ec2c81bc84
Commits -------d2195cc
Fixed phpdoc and updated the changelog9e41ff4
[SecurityBundle] Added a validation ruleb107a3f
[SecurityBundle] Refactored the configuration633f0e9
[DoctrineBundle] Moved the entity provider service to DoctrineBundle74732dc
[SecurityBundle] Added a way to extend the providers section of the config Discussion ---------- [WIP][SecurityBundle] Added a way to extend the providers section of the config Bug fix: no Feature addition: yes BC break: <del>no (for now)</del> yes Tests pass: yes This adds a way to extend the ``providers`` section of the security config so that other bundles can hook their stuff into it. An example is available in DoctrineBundle which is now responsible to handle the entity provider (<del>needs some cleanup as the service definition is still in SecurityBundle currently</del>). This will allow PropelBundle to provide a ``propel:`` provider for instance. In order to keep BC with the existing configuration for the in-memory and the chain providers, I had to allow using a prototyped node instead of forcing using an array node with childrens. This introduces some issues: - impossible to validate easily that a provider uses only one setup as prototyped node always have a default value (the empty array) - the ``getFixableKey`` method is needed in the interface to support the XML format by pluralizing the name. Here is my non-BC proposal for the configuration to clean this: ```yaml security: providers: first: memory: # BC break here by adding a level before the users users: joe: { password: foobar, roles: ROLE_USER } john: { password: foobarbaz, roles: ROLE_USER } second: entity: # this one is BC class: Acme\DemoBundle\Entity\User third: id: my_custom_provider # also BC fourth: chain: # BC break by adding a level before the providers providers: [first, second, third] ``` What do you think about it ? Do we need to keep the BC in the config of the bundle or no ? Btw note that the way to register the factories used by the firewall section should be refactored using the new way to provide extension points in the extensions (as done here) instead of relying on the end user to register factories, which would probably mean a BC break anyway. --------------------------------------------------------------------------- by lsmith77 at 2011/10/23 09:19:23 -0700 i don't think we should keep BC. the security config is complex as is .. having BC stuff in there will just make it even harder and confusing. --------------------------------------------------------------------------- by willdurand at 2011/10/23 09:41:25 -0700 Is the security component tagged with `@api` ? So basically, we just have to create a factory (`ModelFactory` for instance) and to register it in the `security` extension, right ? Seems quite simple to extend and much better than the hardcoded version… Why did you call the method to pluralize a key `getFixableKey` ? --------------------------------------------------------------------------- by beberlei at 2011/10/23 14:48:26 -0700 Changing security config will introduce risk for users. We should avoid that --------------------------------------------------------------------------- by stof at 2011/10/23 15:34:47 -0700 @beberlei as the config is validated, it will simply give them an exception during the loading of the config if they don't update their config. --------------------------------------------------------------------------- by stof at 2011/10/24 01:01:42 -0700 @schmittjoh @fabpot Could you give your mind about it ? --------------------------------------------------------------------------- by stof at 2011/10/31 17:08:12 -0700 @fabpot @schmittjoh ping --------------------------------------------------------------------------- by stof at 2011/11/11 14:08:18 -0800 I updated the PR by implementing my proposal as the latest IRC meeting agreed that we don't need to keep the BC for this change. This allows to add the validation rule now. --------------------------------------------------------------------------- by stof at 2011/11/16 11:16:06 -0800 @fabpot ping --------------------------------------------------------------------------- by fabpot at 2011/11/16 22:29:05 -0800 @stof: Before merging, you must also add information about how to upgrade in the CHANGELOG-2.1.md file. --------------------------------------------------------------------------- by stof at 2011/11/17 00:01:23 -0800 @fabpot done
5.8 KiB
5.8 KiB
CHANGELOG for 2.1.x
This changelog references the relevant changes (bug and security fixes) done in 2.1 minor versions.
To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.1.0...v2.1.1
2.1.0
DoctrineBrige
- added a default implementation of the ManagerRegistry
- added a session storage for Doctrine DBAL
AbstractDoctrineBundle
- This bundle has been removed and the relevant code has been moved to the Doctrine bridge
DoctrineBundle
- added optional
group_by
property toEntityType
that supports either aPropertyPath
or a\Closure
that is evaluated on the entity choices - The
em
option for theUniqueEntity
constraint is now optional (and should probably not be used anymore).
