This PR was merged into the 5.3-dev branch.
Discussion
----------
[PasswordHasher] Fix: Use algorithm instead of algo
| Q | A
| ------------- | ---
| Branch? | 5.5
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This pull request
* [x] renames fields, variables, and parameters using `algos` or `algo` (which appear to be entirely made-up words) to `algorithms` and `algorithm` respectively
Commits
-------
a4dd14b478 Fix: Use algorithm instead of algo
This PR was merged into the 5.3-dev branch.
Discussion
----------
[PasswordHasher] Fix: Run 'php-cs-fixer fix'
| Q | A
| ------------- | ---
| Branch? | 5.5
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This pull request
* [x] runs `php-cs-fixer fix` in `src/Symfony/Component/PasswordHasher`
💁♂️ I do not know who or what enforces coding standard issues in this repository, but after opening a few pull requests in this repository, I noticed that `fabbot.io` repeatedly reports coding standard violations that are unrelated to the proposed changes. As an experiment I ran
```
$ php-cs-fixer fix
```
on the entire repository and found a lot of issues. Not sure, would you not prefer to have these fixed?
Since the `PasswordHasher` component was only recently extracted, I assume it is safe to propose to run `php-cs-fixer fix` at least on this newly introduced component.
Commits
-------
2102170e43 Fix: Run 'php-cs-fixer fix'
This PR was merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle] Deprecate session.storage service
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | TODO
Following the deprecation of `session` service, this PR deprecate other services that contains state: `session.storage`
- `session.storage`
- `session.storage.native`, `session.storage.php_bridge` and `session.storage.mock_file`
- `session.storage.metadata_bag`
Because people can inject / decorate override all these services, providing a migration path like I did with `session` would have been very hard. That's why, I added a new `opt-in` flag:
When people use `framework.session: true` or `framework.session.storage_id` the previous behavior is kept and deprecation are triggered when accessing the services.
But when people use the new `framework.session.storage_factory_id` configuration, the previous services (`session.storage.*`) are deleted (in case people would try to inject the legacy `session.storage*` services and would have expect to manipulate the same objects as the object injected in the session)
Commits
-------
37c591516a Deprecate session.storage
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Negated (not:) env var processor
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? |no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | symfony/symfony-docs#14976
This little PR suggests a `not:` env var processor (in a perfect world, I would name it `!:` but only words are accepted as prefixes 🙃)
Goal is to _negate_ a boolean env variable.
Example usage:
```bash
FOO=yes
BAR=off
```
```yaml
# config/services.yaml
parameters:
not_foo: '%env(not:FOO)%' # false
not_bar: '%env(not:BAR)%' # true
```
I'm thinking of this for this kind of usages:
- `some_prod_related_stuff: '%env(not:APP_DEBUG)%'`
- `enabled: '%env(not:bool:key:disabled:query_string:SOME_DSN)%'`
~~Processor raises an exception when preceding resolved value is not a boolean.~~
This processor allows any truthy/falsy values, like `bool:`.
Thank you,
Ben
Commits
-------
56545fd270 [DependencyInjection] Negated (not:) env var processor
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Extract password hashing from security-core - with proper wording
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#39698
| License | MIT
| Doc PR | todo
This PR renames password "encoders" to password _hashers_ (naming widely used, see e.g. django or laravel).
This also takes the opportunity to extract the logic related to password hashing from security-core, moving it to a new password-hasher component.
Nowadays, many modern web apps and APIs don't deal with passwords at all, that's why splitting makes sense as a step towards making security-core not tied to the password concept.
For upgrading, applications will have to use `passwords_hashers` instead of `encoders` in their security configuration, and type-hint against `PasswordHasherInterface` (and related) instead of `PasswordEncoderInterface`.
The proposed API is not much different from the encoder one regarding behavior and signatures, and it is slightly more close to the PHP built-in password hashing API:
```php
namespace Symfony\Component\PasswordHasher;
interface PasswordHasherInterface
{
public function hash(string $plainPassword): string;
public function verify(string $hashedPassword, string $plainPassword): bool;
public function needsRehash(string $hashedPassword): bool;
}
```
Commits
-------
c5c981c559 [Security] Extract password hashing from security-core - using the right naming
* 5.2:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
* 4.4:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 4.4 branch.
Discussion
----------
[Finder] add missing return type declaration
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
should make builds green again
Commits
-------
cfce9cbd59 add missing return type declaration
This PR was merged into the 4.4 branch.
