summaryrefslogtreecommitdiffstats
path: root/Http
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '2.7' into 2.8Fabien Potencier2016-01-121-4/+2
|\ | | | | | | | | | | | | | | | | | | | | | | * 2.7: Typo fix [2.3] Static Code Analysis for Components Added support \IteratorAggregate for UniqueEntityValidator Update AbstractChoiceListTest.php Fix #17306 Paths with % in it are note allowed (like urlencoded) Use proper class to fetch $versionStrategy property Added sort order SORT_STRING for params in UriSigner Remove normalizer cache in Serializer class
| * Merge branch '2.3' into 2.7Fabien Potencier2016-01-121-4/+2
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Typo fix [2.3] Static Code Analysis for Components Added support \IteratorAggregate for UniqueEntityValidator Fix #17306 Paths with % in it are note allowed (like urlencoded) Added sort order SORT_STRING for params in UriSigner Remove normalizer cache in Serializer class
| | * [2.3] Static Code Analysis for ComponentsVladimir Reznichenko2016-01-121-4/+2
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2016-01-031-1/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | * 2.7: updated copyright year Update copyright year [2.3] Static Code Analysis for Components
| * | updated copyright yearFabien Potencier2016-01-031-1/+1
| | |
* | | Merge branch '2.7' into 2.8Nicolas Grekas2015-12-181-1/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: prefer phpunit 5.x on hhvm [FrameworkBundle][HttpKernel] the finder is required to discover bundle commands [travis] Auto-conf deps=high matrix line Fix the logout path when not using the router Fix the logout path when not using the router [Form] cast IDs to match deprecated behaviour of EntityChoiceList [HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile [HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers Conflicts: .travis.yml src/Symfony/Bundle/FrameworkBundle/composer.json
| * | Fix the logout path when not using the routerChristophe Coevoet2015-12-171-1/+1
| | | | | | | | | | | | | | | This needs to use the base url, not the base path, so that it goes through the front controller when not using url rewriting.
* | | Merge branch '2.7' into 2.8Tobias Schultze2015-12-151-1/+1
|\ \ \ | |/ /
| * | Merge branch '2.3' into 2.7Tobias Schultze2015-12-151-1/+11
| |\ \ | | |/
| | * [Security] backported phpdoc from Guard component.Hugo Hamon2015-12-101-1/+11
| | |
| * | minor #16697 CS: remove impossible default argument value (keradus)Fabien Potencier2015-11-281-1/+1
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.7 branch. Discussion ---------- CS: remove impossible default argument value | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Commits ------- acef3a3 CS: remove impossible default argument value
| | * | CS: remove impossible default argument valueDariusz Ruminski2015-11-261-1/+1
| | | |
* | | | [Security][SecurityBundle] Use csrf_token_id instead of deprecated intentionJakub Zalas2015-11-284-7/+37
| | | |
* | | | removed usage of the deprecated StringUtils::equals() methodFabien Potencier2015-11-232-4/+2
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-11-234-4/+70
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: fixed tests migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
| * | | Merge branch '2.3' into 2.7v2.7.7Fabien Potencier2015-11-234-4/+70
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | * 2.3: migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
| | * | security #16631 n/a (xabbuh)v2.3.35Fabien Potencier2015-11-231-0/+8
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- n/a n/a Commits ------- f88e600 migrate session after remember me authentication
| | | * | migrate session after remember me authenticationChristian Flothmann2015-11-231-0/+8
| | | | |
| | * | | prevent timing attacks in digest auth listenerChristian Flothmann2015-11-231-1/+2
| | | | |
| | * | | fix potential timing attack issueChristian Flothmann2015-11-232-27/+4
| | |/ /
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-11-181-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: Fix undefined array $server Fix bug in windows detection [ProxyManager] Tmp fix composer reqs issue in ZF Add missing exclusions from phpunit.xml.dist [Serializer] ObjectNormalizer: don't serialize static methods and props Fix the server variables in the router_*.php files [Validator] Allow an empty path with a non empty fragment or a query The following change adds support for Armenian pluralization. [2.3][Process] fix Proccess run with pts enabled Conflicts: composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Component/Security/phpunit.xml.dist
| * | | Merge branch '2.3' into 2.7Nicolas Grekas2015-11-181-1/+1
