This PR was merged into the 5.3-dev branch.
Discussion
----------
Improve deprecation message for session
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The `session` service is not public since we deprecate it, which lead to headache when people migrate to 5.3:
When people expect the service to be public (like in tests), the service does not exist anymore (removed or inlined), it's now an alias to `.session.do-not-use` and deprecation telling how to migrate has not been triggered because the service has been removed / inlined.
This PR makes the `session` service/alias public, and also improves the deprecation message a little bit.
/cc @javiereguiluz , @wouterj
Commits
-------
b568768cec Improvide deprecation message for session
This PR was merged into the 5.3-dev branch.
Discussion
----------
Remove the experimental flag from the authenticator system 🚀
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | todo
Here we go.
Commits
-------
a2f5693c5e Remove experimental flag from the authenticator system 🚀
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Form] Add support for sorting fields
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#5827
| License | MIT
| Doc PR | TODO
This PR adds a new `priority` option used later to sort all fields in order of importance instead of simply numerical order, i.e. fields with higher priority will be rendered first, fields with lower priority will be rendered last. The default priority would be "0" for all fields. Fields with equal priority will keep the original order (stable sorting).
History of previous proposals and discussions: #3452, #4254, #5827, #6111, #11241
This kind of feature has been abandoned in the past because complex proposals, and somehow rejected because ideally we should do the sorting at the view level ([customizing form](https://symfony.com/doc/current/form/form_customization.html) themes or layout templates) and it's true for most cases (the simple ones I think) but the fact is that it's often quite complex to accomplish that way, mainly for [dynamic forms](https://symfony.com/doc/current/form/dynamic_form_modification.html).
Let's focus the following analysis on explaining *why* and *when* the `priority` option could save us a lot of time, getting rid of cumbersome workarounds with templates to change the rendering order *only*.
---
A common example could be the building of a multi-steps form with a convenient type hierarchy and including fields dynamically based on the data. Let's take this sample:
![image](https://user-images.githubusercontent.com/2028198/113465635-a5a81180-9403-11eb-839f-3a32d5f84f47.png)
```php
class WorkflowType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
// get current enabled transitions from the workflow definition...
foreach ($enabledTransitions as $transitionName) {
$builder->add($transitionName, SubmitType::class, ['attr' => ['value' => $transitionName]]);
}
}
}
class PersonRegistrationType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('firstName')
->add('lastName');
$builder->addEventListener(FormEvents::PRE_SET_DATA, function (FormEvent $event) {
$person = $event->getData();
if ($person->isLegalType()) {
$event->getForm()->add('company');
}
});
}
public function getParent()
{
return WorkflowType::class;
}
}
```
These classes model the required form. However, according to the form building process and taken into account that the underlaying person data was set with "legal" type (from the previous step), this will be the rendering result:
```html
<button type="submit" name="form[register]" value="register">Register</button> {# wrong place #}
<input name="form[first_name]">
<input name="form[last_name]">
<input name="form[company]"> {# wrong place #}
```
Now, taking the view customization path to fix the order, you likely will face some problems regarding to:
- How do I render the dynamic submit buttons at the bottom?
- How can the specific form fields be rendered in the correct order if they vary from step to step? (being it a generic template)
- if you solve the previous questions, you will also need to check if the company field is defined or not before rendering it in the right order.
There could be more and different problems depending on the context and you can find workarounds using the block prefixes system to customize each step block theme, but to me it's enough to think about other alternatives.
On the other side, using the `priority` option, the solution is quite easy. Setting the right priority value will guarantee the right rendering order:
```php
// ...
$builder->add($transitionName, SubmitType::class, ['priority' => -1, // ...]);
// ...
$event->getForm()->add('company', null, ['priority' => 1]);
```
That's ! There is no need to customize templates at all when you only need to change the fields order.
This way, these fields are being pre-defined in the order they will be rendered at view level. This sorting process will take place on `$form->createView()` method, just after `buildView()` and before `finishView()` calls.
Could we reconsider the usefulness of this feature? please.
Cheers!
Commits
-------
62650bbdc7 [Form] Add support for sorting fields
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Autowire arguments using attributes
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | TODO
This PR allows us to bind arguments via attributes. This mechanism is enabled for tagged iterators and service locators for now.
To receive an iterator with all services tagged with `my_tag`:
```php
use Symfony\Component\DependencyInjection\Attribute\TaggedIterator;
class MyService
{
public function __construct(
#[TaggedIterator('my_tag')]
private iterator $taggedServices,
) {
}
}
```
To receive a locator with all services tagged with `my_tag`:
```php
use Psr\Container\ContainerInterface;
use Symfony\Component\DependencyInjection\Attribute\TaggedLocator;
class MyService
{
public function __construct(
#[TaggedLocator('my_tag')]
private ContainerInterface $taggedServices,
) {
}
}
```
Commits
-------
91fbc90238 Autowire arguments using attributes
b86aa3d068 [DependencyInjection] Bind constructor arguments via attributes
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Messenger] Support Redis Cluster
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#38264
| License | MIT
| Doc PR | symfony/symfony-docs#14956
This PR brings support for Redis Cluster in the Messenger component:
- The first commit _Support RedisCluster instance_ allows to pass a `RedisCluster` object when instanciating the `Connection` class, which brings support for Redis Cluster without any friction.
- The second commit _Support multiple hosts DSN for Redis Cluster_ is more opiniated and brings a DSN format to configure a Redis Cluster from `config/packages/messenger.yaml`.
Instanciating `Connection` with a `RedisCluster` object:
```php
$redis = new \RedisCluster(null, ['host-01:6379', 'host-02:6379', 'host-03:6379', 'host-04:6379']);
$connection = new Connection([], [], [], $redis);
```
Configuring a Redis Cluster from YAML:
```yaml
// config/packages/messenger.yaml
framework:
messenger:
metadata:
default: 'redis://host-01:6379,redis://host-02:6379,redis://host-03:6379'
lazy: 'redis://host-01:6379?lazy=1,redis://host-02:6379,redis://host-03:6379'
# Configuration will be `lazy = true` and `auto_setup = true`
multipleConfig: 'redis://host-01:6379?lazy=1&auto_setup=false,redis://host-02:6379,redis://host-03:6379?auto_setup=true'
```
This format allows to define multiple hosts for a Redis Cluster and still contains valid URLs. Custom configuration is still supported, it can be specified on only one of the URLs in the DSN (see `lazy` above). If the user provides multiple configurations on different URLs, they are simply merged with the following code and if an option is defined multiple times then the latest takes precedence (see `multipleConfig` above).
