summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [Security] removed import of the UserInterface interface as it is unused in ↵hhamon2011-03-181-6/+4
| | | | the file and fix some phpdoc.
* [Security] fixed typosFabien Potencier2011-03-181-2/+2
|
* fixed various bugs introduced during the event system migrationFabien Potencier2011-03-183-8/+12
|
* renamed filterCore* to onCore*Fabien Potencier2011-03-171-1/+1
| | | | | | The onCore* events are fired at some pre-defined points during the handling of a request. At this is more important than the fact that you can change things from the event.
* fixed phpdocFabien Potencier2011-03-173-3/+3
|
* renamed some methods in the event dispatcherFabien Potencier2011-03-176-7/+7
|
* [Security] Fixed method names in the Firewall listenersBernhard Schussek2011-03-1715-15/+15
|
* [Security] Fixed method calls on EventDispatcherBernhard Schussek2011-03-172-2/+2
|
* Merge remote branch 'symfony/master' into event-managerBernhard Schussek2011-03-174-5/+9
|\ | | | | | | | | | | | | | | | | | | | | Conflicts: src/Symfony/Bundle/AsseticBundle/CacheWarmer/AssetWriterCacheWarmer.php src/Symfony/Bundle/AsseticBundle/Tests/CacheWarmer/AssetWriterCacheWarmerTest.php src/Symfony/Bundle/FrameworkBundle/Profiler/ProfilerListener.php src/Symfony/Bundle/FrameworkBundle/Resources/config/profiling.xml src/Symfony/Component/HttpKernel/HttpKernel.php src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
| * [Security] small performance optimizationJohannes M. Schmitt2011-03-141-0/+4
| |
| * [Security] added some finals, some visibility changesJohannes M. Schmitt2011-03-133-4/+4
| |
* | [Security] Fixed calls to EventDispatcher::dispatchEvent()Bernhard Schussek2011-03-132-2/+2
| |
* | Switched from Doctrine's EventManager implementation to the EventManager ↵Bernhard Schussek2011-03-1327-172/+172
| | | | | | | | clone in Symfony2 (now called EventDispatcher again)
* | Merge remote branch 'symfony/master' into event-managerBernhard Schussek2011-03-1386-1453/+1113
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventManager.php src/Symfony/Bundle/WebProfilerBundle/WebDebugToolbarListener.php src/Symfony/Component/Security/Http/Firewall.php src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php src/Symfony/Component/Security/Http/Firewall/AccessListener.php src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php src/Symfony/Component/Security/Http/Firewall/ChannelListener.php src/Symfony/Component/Security/Http/Firewall/ContextListener.php src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php src/Symfony/Component/Security/Http/Firewall/ListenerInterface.php src/Symfony/Component/Security/Http/Firewall/LogoutListener.php src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php tests/Symfony/Tests/Component/Security/Http/Firewall/RememberMeListenerTest.php
| * re-added a __toString method for debugging purposesJohannes Schmitt2011-03-123-2/+27
| |
| * use username instead of token object in loggingKlaas Naaijkens2011-03-121-2/+2
| |
| * [Security] fixed some testsJohannes Schmitt2011-03-114-4/+5
| |
| * [Security] removed core.security eventJohannes Schmitt2011-03-1116-277/+35
| |
| * [Security] refactored remember-me codeJohannes M. Schmitt2011-03-117-178/+164
| |
| * [Security] some more visibility changesJohannes M. Schmitt2011-03-102-114/+112
| |
| * [Security] added some more testsJohannes M. Schmitt2011-03-102-3/+16
| |
| * [Security] fixed some left-oversJohannes M. Schmitt2011-03-102-4/+4
| |
| * [Security] various changes, see belowJohannes Schmitt2011-03-1081-910/+784
| | | | | | | | | | | | - visibility changes from protected to private - AccountInterface -> UserInterface - SecurityContext::vote() -> SecurityContext::isGranted()
* | Renamed EventArgs classes and adapted remaining code to EventManagerBernhard Schussek2011-03-0721-61/+62
| | | | | | | | | | | | | | The only missing part is ContainerAwareEventManager::addEventSubscriberService(), because I'm not sure how to find out the class name of a service in the DIC. Also, inline documentation of this code needs to be finished once it is accepted.