| |\ \ \ | | |/ / | | | / | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix undefined array $server [ProxyManager] Tmp fix composer reqs issue in ZF Add missing exclusions from phpunit.xml.dist Fix the server variables in the router_*.php files [Validator] Allow an empty path with a non empty fragment or a query The following change adds support for Armenian pluralization. [2.3][Process] fix Proccess run with pts enabled Conflicts: composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Bundle/DebugBundle/phpunit.xml.dist src/Symfony/Component/Security/phpunit.xml.dist
* | | Renamed key to secretv2.8.0-BETA1WouterJ2015-11-073-13/+23
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-301-1/+4
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | * 2.7: added the new Composer exclude-from-classmap option added the new Composer exclude-from-classmap option fix expected argument type docblock Set back libxml settings after testings. fixed Twig deprecation notices
| * | added the new Composer exclude-from-classmap optionFabien Potencier2015-10-301-1/+4
| | |
* | | Rely on iconv and symfony/polyfill-*Nicolas Grekas2015-10-282-4/+4
| | |
* | | [Routing] deprecate the old url generator reference type valuesTobias Schultze2015-10-181-1/+1
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-181-1/+2
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Routing] use constants in tests [Process] tweaked README [Validator] Allow an empty path in a URL with only a fragment or a query [HttpFoundation] Fix some typo in the Request doc fixed CS Added separated handling of root paths
| * | Merge branch '2.3' into 2.7v2.7.6Fabien Potencier2015-10-181-1/+2
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | * 2.3: [Routing] use constants in tests [Validator] Allow an empty path in a URL with only a fragment or a query [HttpFoundation] Fix some typo in the Request doc fixed CS Added separated handling of root paths
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-172-10/+88
|\ \ \ | |/ / | | | | | | | | | | | | * 2.7: [TwigBundle] Fix Twig cache is not properly warmed [Security] Use SessionAuthenticationStrategy on RememberMe login
| * | [Security] Use SessionAuthenticationStrategy on RememberMe loginSergey Novikov2015-10-162-10/+88
| | | | | | | | | | | | Regenerate session ID with default session strategy
| * | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-111-4/+0
| |\ \ | | |/ | | | | | | | | | | | | * 2.3: [ci] SymfonyTestsListener is now auto-registered adds validation messages missing italian translations
* | | [PhpUnit] Auto-register SymfonyTestsListenerNicolas Grekas2015-10-111-4/+0
| | |
* | | Merge branch '2.7' into 2.8Nicolas Grekas2015-10-102-1/+4
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [tests] Use @requires annotation when possible [tests] Use @requires annotation when possible [ci] Enable collecting and replaying skipped tests [Process] Workaround buggy PHP warning [Console] Add additional ways to detect OS400 platform [Yaml] Allow tabs before comments at the end of a line Added more tests for PropertyAccess Conflicts: .travis.yml src/Symfony/Bridge/Doctrine/composer.json src/Symfony/Bridge/Monolog/composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Bridge/Swiftmailer/composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/DebugBundle/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Bundle/TwigBundle/composer.json src/Symfony/Bundle/WebProfilerBundle/composer.json src/Symfony/Component/Asset/composer.json src/Symfony/Component/BrowserKit/composer.json src/Symfony/Component/ClassLoader/composer.json src/Symfony/Component/Config/composer.json src/Symfony/Component/Console/composer.json src/Symfony/Component/CssSelector/composer.json src/Symfony/Component/Debug/composer.json src/Symfony/Component/DependencyInjection/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/EventDispatcher/composer.json src/Symfony/Component/ExpressionLanguage/composer.json src/Symfony/Component/Filesystem/composer.json src/Symfony/Component/Finder/composer.json src/Symfony/Component/Form/composer.json src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/HttpKernel/composer.json src/Symfony/Component/Intl/composer.json src/Symfony/Component/Locale/composer.json src/Symfony/Component/OptionsResolver/composer.json src/Symfony/Component/Process/composer.json src/Symfony/Component/PropertyAccess/composer.json src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/Acl/composer.json src/Symfony/Component/Security/Core/composer.json src/Symfony/Component/Security/Csrf/composer.json src/Symfony/Component/Security/Http/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Stopwatch/composer.json src/Symfony/Component/Templating/composer.json src/Symfony/Component/Translation/Tests/Dumper/IcuResFileDumperTest.php src/Symfony/Component/Translation/composer.json src/Symfony/Component/Validator/composer.json src/Symfony/Component/VarDumper/composer.json src/Symfony/Component/Yaml/composer.json
| * | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-102-1/+4
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [tests] Use @requires annotation when possible [ci] Enable collecting and replaying skipped tests [Process] Workaround buggy PHP warning [Console] Add additional ways to detect OS400 platform [Yaml] Allow tabs before comments at the end of a line Conflicts: composer.json src/Symfony/Bridge/Doctrine/Tests/Logger/DbalLoggerTest.php src/Symfony/Bridge/Monolog/composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Component/Asset/composer.json src/Symfony/Component/ClassLoader/Tests/LegacyApcUniversalClassLoaderTest.php src/Symfony/Component/Console/composer.json src/Symfony/Component/Debug/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/EventDispatcher/composer.json src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/PdoSessionHandlerTest.php src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/Intl/composer.json src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Templating/composer.json src/Symfony/Component/Translation/composer.json src/Symfony/Component/Validator/composer.json
* | | cs fixNicolas Grekas2015-10-071-1/+1
| | |
* | | Deprecate the SecureRandom classPierre du Plessis2015-10-063-10/+13
| | |
* | | Merge branch '2.7' into 2.8Nicolas Grekas2015-10-064-26/+5
|\ \ \ | |/ / | | | | | | | | | | | | | | | Conflicts: src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php src/Symfony/Component/Security/composer.json
| * | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-064-26/+5
| |\ \ | | |/ | | | | | | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php src/Symfony/Component/Security/Tests/Core/SecurityContextTest.php
| | * [2.3][SECURITY] Add remember me cookie configurationKlaas Cuvelier2015-10-061-2/+5
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-054-6/+50
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation Fix PropertyAccessor modifying array in object when array key does not exist [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| * | Merge branch '2.3' into 2.7Fabien Potencier2015-10-054-6/+50
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | * 2.3: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| | * bug #14842 [Security][bugfix] "Remember me" cookie cleared on logout with ↵Fabien Potencier2015-10-051-1/+1
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | custom "secure"/"httponly" config options [1] (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14842). Discussion ---------- [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14822 | License | MIT | Doc PR | ~ * test now always pass "secure" and "httponly" options, as they are required * could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required * I can squash the commits before merging * Alternative solution: #14843 Commits ------- 18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| | | * [Security][bugfix] "Remember me" cookie cleared on logout with custom ↵Dawid Nowak2015-10-051-1/+1
| | | | | | | | | | | | | | | | "secure"/"httponly" config options [1]
* | | | [Security] made tests work for 2.8 and 3.0Fabien Potencier2015-10-011-14/+9
| | | |
* | | | deprecate finding deep items in request parametersChristian Flothmann2015-09-3010-17/+147
| | | |
* | | | Thanks fabbot!Ryan Weaver2015-09-201-1/+1
| | | |
* | | | Improving phpdoc on AuthenticationEntryPointInterface so people that ↵Ryan Weaver2015-09-201-3/+13
| | | | | | | | | | | | | | | | implement this understand it
* | | | Merge branch '2.7' into 2.8Tobias Schultze2015-09-091-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | Conflicts: src/Symfony/Component/HttpKernel/Kernel.php
| * | | fix leftover changes from previous mergeTobias Schultze2015-09-091-1/+1
| | | |
* | | | [Security\Http] Fix depNicolas Grekas2015-09-071-1/+1
| | | |
* | | | [2.8] CleanupNicolas Grekas2015-09-061-2/+2
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-08-243-3/+4
|\ \ \ \ | |/ / / | | | | | | | | | | | | * 2.7: fixes CS
| * | | fixes CSFabien Potencier2015-08-243-3/+4
| | | |
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-07-291-2/+6
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [php7] Fix for substr() always returning a string [Security] Do not save the target path in the session for a stateless firewall Fix calls to HttpCache#getSurrogate triggering E_USER_DEPRECATED errors. [DependencyInjection] fixed FrozenParameterBag and improved Parameter…