FrameworkBundle
- added a router:match command
- added kernel.event_subscriber tag
- added a way to create relative symlinks when running assets:install command (--relative option)
- added Controller::getUser()
- [BC BREAK] assets_base_urls and base_urls merging strategy has changed
- changed the default profiler storage to use the filesystem instead of SQLite
- added support for placeholders in route defaults and requirements (replaced by the value set in the service container)
SecurityBundle
-
[BC BREAK] The Firewall listener is now registered after the Router one. It means that specific Firewall URLs (like /login_check and /logout must now have proper route defined in your routing configuration)
-
[BC BREAK] refactored the user provider configuration. The configuration changed for the chain provider and the memory provider:
Before:
security: providers: my_chain_provider: providers: [my_memory_provider, my_doctrine_provider] my_memory_provider: users: toto: { password: foobar, roles: [ROLE_USER] } foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
After:
security: providers: my_chain_provider: chain: providers: [my_memory_provider, my_doctrine_provider] my_memory_provider: memory: users: toto: { password: foobar, roles: [ROLE_USER] } foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
-
added a validator for the user password
SwiftmailerBundle
- moved the data collector to the bridge
- replaced MessageLogger class with the one from Swiftmailer 4.1.3
TwigBundle
- added the real template name when an error occurs in a Twig template
WebProfilerBundle
- added a routing panel
- added a timeline panel
- The toolbar position can now be configured via the
position
option (can betop
orbottom
)
Config
- implemented
Serializable
on resources
Console
- made the defaults (helper set, commands, input definition) in Application more easily customizable
- added support for the shell even if readline is not available
ClassLoader
- added support for loading globally-installed PEAR packages
DomCrawler
- added a way to get parsing errors for Crawler::addHtmlContent() and Crawler::addXmlContent() via libxml functions
- added support for submitting a form without a submit button
Finder
- Finder::exclude() now supports an array of directories as an argument
Form
- added support for validation groups as callbacks
- made the translation catalogue configurable via the "translation_domain" option
- added Form::getErrorsAsString() to help debugging forms
- allowed setting different options for RepeatedType fields (like the label)
HttpFoundation
- made Response::prepare() method the place to enforce HTTP specification
- [BC BREAK] moved management of the locale from the Session class to the Request class
- added a generic access to the PHP built-in filter mechanism: ParameterBag::filter()
- made FileBinaryMimeTypeGuesser command configurable
- added Request::getUser() and Request::getPassword()
- added support for the PATCH method in Request
- removed the ContentTypeMimeTypeGuesser class as it is deprecated and never used on PHP 5.3
- added ResponseHeaderBag::makeDisposition() (implements RFC 6266)
- made mimetype to extension conversion configurable
HttpKernel
- added a Stopwatch class
- added WarmableInterface
- improved extensibility between bundles
- added a File-based profiler storage
- added a MongoDB-based profiler storage
Locale
- added Locale::getIcuVersion() and Locale::getIcuDataVersion()
Routing
- added a TraceableUrlMatcher
- added the possibility to define default values and requirements for placeholders in prefix
- added RouterInterface::getRouteCollection
Security
- after login, the user is now redirected to
default_target_path
ifuse_referer
is true and the referrer is thelogin_path
. - added a way to remove a token from a session
Translation
- added support for gettext
- added support for more than one fallback locale
- added support for translations in ResourceBundles
- added support for extracting translation messages from templates (Twig and PHP)
- added dumpers for translation catalogs
- added support for QT translations
Validator
- added support for
ctype_*
assertions inTypeValidator
- added a Size validator
- added a SizeLength validator
- improved the ImageValidator with min width, max width, min height, and max height constraints
- added support for MIME with wildcard in FileValidator
Yaml
- Yaml::parse() does not evaluate loaded files as PHP files by default anymore (call Yaml::enablePhpParsing() to get back the old behavior)