I understand the way the DSN is handled could not suit you. Please, if you close this PR only for the DSN part, just tell me and I will make a new PR with only the first commit.
Commits
-------
04530fb2d7 [Messenger] Support Redis Cluster
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Config][DependencyInjection] Add configuration builder for writing PHP config
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/15181
I've spent most part of today to generate this PR. It is far from complete but it is ready for review.
This PR will build classes and store them in the build_dir. The classes will help you write PHP config. It will basically generate an array for you.
### Before
```php
// config/packages/security.php
<?php
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
return static function (ContainerConfigurator $container) {
$array = [
'firewalls' => [
'main' => [
'pattern' => '^/*',
'lazy' => true,
'anonymous' => [],
],
],
'access_control' => [
[
'path' => '^/user',
'roles' => [
0 => 'ROLE_USER',
],
],
[
'path' => '^/admin',
'roles' => 'ROLE_ADMIN',
],
],
'role_hierarchy' => [
'ROLE_ADMIN' => ['ROLE_USER'],
'ROLE_SUPER_ADMIN' => ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH',
],
],
];
$container->extension('security', $array);
}
```
### After
```php
// config/packages/security.php
<?php
use Symfony\Config\SecurityConfig;
return static function (SecurityConfig $security) {
$security
->roleHierarchy('ROLE_ADMIN', ['ROLE_USER'])
->roleHierarchy('ROLE_SUPER_ADMIN', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'])
->accessControl()
->path('^/user')
->role('ROLE_USER');
$security->accessControl(['path' => '^/admin', 'roles' => 'ROLE_ADMIN']);
$security->firewall('main')
->pattern('^/*')
->lazy(true)
->anonymous();
};
```
### About autogeneration
This PR is generating the extension's `ConfigBuilder`s when they are first used. Since the PR is already very large, I prefer to follow up with additional PRs to include a cache warmer and command to rebuild the `ConfigBuilder`s.
The generated `ConfigBuilder` uses a "ucfirst() camelCased" extension alias. If the alias is `acme_foo` the root `ConfigBuilder` will be `Symfony\Config\AcmeFooConfig`.
The recommended way of using this class is:
```php
// config/packages/acme_foo.php
use Symfony\Config\AcmeFooConfig;
return static function (AcmeFooConfig $foo) {
// ...
// No need to return
}
```
One may also init the class directly, But this will not help you with generation or autoloading
```php
// config/packages/acme_foo.php
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
return static function (ContainerConfigurator $container) {
$foo = new \Symfony\Config\AcmeFooConfig();
// ...
$container->extension('acme_foo', $foo->toArray());
}
```
**I do think we should only talk about the first way**
If a third party bundle like this idea and want to provide their own `ConfigBuilder`, they have two options:
1) Create the class `Symfony\Config\TheBundleConfig` themselves and make sure they configure composer to autoload that file and that the class implements `ConfigBuilderInterface`. We will never regenerate a file that already exists.
2) Create any class implementing `ConfigBuilderInterface` and ask their users to use that class in their config in the same way they would use `Symfony\Config\TheBundleConfig`.
The first way is obviously the smoothest way of doing things.
### BC
There is a great discussion about backwards compatibility for the generated files. We can assure that the class generator don't introduce a BC break with our tests. However, if the bundle changes their configuration definition it may break BC. Things like renaming, changing type or changing a single value to array is obvious BC breaks, however, these can be fixed in the config definition with normalisation.
The generator does not support normalisation. It is way way more complicated to reverse engineer that. I think a future update could fix this in one of two ways:
1) Add extra definition rules to help the class generator
2) Allow the bundle to patch part of the generated code
I hate BC breaks as much as the next person, but all the BC breaks in the generated classes will be caught when building the container (not at runtime), so I am fine with not having a 100% complete solution for this issue in the initial PR.
### Other limitations
If a bundle is using a custom extension alias, then we cannot guess it.. so a user have to use a cache warmer because we cannot generate the `ConfigBuilder` on the fly.
### TODO
- [x] Add tests
- [x] Update changelog
- [x] Write documentation
-------------
The generated code can be found in this example app: https://github.com/Nyholm/sf-issue-40600/tree/main/var/cache/dev/Symfony/Config
Commits
-------
460b46f730 [Config][DependencyInjection] Add configuration builder for writing PHP config
* 5.2:
[WebProfiler] Use ControllerReference instead of URL in twig render()
[Serializer][Validator] Update some phpDoc relative to "getters"
Update README.md
[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
[Cache] Apply NullAdapter as Null Object
* 4.4:
[Serializer][Validator] Update some phpDoc relative to "getters"
Update README.md
[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
[Cache] Apply NullAdapter as Null Object
This PR was merged into the 5.2 branch.
Discussion
----------
[WebProfilerBundle] Use ControllerReference instead of URL in twig render()
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40709
| License | MIT
| Doc PR |
Use `ControllerReference` instead of `UrlGenerator`'s URL. Helps to deal with different baseUrl
Feel free to help me with some advice. Thank you in advance
Commits
-------
f2ee8bc7ae [WebProfiler] Use ControllerReference instead of URL in twig render()
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Security] Stop using a shared changelog for our security packages
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I understand there are historical reasons for why our four security packages share a changelog. However, I dont believe it makes much sense moving forward.
I suggest that ~~6.0~~ will start using separate changelogs.
#### Update
Lets start in 5.4 for the reasons explained by Christophe
Commits
-------
0b1103ae48 [Security] Stop using a shared changelog for our security packages
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] [LoginLink] remove experimental
| Q | A
| ------------- | ---
| Branch? | 5.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | tbd
Symfony's new security Login Link functionality is no longer experimental as of 5.3
Commits
-------
f2842f26e7 [Security][LoginLink] remove experimental
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Workflow] Add Mermaid.js dumper
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #40165
| License | MIT
| Doc PR | symfony/symfony-docs#15102
Mermaid is - next to PlantUML - one of the most popular simple graphing solutions. This workflow dumper mirrors the feature set of the PlantUML dumper except that Mermaid does not currently support colored transitions.
**Things I need help with:**
- ~I basically tried to copy the code style of the surrounding files and hope everything is conforming. Please let me know if I missed something.~ I see, that's the magic of fabbot. Nice. ❤️
- There are currently no tests for the different graph direction constants, I can add those, just did not see value in doing so yet.
- I am unsure how to integrate this with the current documentation. This however is likely better discussed in the corresponding issue (see above).
