This PR was merged into the 4.4 branch.
Discussion
----------
Add myself to CODEOWNERS for Security and Console
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
a2ab55407b Add myself to CODEOWNERS for Security and Console
This PR was merged into the 4.4 branch.
Discussion
----------
Add wouterj as codeowner for Security related packages
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This is what I've manually been doing since the 5.1 release. Now that I'm part of the Symfony mergers team, I would be happy to let GitHub ping important PRs for me automatically :)
_as 3.4 is closing the end of its maintenance lifetime, I think it'll save some merge conflicts to only add this in 4.4+_
Commits
-------
08c080600a Add wouterj as codeowner for Security related packages
This PR was squashed before being merged into the 5.x branch.
Discussion
----------
[Security][Notifier] Added integration of Login Link with the Notifier component
| Q | A
| ------------- | ---
| Branch? | 5.x (5.2 hopefully?)
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This adds a `LoginLinkNotification` that uses the `NotificationEmail` and integrates with the notifier component. This makes it much easier to use the login link functionality, as it provides a default email and sms implementation.
```php
class AuthController extends AbstractController
{
/** @Route("/login", name="login") */
public function login(LoginLinkHandlerInterface $loginLinkHandler, UserRepository $userRepository, Request $request, NotifierInterface $notifier)
{
if (!$request->isMethod('POST')) {
return $this->redirect('/');
}
$user = $userRepository->findOneBy(['email' => $request->get('email')]);
if (!$user) {
return new Response('User not found');
}
$loginLink = $loginLinkHandler->createLoginLink($user);
$notifier->send(new LoginLinkNotification($loginLink, 'Welcome to ACME!'), new Recipient($user->getEmail()));
return new Response('Login link send!');
}
/** @Route("/login/check", name="check_login") */
public function loginCheck()
{
throw new \BadMethodCallException();
}
}
```
---
The `NotificationEmail` is slightly changed, to allow bypassing the logging-related functionality. Also, @weaverryan suggested to remove the "created by Symfony" footer as this email is meant to be sent to all users of a service.
Commits
-------
04ef565895 [Security][Notifier] Added integration of Login Link with the Notifier component
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Fix Range Requests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #38295
| License | MIT
| Doc PR |
This PR fixes some deviations from [RFC 7233](https://tools.ietf.org/html/rfc7233) for handling range requests, mentioned in #38295.
- overlapping ranges are now satisfiable (e.g. when requested range end is larger than the file size)
- range units other than `bytes` will get ignored
- range requests for methods other than `GET` will be ignored
I did not manage yet to implement the support for multiple ranges, but also don't know, if that's needed here.
Commits
-------
681804ba1a [HttpFoundation] Fix Range Requests
* 5.1:
[Contracts] add branch-aliases for dev-main
[Cache] Make Redis initializers static
[Messenger] Fixed typos in Connection
[CI] Fixed build on AppVeyor
Fix tests typo
[Lock] Reset Key lifetime time before we acquire it
[CI] Silence errors when remove file/dir on test tearDown()
Fix tests
Remove content-type check on toArray methods
* 4.4:
[Contracts] add branch-aliases for dev-main
[Cache] Make Redis initializers static
Fix tests typo
[Lock] Reset Key lifetime time before we acquire it
[CI] Silence errors when remove file/dir on test tearDown()
This PR was merged into the 4.4 branch.
Discussion
----------
[Contracts] add branch-aliases for dev-main
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
symfony/contracts is still using a "main" branch so we need to alias it for composer to know which version this maps to.
Commits
-------
969f3c217b [Contracts] add branch-aliases for dev-main
This PR was squashed before being merged into the 5.x branch.
Discussion
----------
Fix minor issue when sharing windows between Limiters
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
If I start using my custom Limiter, then change back to `FixedWindowLimiter`, then my cache might contain a value that `FixedWindowLimiter` does not support.
This PR makes sure that we handle such switch.
Commits
-------
e9ac9712d8 Fix minor issue when sharing windows between Limiters
This PR was squashed before being merged into the 5.x branch.
Discussion
----------
[Messenger][Redis] Adding support for lazy connect
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#38558
| License | MIT
| Doc PR | Should be added
With inspiration from the CacheComponent. This PR makes it possible to make the connection to Redis only when you first use it.
Commits
-------
1d7c8013e6 [Messenger][Redis] Adding support for lazy connect
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Make Redis initializers static
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes .. or maybe?