* | Merge remote branch 'symfony/master' into event-managerBernhard Schussek2011-03-07136-211/+231
|\ \ | |/
| * replaced symfony-project.org by symfony.comFabien Potencier2011-03-06135-206/+206
| |
| * [Security] forward the entire access denied exception instead of only the ↵Johannes Schmitt2011-03-051-1/+1
| | | | | | | | message
| * Merge branch 'lewinski-fix-acl-schema-generator' into securityJohannes Schmitt2011-03-051-1/+1
| |\
| | * Merge branch 'fix-acl-schema-generator' of ↵Johannes Schmitt2011-03-051-1/+1
| | |\ | | | | | | | | | | | | https://github.com/lewinski/symfony into lewinski-fix-acl-schema-generator
| | | * Fix the Acl schema generator script.Matthew Lewinski2011-02-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change 3e818846 in doctrine/dbal introduced a number of new classes in the Doctrine\DBAL\Platforms\Keywords namespace, so we need to be more careful here when generating Acl schema, so as to only load Platform classes and not any others in the same directory.
| * | | Merge branch 'opensky-hotfix/remember-me-token-fix' into securityJohannes Schmitt2011-03-051-0/+17
| |\ \ \
| | * | | [Security] added the 'key' attribute of RememberMeToken to serialized string ↵Bulat Shakirzyanov2011-03-041-0/+17
| | |/ / | | | | | | | | | | | | to be stored in session
| * | | Merge branch 'cyqui-TICKET_9557' into securityJohannes Schmitt2011-03-051-1/+4
| |\ \ \
| | * | | TICKET #9557: session isn't required when using http basic authentification ↵Cyril Quintin2011-03-051-1/+4
| | |/ / | | | | | | | | | | | | mecanism for example
| * | | [Security] changed defaults for MessageDigestEncoderJohannes Schmitt2011-03-051-1/+1
| | | | | | | | | | | | | | | | | | | | - encode_as_base64 set to true - iterations increased to 5000 from 1
| * | | [Security] improved entropy to make collision attacks harderJohannes Schmitt2011-03-051-1/+1
| |/ /
* | | Replaced EventDispatcher by Doctrine's EventManager implementationBernhard Schussek2011-03-0526-261/+355
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Doctrine's EventManager implementation has several advantages over the EventDispatcher implementation of Symfony2. Therefore I suggest that we use their implementation. Advantages: * Event Listeners are objects, not callbacks. These objects have handler methods that have the same name as the event. This helps a lot when reading the code and makes the code for adding an event listener shorter. * You can create Event Subscribers, which are event listeners with an additional getSubscribedEvents() method. The benefit here is that the code that registers the subscriber doesn't need to know about its implementation. * All events are defined in static Events classes, so users of IDEs benefit of code completion * The communication between the dispatching class of an event and all listeners is done through a subclass of EventArgs. This subclass can be tailored to the type of event. A constructor, setters and getters can be implemented that verify the validity of the data set into the object. See examples below. * Because each event type corresponds to an EventArgs implementation, developers of event listeners can look up the available EventArgs methods and benefit of code completion. * EventArgs::stopPropagation() is more flexible and (IMO) clearer to use than notifyUntil(). Also, it is a concept that is also used in other event implementations Before: class EventListener { public function handle(EventInterface $event, $data) { ... } } $dispatcher->connect('core.request', array($listener, 'handle')); $dispatcher->notify('core.request', new Event(...)); After (with listeners): final class Events { const onCoreRequest = 'onCoreRequest'; } class EventListener { public function onCoreRequest(RequestEventArgs $eventArgs) { ... } } $evm->addEventListener(Events::onCoreRequest, $listener); $evm->dispatchEvent(Events::onCoreRequest, new RequestEventArgs(...)); After (with subscribers): class EventSubscriber { public function onCoreRequest(RequestEventArgs $eventArgs) { ... } public function getSubscribedEvents() { return Events::onCoreRequest; } } $evm->addEventSubscriber($subscriber); $evm->dispatchEvent(Events::onCoreRequest, new RequestEventArgs(...));
* | [Security] Fixed TypoPascal Borreli2011-03-012-6/+9
|/
* Merge remote branch 'schmittjoh/security'Fabien Potencier2011-02-273-2/+19
|\ | | | | | | | | | | * schmittjoh/security: [Security] added method to retrieve the configured remember-me parameter [Security] Copy token attributes when auth providers create a new token from another
| * Merge branch 'CopyTokenAttributesInProviders' of ↵Johannes Schmitt2011-02-262-2/+8
| |\ | | | | | | | | | https://github.com/opensky/symfony into opensky-CopyTokenAttributesInProviders
| | * [Security] Copy token attributes when auth providers create a new token from ↵Jeremy Mikola2011-02-232-2/+8
| | | | | | | | | | | | | | | | | | another PreAuthenticatedAuthenticationProvider and UserAuthenticationProvider tend to copy a token instead of modifying it during their authenticate() methods, which is probably a good idea if the token might be immutable. Ensure that the token's attributes get copied along with everything else.