Commits
-------
ada6f7d315 [Workflow] Add Mermaid.js dumper
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Allow calling custom processors directly on EnvConfigurator
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
This is a proposition of addition to the feature added by https://github.com/symfony/symfony/pull/40682 to allow calling custom processors in the same way we call builtin ones. This is not perfect since it doesn't allow auto-completion for these custom methods but I think this provides a cleaner API for custom processors.
Commits
-------
1d008f76da Allow calling custom processors directly on EnvConfigurator
This PR was merged into the 5.3-dev branch.
Discussion
----------
[MonologBridge] Reset loggers on workers
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
This PR tries to solve some problems with buffered handlers (FingerCrossed) in workers.
Let's consider the default configuration (`stop_buffering: true`):
- When the threshold is crossed, all logs are flushed. Logs for the current message but also logs of previous messages in the buffer. Although buffer is limited `buffer_size`, it's a shame to keep logs of previous messages.
- When the threshold is crossed, buffering is disabled. So finger crossed configuration is not used anymore, all the logs are flushed as soon as they are written.
Then with (`stop_buffering: false`) (why isn't this the default configuration ?)
- It's a bit better since buffering isn't disabled when the threshold is crossed
- Like with `stop_buffering: true`, logs of previous messages are kept in memory
In a similar way of `DoctrineClearEntityManagerWorkerSubscriber`, this PR adds a `ResetLoggersWorkerSubscribber` to reset resettable loggers.
Integration in Monolog bundle: symfony/monolog-bundle#403
Commits
-------
1d2f7f1f87 [Messenger] Reset loggers on workers
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Serializer][Validator] Update some phpDoc relative to "getters"
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yesish (phpDoc unaccurate after code updates)
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
5046500deb [Serializer][Validator] Update some phpDoc relative to "getters"
This PR was merged into the 4.4 branch.
Discussion
----------
Update README.md
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes as doc
| Tickets | see desc
| License | MIT
| Doc PR | .
Related to https://packagist.org/packages/symfony/web-server-bundle/stats
Also I do have a question, do Symfony uses the https://getcomposer.org/doc/04-schema.md#abandoned feature?
It can be useful I think
I’ve seen many differents way, inside the repo readme, via github repo description with [DEPRECATED], even marking the repo as readonly
IMHO a similar aproach should be done for all packages of the organisation :)
Commits
-------
37b19d9c06 Update README.md
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Deprecate using UsageTrackingTokenStorage outside the request-response cycle
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | yes
| Tickets | Fix#40778
| License | MIT
| Doc PR | -
Currently, you get an "There is currently no session available" exception when using the `security.token_storage` service outside the main request-response cycle (e.g. in a `kernel.terminate` listener). This PR deprecates such usage and requires developers to update their definitions to explicitly use `security.untracked_token_storage` instead.
A different solution would be to silently disable tracking in these cases, but I think that might create some unnecessary technical debt.
Commits
-------
7452476156 [Security] Fix UsageTrackingTokenStorage outside the request cycle
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Messenger] Add X-Ray trace header support to the SQS transport
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
aws documentation: https://docs.aws.amazon.com/xray/latest/devguide/xray-services-sqs.html
Commits
-------
5fa7ff9541 [Messenger] Added X-Ray trace header support to the SQS transport
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40235 ... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
When the IDE by mistake puts an empty line in `access_control` in security.yaml there is no warning that we have an empty row, making the rest of routes defined, to be ignored and possible to be accessed by anyone that can authenticate no matter the role.
# How to reproduce the issue
- git clone git@github.com:monteiro/symfony-issue-40235.git
- composer install
- symfony server:start
- open 127.0.0.1:8000/admin with username: "john_user" and password "123456"
- Since that user has only ROLE_USER should not be able to access the route... but because there is an empty line in "access_control" in `security.yaml`, "by mistake" it is possible to access the protected `ROLE_ADMIN` route.
Commits
-------
ee26ce5987 [SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Cache] Apply NullAdapter as Null Object
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix https://github.com/symfony/symfony/issues/40753
| License | MIT
<!--| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
There is a problem with the NullAdapter if I have to add an expression to work:
```php
$adapter = new NullAdapter();
$item = new CacheItem();
$item->set('FooBar');
if (!$adapter->save($item) && !($adapter instanceof NullAdapter)) {
throw new Exception('Uoh oh');
}
```
So the goal here is to modify the methods that are causing a problem to behave as a Null Object.
Commits
-------
f6818eb7ac [Cache] Apply NullAdapter as Null Object
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Minor fixes and tweaks in the Symfony Welcome Page
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | (not needed)
The current "Welcome Page" has a minor issue related to CSS flexbox. See how the "debug mode" text looks in smaller screens:
![before](https://user-images.githubusercontent.com/73419/114359439-4620d300-9b74-11eb-85c6-ee7afdb937df.png)
The solution is to wrap the contents in a HTML element such as `<p>`, but this PR also does some other minor tweaks. This is how it'd look now:
![after](https://user-images.githubusercontent.com/73419/114359535-5cc72a00-9b74-11eb-86c4-07fba89b8e8f.png)
Commits
-------
ee49cfe2b9 [HttpKernel] Minor fixes and tweaks in the Symfony Welcome Page
* 5.2:
[HttpClient][PHPDoc] Fix 2 remaining return mixed
[Cache] [FrameworkBundle] Fix logging for TagAwareAdapter
[Route] Better inline requirements and defaults parsing
Simplified condition and removed unused code from AbstractSessionListener::onKernelRequest
[PhpUnitBridge] Fix phpunit symlink on Windows
[Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag
[Form] Fix 'invalid_message' use in multiple ChoiceType
* 4.4:
[HttpClient][PHPDoc] Fix 2 remaining return mixed
[Cache] [FrameworkBundle] Fix logging for TagAwareAdapter
[Route] Better inline requirements and defaults parsing
Simplified condition and removed unused code from AbstractSessionListener::onKernelRequest
[PhpUnitBridge] Fix phpunit symlink on Windows
[Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Add env() and EnvConfigurator in the PHP-DSL
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Recently, I have been using env var processors a lot. This is a proposition to improve the DX a bit when you use the PHP-DSL to configure services.
Firstly, I am "annoyed" by the fact that I can do `param('my_param')` but not `env('MY_ENV')`.