| * | | Merge branch '2.3' into 2.7v2.7.3Nicolas Grekas2015-07-281-2/+6
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [php7] Fix for substr() always returning a string [Security] Do not save the target path in the session for a stateless firewall [DependencyInjection] fixed FrozenParameterBag and improved Parameter… Conflicts: src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
| | * | [Security] Do not save the target path in the session for a stateless firewallGrégoire Pineau2015-07-261-2/+6
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-07-261-2/+2
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Yaml] throw a ParseException on invalid data type [TwigBridge] type-dependent path discovery Resources as string have the same problem Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor. #15331 add infos about deprecated classes to UPGRADE-3.0 [Asset] removed unused private property. [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| * | | Merge branch '2.6' into 2.7Fabien Potencier2015-07-261-2/+2
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [Yaml] throw a ParseException on invalid data type #15331 add infos about deprecated classes to UPGRADE-3.0 [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| | * \ \ Merge branch '2.3' into 2.6v2.6.11Fabien Potencier2015-07-261-2/+2
| | |\ \ \ | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: #15331 add infos about deprecated classes to UPGRADE-3.0 [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| | | * | [Security] removed useless else condition in SwitchUserListener class.Hugo Hamon2015-07-221-2/+2
| | | | |
* | | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-07-241-4/+3
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Twig+FrameworkBundle] Fix forward compat with Form 2.8 [2.6] Static Code Analysis for Components [Security/Http] Fix test relying on a private property [Serializer] Fix bugs reported in https://github.com/symfony/symfony/commit/b5990be49149501bef7bb83a797a1aea2eb5fbe0#commitcomment-12301266 Conflicts: src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php
| * | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-07-241-4/+3
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | * 2.6: [2.6] Static Code Analysis for Components [Security/Http] Fix test relying on a private property
| | * | | [Security/Http] Fix test relying on a private propertyNicolas Grekas2015-07-221-4/+3
| | | | |
* | | | | [Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\HttpWouterJ2015-07-222-0/+42
| | | | |
* | | | | feature #15141 [DX] [Security] Renamed Token#getKey() to getSecret() (WouterJ)Fabien Potencier2015-07-028-27/+37
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was squashed before being merged into the 2.8 branch (closes #15141). Discussion ---------- [DX] [Security] Renamed Token#getKey() to getSecret() There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview: | Token | `providerKey` | `key` | --- | --- | --- | `AnonymousToken` | - | yes | `PreAuth...Token` | yes | - | `RememberMeToken` | yes | yes | `UsernamePasswordToken` | yes | - Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning. ...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo. So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken). **Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`. | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - *My excuse for the completely unrelated branch name* Commits ------- 24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
| * | | | | [DX] [Security] Renamed Token#getKey() to getSecret()WouterJ2015-07-028-27/+37
| | | | | |
* | | | | | Merge remote-tracking branch 'origin/2.7' into 2.8Abdellatif Ait boudad2015-07-012-1/+60
|\ \ \ \ \ \ | |/ / / / / |/| / / / / | |/ / / / | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php src/Symfony/Component/DependencyInjection/Tests/Compiler/ResolveDefinitionTemplatesPassTest.php
| * | | | Fix mergeNicolas Grekas2015-07-011-2/+2
| | | | |
| * | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-07-012-1/+60
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [2.6] Towards 100% HHVM compat [Security/Http] Fix test [Stopwatch] Fix test Minor fixes Towards 100% HHVM compat unify default AccessDeniedExeption message trigger event with right user (add test) [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser [Form] Fixed: Data mappers always receive forms indexed by their names Conflicts: src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php src/Symfony/Component/VarDumper/Tests/CliDumperTest.php src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
| | * | | [Security/Http] Fix testNicolas Grekas2015-06-301-0/+6
