This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Extract password hashing from security-core - with proper wording
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#39698
| License | MIT
| Doc PR | todo
This PR renames password "encoders" to password _hashers_ (naming widely used, see e.g. django or laravel).
This also takes the opportunity to extract the logic related to password hashing from security-core, moving it to a new password-hasher component.
Nowadays, many modern web apps and APIs don't deal with passwords at all, that's why splitting makes sense as a step towards making security-core not tied to the password concept.
For upgrading, applications will have to use `passwords_hashers` instead of `encoders` in their security configuration, and type-hint against `PasswordHasherInterface` (and related) instead of `PasswordEncoderInterface`.
The proposed API is not much different from the encoder one regarding behavior and signatures, and it is slightly more close to the PHP built-in password hashing API:
```php
namespace Symfony\Component\PasswordHasher;
interface PasswordHasherInterface
{
public function hash(string $plainPassword): string;
public function verify(string $hashedPassword, string $plainPassword): bool;
public function needsRehash(string $hashedPassword): bool;
}
```
Commits
-------
c5c981c559 [Security] Extract password hashing from security-core - using the right naming
* 5.2:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
* 4.4:
add missing return type declaration
Modernize func_get_args() calls to variadic parameters
Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 4.4 branch.
Discussion
----------
[Finder] add missing return type declaration
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
should make builds green again
Commits
-------
cfce9cbd59 add missing return type declaration
This PR was merged into the 4.4 branch.
Discussion
----------
[Finder] Use a lazyIterator to close files descriptors when no longer used
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | fix#35508
| License | MIT
| Doc PR | -
The `RecursiveDirectoryIterator` class open the file on `__construct`.
Because we Inject an instance of `RecursiveDirectoryIterator` inside the \AppendIterator` class, php opens a lot of file even before iterating on it.
This PR adds a new `LazyIterator` class that instantiate the decorated class only when something starts iterating on it.
When the iteration is over, it unset the variable to close let the decorated class clean things (ie. close the files)
Commits
-------
7117e1a798 Use a lazyintertor to close files descriptors when no longer used
This PR was merged into the 4.4 branch.
Discussion
----------
Modernize func_get_args() calls to variadic parameters
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
While reviewing #40143, I stumbled across the `Filesystem::box()` method and I felt like we could make the code look a little less PHP5-ish.
Commits
-------
5b536131f7 Modernize func_get_args() calls to variadic parameters
This PR was merged into the 5.3-dev branch.
Discussion
----------
[HttpFoundation] Fix consistency in sessions not found exceptions
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40112
| License | MIT
| Doc PR | -
Make `Request::getSession` thrown a `SessionNotFoundException` and make `SessionNotFoundException` extends `\BadMethodCallException` for backward compatibility and
Commits
-------
7fcb76d367 Fix consistency in sessions not found exceptions
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Filesystem] Remove dirs atomically if possible
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#27578
| License | MIT
| Doc PR | no need to
Commits
-------
17bccca9c6 [Filesystem] remove dirs atomically if possible
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Uid] Add UidFactory to create Ulid and Uuid from timestamps and randomness/nodes
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Ref https://github.com/symfony/symfony/pull/36097
When you migrate an existing resource identifier to an uid, you might want to choose the timestamp so that it is coherent with the creation date of the existing resource. (eg: I have a row in a table with id=1, created_at=2018-12-11 19:00:00, I would like to use that timestamp to create the resource Ulid).
I guess it can also be useful to choose the randomness of the Ulid or the node of the Uuid.
From what I understood, v3 and v5 don't need those features, this is why there are not in the factory.
See https://github.com/symfony/symfony/pull/39507#pullrequestreview-584904889 for more details.
Commits
-------
88a99ddbdf [Uid] Add UuidFactory to create Ulid and Uuid from timestamps, namespaces and nodes
This PR was merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle][Messenger] Added RouterContextMiddleware
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TODO
When handling a message in async, we, sometimes need the Router Context to generate absolute URL. ie:
- sending an email when the message contains only the template
- generating a PDF
People can use the configuration `router.default_uri` to workaround and fix the issue, but this does not work when the web application servers several domains.
This PR provide a new middleware that store the current router context in a stamp, and restore the context when processing the message.
Commits
-------
8fe8b96921 [Messenger] Added RouterContextMiddleware
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[RateLimiter] Fix sliding_window misbehaving with stale records
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Currently the SlidingWindow RateLimiter returns a negative value for getHitCount if the previous SlidingWindow was too long ago. This results in a really high value from `SlidingWindowLimiter::getAvailableTokens()` which is higher than the configured limit.
This limits the value of percentOfCurrentTimeframe in `SlidingWindow::getHitCount()` to 1 so it can't result in a negative hitcount.
The 2nd fix fixes the SlidingWindow instance (essentially) not storing hits if the previous instance is way in the past, as the next instance will still be "in the past". This causes RateLimit to behave as if it were disabled until it has caught up again, which could take a long time when it is configured with a small window size.
Commits
-------
57033164c6 [RateLimiter] Fix sliding_window misbehaving with stale records
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [Firebase] Add data field to options
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/40078
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
The Firebase Notifier must comply to the specifications at https://firebase.google.com/docs/cloud-messaging/xmpp-server-ref.html#notification-payload-support .
The options are missing the `data` field which is a common field for all types of notifications: web, ios and android.
Commits
-------
fa8064bbd3 [Notifier] [Firebase] Add data field to options
This PR was merged into the 4.4 branch.
Discussion
----------
Re-enable triggering deprecations about return types
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Now that the three PRs linked in #40066 are merged, we can re-enable this check.
Commits
-------
01ac9b1990 Re-enable triggering deprecations about return types
* 5.2:
[HttpKernel] fix transient test
[FrameworkBundle] Fix freshness checks with boolean parameters on routes
forward the label_html option to expanded choice fields
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
Add some information about the username in CONTRIBUTORS
* 4.4:
[HttpKernel] fix transient test
[FrameworkBundle] Fix freshness checks with boolean parameters on routes
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
Add some information about the username in CONTRIBUTORS
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] fix transient test
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
db66fb5838 [HttpKernel] fix transient test
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Because `annotations.cache` is registered in a quite special way (see #25696), `ResolveHotPathPass` cannot propagate the `container.hot_path` tag to it.
Let's add the tag explicitly since this service is always on the hot path anyway.
Spotted with Blackfire.io as usual.
Commits
-------
e196c1ecb3 [FrameworkBundle] fix registering "annotations.cache" on the "container.hot_path"
This PR was merged into the 5.3-dev branch.
Discussion
----------
Add some information about the username in CONTRIBUTORS
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Refs #18644, refs #40111 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | n/a
Clarify the username in CONTRIBUTORS.
Commits
-------
fb98018754 Add some information about the username in CONTRIBUTORS