This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (except for people using FrameworkBundle without requiring symfony/symfony which should be pretty rare; and fixing this is easy by adding symfony/security-core and symfony/security-csrf explicitly)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15748 partially
| License | MIT
| Doc PR | n/a
Another PR to reduce the number of required dependencies on FrameworkBundle. This PR removes the Security Core and CSRF components from the list.
Commits
-------
d703784 [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] removed the Templating component dependency on FrameworkBundle
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (except for people using FrameworkBundle without requiring symfony/symfony which should be pretty rare; and fixing this is easy by adding symfony/templating explicitly)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15748 partially
| License | MIT
| Doc PR | n/a
Another PR to reduce the number of required dependencies on FrameworkBundle. This PR removes the Templating component from the list.
I made most of the work in previous version, so this change is really just about adding a good error message when templating is not enabled. For the record, this is also in the path of making possible to use Symfony with Twig without using the Templating component indirection (I think that this is in fact the last step).
Commits
-------
b3de62f [FrameworkBundle] removed the Templating component dependency on FrameworkBundle
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] Introduce a cache warmer for Validator based on PhpArrayAdapter
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | -
| Fixed tickets | -
| License | MIT
| Doc PR | -
Following the cache warmer for annotations PR (https://github.com/symfony/symfony/pull/18533), this PR introduces a cache warmer for YAML and XML Validator configuration.
Based on the PhpArrayAdapter, it uses the naming conventions (`Resources/config/validation`) to find the files and compile them into a single PHP file stored in the cache directory. This file uses shared memory on PHP 7.
The benefit of this PR are the same than the ones of the annotations PR:
- validation configuration can be warmed up offline
- on PHP 7, there is no need for user extension to get maximum performances (ie. if you use this PR and the other one, you probably won't need to enable APCu to have great performances)
- on PHP 7 again, we are not sensitive to APCu memory fragmentation
- last but not least, global performance is slightly better (I get 30us per class gain in Blackfire)
This PR also deprecates the framework.validator.cache key in favor of the cache pool introduced in https://github.com/symfony/symfony/pull/18544.
Commits
-------
6bdaf0b [FrameworkBundle] Introduce a cache warmer for Validator based on PhpArrayAdapter
This PR was merged into the 3.2-dev branch.
Discussion
----------
[Security] Expose the required roles in AccessDeniedException
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Nowadays it is more and more common to protect some sensitive actions and part of a website using 2FA or some re-authentication mechanism (per example, on Github you have to enter your password again when you add an ssh key). But currently, in Symfony, it is really hard to implement without having to duplicate the logic, provide an explicit list of URLs to protect or hack into the security component.
A good way to achieve that would be to add a special role (like IS_AUTHENTICATED_FULLY) and use it in the access map. But it requires us to be able to have a custom logic in an ExceptionListener depending on the roles behind an AccessDeniedException.
With this patch we could write an ExceptionListener of this kind (a similar logic could also be used in an AccessDeniedHandler):
```php
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
do {
if ($exception instanceof AccessDeniedException) {
foreach ($exception->getAttributes() as $role) {
if ($role === 'IS_AUTHENTICATED_2FA' && !$this->accessDecisionManager->decide($this->tokenStorage->getToken(), $role, $exception->getObject())) {
// Start 2FA
}
}
}
} while (null !== $exception = $exception->getPrevious());
}
```
Replaces #18661
Commits
-------
6618c18 [Security] Expose the required roles in AccessDeniedException
* 3.1:
Fixed BC Layer in DoctrineChoiceLoader
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
Fixed some issues of the AccessDecisionManager profiler
[DoctrineBridge] fixed default parameter value in UniqueEntityValidator
* 3.0:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.8:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
Add tests
Fix tests & YamlLintCommand help formatting
fabbot fixes
Use Generator to iterate over the filesystem
Move STDIN related code in a method
Use RecursiveIteratorIterator::LEAVES_ONLY rather than SELF_FIRST
Stop using the Finder component when available (Make findFiles() private)
Re-add FrameworkBundle YamlLintCommandTest
Use CommandTester::getStatusCode() rather than assign execute()
Re-add feature for bundle directories, Test it
* 3.0: (22 commits)
Fix backport
[travis] Upgrade phpunit wrapper & hirak/prestissimo
[Bridge\PhpUnit] Workaround old phpunit bug, no colors in weak mode, add tests
[PropertyAccess] Fix isPropertyWritable not using the reflection cache
[PropertyAccess] Backport fixes from 2.7
[FrameworkBundle][2.8] Add tests for the Controller class
[DependencyInjection] Update changelog
Added WebProfiler toolbar ajax panel table layout css.