| | | | |
| | * | | Merge branch '2.3' into 2.6Nicolas Grekas2015-06-302-1/+54
| | |\ \ \ | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Minor fixes Towards 100% HHVM compat trigger event with right user (add test) [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser [Form] Fixed: Data mappers always receive forms indexed by their names Conflicts: src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php src/Symfony/Component/Filesystem/Filesystem.php src/Symfony/Component/Process/Tests/AbstractProcessTest.php
| | | * | [Security] Initialize SwitchUserEvent::targetUser on attemptExitUserRichard van Laak2015-06-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet. load user by UserInterface instead of username
| | * | | Merge branch '2.3' into 2.6Fabien Potencier2015-06-281-1/+1
| | |\ \ \ | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix quoting style consistency. [DependencyInjection] Fail when dumping a Definition with no class nor factory Normalizing recursively - see #9096 No change - the normalizeParams is a copy-and-paste of the earlier logic fixes issue with logging array of non-utf8 data fix validation for Maestro UK card numbers
| | | * | Fix quoting style consistency.ogizanagi2015-06-281-1/+1
| | | | |
| | * | | Fix mergeNicolas Grekas2015-06-181-1/+1
| | | | |
* | | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-06-1810-33/+29
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: (36 commits) [DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader [Serializer] Fixed typo in comment [Form] Fixed: Filter non-integers when selecting entities by int ID Fix merge Fix merge Add test for HHVM FatalErrors [2.6][Debug] Fix fatal-errors handling on HHVM [Debug] Fix log level of stacked errors [VarDumper] Fix uninitialized id in HtmlDumper Fixed fluent interface [Console] Fix tests on Windows [2.7] Fix unsilenced deprecation notices [2.3][Debug] Fix fatal-errors handling on HHVM [Debug] fix debug class loader case test on windows Standardize the name of the exception variables [Debug+VarDumper] Fix handling of PHP7 exception/error model Do not trigger deprecation error in ResolveParameterPlaceHoldersPass [2.3] Static Code Analysis for Components Added a small Upgrade note regarding security.context added missing deprecation in CHANGELOG ... Conflicts: src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig src/Symfony/Component/HttpKernel/Kernel.php
| * | | | Fix mergeNicolas Grekas2015-06-181-1/+1
| | | | |
| * | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-06-188-24/+24
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: Add test for HHVM FatalErrors [2.6][Debug] Fix fatal-errors handling on HHVM [2.3][Debug] Fix fatal-errors handling on HHVM Standardize the name of the exception variables [2.3] Static Code Analysis for Components Remove duplicated paths Conflicts: src/Symfony/Component/Debug/ErrorHandler.php src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php src/Symfony/Component/Security/Http/Firewall/ContextListener.php src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
| | * | | Merge branch '2.3' into 2.6Nicolas Grekas2015-06-188-24/+24
| | |\ \ \ | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [2.3][Debug] Fix fatal-errors handling on HHVM Standardize the name of the exception variables [2.3] Static Code Analysis for Components Remove duplicated paths Conflicts: src/Symfony/Component/Debug/ErrorHandler.php src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php src/Symfony/Component/Security/Acl/Dbal/AclProvider.php src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
| | | * | Standardize the name of the exception variablesJavier Eguiluz2015-06-157-23/+23
| | | |/
| * | | Added a small Upgrade note regarding security.contextIltar van der Berg2015-06-153-8/+4
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-06-091-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Console] SymfonyStyle : Fix blocks wordwrapping [Console] SymfonyStyle : Fix blocks output is broken on windows cmd [Validator] remove partial deprecation annotation Updated UPGRADE-2.4.md [Form] Support DateTimeImmutable in transform() Show the FormType and FormTypeExtension in case of deprecated use of setDefaultOptions [FrameworkBundle] Document form.csrf_provider service deprecation [Form] add test to avoid regression of #14891 without this change allways the legacy code get called [Form] Fix call to removed method (BC broken in 2.3) Fix ask and askHidden methods [HttpFoundation] Get response content as resource several times for PHP >= 5.6 Change error message to reflect SecurityContext deprecation. fixed merge Issue #14815 [Console] SymfonyStyle : fix & automate block gaps. [Console] SymfonyStyle : Improve EOL consistency by relying on output instance Improved duplicated code in FileLocator
