This PR was squashed before being merged into the 2.8 branch (closes #15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
|
||
---|---|---|
src/Symfony | ||
.editorconfig | ||
.gitignore | ||
.php_cs | ||
.travis.sh | ||
.travis.yml | ||
CHANGELOG-2.2.md | ||
CHANGELOG-2.3.md | ||
CHANGELOG-2.4.md | ||
CHANGELOG-2.5.md | ||
CHANGELOG-2.6.md | ||
CHANGELOG-2.7.md | ||
CONTRIBUTING.md | ||
CONTRIBUTORS.md | ||
LICENSE | ||
README.md | ||
UPGRADE-2.1.md | ||
UPGRADE-2.2.md | ||
UPGRADE-2.3.md | ||
UPGRADE-2.4.md | ||
UPGRADE-2.5.md | ||
UPGRADE-2.6.md | ||
UPGRADE-2.7.md | ||
UPGRADE-2.8.md | ||
UPGRADE-3.0.md | ||
composer.json | ||
phpunit.xml.dist |
README.md
README
What is Symfony?
Symfony is a PHP 5.3 full-stack web framework. It is written with speed and flexibility in mind. It allows developers to build better and easy to maintain websites with PHP.
Symfony can be used to develop all kind of websites, from your personal blog to high traffic ones like Dailymotion or Yahoo! Answers.
Requirements
Symfony is only supported on PHP 5.3.9 and up.
Be warned that PHP 5.3.16 has a major bug in the Reflection subsystem and is not suitable to run Symfony (https://bugs.php.net/bug.php?id=62715)
Installation
The best way to install Symfony is to use the official Symfony Installer. It allows you to start a new project based on the version you want.
Documentation
The "Quick Tour" tutorial gives you a first feeling of the framework. If, like us, you think that Symfony can help speed up your development and take the quality of your work to the next level, read the official Symfony documentation.
Contributing
Symfony is an open source, community-driven project. If you'd like to contribute, please read the Contributing Code part of the documentation. If you're submitting a pull request, please follow the guidelines in the Submitting a Patch section and use Pull Request Template.
Running Symfony Tests
Information on how to run the Symfony test suite can be found in the Running Symfony Tests section.