This PR was merged into the 5.1 branch.
Discussion
----------
[DI] Fix call to sprintf in ServicesConfigurator::stack()
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This PR fixes a faulty call to `sprintf()` and prevents the following error:
```
Warning: sprintf(): Too few arguments in /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php on line 154
Fatal error: Uncaught Error: Wrong parameters for Symfony\Component\DependencyInjection\Exception\InvalidArgumentException([string $message [, long $code [, Throwable $previous = NULL]]]) in /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php:154 Stack trace: #0 /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php(154): Exception->__construct('', 1, 'api_platform.js...') #1 /Users/dunglas/workspace/activity-pub/src/Bundle/Resources/config/services.php(12): Symfony\Component\DependencyInjection\Loader\Configurator\ServicesConfigurator->stack('api_platform.js...', Array) #2 /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/PhpFileLoader.php(50): Symfony\Component\DependencyInjection\Loader\ProtectedPhpFileLoader::Symfony\Component\DependencyInjection\Loader\Configurator\{closure}(Object(Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurat in /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php on line 154
```
Commits
-------
11da9d3c29 [DI] Fix call to sprintf in ServicesConfigurator::stack()
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
Add Notifier SentMessage
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/13624
Like Mailer, Notifier returns now a SentMessage that contains the messageId (returned by the provider in the response). It contains also the body of the response as array to have more info about price, number of sms sent, status and so on.
- [x] apply to bridges
Commits
-------
5a6f0537ec Add Notifier SentMessage
This PR was merged into the 5.2-dev branch.
Discussion
----------
[FrameworkBundle] allow configuring trusted proxies using semantic configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | -
| Tickets | -
| License | MIT
| Doc PR | -
On top of the improved DX this should provide, this PR (and #37351) will allow [removing the corresponding lines](https://github.com/symfony/recipes/pull/790) from `index.php` & recipes.
Using values:
```yaml
framework:
trusted_proxies: '127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
#or
trusted_proxies: '%env(TRUSTED_PROXIES)%'
```
`trusted_headers` is similar but is an array of headers to trust.
```yaml
framework:
# that's the defaults already
trusted_headers: ['x-forwarded-all', '!x-forwarded-host', '!x-forwarded-prefix']
```
Commits
-------
af9dd52752 [FrameworkBundle] allow configuring trusted proxies using semantic configuration
This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Resolve event bubbling of logout + new events in a compiler pass
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37292
| License | MIT
| Doc PR | -
This PR proposes to create a compiler pass that registers listeners on the main `event_dispatcher` on the firewall-specific event dispatcher during compile time. This allows to still specify listener priorities while listening on a bubbled-up event (instead of a fix moment where the event bubbling occurs). It probably also improves performance, as it doesn't use duplicated event dispatching logic to provide event bubbling.
Nothing changes on the user side. I proposed this as a bugfix, as it fixes the bug mentioned in #37292 (not being able to use listener priorities). I did remove a class, which was introduced in 5.1 and is very internal. I think it's safe, but we can also keep it and remove in master.
Commits
-------
f962c26061 Resolve event bubbling logic in a compiler pass
This PR was merged into the 5.2-dev branch.
Discussion
----------
[FrameworkBundle] changed configuration file for workflow from XML to PHP
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | refs #37186
| License | MIT
| Doc PR |
Commits
-------
2f1b72d7d0 [FrameworkBundle] changed configuration file for workflow from XML to PHP
This PR was submitted for the 5.0 branch but it was squashed and merged into the 4.4 branch instead.
Discussion
----------
Check whether path is file in DataPart::fromPath()
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
Method `getBody()` uses stream_get_contents() to retrieve the body, however it fails to do so when the stream is a directory.
Commits
-------
9e3670e140 Check whether path is file in DataPart::fromPath()
This PR was merged into the 5.2-dev branch.
Discussion
----------
[DI] deprecate Definition/Alias::setPrivate()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
Right now, there is a very subtle difference between `setPublic()` and `setPrivate()` that dates back to the FC/BC layer we created to turn services private by default.
We kept this difference to help third party bundles provide support for a wide range of versions of Symfony, but since 5.2 will be released at the same time as 3.4 will enter EOM, we should remove this behavior and deprecate `setPrivate()` to signal the change.
This is what this PR does.
Commits
-------
1bea690f4d [DI] deprecate Definition/Alias::setPrivate()
This PR was merged into the 5.2-dev branch.
Discussion
----------
[FrameworkBundle] allow enabling the HTTP cache using semantic configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, using the HTTP cache requires tweaking the `public/index.php` file [as explained in the doc](https://symfony.com/doc/current/http_cache.html).