| * | | Change error message to reflect SecurityContext deprecation.Nicholas Byfleet2015-06-051-1/+1
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-06-046-9/+61
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: (95 commits) [DependencyInjection] provide better error message when using deprecated configuration options [console][TableCell] get cell width without decoration. Improve the config validation in TwigBundle [VarDumper] Changed tooltip to expand-all keybinding in OS X [Bridge\PhpUnit] Fix composer installed phpunit detection [VarDumper] Fix generic casters calling order [2.7][SecurityBundle] Remove SecurityContext from Compile [WebProfilerBundle][logger] added missing deprecation message. Fix profiler CSS [Security][Acl] enforce string identifiers [FrameworkBundle] make `templating.helper.router` service available again for BC reasons [BrowserKit] Fix bug when uri starts with http. bumped Symfony version to 2.7.1 updated VERSION for 2.7.0 updated CHANGELOG for 2.7.0 bumped Symfony version to 2.6.10 updated VERSION for 2.6.9 updated CHANGELOG for 2.6.9 fixed tests bumped Symfony version to 2.3.31 ... Conflicts: src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig src/Symfony/Component/HttpKernel/Kernel.php src/Symfony/Component/Translation/Loader/JsonFileLoader.php
| * | | Merge branch '2.6' into 2.7v2.7.0Fabien Potencier2015-05-225-8/+61
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: (30 commits) [Translation] fixed JSON loader on PHP 7 when file is empty Fix typo Check instance of FormBuilderInterface instead of FormBuilder [Security] TokenBasedRememberMeServices test to show why encoding username is required [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts fixed typo [console][formater] allow format toString object. [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo Avoid redirection to XHR URIs [HttpFoundation] IpUtils::checkIp4() should allow networks [2.6] Fix HTML escaping of to-source links Fix HTML escaping of to-source links ExceptionHandler: More Encoding Fix the rendering of deprecation log messages [FrameworkBundle] Removed unnecessary parameter in TemplateController [DomCrawler] Throw an exception if a form field path is incomplete. Fixed the indentation in the compiled template for the DumpNode [Console] Delete duplicate test in CommandTest [TwigBundle] Refresh twig paths when resources change. WebProfiler break words ... Conflicts: src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig src/Symfony/Component/Debug/ExceptionHandler.php
| | * | Merge branch '2.3' into 2.6v2.6.9v2.6.8Fabien Potencier2015-05-225-8/+61
| | |\ \ | | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix typo Check instance of FormBuilderInterface instead of FormBuilder [Security] TokenBasedRememberMeServices test to show why encoding username is required [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts [console][formater] allow format toString object. [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo Avoid redirection to XHR URIs [HttpFoundation] IpUtils::checkIp4() should allow networks Fix HTML escaping of to-source links [FrameworkBundle] Removed unnecessary parameter in TemplateController [DomCrawler] Throw an exception if a form field path is incomplete. [Console] Delete duplicate test in CommandTest [TwigBundle] Refresh twig paths when resources change. WebProfiler break words fixed typo Update README.md [HttpKernel] Handle an array vary header in the http cache store [Security][Translation] fixes #14584 [Framework] added test for Router commands. Handled bearer authorization header in REDIRECT_ form Conflicts: src/Symfony/Component/Debug/ExceptionHandler.php
| | | * minor #14670 [Security] TokenBasedRememberMeServices test to show why ↵v2.3.30v2.3.29Fabien Potencier2015-05-211-0/+2
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | encoding username is required (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14670). Discussion ---------- [Security] TokenBasedRememberMeServices test to show why encoding username is required | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no 241538d shows that it's not actually tested, 257b796 reimplements it with test. I can remove the POC commit if it's not needed. Commits ------- 63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
| | | | * [Security] TokenBasedRememberMeServices test to show why encoding username ↵Dawid Nowak2015-05-211-0/+2
| | | | | | | | | | | | | | | | | | | | is required
| | | * | bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates ↵Fabien Potencier2015-05-212-4/+8