| * | [Security] added method to retrieve the configured remember-me parameterJohannes Schmitt2011-02-261-0/+11
| | |
* | | fixed mergeFabien Potencier2011-02-272-4/+2
|\ \ \
| * | | Fixed CSChristophe Coevoet2011-02-272-4/+2
| |/ /
* | | Merge remote branch 'lsmith77/code_analyzer_2011_02_27'Fabien Potencier2011-02-271-1/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | * lsmith77/code_analyzer_2011_02_27: corrected NonceExpiredException namespace issues found by static code analysis
| * | | corrected NonceExpiredException namespaceLukas Kahwe Smith2011-02-272-2/+2
| | | |
| * | | issues found by static code analysisLukas Kahwe Smith2011-02-271-1/+1
| |/ /
* | | [Security] Removed useless elsePascal Borreli2011-02-274-16/+16
|/ /
* | [Security] Fixed typoPascal Borreli2011-02-265-6/+6
|/
* added LICENSE files for the subtree repositoriesFabien Potencier2011-02-221-0/+19
|
* replaced Response::createRedirect by a new RedirectResponse classFabien Potencier2011-02-215-6/+11
|
* remove response as a serviceFabien Potencier2011-02-215-18/+6
| | | | | | | | | | | | | | | | The Response is not available in the DIC anymore. When you need to create a response, create an instance of Symfony\Component\HttpFoundation\Response instead. As a side effect, the Controller::createResponse() and Controller::redirect() methods have been removed and can easily be replaced as follows: return $this->createResponse('content', 200, array('foo' => 'bar')); return new Response('content', 200, array('foo' => 'bar')); return $this->redirect($url); return Response::createRedirect($url);
* [Security] adds a chain user providerJohannes M. Schmitt2011-02-161-0/+70
|
* [Security] moved Security classes out of DoctrineBundle, cleaned-up ↵Johannes Schmitt2011-02-163-1/+152
| | | | | | | | | | | | | | SecurityExtension accordingly Note that this commit removes the built-in support for MongoDB user providers. This code can be moved back in once there is a stable release for MongoDB, but for now you have to set-up that user provider just like you would set-up any custom user provider: security: providers: document_provider: id: my.mongo.provider
* [Security/Http] Adds CSRF protection to the form-loginJohannes Schmitt2011-02-162-5/+32
|
* [Security] removed defaults from boolean columnsJohannes M. Schmitt2011-02-167-214/+214
|
* Update code with latest Finder changesVictor Berchet2011-02-161-2/+2
|
* [Security] Add providerKey to PreAuthenticatedToken tokens constructed by ↵Jeremy Mikola2011-02-151-1/+1
| | | | PreAuthenticatedAuthenticationProvider
* [Security] Allow authentication tokens to hold attributesJeremy Mikola2011-02-152-2/+107
|
* [Security] fixes a bug in DigestAuthenticationListenerJohannes M. Schmitt2011-02-141-4/+3
|
* [Security] fixes a bug when clearing cookies on logoutJohannes M. Schmitt2011-02-141-15/+6
|
* [Security] adds logout success handlerJohannes Schmitt2011-02-142-3/+44
|
* [Security] fixes a bug where authentication errors might have leaked ↵Johannes Schmitt2011-02-143-10/+32
| | | | confidential information
* [Security] simplified encoder factory implementationJohannes Schmitt2011-02-141-29/+21
|
* [Security/Acl] added pre-generated schemasJohannes M. Schmitt2011-02-147-0/+399
|
* [Security] Fixed missed argument in call custom handler when authentication ↵Deni2011-02-131-1/+1
| | | | is successful.
