* 5.2:
Fixes Undefined method call
minor #41065 [Security] Added missing translations for Serbian (sr_Cyrl)
[Security] Added missing translations for Serbian (sr_Latn) #41066
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Added missing translations for Serbian (sr_Latn)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41066
| License | MIT
| Doc PR |
Added 2 missing translations for Serbian (sr_Latn).
Commits
-------
ce31fc3643 [Security] Added missing translations for Serbian (sr_Latn) #41066
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Added missing translations for Serbian (sr_Cyrl)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41065
| License | MIT
| Doc PR |
Added 2 missing translations.
Commits
-------
0e3165c67d minor #41065 [Security] Added missing translations for Serbian (sr_Cyrl)
This PR was submitted for the 5.x branch but it was merged into the 5.2 branch instead.
Discussion
----------
Fixes Undefined method call
Psalm reported this
```
ERROR: UndefinedMethod - vendor/symfony/framework-bundle/Kernel/MicroKernelTrait.php:185:148 - Method ReflectionType::isBuiltin does not exist (see https://psalm.dev/022)
$configuratorClass = $configureRoutes->getNumberOfParameters() > 0 && ($type = $configureRoutes->getParameters()[0]->getType()) && !$type->isBuiltin() ? $type->getName() : null;
```
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR |
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
Commits
-------
6dba988629 Fixes Undefined method call
* 5.2:
[SecurityBundle] add missing type-hint
[SecurityBundle] Remove invalid unused service
[Security] [DataCollector] Remove allows anonymous information in datacollector
[Workflow] Remove dead call to `Defnition#addTag()`
add chinese translation
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Security] [RememberMe] Add support for parallel requests doing remember-me re-authentication
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | yes ish <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40971, Fix#28314, Fix#18384
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
This is a possible implementation to gather feedback mostly..
`TokenVerifierInterface` naming is kinda bad perhaps.. But my goal would be to merge it in TokenProviderInterface for 6.0 so it's not so important. Not sure if/how to best indicate this in terms of deprecation notices.
Anyway wondering if this would be an acceptable implementation (ideally in an application I would probably override the new methods from DoctrineTokenProvider to something like this which is less of a hack and does expiration properly:
```php
public function verifyToken(PersistentTokenInterface $token, string $tokenValue)
{
if (hash_equals($token->getTokenValue(), $tokenValue)) {
return true;
}
if (!$this->cache->hasItem('rememberme-' . $token->getSeries())) {
return false;
}
/** `@var` CacheItem $item */
$item = $this->cache->getItem('rememberme-' . $token->getSeries());
$oldToken = $item->get();
return hash_equals($oldToken, $tokenValue);
}
public function updateExistingToken(PersistentTokenInterface $token, string $tokenValue, \DateTimeInterface $lastUsed): void
{
$this->updateToken($token->getSeries(), $tokenValue, $lastUsed);
/** `@var` CacheItem $item */
$item = $this->cache->getItem('rememberme-'.$token->getSeries());
$item->set($token->getTokenValue());
$item->expiresAfter(60);
$this->cache->save($item);
}
```
If you think it'd be fine to require optionally the cache inside DoctrineTokenProvider to enable this feature instead of the hackish way I did it, that'd be ok for me too.
The current `DoctrineTokenProvider` implementation of `TokenVerifierInterface` relies on the lucky fact that series are generated using `base64_encode(random_bytes(64))` which always ends in the `==` padding of base64, so that allowed me to store an alternative token value temporarily by replacing `==` with `_`.
Alternative implementation options:
1. Inject cache in `DoctrineTokenProvider` and do a proper implementation (as shown above) that way
2. Do not implement at all in `DoctrineTokenProvider` and let users who care implement this themselves.
3. Implement as a new `token_verifier` option that could be configured on the `firewall->remember_me` key so you can pass an implementation if needed, and possibly ship a default one using cache that could be autoconfigured
4. Add events that allow modifying the token to be verified, and allow receiving the newly updated token incl series, instead of TokenVerifierInterface, but then we need to inject a dispatcher in RememberMeAuthenticator.
`@chalasr` `@wouterj` sorry for the long description but in the hope of getting this included in 5.3.0, if you can provide guidance I will happily work on this further tomorrow to try and wrap it up ASAP.
Commits
-------
1992337d87 [Security] [RememberMe] Add support for parallel requests doing remember-me re-authentication
This PR was merged into the 5.2 branch.
Discussion
----------
[SecurityBundle] Remove invalid unused service
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Leftover of a revisited experimental feature (the class defined on the service does not exist).
Commits
-------
1e6588a848 [SecurityBundle] Remove invalid unused service
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Deprecate the old authentication mechanisms
| Q | A
| ------------- | ---
| Branch? | 5.3
| Bug fix? | no
| New feature? | no
| Deprecations? | yes/
| Tickets | #39308
| License | MIT
| Doc PR | todo
Now that the authenticator system proven working well and is considered stable, we can deprecate the old authentication listeners as well as the Guard component (+ integrations).