Discussion
----------
[Finder] Use a lazyIterator to close files descriptors when no longer used
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | fix#35508
| License | MIT
| Doc PR | -
The `RecursiveDirectoryIterator` class open the file on `__construct`.
Because we Inject an instance of `RecursiveDirectoryIterator` inside the \AppendIterator` class, php opens a lot of file even before iterating on it.
This PR adds a new `LazyIterator` class that instantiate the decorated class only when something starts iterating on it.
When the iteration is over, it unset the variable to close let the decorated class clean things (ie. close the files)
Commits
-------
7117e1a798 Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 4.4 branch.
Discussion
----------
Modernize func_get_args() calls to variadic parameters
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
While reviewing #40143, I stumbled across the `Filesystem::box()` method and I felt like we could make the code look a little less PHP5-ish.
Commits
-------
5b536131f7 Modernize func_get_args() calls to variadic parameters
This PR was merged into the 5.3-dev branch.
Discussion
----------
[HttpFoundation] Fix consistency in sessions not found exceptions
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40112
| License | MIT
| Doc PR | -
Make `Request::getSession` thrown a `SessionNotFoundException` and make `SessionNotFoundException` extends `\BadMethodCallException` for backward compatibility and
Commits
-------
7fcb76d367 Fix consistency in sessions not found exceptions
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Filesystem] Remove dirs atomically if possible
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#27578
| License | MIT
| Doc PR | no need to
Commits
-------
17bccca9c6 [Filesystem] remove dirs atomically if possible
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Uid] Add UidFactory to create Ulid and Uuid from timestamps and randomness/nodes
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Ref https://github.com/symfony/symfony/pull/36097
When you migrate an existing resource identifier to an uid, you might want to choose the timestamp so that it is coherent with the creation date of the existing resource. (eg: I have a row in a table with id=1, created_at=2018-12-11 19:00:00, I would like to use that timestamp to create the resource Ulid).
I guess it can also be useful to choose the randomness of the Ulid or the node of the Uuid.
From what I understood, v3 and v5 don't need those features, this is why there are not in the factory.
See https://github.com/symfony/symfony/pull/39507#pullrequestreview-584904889 for more details.
Commits
-------
88a99ddbdf [Uid] Add UuidFactory to create Ulid and Uuid from timestamps, namespaces and nodes
This PR was merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle][Messenger] Added RouterContextMiddleware
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TODO
When handling a message in async, we, sometimes need the Router Context to generate absolute URL. ie:
- sending an email when the message contains only the template
- generating a PDF
People can use the configuration `router.default_uri` to workaround and fix the issue, but this does not work when the web application servers several domains.
This PR provide a new middleware that store the current router context in a stamp, and restore the context when processing the message.
Commits
-------
8fe8b96921 [Messenger] Added RouterContextMiddleware
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[RateLimiter] Fix sliding_window misbehaving with stale records
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Currently the SlidingWindow RateLimiter returns a negative value for getHitCount if the previous SlidingWindow was too long ago. This results in a really high value from `SlidingWindowLimiter::getAvailableTokens()` which is higher than the configured limit.
This limits the value of percentOfCurrentTimeframe in `SlidingWindow::getHitCount()` to 1 so it can't result in a negative hitcount.
The 2nd fix fixes the SlidingWindow instance (essentially) not storing hits if the previous instance is way in the past, as the next instance will still be "in the past". This causes RateLimit to behave as if it were disabled until it has caught up again, which could take a long time when it is configured with a small window size.
Commits
-------
57033164c6 [RateLimiter] Fix sliding_window misbehaving with stale records
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [Firebase] Add data field to options
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/40078
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
The Firebase Notifier must comply to the specifications at https://firebase.google.com/docs/cloud-messaging/xmpp-server-ref.html#notification-payload-support .
The options are missing the `data` field which is a common field for all types of notifications: web, ios and android.
Commits
-------
fa8064bbd3 [Notifier] [Firebase] Add data field to options
This PR was merged into the 4.4 branch.
Discussion
----------
Re-enable triggering deprecations about return types
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Now that the three PRs linked in #40066 are merged, we can re-enable this check.
Commits
-------
01ac9b1990 Re-enable triggering deprecations about return types
* 5.2:
[HttpKernel] fix transient test
[FrameworkBundle] Fix freshness checks with boolean parameters on routes
forward the label_html option to expanded choice fields
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
Add some information about the username in CONTRIBUTORS