This PR removes this requirement by allowing one to do this instead:
```yaml
framework:
http_cache: true
```
Commits
-------
56b993ac2e [FrameworkBundle] allow enabling the HTTP cache using semantic configuration
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Messenger] added support for Amazon SQS QueueUrl as DSN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#37305
| License | MIT
| Doc PR | N/A
This will allow to use an Amazon SQS QueueUrl as transport DSN
Commits
-------
13554b0fae [Messenger] added support for Amazon SQS QueueUrl as DSN
This PR was merged into the 3.4 branch.
Discussion
----------
Avoid accessibility errors on symfony web debug toolbar
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#...
When for example using the [axe](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd) to test the website for accessibility. Axe will fail because a div element without a role or a parent [landmark](https://www.w3.org/TR/wai-aria-practices/examples/landmarks/HTML5.html) is rendered. To avoid this errors I think we should define it as a specific region.
Commits
-------
223b405168 Avoid accessibility errors on debug toolbar
This PR was merged into the 3.4 branch.
Discussion
----------
Relax tests to unlock change on master
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Required to make #37373 green.
Doesn't change any outcome.
Commits
-------
afe596e16a Relax tests to unlock change on master
This PR was merged into the 5.2-dev branch.
Discussion
----------
[FrameworkBundle] changed configuration file for messenger from xml to php
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/37186
| License | MIT
Use `messenger.php` instead of `messenger.xml` and `messenger_debug.php` instead of `messenger_debug.php`
Commits
-------
571a49873e [FrameworkBundle] changed configuration file for messenger from xml to php
This PR was merged into the 5.2-dev branch.
Discussion
----------
[FrameworkBundle] convert config/serializer.xml to php
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Part of #37186
| License | MIT
Hello!
This PR contains a new configuration file `serializer.php` instead of `serializer.xml`.
Commits
-------
62e9788599 make priority integers & fix test checking definition to be private
25df2de0a6 [FrameworkBundle] convert config/serializer.xml to php
* This removes duplicate event dispatching logic on event bubbling, which
probably improves performance.
* It allows to still specify listener priorities while listening on a
bubbled-up event (instead of a fix moment where the event bubbling occurs)
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Let security factories add firewall listeners
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | n/a
Hello there, I'm the author of `scheb/two-factor-bundle`, which extends Symfony's security layer with two-factor authentication. I've been closely following the recent changes by @wouterj to rework the security layer with "authenticators" (great work!). While I managed to make my bundle work with authenticators, I see some limitations in the security layer that I'd like to address to make such extensions easier to implement.
With the new authenticator-based security system, it is no longer possible to add a authentication listener to the firewall. The only way to do it is a dirty compiler pass, which extends the argument on the `security.firewall.map.context.[firewallName]` service (like I do in: ed2ce9804b/src/bundle/DependencyInjection/Compiler/AccessListenerCompilerPass.php). This is quite ugly and hacky, so I believe there should be an easier and clean way to add firewall-level listeners. This PR adds an interface, which may be implemented by security factories and lets them add additional listeners to the firewall.
Why would you want to do that? There are certain use-cases that require extra logic to handle a request within the firewall. For example in my bundle, I need to handle the intermediate state between login and the completion of two-factor authentication. So ideally, I'm able to execute some code from the firewall right before `Symfony\Component\Security\Http\Firewall\AccessListener`. In the old security system, I could handle this in my authentication listener, which I had to implement anyways. With the new authenticator-based system this option is gone. In the ideal world, I could add a firewall listener and tell it to execute between `LogoutListener` and `AccessListener`.
This is a draft, so I'd like to hear your opinion on this :)
There's another issue, regarding the order of execution, which I'm addressing with #37337.
Commits
-------
0a4fcea8db Add interface to let security factories add their own firewall listeners
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Add attributes on Passport
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | not yet
see https://github.com/symfonycorp/connect/pull/95
/cc @wouterj
Commits
-------
440ada3c5f [Security] Add attributes on Passport
This PR was merged into the 5.1 branch.
Discussion
----------
[SecurityBundle] Fix UserCheckerListener registration with custom user checker
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37365
| License | MIT
| Doc PR | -
The user checker listener was wrongly registered on the global event dispatcher, as it can be customized per firewall. This PR fixes that + correctly uses the configured user checker instead of always trying to use `UserCheckerInterface`.
Commits
-------
d63f59036c Fix UserCheckerListener registration with custom user checkers
* 5.1:
[SecurityBundle] Drop cache.security_expression_language definition if invalid
[DI] disable preload.php on the CLI
collect all transformation failures
* 5.0:
[SecurityBundle] Drop cache.security_expression_language definition if invalid
[DI] disable preload.php on the CLI
collect all transformation failures