------
by Tobion at 2012-04-11T04:46:36Z
Nice work shiroyuki. I always had the feeling the toolbar can be improved. Good that you got this one going.
I would remove the verbose option (rarely nobody changes it) and use media queries to accomplish a responsive design that shows as much information as possible. And only shows the most important facts when there is not enough space.
E.g. the symfony version could be removed if it doesn't fit on the screen because it's mostly static from request to request.
---------------------------------------------------------------------------
by Tobion at 2012-04-11T04:48:45Z
Another idea: Add a panel "PHP Info" to the profiler that shows the output of `phpinfo()`. This panel is linked from the PHP logo in the WDT which currently has no link on it.
---------------------------------------------------------------------------
by shiroyuki at 2012-04-11T15:47:51Z
@Tobion: It would be an overkill if `phpinfo()` was visible in the toolbar. Additionally, the toolbar doesn't fit to show that amount of information. Plus, the information released by `phpinfo()` is also static and easily obtained by a simple PHP script. I don't think that WDT should be showing this information.
Please note that the media query is not yet implement. The followings are still unknown to me:
* should we support the toolbar for mobile device?
* what is the minimum screen size?
---------------------------------------------------------------------------
by Tobion at 2012-04-11T15:52:43Z
@shiroyuki you misunderstood me. phpinfo() should be a new panel in the PROFILER, not the WDT. It is reachable from the WDT by clicking on the PHP logo. But that can be implemented in a seperate PR. It's just an idea and before I would implement it, I'd like to receive feedback if it would be accepted at all.
---------------------------------------------------------------------------
by fabpot at 2012-04-11T16:38:44Z
Displaying `phpinfo()` data is not in the scope of this PR.
---------------------------------------------------------------------------
by Tobion at 2012-04-11T16:48:50Z
@fabpot yeah. But would you accept such a PR or do you think it's not useful?
---------------------------------------------------------------------------
by fabpot at 2012-04-11T16:57:49Z
@Tobion The web profiler is mainly about information for the current request; so I'm not sure it would be useful to have such a tab in the profiler.
---------------------------------------------------------------------------
by vicb at 2012-04-11T17:06:15Z
@fabpot @Tobion what about adding it in the config panel ? Not sure if it is very useful but I have seen to many `phpinfo.php` in the web root folder. (It could be an expandable panel loaded via ajax like what is used for the Doctrine explain panel).
---------------------------------------------------------------------------
by shiroyuki at 2012-04-12T03:11:40Z
@tobian @vicb: what kind of information are you looking from `phpinfo()`?
---------------------------------------------------------------------------
by Felds at 2012-04-12T03:30:02Z
The equivalent for `phpinfo()` was extremely convenient and helped a lot in Symfony 1. It's out of scope but an optional panel could be nice.
Ini flags are of great help when debugging on a hurry.
👍 for that!
---------------------------------------------------------------------------
by Tobion at 2012-04-12T03:37:52Z
@shiroyuki I don't understand your question. Everything of it should be displayed. But don't worry about phpinfo(), I'll work on that in a seperate PR. You can focus on the responsive design. ;)
---------------------------------------------------------------------------
by vicb at 2012-04-12T06:54:35Z
@shiroyuki I am not looking for anything specific. Just saying I have seen many times customer code using a publicly accessible file to return the info and it would help to get ride of this file.
---------------------------------------------------------------------------
by sstok at 2012-04-12T07:59:18Z
```
should we support the toolbar for mobile device?
```
Good question, I don't think so because the screen-size is to small to show anything useful.
Maybe a small icon to display the information as overlay, including the token so you can refer to that on a bigger screen?.
---------------------------------------------------------------------------
by johnnypeck at 2012-04-13T06:45:43Z
If your interested in a useful but not so intrusive way of providing the toolbar on mobile devices perhaps take a look at what the guys at Twitter have done with the topbar navigation converting to a semi-accordion style menu on mobile in Bootstrap. I can see the usefulness. Checkout the responsive.less which makes it easy enough to include/exclude depending on screen size. I found it quite useful in a recent project.