Commits
-------
0bb3964a2d [Security] Deprecate the old authentication mechanisms
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Missing translations for Chinese (zh_TW & zh_CN)
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#41037 , Fix#41038 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | no <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
Added missing translation for Chinese (zh_TW & zh_CN).
Commits
-------
26d156f17f add chinese translation
This PR was submitted for the 5.x branch but it was squashed and merged into the 5.2 branch instead.
Discussion
----------
[Security] [DataCollector] Remove allows anonymous information in datacollector
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | yes/no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | yes/no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40907
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
As mentioned In https://github.com/symfony/symfony/issues/40907 there is no longer anonymous users no longer in the new authentication system. This PR remove this information **if the new system is used** as it always a red cross
With `enable_authenticator_manager` at `false`
![image](https://user-images.githubusercontent.com/13260307/117574692-34c8d900-b0d6-11eb-9bef-a6c9abdfad2f.png)
With `enable_authenticator_manager` at `true`
![image](https://user-images.githubusercontent.com/13260307/117574619-f3382e00-b0d5-11eb-945a-3613425ccdbe.png)
Commits
-------
92cd096763 [Security] [DataCollector] Remove allows anonymous information in datacollector
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security\Http] Fix handling `secure: auto` using the new RememberMeAuthenticator
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The created cookie was always secure when using `auto` because of some missing config normalization that should have been copied from the legacy rememberme implementation.
Commits
-------
3fdc15474c [Security\Http] Fix handling `secure: auto` using the new RememberMeAuthenticator
This PR was merged into the 5.2 branch.
Discussion
----------
[Workflow] Remove useless call to `Definition#addTag()`
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
324dc750de [Workflow] Remove dead call to `Defnition#addTag()`
This PR was merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle] Fix missing unused known tag
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b8f20f646c [FrameworkBundle] Fix missing unused known tag
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle][Validator] Fix deprecations from Doctrine Annotations+Cache
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
* Doctrine Annotations' `CachedReader` is deprecated. Let's not use it if we don't have to.
* Doctrine Cache 2 has been released. Since we're mostly only using the interfaces, we can indicate compatibility.
Paslm is going to complain about missing classes, which is kind-of expected here. 🙂
Commits
-------
ec51c21a9d Fix deprecations from Doctrine Annotations+Cache
* 5.2:
[Finder] Fix gitignore regex build with "**"
Fixed deprecation warnings about passing null as parameter
[Security] Keep Bulgarian wording consistent across all texts.
Migrate configuration file for PHP CS Fixer 2.19/3.0
[Form] Replace broken ServerParams mock
[Mailer] Fix SES API call with UTF-8 Addresses
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Keep Bulgarian wording consistent across all texts
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Keep wording consistent across all texts in translations:
Trans unit id=17:
Too many === Твърде много
Trans unit id=19:
Too many === Прекалено много
I put word "Твърде", because it was used before.
Commits
-------
4f1b4f993e [Security] Keep Bulgarian wording consistent across all texts.
This PR was merged into the 4.4 branch.
Discussion
----------
Migrate configuration file for PHP CS Fixer 2.19/3.0
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This PR suggests to rename the PHP CS Fixer configuration file as expected by version 2.19 and 3.0. I don't know what version Fabbot is currently running, but as soon as it is updated to 2.19, we can merge this PR.
Commits
-------
1462a3215e Migrate configuration file for PHP CS Fixer 2.19/3.0
This PR was merged into the 5.2 branch.
Discussion
----------
[Mailer] Fix SES API call with UTF-8 Addresses
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The address (including email and name) used in Amazon SES API (`ses+api://`) must not contain unicode chars (https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_Destination.html)
This PR encodes name with base64 as suggested by issues in Official AWS SDKs (https://github.com/aws/aws-sdk-php/issues/1196, https://github.com/aws/aws-sdk-js/issues/1585)
note: I did not use the Base64Encoder, because the address could not be chunked (API Call failed) and it looks like addresses wider than 64 chars are allowed.
Commits
-------
05a9497230 [Mailer] Fix SES API call with UTF-8 Addresses
This PR was merged into the 4.4 branch.
Discussion
----------
Fixed deprecation warnings about passing null as parameter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Various built-in PHP functions will trigger a deprecation warning if `null` is passed as parameter. This PR attempts to fix all warnings that our test suite currently picks up.
Commits
-------
7d9bdf5734 Fixed deprecation warnings about passing null as parameter
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Finder] Fix gitignore regex build with "**"
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#41223
| License | MIT
| Doc PR | no
covered with tests, also faster, we do not have to explode the rule at all :)
ping `@lindelius` `@OskarStark`
Commits
-------
ce22d5ddd7 [Finder] Fix gitignore regex build with "**"