This PR was merged into the 2.8 branch.
Discussion
----------
[TwigBridge] is_granted no longer raise an exception if the token storage is empty
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10159
| License | MIT
| Doc PR |
Commits
-------
6be68fd [TwigBridge] is_granted no longer raise an exception if the token storage is empty
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] [Ldap] Added support for LDAP (New Component + integration in the Security Component).
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | not yet
| Fixed tickets | -
| License | MIT
| Doc PR | not yet
Current state:
- [x] Implement logic
- [x] Post-review tuning and stabilization
- [x] Fix tests
This PR is a follow-up to #5189, which was in a stand-still for a few years now. It tries to fix the remaining issues which were mentioned in the discussion.
There are still a few issues with the PR, as it is. For example, it introduces two new firewall factories, whereas the base factories (`form_login` and `http_basic`) could simply introduce new configuration options.
Also, for a user to use an LDAP server as an authentication provider, he first needs to define a service which should be an instance of `Symfony\Component\Security\Ldap\Ldap`.
For example:
```yml
services:
my_ldap:
class: Symfony\Component\Security\Ldap\Ldap
arguments: [ "ldap.mydomain.tld" ]
```
Then, in `security.yml`, this service can be used in both the user provider and the firewalls:
```yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
ldap_users:
ldap:
service: my_ldap
base_dn: dc=MyDomain,dc=tld
search_dn: CN=My User,OU=Users,DC=MyDomain,DC=tld
search_password: p455w0rd
filter: (sAMAccountName={username})
default_roles: ROLE_USER
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
demo_login:
pattern: ^/login$
security: false
api:
provider: ldap_users
stateless: true
pattern: ^/api
http_basic_ldap:
service: my_ldap
dn_string: "{username}@MYDOMAIN"
demo_secured_area:
provider: ldap_users
pattern: ^/
logout:
path: logout
target: login
form_login_ldap:
service: my_ldap
dn_string: CN={username},OU=Users,DC=MyDomain,DC=tld
check_path: login_check
login_path: login
```
Commits
-------
60b9f2e Implemented LDAP authentication and LDAP user provider
1c964b9 Introducing the LDAP component
This PR was merged into the 2.8 branch.
Discussion
----------
Removed the "Delete profiles" action from the web profiler sidebar
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #15819
| License | MIT
| Doc PR | -
Commits
-------
8c47eb9 Removed the "Delete profiles" action from the web profiler sidebar
* 2.8:
[Finder] simplified code
Fix tests in 2.8
[Validator] Sync polish translation file
Adding a class to make it easier to set custom authentication error messages
Readd the correct tests
This PR was squashed before being merged into the 2.3 branch (closes#15799).
Discussion
----------
[HttpFoundation] NativeSessionStorage `regenerate` method wrongly sets storage as started
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR fixes an error when regenerating session IDs for non-active sessions.
Right now, the session is flagged as _started_, no matter if the session ID was successfully regenerated or not, making the storage [unable to _start the session_](6393ec3169/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php (L130-L132)) later on.
This also fixes a future error with PHP 7, which throws an error if a regeneration is attempted for non-active sessions.
```
session_regenerate_id(): Cannot regenerate session id - session is not active
```
Commits
-------
8e6ef9c [HttpFoundation] NativeSessionStorage method wrongly sets storage as started
This PR was merged into the 2.7 branch.
Discussion
----------
[property-access] Improvement for Accessing Reference Chain
Improve performance for the following scenarios:
- Example 1:
```php
$a = array(
'a' => array(
'b' => array(
'c' => 'old-value'
)
)
);
$pa->setValue($a, '[a][b][c]', 'new-value');
// The PropertyAccessor will try to set values for
// $a['a']['b']['c'], $a['a']['b'] and $a['a'],
// but in fact it may terminate the loop
// right after the value of $a[a][b][c] is set,
// because $a, $[a], $[a][b] and $[a][b][c]
// are all passed as reference - the reference chain is not broken.
```
- Example 2
```php
$b = array(
'a' => array(
'b' => array(
'c' => 'old-value'
)
)
)
$a = new Foo($b);
// In this example, the reference chain of $b is broken,
// because it's passed to $a.value as value
// But its elements are all passed as reference,
// so after setting the value for $b[a][b][c], there is no need
// to set value for $b[a][b] and $b[a]
$pa->setValue($a, 'value[a][b][c]', 'new-value');
```
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
e24a798 [property-access] Improvement for Accessing Reference Chain
This PR was merged into the 2.7 branch.
Discussion
----------
Remove failing test to fix#15935
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15935
| License | MIT
| Doc PR |
Test has been removed on 2.8 already in https://github.com/symfony/symfony/pull/15738/files#diff-990df0e8238847f8ae54e8227f295c22L107
Commits
-------
5392a0c Remove failing test
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#15956).
Discussion
----------
Updated default German IBAN validation message
This PR was submitted on the symfony/validator read-only repository by @synaris and moved automatically to the main Symfony repository (closessymfony/validator#15).
IBAN is an acronym. The term 'IBAN-Kontonummer' is redundant, since the 'AN' part (Account Number) already translates to 'Kontonummer'. It's like saying 'International Bank Account Number Account Number'.