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I am on very thin ice now. I saw a comment on similar code here: https://github.com/symfony/symfony/pull/38563#discussion_r504600024
These anonymous functions in the cache component could also be made static to avoid being connected to the object using the Redis trait.
Feel free to correct me if this does not make much sense.
Commits
-------
ad8de57b91 [Cache] Make Redis initializers static
This PR was merged into the 4.4 branch.
Discussion
----------
[Lock] Reset Key lifetime time before we acquire it
| Q | A
| ------------- | ---
| Branch? | 5.1 (maybe lower, I'll check)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38541
| License | MIT
| Doc PR | n/a
Im out on somewhat deep water now. I am pretty sure we should reset the Key lifetime every time we acquire it. Without it it will me tricky to re-use a lock. (As pointed out by #38541)
@jderusse can you confirm.
Commits
-------
55ad70225a [Lock] Reset Key lifetime time before we acquire it
This PR was submitted for the 5.x branch but it was merged into the 5.1 branch instead.
Discussion
----------
[Messenger] Fixed typos in Amqp Connection
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | n/a
Sorry for a small PR. When working with https://github.com/symfony/symfony-docs/pull/14404, I found a typo, then another one.. When I found 4 of them I decided to make a PR.
Commits
-------
5dec141afb [Messenger] Fixed typos in Connection
This PR was merged into the 4.4 branch.
Discussion
----------
Fix tests typo
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
While working on PSR 16 cache tests, I found this small glitch in the mocked `isHit` method
Commits
-------
047ce05f6b Fix tests typo
This PR was submitted for the 5.x branch but it was squashed and merged into the 5.1 branch instead.
Discussion
----------
[CI] Fixed build on AppVeyor
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? |
| New feature? |
| Deprecations? |
| Tickets |
| License | MIT
| Doc PR |
CI fails on AppVeyor with:
> There was 1 error:
>1) Symfony\Bridge\PhpUnit\Tests\DeprecationErrorHandler\ConfigurationTest::testBaselineFileWriteError
unlink(C:\Users\appveyor\AppData\Local\Temp\1\sf-38AF.tmp): Permission denied
>C:\projects\symfony\src\Symfony\Bridge\PhpUnit\Tests\DeprecationErrorHandler\ConfigurationTest.php:404
ERRORS!
We dont need to fail the tests if we cannot remove a file on `tearDown()`
Commits
-------
0c08432a3d [CI] Fixed build on AppVeyor
This PR was merged into the 3.4 branch.
Discussion
----------
[CI] Silence errors when remove file/dir on test tearDown()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? |
| Deprecations? |
| Tickets |
| License | MIT
| Doc PR |
Requested in #38556
Commits
-------
efef41faa1 [CI] Silence errors when remove file/dir on test tearDown()
This PR was merged into the 5.x branch.
Discussion
----------
[Lock] Reset lifetime on acquireRead()
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | n/a
Same as #38553 but this is for `acquireRead()` instead of `acquire()`.
`acquireRead()` is new in 5.2.
Commits
-------
de412bf24b Reset lifetime on acquireRead()
This PR was squashed before being merged into the 5.x branch.
Discussion
----------
[FrameworkBundle] Bugfixes in buildDir in the CacheClear command
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38547
| License | MIT
| Doc PR | n/a
Making sure one can clear cache with and without a buildDir
Commits
-------
2cad6bbbc7 [FrameworkBundle] Bugfixes in buildDir in the CacheClear command
This PR was merged into the 4.4 branch.
Discussion
----------
Remove content-type check on toArray methods
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | /
Sometime the server provides a generic content type `text/plain` and prevent people using the `toArray` method. (ie. AWS metadata endpoint).
This PR removes the check on the content-type.
People trying to json_decode something else will ends with a `JsonException` anyway.
Commits
-------
1c8fff18f9 Remove content-type check on toArray methods
This PR was squashed before being merged into the 5.x branch.
Discussion
----------
[Security] Added check_post_only to the login link authenticator
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This is useful when adding a page that requires a user action in order to validate the check link. That is required when using a single-use login link, to workaround browser and email client previews (which trigger a request).
See also the short docs discussion about this: https://github.com/symfony/symfony-docs/pull/14389#discussion_r502906341
For reference, I choose this option name as it relates to the `post_only` option in the `FormLoginAuthenticator`, which is about exactly the same thing. I didn't think `post_only` was a 100% clear name, but I'm happy to change this option to that for complete consistency.
cc @weaverryan
Commits
-------
5093e0df06 [Security] Added check_post_only to the login link authenticator
