* 2.5:
[Validator] Added ConstraintValidator::buildViolation() helper for BC with 2.4 API
[Validator] Fixed LegacyValidator when only a constraint is validated
Conflicts:
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Validator/Constraints/AbstractComparisonValidator.php
src/Symfony/Component/Validator/Constraints/RangeValidator.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] make it possible to override the default success/failure handler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5432, #9272, #10417, #11926
| License | MIT
| Doc PR | symfony/symfony-docs#4258
Overriding the default success/failure handler of the security firewalls is possible via the `success_handler` and `failure_handler` setting but this approach is not flexible as it does not allow you to get the options/provider key.
To sum up the problem:
* Overriding the default success/failure handler is possible via a service;
* When not overridden, the default success/failure handler gets options and the provider key;
* Those options and the provider key are injected by the factory as they are dynamic (they depend on the firewall and the provider key), so getting those options/provider key is not possible for a custom service that is only configured via the container configuration;
* Extending the default handler does not help as the injection mechanism is only triggered when no custom provider is set;
* Wrapping the default handler is not possible as the service id is dynamic.
... and of course we need to keep BC and make it work for people extending the default handler but also for people just using the interface.
Instead of the current PR, I propose this slightly different approach. It's not perfect, but given the above constraint, I think this is an acceptable trade-of.
So, several use cases:
* Using the default handler (no change);
* Using a custom handler that implements `AuthenticationSuccessHandlerInterface` directly and does not need any options (no change);
* Using a custom handler that needs the options/provider key (that's the new use case this PR supports).
This PR introduces 2 new classes that wrap custom handlers. If those classes define the `setOptions()` and/or `setProviderKey()` methods, they are automatically called with the correct arguments. Yours handler does not need to extend the default handler `DefaultAuthentication*Handler`, but doing so helps as the setters are already defined there.
Commits
-------
810eeaf [Security] made it possible to override the default success/failure handler (take 2)
36116fc [Security] made it possible to override the default success/failure handler
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Added ConstraintValidator::buildViolation() helper for BC with the 2.4 API
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a `buildViolation()` helper method to the base `ConstraintValidator` to remove the API checks (2.4 vs. 2.5) from the constraint validator implementations. Once the 2.4 API is removed, this helper method will be removed as well.
**Todos**
- [x] Backport changes from #12021
Commits
-------
6b0c24a [Validator] Added ConstraintValidator::buildViolation() helper for BC with 2.4 API
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Fixed LegacyValidator when only a constraint is validated
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The 2.5-BC API is currently broken for the following use case:
```php
$validator->validate($value, $constraint);
```
This is fixed now.
Commits
-------
1d48206 [Validator] Fixed LegacyValidator when only a constraint is validated
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9453).
Discussion
----------
[Form][DateTime] Propagate invalid_message & invalid_message_parameters to date & time
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR propagates the `invalid_message` & `invalid_message_parameters` in the datetime form type to the date & time sub form types. It allows to have the good error message if you use something else than the `single_widget` widget.
I have looked the `DateTimeTypeTest` but I have not found tests related to this kind of propagation, so for now I have not added tests yet.
Commits
-------
ea4ae74 [Form][DateTime] Propagate invalid_message & invalid_message parameters to date & time sub widgets
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Choice children can be template customized like collection
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes?
| Deprecations? | no
| Tests pass? | No ?
| Fixed tickets |
| License | MIT
| Doc PR | None
I wanted to customize the template of a children of a choice field. I learned it was not currently possible, though it is with the collection type. So this should let people be able to customize the template for all the choice children at once.
Ie:
```jinja
{% block _user_colors_entry_widget %}
```
Still have to fix the tests
Commits
-------
4e6b27f [Form] Choice children can be template customized like collection
* 2.5:
[Command] Set the process title as late as possible
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Tests/Extension/Validator/Constraints/FormValidatorTest.php
This PR was squashed before being merged into the 2.4 branch (closes#12030).
Discussion
----------
Fix expression language in the container when using the "container" variable
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11995
| License | MIT
| Doc PR | n/a
See #11995 for the description of the problem.