Secondly, long chains of env var processors (eg: `%env(default:my_param:key:path:url:MY_ENV_VAR)` have two issues:
- you must construct and read them in "reverse"
- some env var processor are actually composed of 2 parts (key:path), you don't distinguish them easily from the rest
Before:
```php
->arg('$myArg', '%env(default:my_param:key:path:url:MY_ENV_VAR)%')
```
After:
```php
->arg(
'$myArg',
env('MY_ENV_VAR')
->url()
->key('path')
->default('my_param')
)
```
Custom env var processor would be callable with `->custom('my_custom_env_var_processor')` or you could extend the configurator and add your own methods.
WDYT?
Commits
-------
5f0fe3235f [DependencyInjection] Add env() and EnvConfigurator in the PHP-DSL
Remove ! symbol from requirements and defaults array keys in Route class. Leave ! symbol in Route compiled path for correct token creation
Added some inline route settings tests
This PR was merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] Fix phpunit symlink on Windows
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
If the symlink to `.phpunit/phpunit` already exists, unlink is called to remove it. But this fails on Windows (because it is a directory and requires `rmdir`), which in turn causes the subsequent `symlink` call to fail (because it already exists).
Additionally, creating symlinks on Windows requires Administrator permissions (generally), so `.phpunit/phpunit` can never be created for ordinary Users.
This PR uses a junction instead of a symlink on Windows. It also fixes some issues with stderror output and adds some argument escaping.
Commits
-------
ff8093246b [PhpUnitBridge] Fix phpunit symlink on Windows
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Security] Rework the remember me system
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes part of #39308
| License | MIT
| Doc PR | tbd
As I said in #39308, I want to change the remember me system in Symfony 5.3. The remember me system has a couple big "problems":
1. **It's hardwired into some Security classes** like `ContextListener`. The `RememberMeFactory` adds a `setRememberMe()` method call to the DI config and the context listener calls methods on this. This is very coupled, instead of the decoupled nature of the rest of security.
2. **Conditional conditions are combined with cookie creation in one class**. This is especially hard in e.g. 2FA (where setting the cookie should be done after 2FA is completed, which is currently near impossible as it's directly bound to the conditional of being called after logging in).
The changes
---
* The first commits harden the current functional test suite of remember me, to avoid breaking it.
* I discovered a lot of similarity between remember me tokens and login links. That's why I've extracted the shared logic into a generic `SignatureHasher` in the 3rd commit.
* I then remodelled `RememberMeAuthenticator` to the login link system, which I think improves a lot and at least improves problem (2) - as the conditionals (`RememberMeAuthenticator`) is split from the cookie creation (`RememberMeHandlerInterface`).
* Finally, I added a new event (`TokenDeauthenticatedEvent`) to the `ContextListener` to avoid direct coupling - solving problem (1).
This removes any usage of remember me services, which can be deprecated along with the rest of the security system.
Usage
---
As with the authenticator manager: **Nothing changes in the configuration**
Usage of persistent token providers has been improved. First, configuration is provided (setting up services is no longer needed):
```yaml
# before
services:
Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider:
autowire: true
security:
firewalls:
main:
remember_me:
# ...
token_provider: 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider'
# after
security:
firewalls:
main:
remember_me:
# ...
token_provider:
doctrine: true
```
Furthermore, a schema listener is created. Whenever the doctrine token provider is used, `make:migration`/`doctrine:schema:update` will automatically create the required table.
Some advanced usage of Remember me is also improved a lot (there is no real "before" here, consider looking at scheb/2fa to get an idea of the before). A few use-cases I took into account:
* If you ever need to **programmatically create a remember me cookie**, you can autowire `RememberMeHandlerInterface` and use `createRememberMeCookie($user)`. This will make sure the remember me cookie is set on the final response (using the `ResponseListener`)
* The `RememberMeListener` previously was responsible for both determining if a cookie must be set and setting the cookie. This is now split in 2 listeners (checking is done by `RememberMeConditionsListener`). If `RememberMeBadge` is enabled, the cookie is set and otherwise it isn't. This allows e.g. SchebTwoFactorBundle to create a listener that catches whether remember me was requested, but suppress it until the 2nd factor is completed.
Todo
---
* [x] Update UPGRADE and CHANGELOG
* [x] Show before/after examples
* [x] Investigate the conditional event registering of `ContextListener`. This forces to inject both the firewall and the global event dispatcher at the moment.
* Make sure old remember me tokens still function. As remember me tokens are long lived, we may need to provide backwards compatibility for at least Symfony 6.x. **Update: it was decided to not include this for now: https://github.com/symfony/symfony/pull/40145#issuecomment-785819607**
cc `@scheb` `@weaverryan` as you both initiated this PR by sharing the problems with the current design.
Commits
-------
15670419d4 [Security] Rework the remember me system
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Console] Deprecate Helper::strlen() for width() and length()
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | yes
| Deprecations? | yes
| Tickets | Follow up form #40698
| License | MIT
| Doc PR |
This PR will deprecated `Helper::strlen()` since it is actually calculating the width. I remove the `@internal` on `Helper::width()` and a `Helper::length()`. I will also deprecate `Helper::strlenWithoutDecoration()` because you should use `Helper::removeDecoration()` instead.
Commits
-------
3c24aa9d47 [Console] Deprecate Helper::strlen() for width() and length()
This PR was merged into the 5.2 branch.
Discussion
----------
[Form] Fix 'invalid_message' use in multiple ChoiceType
| Q | A
| ------------- | ---
| Branch? | 5.2<!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40636 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
`invalid_message` option were not take into account anymore since v5.2.4. This PR intends to fix this. The option `invalid_message` is now passed to the `POST_SUBMIT` callback, for multiple ChoiceType.
Commits
-------
f2516840c8 [Form] Fix 'invalid_message' use in multiple ChoiceType
This PR was merged into the 4.4 branch.
Discussion
----------
[Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag
| Q | A
| ------------- | ---
| Branch? | 4.4 and above
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40706 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | <!-- required for new features -->
Instead of letting the parser goes in an infinite loop because it can't get the right closing tag, throw an exception when the additional and invalid closing tag is found
Commits
-------
d5f8c887a2 [Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] LightSMS duplicated $errorCode variable fix
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40712, #40733
| License | MIT
| Doc PR | -
Removed duplicated variable $errorCode.
Many thanks for:
@OskarStark, @jderusse and special thanks for @chalasr for fast rebase course at night :)))
Commits
-------
867769ede4 [Notifier] LightSMS duplicated $errorCode variable fix
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Notifier] Added missing changelog
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I found this to be missing
Commits
-------
41198cccb5 [Notifier] Added missing changelog
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Notifier] Fix LightSms package name
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | n/a
As the namespace is LightSms and not Lightsms.