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cookie parts (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14678). Discussion ---------- [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no `AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`. * it would make `AbstractRememberMeServices::cookieDecode()` broken * all current extending classes do it anyway (see #14670 ) * added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly Commits ------- 464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| | | | * | [Security] AbstractRememberMeServices::encodeCookie() validates cookie partsDawid Nowak2015-05-212-4/+8
| | | | |/
| | | * | Avoid redirection to XHR URIsAlessandro Siragusa2015-05-201-1/+1
| | | |/
| * | | minor #14581 [Security] Removed unnecessary statement (MacDada)Fabien Potencier2015-05-151-1/+0
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.7 branch. Discussion ---------- [Security] Removed unnecessary statement | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | ~ | License | MIT | Doc PR | ~ Removed unnecessary statement from `PersistentTokenBasedRememberMeServices.php`. `$series` comes from `$cookieParts` and `$this->tokenProvider->loadTokenBySeries($series);` is supposed to find the token with that value. Doing `$persistentToken->getSeries();` should give us exactly the same value, so it is an unnecessary statement. Why? * We don't need it? We won't miss it when it's gone. * It confuses a code reader who starts guessing why would that be needed (at least I did and lost time because of that). Unless… It actually is needed, as we want `TokenProviderInterface` implementations to have a possibility to give a `PersistentTokenInterface` with a different series value than asked… I can make a PR to the testing class so that such requirement is checked upon. I don't believe that this is BC, as this behaviour isn't documented anywhere and no existing (known to me) implementations return different series than the asked ones (and current tests pass successfully). Commits ------- c7a91f1 Removed unnecessary statement from PersistentTokenBasedRememberMeServices.php
| | * | | Removed unnecessary statement from PersistentTokenBasedRememberMeServices.phpDawid Nowak2015-05-071-1/+0
| | | | |
* | | | | Merge branch '2.7' into 2.8Fabien Potencier2015-05-152-2/+2
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: fixed CS fixed CS fixed CS Fix WebProfilerBundle compatiblity with HttpKernel < 2.7 [Validator] Deprecated PHP7-incompatible constraints and related validators [DebugBundle] Allow alternative destination for dumps [DebugBundle] Use output mechanism of dumpers instead of echoing [DebugBundle] Always collect dumps [FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands Fix tests in HHVM CS: Pre incrementation/decrementation should be used if possible Conflicts: src/Symfony/Bundle/FrameworkBundle/composer.json
| * | | | Merge branch '2.6' into 2.7Fabien Potencier2015-05-151-1/+1
| |\ \ \ \ | | | |/ / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: fixed CS fixed CS Conflicts: src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
| | * | | fixed CSFabien Potencier2015-05-151-1/+1
| | | | |
| * | | | Merge branch '2.6' into 2.7Fabien Potencier2015-05-151-1/+1
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [DebugBundle] Allow alternative destination for dumps [DebugBundle] Use output mechanism of dumpers instead of echoing [DebugBundle] Always collect dumps Fix tests in HHVM CS: Pre incrementation/decrementation should be used if possible Conflicts: src/Symfony/Component/Finder/Expression/Glob.php
| | * | | Merge branch '2.3' into 2.6Fabien Potencier2015-05-151-1/+1
| | |\ \ \ | | | | |/ | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix tests in HHVM CS: Pre incrementation/decrementation should be used if possible Conflicts: src/Symfony/Bundle/TwigBundle/Command/LintCommand.php src/Symfony/Component/Console/Helper/TableHelper.php src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php src/Symfony/Component/Security/Acl/Dbal/AclProvider.php src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
| | | * | minor #14121 CS: Pre incrementation/decrementation should be used if ↵Fabien Potencier2015-05-151-1/+1
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | possible (gharlan) This PR was merged into the 2.3 branch. Discussion ---------- CS: Pre incrementation/decrementation should be used if possible | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113 If this pr is merged I would change the level of the fixer to `symfony`. Commits ------- c5123d6 CS: Pre incrementation/decrementation should be used if possible
generated by cgit v1.1 at 2025-05-17 18:46:19 +0000