This PR was squashed before being merged into the 2.8 branch (closes#15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
This PR was merged into the 2.6 branch.
Discussion
----------
[Validator] always evaluate binary format when changed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13891
| License | MIT
| Doc PR |
Commits
-------
2ad7e67 [Validator] always evaluate binary format when changed
* 2.7:
Update DateTimeToArrayTransformer.php
Mock microtime() and time() in transient tests
Azerbaijani language pluralization rule
Move HHVM tests out of the allowed failures
* 2.6:
Update DateTimeToArrayTransformer.php
Mock microtime() and time() in transient tests
Azerbaijani language pluralization rule
Move HHVM tests out of the allowed failures
* 2.3:
Update DateTimeToArrayTransformer.php
Mock microtime() and time() in transient tests
Azerbaijani language pluralization rule
Move HHVM tests out of the allowed failures
This PR was merged into the 2.3 branch.
Discussion
----------
Mock microtime() and time() in transient tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
8319ca3 Mock microtime() and time() in transient tests
This PR was merged into the 2.3 branch.
Discussion
----------
Move HHVM tests out of the allowed failures
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
2.3, 2.6 and 2.7 are now green on HHVM, let's ensure this remains always true!
Commits
-------
ff2ead1 Move HHVM tests out of the allowed failures
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#15163).
Discussion
----------
Update DateTimeToArrayTransformer.php
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
php have annoying bug with timezone handling. Some timezones (like US/Eastern, US/Central, US/Mountain) are considered "not standard" and not parsed in some cases.
For example, code
```
php -r '$d = new \DateTime("2015-07-01 16:11", new \DateTimeZone("US/Eastern")); print $d->format("r");'
```
return output
```
Wed, 01 Jul 2015 16:11:00 -0400
```
However, code
```
php -r '$d = new \DateTime("2015-07-01 16:11 US/Eastern"); print $d->format("r");'
```
throw exception
```
Exception' with message 'DateTime::__construct(): Failed to parse time string (2015-07-01 16:11 US/Eastern) at position 17 (U): The timezone could not be found in the database'
```
Thats why timezone US/Eastern works in some cases and didnt work in other cases.
This PR fix usage of US/Eastern in code like
```
$formBuilder->add("createdTimestamp", "datetime", ['view_timezone'=$user->timezone])
```
Commits
-------
27b824a Update DateTimeToArrayTransformer.php
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#15150).
Discussion
----------
[Translation] Azerbaijani language pluralization rule is wrong
In AZ, as in TR, pluralization is always 0:
0 kitab (zero books)
1 kitab (1 book)
3 kitab (3 books)
104 kitab (104 books)
Apparently ZF ruleset was wrong in the first place :)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15152
| License | MIT
| Doc PR | -
Commits
-------
efd927a Azerbaijani language pluralization rule
In AZ, as in TR, pluralization is always 0:
0 kitab (zero books)
1 kitab (1 book)
3 kitab (3 books)
104 kitab (104 books)
Apparently ZF ruleset was wrong in the first place :)
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
[Validator] Added missing error codes and turned codes into UUIDs
Reopened#12388 on the 2.8 branch.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
With the current implementation of error codes, checking which error occurred is unnecessarily complex:
```php
if ($violation->getConstraint() instanceof Length && Length::TOO_SHORT_ERROR === $violation->getCode()) {
// ...
}
```
Also, the code is completely missing for some constraints. This is fixed now. By using UUIDs, the check is reduced to:
```php
if (Length::TOO_SHORT_ERROR === $violation->getCode()) {
// ...
}
```
Also, APIs can simply output the error code and the name of the error without needing to point to the constraint as well.
Before:
```json
[
{
"code": "1",
"name": "TOO_SHORT_ERROR",
"message": "This value is too short. ...",
"constraint": "Symfony\\Component\\Validator\\Constraints\\Length"
}
]
```
After:
```json
[
{
"code": "9ff3fdc4-b214-49db-8718-39c315e33d45",
"name": "TOO_SHORT_ERROR",
"message": "This value is too short. ..."
}
]
```
This makes it possible to implement a service on symfony.com which looks up error codes, e.g.
symfony.com/error?code=9ff3fdc4-b214-49db-8718-39c315e33d45
Such a URL could redirect directly to the documentation of the appropriate constraint. We could even support user-submitted error codes which redirect to the documentation of that constraint.