Commits
-------
2d80665a4a [Notifier] Fix LightSms package name
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Add concept of required passport badges
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | n
| Tickets | Fix#39305
| License | MIT
| Doc PR | tbd
A badge on a passport is a critical security element, it determines which security checks are run during authentication. Using the `required_badges` setting, applications can make sure the expected security checks are run.
Commits
-------
01c3bf9604 [Security] Add concept of required passport badges
This PR was merged into the 4.4 branch.
Discussion
----------
[PHPDoc] Fix some union type cases
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
While working on https://github.com/symfony/symfony/issues/40154, I discovered some PHPDoc issues, I'm going to comment in the review. Upper branches will need some fixes too.
Commits
-------
dd1481642b [PHPDoc] Fix some union type cases
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Serializer] Construct annotations using named arguments
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | N/A
| License | MIT
| Doc PR | Not needed
This is the same as #40266, but applied to the serializer annotations.
This PR proposes to bump the `doctrine/annotations` library to 1.12 to gain access to its emulation layer for named arguments. Furthermore, constructing any of the serializer's annotation classes the old way by passing an array of parameters is deprecated.
### Reasons for this change
The constructors of our annotation classes have become unnecessarily complicated because we have to support two ways of calling them:
* An array of parameters, passed as first argument, because that's the default behavior `doctrine/annotations`.
* A set of named arguments because that's how PHP 8 attributes work.
Since we can now tell the Doctrine annotation reader to use named arguments as well, we can simplify the constructors of our annotations significantly.
### Drawback
After this change, there is no easy way anymore to construct instances of most of the annotation classes directly on PHP 7. The PR has been built under the assumption that instances of this class are usually created using either Doctrine annotations or a PHP 8 attribute. Thus, most applications should be unaffected by this change.
Commits
-------
c11666264d [Serializer] Construct annotations using named arguments
This PR was merged into the 5.2 branch.
Discussion
----------
[Console] Add Helper::width() and Helper::length()
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Close#40697Fix#40634, fix#40635
| License | MIT
| Doc PR |
This PR will add add a Helper::strwidth() and a Helper::strlength(). Same with with the Helper::strlenWithoutDecoration(). It does not deprecate anything. That is done in #40695
With this PR we dont have to revert the emoji issue (ie close#40697)
FYI @grasmash, I used your tests from #40635
Commits
-------
d9ea4c597c Add test.
dc02ab3d74 [Console] Add Helper::strwidth() and Helper::strlength()
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [CS] [5.x] Replace easy occurrences of ?: with ??
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
https://github.com/symfony/symfony/pull/40729 on 5.x
Commits
-------
726075c177 [CS] [5.x] Replace easy occurrences of ?: with ??
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Notifier] Mercure bridge: bump mercure dependency to 0.5
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/15179
Bump Mercure bridge's `symfony/mercure` dependency to 0.5 to deal with hubs instead of publishers.
---
To be able to use `HandlerRegistry::all` method, this PR needs https://github.com/symfony/mercure/pull/50 to be merged and released.
Commits
-------
498f96f1a8 Drop support of mercure:^0.4
d3306fdc92 add support for symfony/mercure:^0.5
This PR was merged into the 4.4 branch.
Discussion
----------
[Debug][ErrorHandler] Avoid warning with Xdebug 3 with develop mode disabled
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40677
| License | MIT
As reported in #40677, this fix is needed when Xdebug 3 is enabled but its `develop` mode is off.
Commits
-------
0e0639b129 Avoid warning with Xdebug 3 with develop mode disabled
This PR was merged into the 5.2 branch.
Discussion
----------
[Security] [Passport] improve dx and document AuthenticationException
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | tbd
`Passport::getUser()` (Instance of `UserPassportInterface::class`) throws an `AuthenticationException::class`
if a user does not exist. Let's document that for better DX and visibility.
Use case:
- User login w/ a `username` that does not exist (custom json authenticator)
- Attempt Authentication...
- Auth failed `LoginFailureEvent` dispatched
- snippet below:
```php
// Userland\LoginFailureEventSubscriber::class
public function dispatchFailure(LoginFailureEvent $event): void
{
$user = $event->getPassport()->getUser();
$message = new UserlandMessage($user);
$this->messageBus->dispatch($message);
}
```
- `401` status is returned.
The above subscriber fails silently because a `UsernameNotFoundException` was ultimately thrown from `UserBadge::getUser()`.
Commits
-------
97ceba0f5d improve dx and document auth exception
A badge on a passport is a critical security element, it determines which
security checks are run during authentication. Using the `required_badges`
setting, applications can make sure the expected security checks are run.
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Mailer][Notifier] added missing gitattributes and gitignore
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
just added missing .gitattributes and .gitignore to be consistent with other components
Commits
-------
00ac6d4b45 added missing gitattributes and gitignore
* 5.2:
added missing gitattributes and gitignore
allow CurlHttpClient on Windows
[Security] Mark ExpiredLoginLinkStorage as experimental
remove references to "Silex"
This PR was merged into the 5.2 branch.
Discussion
----------
[Security] Mark ExpiredLoginLinkStorage as experimental
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
We missed marking this as experimental together with the other "LoginLink" features.
This PR follows the discussion in https://github.com/symfony/symfony/pull/40145/files#r589072524
Commits
-------
76a88f2211 [Security] Mark ExpiredLoginLinkStorage as experimental
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
LoginLink create get Request Locale
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
| Doc PR | symfony/symfony-docs#15163
While writing the documentation for PR#40153 I noticed that the RequestContext :: fromRequest method does not add the '_locale' parameter automaticaly. This new pull request to set _locale parameter to the RequestContext.
Commits
-------
433d76bfe1 LoginLink create get Request Locale
* 5.2:
fixed parser
Fixed bugs found by psalm
[FrameworkBundle] Dont store cache misses on warmup
fix test
Update references to the ContainerConfigurator
[Translation] Remove file added back from a bad merge
Fix sleep value
[Cache] skip storing failure-to-save as misses in ArrayAdapter
[Validator] Delete obsolete statement in Regex::getHtmlPattern() phpDoc
[FrameworkBundle] Remove author comments for configuration and extension
[Stopwatch] Document new "name" property of StopwatchEvent
[DependencyInjection] Fix "url" env var processor behavior when the url has no path
Fixed support for nodes not extending BaseNode
[FrameworkBundle] dont access the container to configure http_cache
add missing queue_name to find(id) in doctrine messenger transport
[Config][FrameworkBundle] Hint to use PHP 8+ or to install Annotations to use attributes/annots
[Serializer] AbstractNormalizer force null for non-optional nullable constructor parameter denormalization when not present in input
* 4.4:
fixed parser
Fixed bugs found by psalm
[FrameworkBundle] Dont store cache misses on warmup
[Cache] skip storing failure-to-save as misses in ArrayAdapter
[Validator] Delete obsolete statement in Regex::getHtmlPattern() phpDoc
[FrameworkBundle] Remove author comments for configuration and extension
[DependencyInjection] Fix "url" env var processor behavior when the url has no path
Fixed support for nodes not extending BaseNode
add missing queue_name to find(id) in doctrine messenger transport
[Serializer] AbstractNormalizer force null for non-optional nullable constructor parameter denormalization when not present in input
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Fixed bugs found by psalm
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When running psalm for branch 4.4, we get around 1500 errors. I browsed though them all and here is a small PR with the actual bugs I think should be fixed.