Commits
-------
2b2f0df Fix expression language in the container when using the "container" variable
This PR was submitted for the master branch but it was merged into the 2.5 branch instead (closes#12032).
Discussion
----------
[Command] Set the process title as late as possible
| Q | A
| ------------- | ---
| Bug fix? | yes (so it could be merged into 2.5)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To be able to customize to process title in the `initialize` method of the
current command with some arguments or options
Commits
-------
44997d3 [Command] Set the process title as late as possible
* 2.4:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/FormType.php
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Form/Extension/Validator/Util/ServerParams.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractConstraintValidatorTest.php
* 2.3:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Simplified testing of violations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I simplified the assertion of violations in preparation of a replacement PR for #7276.
Commits
-------
8e5537b [Validator] Simplified testing of violations
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This argument was introduced in #11924. No release was made of the 2.3 branch after merging that PR.
Since a different constructor argument (`$requestHandler`) was added to FormTypeHttpFoundationExtension in the 2.5 branch, we cannot merge this forward in a BC fashion. For this reason, I removed the argument again.
Commits
-------
6cbc862 [Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
* 2.3:
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/CHANGELOG.md
src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
This PR was squashed before being merged into the 2.6-dev branch (closes#11949).
Discussion
----------
[Console] More consistent application description
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Commits
-------
28edd30 [Console] More consistent application description
This PR was merged into the 2.6-dev branch.
Discussion
----------
New php library structure made easier
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
[This article](https://medium.com/@christophewillemsen/stop-making-bundles-think-bundles-deadd27b88c0) from @ikwattro gives some good ideas on how to ease the creation of a PHP package:
- which is not a bundle usable only on a symfony full stack framework
- without requiring to maintain 2 repos (one for the lib and the other for the bundle)
The only drawback is that Symfony requires the DI extension to be on a given location. So I created a new method Bundle#getContainerExtensionClass than can be easily overwritten if you want to move the Extension class in another directory.
Commits
-------
8eda6b5 New php library structure made easier
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed StaticMethodLoaderTest to actually test something
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This test is not testing anything, except for whether PHP throws a strict standards error when invalid code is loaded.
I disabled error reporting for this test, so that the actual functionality (ignoring static+abstract functions) is tested.
Commits
-------
1b1303a [Validator] Fixed StaticMethodLoaderTest to actually test something
This PR was merged into the 2.6-dev branch.
Discussion
----------
[FrameworkBundle] Added unit-tests for GlobalVariables::getUser()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Tests added should explain that `getUser()` should return `null` when a string is found as user. If this is not correct, a PR should be made. However, this would result in a huge BC break due to people using `{% if app.user %}` which would return `null` if an anonymous token was found. If this suddenly returns a string, this check will fail.
While at it, I have also added `getUser()` tests to verify the unhappy flow is working. These tests uncovered that if `$container->get('security.token_storage')` fails, it will throw an exception rather than return `null`. This issue is now fixed.
List of changes
--------------------
- The old `testGetUser` has been refactored to be tested with multiple variations of return types to verify the return type to work as the code tells.
- `get('security.token_storage')` is now only executed if `has('security.token_storage')` returns true
@fabpot I think this PR should be merged before 2.6, because it fixes an uncaught exception bug in my previous PR which splits the security context
Commits
-------
3f055f7 Fixed a bug and added unit-tests for GlobalVariables
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] output failed matched path for clarification
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11780
| License | MIT
| Doc PR | -
Because cygwin resolves the path behind the scenes, it is otherwise very unclear what path is actually used for matching.
Commits
-------
8d13af7 [FrameworkBundle] output failed matched path for clarification
This PR was merged into the 2.6-dev branch.
Discussion
----------
[HttpKernel] Extract method to instantiate controller in ControllerResolver
Replaces #10814 to merge into `master` instead of `2.3`.
---
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Currently it's required to duplicate the entirety of the `getController()` and `createController()` methods just to replace the call to `new` (e.g. with container resolution, instead).
Now it's possible to just override the `instantiateController()` method.
Commits
-------
88274df [HttpKernel] Extract method to make callable controller in ControllerResolver
This PR was merged into the 2.6-dev branch.