[Validator] use correct term for a property in docblock (not "option")
[Routing] small refactoring for scheme requirement
[PropertyAccess] Remove most ref mismatches to improve perf
[PropertyInfo] Support Doctrine custom mapping type in DoctrineExtractor
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
[Process] fix docblock syntax
use the clock mock for progress indicator tests
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
...
Conflicts:
src/Symfony/Bridge/PhpUnit/SymfonyTestsListener.php
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/PropertyAccess/PropertyAccessorInterface.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
* 2.8: (22 commits)
Fix backport
[travis] Upgrade phpunit wrapper & hirak/prestissimo
[Bridge\PhpUnit] Workaround old phpunit bug, no colors in weak mode, add tests
[PropertyAccess] Fix isPropertyWritable not using the reflection cache
[PropertyAccess] Backport fixes from 2.7
[FrameworkBundle][2.8] Add tests for the Controller class
[DependencyInjection] Update changelog
Added WebProfiler toolbar ajax panel table layout css.
[Validator] use correct term for a property in docblock (not "option")
[Routing] small refactoring for scheme requirement
[PropertyAccess] Remove most ref mismatches to improve perf
[PropertyInfo] Support Doctrine custom mapping type in DoctrineExtractor
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
[Process] fix docblock syntax
use the clock mock for progress indicator tests
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
...
Conflicts:
.travis.yml
composer.json
src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
* 2.7: (28 commits)
[Process] Use stream based storage to avoid memory issues
Fix upgrade guides concerning erroneous removal of assets helper
[Process] Remove a misleading comment
Fix markdown typo
ChooseBaseUrl should return an index
[Form] ChoiceType: Fix a notice when 'choices' normalizer is replaced
Improve the phpdoc of SplFileInfo methods
[Process] Use stream based storage to avoid memory issues
[FrameworkBundle] Don't log twice with the error handler
Remove useless is_object condition
[Process] Fix typo, no arguments needed anymore
[Serializer] Introduce constants for context keys
Fixed the documentation of VoterInterface::supportsAttribute
Fixed Bootstrap form theme form "reset" buttons
Remove useless duplicated tests
[FrameworkBundle] Optimize framework extension tests
synchronize 2.7 and 3.0 upgrade files
fix merge 2.3 into 2.7 for SecureRandom dependency
Use is_subclass_of instead of reflection
Use is_subclass_of instead of Reflection when possible
...
* 3.0:
prefer phpunit 5.x on hhvm
Reflected the change of the choice_value option in the Upgrade information
[FrameworkBundle][HttpKernel] the finder is required to discover bundle commands
[travis] Auto-conf deps=high matrix line
[FrameworkBundle] fixes outdated phpdoc on Controller::createForm() method.
fix error level for deprecation
Fix the logout path when not using the router
Fix the logout path when not using the router
[Form] cast IDs to match deprecated behaviour of EntityChoiceList
[FrameworkBundle] minor: fix property_info service name in composer.json
[HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile
[HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers
CSS min-height and min-width should not be "auto"
* 2.8:
prefer phpunit 5.x on hhvm
Reflected the change of the choice_value option in the Upgrade information
[FrameworkBundle][HttpKernel] the finder is required to discover bundle commands
[travis] Auto-conf deps=high matrix line
fix error level for deprecation
Fix the logout path when not using the router
Fix the logout path when not using the router
[Form] cast IDs to match deprecated behaviour of EntityChoiceList
[FrameworkBundle] minor: fix property_info service name in composer.json
[HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile
[HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers
CSS min-height and min-width should not be "auto"
Conflicts:
.travis.yml
UPGRADE-2.8.md
appveyor.yml
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpFoundation/ParameterBag.php
* 2.7:
prefer phpunit 5.x on hhvm
[FrameworkBundle][HttpKernel] the finder is required to discover bundle commands
[travis] Auto-conf deps=high matrix line
Fix the logout path when not using the router
Fix the logout path when not using the router
[Form] cast IDs to match deprecated behaviour of EntityChoiceList
[HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile
[HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
prefer phpunit 5.x on hhvm
[FrameworkBundle][HttpKernel] the finder is required to discover bundle commands
[travis] Auto-conf deps=high matrix line
Fix the logout path when not using the router
[HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile
[HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php