I'll make review comments about them below.
Commits
-------
0a0cd7a274 Fixed bugs found by psalm
This PR was merged into the 4.4 branch.
Discussion
----------
[Config] Fixed support for nodes not extending BaseNode
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Too many times we assume that a `NodeInterface` extends `BaseNode`. This PR adds a small test with a new `CustomNodeDefinition` and `CustomNode` that implements `NodeInterface`.
Commits
-------
68276562c3 Fixed support for nodes not extending BaseNode
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Dont store cache misses on warmup
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38694
| License | MIT
| Doc PR | symfony/symfony-docs#15172
When we are warming the annotation cache, we are reading all annotation into an `ArrayAdapter`. When we are done we move the values to a `PhpArrayAdapter` to store them in a file.
@Seldaek [found out](https://github.com/symfony/symfony/issues/38694#issuecomment-810501066) that when you are using a custom constraint with a `Symfony\Component\Validator\Constraints\Callback`, there is a strange error like:
> Can use "yield from" only with arrays and Traversables
That is because the `Closure` in the `Symfony\Component\Validator\Constraints\Callback` cannot be serialised and saved to cache. But since the `ArrayAdapter` is also [storing misses as null](https://github.com/symfony/symfony/pull/35362), the null values are understood as real values.
When all values are moved to the `PhpArrayAdapter` and we ask the cache for a value (via Doctrine's `CacheProvider`), it will return `null` as a value instead of `false` as a cache miss. And `null` is not something one could "yield from".
Commits
-------
27a22b34af [FrameworkBundle] Dont store cache misses on warmup
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
Improve ExtractorInterface phpdoc
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
I think this phpdoc can be improved
Commits
-------
255b608d6d Improve ExtractorInterface phpdoc
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Remove author comments for configuration and extension
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I really don't want to step on anyones toes. I'm also super grateful for all the time, effort and energy these contributors (and everybody else) have given to Symfony.
The `@author` tags should represent "who knows the most about this class" or to give the original author some kind of credit (more visible than `git blame`).
The FrameworkBundle's `Configuration` and `FrameworkExtension` classes are a bit special. Fist because they are well known by most recurring contributors. They are also thousands of lines long and many many users have added a line or two. The `FrameworkExtension` have over 50 people that currently authored more than 5 lines. The named authors combined have about that 12% and 25% in `Configuration` and `FrameworkExtension` respectively.
I do like the `@author` tag, but for the reasons above, I don't think they make sense for these classes.
Commits
-------
f19d72aa07 [FrameworkBundle] Remove author comments for configuration and extension
This PR was merged into the 5.3-dev branch.
Discussion
----------
Use symfony/deprecation-contracts instead of trigger_error
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | yes <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | - <!-- required for new features -->
As `symfony/deprecation-contracts` added to requirements with PR #40468, we can update `trigger_error` call in favor reusing deprecation abstractions
Commits
-------
1acc296773 Use symfony/deprecation-contracts instead of trigger_error
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Delete obsolete statement in Regex::getHtmlPattern() phpDoc
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #12235
| License | MIT
| Doc PR |
The original issue was #5307 (`match=false` not handled in `getHtmlPattern()`).
Then #5382 patched it to return null (rather than an incorrect result) and inserted a statement and a "todo" in the phpDoc.
Later (but still years ago) #12235 properly implemented pattern inversion, but only removed the "todo"; this PR removes the statement.
Commits
-------
3bdf8d7238 [Validator] Delete obsolete statement in Regex::getHtmlPattern() phpDoc
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Fix "url" env var processor behavior when the url has no path
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Before:
```yaml
MY_URL_ENV_VAR=http://symfony.com
%env(key:path:url:MY_URL_ENV_VAR)% --> false
```
After:
```yaml
MY_URL_ENV_VAR=http://symfony.com
%env(key:path:url:MY_URL_ENV_VAR)% --> null
```
Returning `false` for the path prevents me from using the `default` env var processor that is triggered only for `''` and `null`.
(`%env(default:my_fallback_param:key:path:url:MY_URL_ENV_VAR)%`)
BTW, with PHP 8, it actually works because `substr(null, 1)` behavior changed (see https://3v4l.org/oHf6l).
Commits
-------
2876cf9cc6 [DependencyInjection] Fix "url" env var processor behavior when the url has no path
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] skip storing failure-to-save as misses in ArrayAdapter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#38694
| License | MIT
| Doc PR | -
In addition to #40645
Commits
-------
ba6698795c [Cache] skip storing failure-to-save as misses in ArrayAdapter
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Mime] Remove @internal from Headers methods
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
I don't understand why the methods
- `Headers::getHeaderBody()`
- `Headers::setHeaderBody()`
- `Headers::getHeaderParameter()`
- `Headers::setHeaderParameter()`
are marked as internal.
They are already used by others libraries, like
a6c3fa9aea/Transport/MandrillApiTransport.php (L92)a6c3fa9aea/Transport/MandrillApiTransport.php (L99)
The implementation shouldn't change so they could be under the BC promise.
Plus they are useful, and I don't see any other way that reimplementing the method if we want to do something like
```
->getHeaderParameter('Content-Disposition', 'name')
```
Commits
-------
592fb13456 Remove internal annotation
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle][HttpKernel][TwigBridge] Add an helper to generate fragments URL
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix n/a
| License | MIT
| Doc PR | todo
This PR adds a new helper to generate raw fragment URL. Fragments will be useful to generate lazy frames with Symfony UX Turbo (https://github.com/symfony/ux/pull/64). This will also be convenient when using hinclude, ESI etc in case you want full control over the generated HTML.