Commits
-------
8874e88 [Validator] Added missing error codes and turned codes into UUIDs
* 2.3:
Minor fixes
Towards 100% HHVM compat
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fixed handling of choices passed in choice groups
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | **yes**
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14915
| License | MIT
| Doc PR | -
I introduced a bug in the 2.7 ChoiceList implementation when choices are passed as groups:
```
$form->add('response', 'choice', array(
'choices' => array(
'Decided' => array($yesObj, $noObj),
'Undecided' => array($maybeObj),
),
// use getName() for the labels
'choice_label' => 'name',
'choices_as_values' => true,
));
```
In this example, since the choices `$yesObj` and `$maybeObj` have the same array index `0`, the same label is displayed for the two options. The problem is that we rely on the keys passed in the "choices" option to identify choices in a choice list (which are, as you see, not guaranteed to be free of duplicates).
This PR changes the new choice list implementation to identify choices by values instead. We already have the guarantee that choices can be identified uniquely by their string values.
This PR should be included in 2.7.2 to fix the regression.
Unfortunately, a few BC breaks in the new implementation are necessary to make this fix:
* The legacy `ChoiceListInterface` was reverted to how it was in 2.6 and does *not* extend the new `ChoiceListInterface` anymore.
* As a consequence, legacy choice lists need to be wrapped into a `LegacyChoiceListAdapter` when they are passed to any place in the framework where a new choice list is expected.
* The new `ChoiceListInterface` has two additional methods `getStructuredValues()` and `getOriginalKeys()` now.
* `ArrayKeyChoiceList::toArrayKey()` was marked as internal.
* `ChoiceListFactoryInterface::createView()` does not accept arrays and Traversables anymore for the `$groupBy` parameter (for simplicity).
@fabpot Where should we document the upgrade path for 2.7.1 => 2.7.2?
Commits
-------
7623dc8 [Form] Fixed handling of choices passed in choice groups
This PR was submitted for the 2.7 branch but it was merged into the 2.8 branch instead (closes#14764).
Discussion
----------
[TwigBundle] Warmup twig templates in non-standard paths
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12507
| License | MIT
| Doc PR | symfony/symfony-docs#5391
Commits
-------
96cce38 Warmup twig templates in non-standard paths (closes#12507)
This PR was merged into the 2.7 branch.
Discussion
----------
[Bridge/PhpUnit] Enforce a consistent locale
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Will fix some HHVM failures
Commits
-------
b04fe83 [Bridge/PhpUnit] Enforce a consistent locale
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed: Data mappers always receive forms indexed by their names
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR facilitates writing domain-specific data mappers, since it guarantees that you can access forms by name in the data mapper methods. Currently, `Form::add()` does not set the index of the array passed to the data mapper to the form's name.
Commits
-------
86b7fe5 [Form] Fixed: Data mappers always receive forms indexed by their names
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14931
| License | MIT
| Doc PR |
Commits
-------
f999217 trigger event with right user (add test)
01ee3f6 [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
This PR was merged into the 2.7 branch.
Discussion
----------
Fix choice translation domain for expanded choice widget
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15140
| License | MIT
This fix the form component using the translation_domain instead of the choice_translation_domain for expanded choice widgets.
I had to add the possibility to skip label translation when using ```translation_domain => false``` to do this fix so this can be considered a new feature to.
Commits
-------
52755ba Fix choice translation domain for expanded choice widget
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] add option to force web server startup
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `server:start` command will report an error message when a lock file
does exist.
However, this means that you cannot restart the web server process if
the previously running process terminated accidentally or if it was
terminated by the user without executing the `server:stop` command (e.g.
by using the system's `kill` command or the task manager).
This commit adds a `--force` option that makes it possible to launch the
web server process even if a lock file does exist.
Commits
-------
1583fad add option to force web server startup
This PR was merged into the 2.7 branch.
Discussion
----------
[Finder] Fix PHPUnit param order
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fairly cosmetic but it confused me for a while when I broke tests and PHPUnit said something like
--- Expected
+++ Actual
@@ @@
-'/^(?=[^\.])x\.[^/]*$/'
+'/^\.[^/]*$/'
Looks like 2.7 is the earliest this can be merged into.
Commits
-------
8e41a5b Fix param order of assertEquals (expected, actual) in test for Finder\Glob
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet.
load user by UserInterface instead of username