Commits
-------
5423ba0 Updated default German IBAN validation message
IBAN is an acronym. The term 'IBAN-Kontonummer' is redundant, since the 'AN' part (Account Number) already translates to 'Kontonummer'. It's like saying 'International Bank Account Number Account Number'.
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#15955).
Discussion
----------
Fixed incorrect and inconsistent translations
This PR was submitted on the symfony/security read-only repository by @lashae and moved automatically to the main Symfony repository (closessymfony/security#8).
"Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired.
References:
token: http://tureng.com/search/token (3rd entry)
credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry)
disable: http://tureng.com/search/disable (15th entry)
Commits
-------
f99f40e Fixed incorrect and inconsistent translations
"Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired.
References:
token: http://tureng.com/search/token (3rd entry)
credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry)
disable: http://tureng.com/search/disable (15th entry)
This PR was merged into the 2.8 branch.
Discussion
----------
[Validator] Sync polish translation file
| Q | A
| ------------- | ---
| Bug fix? | no
| BC breaks? | no
| License | MIT
Commits
-------
7a88c37 [Validator] Sync polish translation file
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#15951).
Discussion
----------
Make Proper English
This PR was submitted on the symfony/browser-kit read-only repository by @redstar504 and moved automatically to the main Symfony repository (closessymfony/browser-kit#4).
Commits
-------
95417f6 Make Proper English
This PR was merged into the 2.8 branch.
Discussion
----------
Easier Custom Authentication errors
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
This makes failing authentication with a custom message much easier:
```php
throw CustomAuthenticationException::createWithSafeMessage(
'That was a ridiculous username'
);
// or
$e = new CustomAuthenticationException();
$e->setSafeMessage('That was a ridiculous username');
throw $e;
```
Currently, to do this, you'd need to create a new sub-class of `AuthenticationException`, which is way more work than it needs to be. The original design was so that all messages exposed are safe, which is why I've named the methods like I have.
Thanks!
Commits
-------
d7c1463 Adding a class to make it easier to set custom authentication error messages
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Improve AbstractVoter tests
Applying the improved tests from https://github.com/symfony/symfony/pull/15932 into the oldest possible branch.
Merge conflicts from 2.7 into 2.8 caused by this PR do not need to be done carefully, I'll create a new PR for 2.8 updating the tests as soon as these changes are merged up.
| Q | A
| ------------- | ---
| Fixed tickets | -
| License | MIT
Commits
-------
5ff741d Readd the correct tests
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] don't rely on internal sort implementation om test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14894
| License | MIT
| Doc PR |
PHP does not guarantuee how array elements with the same value will be
sorted when applying `asort()`. Since all namespaces used in the test
produce the same Levenshtein value, we should only check for presence of
these namespaces instead of comparing the exact order.
Commits
-------
3011fa0 don't rely on internal sort implementation in test
PHP does not guarantuee how array elements with the same value will be
sorted when applying `asort()`. Since all namespaces used in the test
produce the same Levenshtein value, we should only check for presence of
these namespaces instead of comparing the exact order.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] Fix input validation when required arguments are missing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15505
| License | MIT
| Doc PR | -
The rule that was here in place previously only works when arguments are passed from command line, as in command line there is no way of skipping an argument. The rule does not work for arguments set on the Input after a command is run.
Commits
-------
4982b02 [Console] Add the command name to input arguments if it's missing
f12a4c1 [Console] Fix input validation when required arguments are missing
This PR was merged into the 2.8 branch.
Discussion
----------
[DomCrawler] Deprecate methods inherited from SplObjectStorage
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | half of #15849
| License | MIT
| Doc PR | n/a
There is no documentation change to be done for it: we don't document the fact that DomCrawler extends SplObjectStorage (this is an implementation detail which leaked because of using inheritance rather than composition).
Commits
-------
997c650 Deprecate methods inherited from SplObjectStorage
* 2.8: (28 commits)
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
[WebProfilerBundle] Fix search button click listener
[Form][Type Date/Time] added choice_translation_domain option.
Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
Making all "debug" messages use the debug router
Making GuardTokenInterface extend TokenInterface
Updating behavior to not continue after an authenticator has set the response
Add a group for tests of the finder against the FTP server
Fix trigger_error calls
Fix legacy security tests
tweaking message related to configuration edge case that we want to be helpful with
Minor tweaks - lowering the required security-http requirement and nulling out a test field
Fix license headers
Fix license headers
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Allow serializer 3.0 in the PropertyInfo component
Add the replace rules for the security-guard component
Forbid serializing a Crawler
...
* 2.7:
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
Mintty is now the default terminal in GitBash, and it supports ANSI
colors without the need of ANSICON (it even supports 256 colors rather
than the 16 colors supported by ANSICON).
* 2.3:
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#15915).
Discussion
----------
Detect Mintty for color support on Windows
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/5726
Mintty is now the default terminal in GitBash, and it supports ANSI colors without the need of ANSICON (it even supports 256 colors rather than the 16 colors supported by ANSICON).
I submitted it to 2.8 as it can be considered as a new feature. But it should not be hard to merge it in other branches if we decide to consider it as a bugfix (it just needs to be split because VarDumper does not exist in 2.3)
Commits
-------
12743d1 Detect Mintty for color support on Windows