This is also more in sync with the new best practices we apply in the form component (generate the HTML by yourself instead of using Twig helpers hiding the HTML elements).
Example:
```html
<turbo-frame id="set_aside_tray" src="{{ fragment_uri(controller('Symfony\Bundle\FrameworkBundle\Controller', {template: "foo.html.twig"})) }}">
<img src="/icons/spinner.gif">
</turbo-frame>
```
Commits
-------
5d29d76612 [FrameworkBundle][HttpKernel][TwigBridge] Add an helper to generate fragments URL
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
Messenger multiple failed transports
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#34911
| License | MIT
| Doc PR | symfony/symfony-docs#13489
<!--
https://github.com/symfony/symfony-docs/pull/13489 Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
## Strategy applied
- Pass a map of transports and failed transports to the `SendFailedMessageToFailureTransportListener`. This way we re-use the same listener.
- Local failed transport has more priority than a global failed transport defined.
## Configuration example
```yaml
# config/packages/messenger.yaml
framework:
# no need to set failed transport globally if I want a specific behaviour per transport.
failure_transport: failed # all transports have this failed transport
messenger:
transports:
failed: 'doctrine://default?queue_name=failed'
failed_important: 'doctrine://default?queue_name=failed_important'
async:
dsn: '%env(MESSENGER_TRANSPORT_DSN)%'
failure_transport: failed # takes precedence over the global defined "failed_transport"
retry_strategy:
max_retries: 3
delay: 1000
multiplier: 2
async_no_failure_transport: # it will use the global defined transport if no one is defined.
dsn: '%env(MESSENGER_TRANSPORT_DSN)%'
retry_strategy:
max_retries: 3
delay: 1000
multiplier: 2
async_send_specific_failure_queue:
dsn: '%env(MESSENGER_TRANSPORT_DSN)%'
failed_transport: failed_important # takes precedence over the global defined "failed_transport"
retry_strategy:
max_retries: 3
delay: 1000
multiplier: 2
```
You can test this feature easily on a [demo project](https://github.com/monteiro/messenger-multiple-failed-transports-pr34979). Just follow the [README](https://github.com/monteiro/messenger-multiple-failed-transports-pr34979).
**More information on issue #34911**
## What needs to be done so this can be merged:
- [x] validate strategy
- [ ] update src/**/CHANGELOG.md files
- [x] update tests to cover all cases
- [x] create doc PR
Commits
-------
5810b6c378 Messenger multiple failed transports
This PR was merged into the 4.4 branch.
Discussion
----------
[Serializer] Allow AbstractNormalizer to use null for non-optional nullable constructor parameters without default value
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40511
| License | MIT
Serializer component AbstractNormalizer attemps to guess constructor parameters, and falls back using default values when possible. Yet, it misses one use case: nullable non-optional parameter with value not being present in incoming input, case in which null is a valid value, not the default one, yet still valid.
This PR introduce a two-line fix that forcefully set null as value for missing from input non-optional nullable constructor parameters values.
Commits
-------
d29e433ae8 [Serializer] AbstractNormalizer force null for non-optional nullable constructor parameter denormalization when not present in input
This PR was merged into the 4.4 branch.
Discussion
----------
add missing queue_name to find(id) in doctrine messenger transport
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
This bug was noticed by @weaverryan when reviewing the PR: https://github.com/symfony/symfony/pull/38468 related to multiple failure transports.
Commits
-------
bb26a92826 add missing queue_name to find(id) in doctrine messenger transport
This PR was merged into the 5.2 branch.
Discussion
----------
[Config][FrameworkBundle] Hint to use PHP 8+ or to install Annotations for using attributes/annots
…s to use attributes/annots
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | See https://github.com/symfony/recipes/pull/916
| License | MIT
| Doc PR | n/a
Improve the error message to hint that you can upgrade to PHP 8 instead of using `doctrine/annotations`.
Commits
-------
af6f3c2c08 [Config][FrameworkBundle] Hint to use PHP 8+ or to install Annotations to use attributes/annots
* 5.2:
skip intl dependent tests if the extension is missing
make DateCaster tests timezone-agnostic
error if the input string couldn't be parsed as a date
IntegerType: Always use en for IntegerToLocalizedStringTransformer Fixes#40456
Uses the correct assignment action for console options depending if they are short or long
[HttpKernel] ConfigDataCollector to return known data without the need of a Kernel
[HttpClient] fix using stream_copy_to_stream() with responses cast to php streams
FIx Trying to clone an uncloneable object of class
* 4.4:
skip intl dependent tests if the extension is missing
make DateCaster tests timezone-agnostic
error if the input string couldn't be parsed as a date
IntegerType: Always use en for IntegerToLocalizedStringTransformer Fixes#40456
Uses the correct assignment action for console options depending if they are short or long
[HttpKernel] ConfigDataCollector to return known data without the need of a Kernel
[HttpClient] fix using stream_copy_to_stream() with responses cast to php streams
FIx Trying to clone an uncloneable object of class
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Serializer] Nicer ExtraAttributesException message for single attribute
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
| Doc PR | n/a
This PR changes wording of ExtraAttributesException message in case there is only one extra attribute:
Before
----
Extra attributes are not allowed ("foo", "bar" are unknown).
Extra attributes are not allowed ("foo" are unknown).
After:
----
Extra attributes are not allowed ("foo", "bar" are unknown).
Extra attributes are not allowed ("foo" is unknown).
Commits
-------
1ba6a2cf50 [Serializer] Nicer ExtraAttributesException message for single attribute
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] error if the input string couldn't be parsed as a date
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40597
| License | MIT
| Doc PR |
When the Intl polyfill is used instead of the PHP intl extension, the
intl_get_error_code() function always returns 0 no matter if the input
string could be parsed.
Commits
-------
5ce5300da3 error if the input string couldn't be parsed as a date
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix using stream_copy_to_stream() with responses cast to php streams
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40574
| License | MIT
| Doc PR | -
Commits
-------
cf1404a30b [HttpClient] fix using stream_copy_to_stream() with responses cast to php streams
This PR was merged into the 4.4 branch.
Discussion
----------
[VarDumper] make DateCaster tests timezone-agnostic
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
bfef4546d3 make DateCaster tests timezone-agnostic
When the Intl polyfill is used instead of the PHP intl extension, the
intl_get_error_code() function always returns 0 no matter if the input
string could be parsed.
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[TwigBridge] add tailwindcss form layout
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | todo
Per @weaverryan's [call to action on twitter](https://twitter.com/weaverryan/status/1369654724107067392) and slack discussion.