* Changed namepace use of SecurityContext to SecurityContextInterface so that ↵dordille2011-02-131-2/+3
| | | | constant SecurityContextInterface::LAST_USERNAME would resolve properly Also changed method signature of __construct to take and instance of SecurityContextInterface instead of SecurityContext
* [Security] fixes some regressionsJohannes M. Schmitt2011-02-133-6/+6
|
* [Security] Fixed indentingJordi Boggiano2011-02-121-22/+22
|
* [Security] performance improvements of PermissionGrantingStrategyJohannes Schmitt2011-02-122-22/+21
|
* [Security] Refactored security context, moved getUser() implementation to ↵Johannes Schmitt2011-02-1213-47/+51
| | | | templating
* [Security] removed __toString() from AccountInterfaceJohannes Schmitt2011-02-122-13/+6
|
* Fixed access denied handlingChristophe Coevoet2011-02-101-2/+0
|
* fixed previous commitFabien Potencier2011-02-042-2/+2
|
* some fixes by just "blindly" trying to make phpStorm code analysis happierLukas Kahwe Smith2011-02-0413-18/+15
|
* fixed method call, cosmetic variable renameLukas Kahwe Smith2011-02-043-7/+7
|
* Revert "[Security] Missing Event namespace in SwitchUserListener"Fabien Potencier2011-02-021-1/+0
| | | | This reverts commit 0169892dcd7f3c5549f7dcbcf0bde9bbadcda525.
* [Security] Missing Event namespace in SwitchUserListenerJeremy Mikola2011-02-021-0/+1
|
* [Security] bug fix in FormAuthenticationEntryPointJohannes M. Schmitt2011-02-0210-28/+34
|
* [Security] fixed a Token serialization bugSebastian Utz2011-02-024-23/+12
|
* [Security] some bug fixesJohannes M. Schmitt2011-02-023-1/+4
|
* Fixed typoSergey Linnik2011-01-281-2/+2
|
* [Security] fixed typoBulat Shakirzyanov2011-01-281-1/+1
|
* added two events "security.interactive_login", and "security.switch_user"Johannes M. Schmitt2011-01-274-1/+28
|
* renamed PreAuthenticatedListener to AbstractPreAuthenticatedListener to be ↵Johannes M. Schmitt2011-01-272-3/+3
| | | | consistent
* added some doc commentsJohannes Schmitt2011-01-276-4/+78
|
* namespace changesJohannes M. Schmitt2011-01-26103-150/+3408
| | | | | | Symfony\Component\Security -> Symfony\Component\Security\Core Symfony\Component\Security\Acl remains unchanged Symfony\Component\HttpKernel\Security -> Symfony\Component\Security\Http
* removed isAuthenticated() from SecurityContextJohannes Schmitt2011-01-261-5/+0
|
* [Security] many improvements, and fixesJohannes Schmitt2011-01-2619-29/+456
|
* fixes else -> } elseLukas Kahwe Smith2011-01-191-7/+3
|
* normalized license messages in PHP filesDominique Bongiraud2011-01-1899-448/+520
|
* removed duplicate codeFabien Potencier2011-01-071-1/+10
|
* added generic encoder factoryJohannes M. Schmitt2011-01-063-10/+113
|\
| * added generic encoder factoryJohannes Schmitt2010-12-213-10/+113
| |
* | added extra exception if only a partial result is foundJohannes M. Schmitt2011-01-052-1/+47
| |
* | optimized AclVoter, added unit testJohannes M. Schmitt2011-01-032-23/+66
| |
* | fix possible duplicate security identitiesJohannes M. Schmitt2011-01-026-50/+74
| |
* | added ACL system to the Security ComponentJohannes Schmitt2010-12-3142-0/+4997
|/
* renamed reloadUserByAccount() to loadUserByAccount()Fabien Potencier2010-12-184-7/+9
|
* remove user provider nameJohannes Schmitt2010-12-189-82/+60
|
generated by cgit v1.1 at 2025-05-17 22:11:01 +0000