Regarding adding a tab for phpinfo, sure it would be useful BUT if the reasoning is that some people leave a publicly available phpinfo script therefore just include it then I would not include it. There are many more useful requirements of the toolbar rather than to insulate intro to web issues. That's like saying don't include the toolbar because someone may build an application that makes the toolbar available publicly (which will happen). I've seen too many projects in my years having no clue of versioning tools that must have been built on the server, live, with filenames like indexv1.php, indexv2.php, indexTryAgain.php, db credentials in the clear, and just hoping to find a point where it works enough. And yes, I've found those scripts were publicly available and still around years after they were created; security holes and all! I'm preaching to the choir here. You'll never stop stupid. All we can do is educate by any means we have and share our knowledge with one another. Aside from that devils advocate reasoning, I would include the phpinfo tab, it does make sense in those random "did I/they compile that in" circumstances. ;-) Sorry for the rant.
+1 for mobile
sorta+1 for phpinfo
+10 for better educating on how to include anything you need so phpinfo could be a "my first foray into adding a tool to my toolbar for Symfony" tutorial in the cookbook.
Again, sorry for the long winded rant. Cheers everyone. Goodnight.
---------------------------------------------------------------------------
by shiroyuki at 2012-04-13T23:33:21Z
@stof I think we can remove the CSS.
Commits
-------
aa055df [Composer] Stwitch to composer vendors management
Discussion
----------
[Composer] Stwitch to composer vendors management
Bug fix: no
Feature addition: yes
Backwards compatibility break: No?
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
[](http://travis-ci.org/canni/symfony)
This speeds up Travis CI builds to `~2 min` also makes vendor management
a lot easier.
---------------------------------------------------------------------------
by fabpot at 2012-02-09T06:24:24Z
I'm -1 on this change. The `vendors.php` script is *only* for people working on the core so that we can run the unit tests. So, we need the flexibility to test on many different versions of the code and having the repository here is kind of mandatory.
---------------------------------------------------------------------------
by Seldaek at 2012-02-09T08:15:28Z
You can `composer install --dev` to get proper clones. I'm not really pro or against, just saying it's an option.
---------------------------------------------------------------------------
by canni at 2012-02-09T08:28:54Z
@fabpot I understand yours point, but from my view transferring the whole git structure of *vendors* is little pointless IMO (especially in Travis env)
but I think I can make this change optional, so Travis and anyone that prefer to, can use `composer` an with old functionality available.
(There will be almost no duplication, as anyway we're updating `composer.json`)
---------------------------------------------------------------------------
by canni at 2012-02-09T09:20:17Z
@fabpot I've enabled both behaviors, everything will work regardless of using `composer` or `vendors.php` this lets the developer decide what to use
---------------------------------------------------------------------------
by drak at 2012-02-16T12:05:28Z
Since there is a `--dev` option in Composer then I think this is a good idea. You could also add composer.phar to the repo bin directory.
---------------------------------------------------------------------------
by henrikbjorn at 2012-02-16T12:06:55Z
`--dev` have been renamed to `--prefer-source`
---------------------------------------------------------------------------
by canni at 2012-02-16T12:22:01Z
@fabpot any chance to consider this merge? If not, this PR can be closed.
---------------------------------------------------------------------------
by henrikbjorn at 2012-02-16T12:25:51Z
@canni This is the goal eventually. But i think we need composer to be a bit more stable in its solver.
---------------------------------------------------------------------------
by francoispluchino at 2012-02-16T12:39:24Z
👍
---------------------------------------------------------------------------
by jmikola at 2012-04-06T18:19:27Z
@fabpot: Is this PR still off the table, or are you reconsidering it with the `--prefer-source` option? I was just running symfony unit tests, and attempted to install deps with composer as I thought this PR or another like it had recently been merged to core. It wasn't :)
Admittedly, it's a downside that vendor libs, even if git repositories, will be nestled within the `.composer/` directory.
---------------------------------------------------------------------------
by drak at 2012-04-07T00:20:33Z
@canni This PR needs to be rebased and reviewed because of the changed tests directory (there is no longer a central `tests/` folder).
---------------------------------------------------------------------------
by canni at 2012-04-07T06:34:28Z
Hey,
will do after a weekend.
canni
Użytkownik Drak <reply@reply.github.com> napisał:
>@canni This PR needs to be rebased and reviewed because of the changed tests directory (there is no longer a central `tests/` folder).
>
>---
>Reply to this email directly or view it on GitHub:
>https://github.com/symfony/symfony/pull/3291#issuecomment-5004750
---------------------------------------------------------------------------
by canni at 2012-04-08T19:02:03Z
@drak done.