It's been tricky to create a generic form layout for tailwind as it's a css *utility framework* and has an unlimited number of ways to style forms. With tailwindcss 2.0, the tailwind team released an [official form plugin](https://github.com/tailwindlabs/tailwindcss-forms) that provides form element reset/normalization that looks decent out of the box. This PR is an attempt to piggy-back on this plugin to provide a minimal Symfony form layout for tailwind. The goal is to have your forms look good in a tailwind/Symfony app with no customization (but of course allow customization as desired).
This layout **requires** tailwindcss 2 and the form plugin.
I followed the ["unstyled" demo](https://tailwindcss-forms.vercel.app/) for the form plugin as a style guide. Here is a screenshot of this layout used in [a demo Symfony app](https://github.com/kbond/symfony-tailwind) with several common form types (I'll try to keep this updated as I update the PR):
![New-Post](https://user-images.githubusercontent.com/127811/112684961-3d2cc380-8e4a-11eb-8e43-0c08d2eecd7a.png)
Some notes about the layout:
1. I tried to use as few tailwind classes as possible and avoid color (primary exception being the error color).
2. I decided on a mobile-first approach so out of the box, it will look decent on any device and drastically reduces the number of css classes/assumptions.
3. While other layouts merge classes passed by the user, I opted to replace. This ensures the user doesn't have to _undo_ the class decisions made by this layout. I also discovered "undoing" doesn't work as I expected anyway: `class="mt-1 mt-0"`, `mt-1` "wins" as `mt-1` comes later in the compiled stylesheet.
4. For the _low level_ blocks, I extracted the classes into their own "variables" (`row_class`, `widget_class`, `label_class`, `help_class`, `error_item_class`) to make it easier to extend and customize the layout. Note the `widget_disabled_class`/`widget_errors_class` variables: these are added even if you've overridden the `widget_class` variable.
### Customization
Customizing is especially important for this layout. Here are the two ways:
1. Twig form functions:
```twig
{{ form_row(form.title, {
row_class: 'my row classes',
label_class: 'my label classes',
error_item_class: 'my error item classes',
widget_class: 'my widget classes',
widget_disabled_class: 'my disabled widget classes',
widget_errors_class: 'my widget with error classes',
}) }}
```
2. Project specific form layout:
```twig
{% use 'tailwind_2_layout.html.twig' %}
{%- block form_row -%}
{%- set row_class = row_class|default('my row classes') -%}
{{- parent() -}}
{%- endblock form_row -%}
{%- block widget_attributes -%}
{%- set widget_class = widget_class|default('my widget classes') -%}
{%- set widget_disabled_class = widget_disabled_class|default('my disabled widget classes') -%}
{%- set widget_errors_class = widget_errors_class|default('my widget with error classes') -%}
{{- parent() -}}
{%- endblock widget_attributes -%}
{%- block form_label -%}
{%- set label_class = label_class|default('my label classes') -%}
{{- parent() -}}
{%- endblock form_label -%}
{%- block form_help -%}
{%- set help_class = help_class|default('my label classes') -%}
{{- parent() -}}
{%- endblock form_help -%}
{%- block form_errors -%}
{%- set error_item_class = error_item_class|default('my error item classes') -%}
{{- parent() -}}
{%- endblock form_errors -%}
```
#### Customization POC/Demo
With this custom form theme:
```twig
{%- block form_label -%}
{%- set label_class = label_class|default('block text-gray-500 uppercase tracking-wider text-sm font-bold') -%}
{{- parent() -}}
{%- endblock -%}
{%- block widget_attributes -%}
{%- set widget_class = widget_class|default('mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50') -%}
{{- parent() -}}
{%- endblock -%}
{%- block checkbox_widget -%}
{%- set widget_class = widget_class|default('mr-2 rounded border-gray-300 text-indigo-600 shadow-sm focus:border-indigo-300 focus:ring focus:ring-offset-0 focus:ring-indigo-200 focus:ring-opacity-50') -%}
{{- parent() -}}
{%- endblock -%}
{%- block checkbox_label -%}
{%- set label_class = label_class|default('block text-gray-800') -%}
{{- block('form_label') -}}
{%- endblock -%}
```
The above example looks like this:
![New-Post (3)](https://user-images.githubusercontent.com/127811/112705040-657ce800-8e73-11eb-965f-de289e9b978a.png)
Commits
-------
3719a409b6 [TwigBridge] add tailwindcss form layout
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] IntegerType: Always use en for IntegerToLocalizedStringTransformer
Fixes#40456
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40456
| License | MIT
Commits
-------
83b836dbc9 IntegerType: Always use en for IntegerToLocalizedStringTransformer Fixes#40456
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[HttpKernel] ConfigDataCollector to return known data without the need of a Kernel
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40534
| License | MIT
| Doc PR |
Sets `$this->data` with information that can be known without the need of a `Kernel`.
Commits
-------
d919f2ce83 [HttpKernel] ConfigDataCollector to return known data without the need of a Kernel
This PR was merged into the 4.4 branch.
Discussion
----------
Fix Trying to clone an uncloneable object of class
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Since `ext-redis: 5.3..3`, the `\Redis` class is not cloneable anymore (https://github.com/phpredis/phpredis/commit/cd05a344).
PHPUnit 7.5 (used byt PHP 7.1) clones objects provided by the dataprovier, when they are cloneable.
To check if an object is cloneable, it use the `Reflexion::isCloneable` method and check if the `__clone` method is public.
The issue is, the Class generated by `createMock` is cloneable, which leads to an exception such as:
> Trying to clone an uncloneable object of class Mock_Redis_b2f171b3
This PR fake replaces the mock by a real instance of the class.
Commits
-------
f67dab95e2 FIx Trying to clone an uncloneable object of class
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Security] LoginLink with specific locale
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
I have added the possibility to create a login link for a specific locale. It's useful when we want generate a link for an other user who isn't in the same locale of us.
Commits
-------
50673c5321 [Security] LoginLink with specific locale
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Serializer] Add a Custom End Of Line in CSV File
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | -
Commits
-------
20f03677e3 [Serializer] Add a Custom End Of Line in CSV File
This PR was merged into the 5.3-dev branch.
Discussion
----------
Add `#[As-prefix]` to service attributes
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR renames all existing attributes with the `As` prefix, as I proposed several times already.
This should help autocompletion, and it's required to not collide with existing class names (eg the `Command` class, but also the old `Controller` class, etc.)
I think this `As` prefix is a convention for the better.
Commits
-------
4f1318963a Add `#[As-prefix]` to service attributes