Discussion
----------
[FrameworkBundle]Ignore LoggingTranslatorPass if there is no Translator ...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
6e1b47c [FrameworkBundle]Ignore LoggingTranslatorPass if there is no Translator definition.
This PR was merged into the 2.3 branch.
Discussion
----------
remove obsolete test file
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I don't think this file is used anymore.
Commits
-------
83f556f remove obsolete test file
This PR was submitted for the 2.4 branch but it was merged into the 2.3 branch instead (closes#11058).
Discussion
----------
[Security] bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10242
| License | MIT
[Security] fixed missing call to UserChecker::checkPreAuth
edit : after the discution with @hellomedia , i replaced postcheck with precheck
e0730e07ed (commitcomment-6580764)
Commits
-------
a38d1cd bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Serializer] PropertyNormalizer: a new normalizer that maps an object's properties to an array
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | if PR is deemed mergeable, I'll write the docs
This PR adds a new Normalizer for the Serializer component: **`PropertyNormalizer`**.
Currently the only normalizer is `GetSetMethodNormalizer`, which calls getters and setters. This new serializer uses the properties values directly.
This is especially useful if you write a webservice and take/return very simple DTO (Data Transfer Objects) which role is only to act like a "named" `stdClass`. Every property is public (the class doesn't contain any logic), and mapping that to an array is pretty easy.
This normalizer takes into account public, but also *private* and *protected* properties.
FYI I've based most of the code of `GetSetMethodNormalizer`.
Commits
-------
78ceed1 [Serializer] Added PropertyNormalizer, a new normalizer that maps an object's properties to an array
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6645
| License | MIT
| Doc PR | -
Consider the following entity:
```php
class Author
{
/**
* @Assert\NotBlank
*/
private $name;
private $age;
}
```
Right now, the "required" HTML attribute is set for both fields (since the default value of the "required" option is true). IMO this is wrong.
With this fix, the ValidatorTypeGuesser guesses `false` for the "required" option unless a NotNull/NotBlank constraint is present.
Commits
-------
fd77b09 [Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
This PR was merged into the 2.6-dev branch.
Discussion
----------
[WebProfilerBundle] Show AJAX requests in the symfony profiler toolbar
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Adds AJAX requests in the web debug toolbar.
See #8896 for the original discussion.
![image](https://cloud.githubusercontent.com/assets/47313/4384087/43d1feb2-43b0-11e4-99c9-3e50e19e623f.png)
Commits
-------
16d1b35 optimized JS for the AJAX section of the toolbar
2e708d7 made minor tweaks to JS code
8e4c603 replaced the AJAX icon with a smaller one
b66f39a removed hack
9c74fcc removed uneeded web_profiler.debug_toolbar.excluded_ajax_paths parameter in the container
d43edaf [WebProfilerBundle] improved the ajax section of the WDT
37f7dd7 [WebProfilerBundle] Show AJAX requests in the symfony profiler toolbar
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Validator] Added "payload" option to all constraints for attaching domain-specific data
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7273
| License | MIT
| Doc PR | TODO
The "payload" option can be used to pass whatever data should be attached to a constraint for an application:
```php
/**
* Domain-specific error codes
* @NotNull(payload="100")
*/
/**
* Structured domain-specific data
* @NotNull(payload={"display": "inline", "highlight": false})
*/
```
The term "payload" is borrowed from JSR-303.
Commits
-------
e8b7c6d [Validator] Added "payload" option to all constraints for attaching domain-specific data
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DependencyInjection] Add a new Syntax to define factories as callables
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
From the original PR #9839:
"This pull requests adds a new syntax to define factories based on the syntax for configurators. This is more flexible than the old syntax (factoryMethod and either of factoryClass or factoryService), as it also allows for functions as factories.
Since the service is now a Reference to a Definition it also allows us to inline factories for a small performance improvement and better encapsulation.
Lastly this prevents a bug where a private factory is simple removed because it's not referenced in the graph.
I did not change any of the existing definitions (there's one use of a factory in FrameworkBundle) or automatically use the new internal representation when parsing YAML or XML definitions because this could introduce subtle B/C issues.
"
Commits
-------
187aeee fixed CS
bd8531d added a new Syntax to define factories as callables.