b2e93cfb8a
* 3.4: [HttpKernel] Fix restoring trusted proxies in tests Update UPGRADE-4.0.md CODEOWNERS: some more rules removed unneeded comments in tests removed unneeded comments in tests Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs [HttpKernel] fix registering IDE links [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer. [Process] Consider \"executable\" suffixes first on Windows Triggering RememberMe's loginFail() when token cannot be created [Serializer] Fix serializer tries to denormalize null values on nullable properties [FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
6.9 KiB
6.9 KiB
CHANGELOG
4.0.0
- The
AbstractFormLoginAuthenticator::onAuthenticationSuccess()
was removed. You should implement this method yourself in your concrete authenticator. - removed the
AccessDecisionManager::setVoters()
method - removed the
RoleInterface
- removed support for voters that don't implement the
VoterInterface
- added a sixth
string $context
argument toLogoutUrlGenerator::registerListener()
- removed HTTP digest authentication
- removed
GuardAuthenticatorInterface
in favor ofAuthenticatorInterface
- removed
AbstractGuardAuthenticator::supports()
3.4.0
- Added
getUser
,getToken
andisGranted
methods toSecurity
. - added a
setToken()
method to theSwitchUserEvent
class to allow to replace the created token while switching users when custom token generation is required by application. - Using voters that do not implement the
VoterInterface
is now deprecated in theAccessDecisionManager
and this functionality will be removed in 4.0. - Using the
ContextListener
without setting thelogoutOnUserChange
property will trigger a deprecation when the user has changed. As of 4.0 the user will always be logged out when the user has changed between requests. - deprecated HTTP digest authentication
- Added a new password encoder for the Argon2i hashing algorithm
- deprecated
GuardAuthenticatorInterface
in favor ofAuthenticatorInterface
- deprecated to return
null
fromgetCredentials()
in classes that extendAbstractGuardAuthenticator
. Returnfalse
fromsupports()
instead.
3.3.0
- deprecated
AccessDecisionManager::setVoters()
in favor of passing the voters to the constructor. - [EXPERIMENTAL] added a
json_login
listener for stateless authentication
3.2.0
- added
$attributes
and$subject
with getters/setters toSymfony\Component\Security\Core\Exception\AccessDeniedException
3.0.0
- removed all deprecated code
2.8.0
- deprecated
getKey()
of theAnonymousToken
,RememberMeToken
,AbstractRememberMeServices
andDigestAuthenticationEntryPoint
classes in favor ofgetSecret()
. - deprecated
Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface
, useSymfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface
instead - deprecated
Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface
, useSymfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface
instead - deprecated
Symfony\Component\Security\Core\Util\ClassUtils
, useSymfony\Component\Security\Acl\Util\ClassUtils
instead - deprecated the
Symfony\Component\Security\Core\Util\SecureRandom
class in favor of therandom_bytes()
function - deprecated
supportsAttribute()
andsupportsClass()
methods ofSymfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface
andSymfony\Component\Security\Core\Authorization\Voter\VoterInterface
. - deprecated
getSupportedAttributes()
andgetSupportedClasses()
methods ofSymfony\Component\Security\Core\Authorization\Voter\AbstractVoter
, usesupports()
instead. - deprecated the
intention
option for all the authentication listeners, use thecsrf_token_id
option instead.
2.7.0
- added LogoutUrlGenerator
- added the triggering of the
Symfony\Component\Security\Http\SecurityEvents::INTERACTIVE_LOGIN
inSymfony\Component\Security\Http\Firewall\SimplePreAuthenticationListener
- The MaskBuilder logic has been abstracted in the
Symfony\Component\Security\Acl\Permission\AbstractMaskBuilder
and described in theSymfony\Component\Security\Acl\Permission\MaskBuilderInterface
- added interface
Symfony\Component\Security\Acl\Permission\MaskBuilderRetrievalInterface
2.6.0
- added Symfony\Component\Security\Http\Authentication\AuthenticationUtils
- Deprecated the
SecurityContext
class in favor of theAuthorizationChecker
andTokenStorage
classes
2.4.0
- Translations in the
src/Symfony/Component/Security/Resources/translations/
directory are deprecated, ones insrc/Symfony/Component/Security/Core/Resources/translations/
must be used instead. - The switch user listener now preserves the query string when switching a user
- The remember-me cookie hashes now use HMAC, which means that current cookies will be invalidated
- added simpler customization options
- structured component into three sub-components Acl, Core and Http
- added Csrf sub-component
- changed Http sub-component to depend on Csrf sub-component instead of the Form component
2.3.0
- [BC BREAK] the BCrypt encoder constructor signature has changed (the first argument was removed) To use the BCrypt encoder, you now need PHP 5.5 or "ircmaxell/password-compat" as a composer dependency
- [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
- added a
require_previous_session
option toAbstractAuthenticationListener
2.2.0
Symfony\Component\Security\Http\Firewall
andSymfony\Component\Security\Http\RememberMe\ResponseListener
now implements EventSubscriberInterface- added secure random number generator
- added PBKDF2 Password encoder
- added BCrypt password encoder
2.1.0
- [BC BREAK] The signature of ExceptionListener has changed
- changed the HttpUtils constructor signature to take a UrlGenerator and a UrlMatcher instead of a Router
- EncoderFactoryInterface::getEncoder() can now also take a class name as an argument
- allow switching to the user that is already impersonated
- added support for the remember_me parameter in the query
- added AccessMapInterface
- [BC BREAK] moved user comparison logic out of UserInterface
- made the logout path check configurable
- after login, the user is now redirected to
default_target_path
ifuse_referer
is true and the referrer is thelogin_path
. - added a way to remove a token from a session
- [BC BREAK] changed
MutableAclInterface::setParentAcl
to acceptnull
, review your implementation to reflect this change. ObjectIdentity::fromDomainObject
,UserSecurityIdentity::fromAccount
andUserSecurityIdentity::fromToken
now return correct identities for proxies objects (e.g. Doctrine proxies)- [BC BREAK] moved the default authentication success and failure handling to
separate classes. The order of arguments in the constructor of the
AbstractAuthenticationListener
has changed. - [BC BREAK] moved the default logout success handling to a separate class. The
order of arguments in the constructor of
LogoutListener
has changed. - [BC BREAK] The constructor of
AuthenticationException
and all child classes now matches the constructor of\Exception
. The extra information getters and setters are removed. There are now dedicated getters/setters for token (AuthenticationException'), user (
AccountStatusException) and username (
UsernameNotFoundException`).