summaryrefslogtreecommitdiffstats
path: root/Tests
Commit message (Collapse)AuthorAgeFilesLines
* [FrameworkBundle] Fix deps=low/high testsNicolas Grekas2015-10-061-0/+5
|
* [Security\Core] Fix test failure after sebastianbergmann/phpunit#1821Nicolas Grekas2015-10-061-1/+1
|
* bug #14842 [Security][bugfix] "Remember me" cookie cleared on logout with ↵Fabien Potencier2015-10-053-5/+49
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | custom "secure"/"httponly" config options [1] (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14842). Discussion ---------- [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14822 | License | MIT | Doc PR | ~ * test now always pass "secure" and "httponly" options, as they are required * could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required * I can squash the commits before merging * Alternative solution: #14843 Commits ------- 18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| * [Security][bugfix] "Remember me" cookie cleared on logout with custom ↵Dawid Nowak2015-10-053-5/+49
| | | | | | | | "secure"/"httponly" config options [1]
* | [Security] InMemoryUserProvider now concerns whether user's password is ↵Issei.M2015-08-101-6/+27
| | | | | | | | changed when refreshing
* | trigger event with right user (add test)v2.3.31Christian Flothmann2015-06-281-0/+52
| |
* | Standardize the name of the exception variablesJavier Eguiluz2015-06-154-9/+9
|/
* minor #14474 [2.3] Static Code Analysis for Components (kalessil)Fabien Potencier2015-06-011-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [2.3] Static Code Analysis for Components | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Static Code Analysis with Php Inspections (EA Extended), no functional changes: - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString - resolved callable name case mismatches Commits ------- 9eb2b14 Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
| * Php Inspections (EA Extended): - resolved possible PHP Fatal in ↵Vladimir Reznichenko2015-05-291-1/+1
| | | | | | | | \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
* | [Security][Acl] enforce string identifiersChristian Flothmann2015-05-311-1/+23
|/
* minor #14670 [Security] TokenBasedRememberMeServices test to show why ↵v2.3.30v2.3.29Fabien Potencier2015-05-211-3/+16
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | encoding username is required (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14670). Discussion ---------- [Security] TokenBasedRememberMeServices test to show why encoding username is required | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no 241538d shows that it's not actually tested, 257b796 reimplements it with test. I can remove the POC commit if it's not needed. Commits ------- 63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
| * [Security] TokenBasedRememberMeServices test to show why encoding username ↵Dawid Nowak2015-05-211-3/+16
| | | | | | | | is required
* | [Security] AbstractRememberMeServices::encodeCookie() validates cookie partsDawid Nowak2015-05-211-0/+34
|/
* minor #14121 CS: Pre incrementation/decrementation should be used if ↵Fabien Potencier2015-05-156-17/+17
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | possible (gharlan) This PR was merged into the 2.3 branch. Discussion ---------- CS: Pre incrementation/decrementation should be used if possible | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113 If this pr is merged I would change the level of the fixer to `symfony`. Commits ------- c5123d6 CS: Pre incrementation/decrementation should be used if possible
| * CS: Pre incrementation/decrementation should be used if possibleGregor Harlan2015-04-076-17/+17
| |
* | Fix tests in HHVMDiego Saint Esteben2015-05-111-1/+1
|/
* minor #14089 CS: Binary operators should be arounded by at least one space ↵Fabien Potencier2015-03-303-12/+12
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (keradus) This PR was merged into the 2.3 branch. Discussion ---------- CS: Binary operators should be arounded by at least one space | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Update before upcoming changes on PHP CS Fixer 1.7 To keep fabbot.io happy ;) Commits ------- ec2cec6 CS: Binary operators should be arounded by at least one space
| * CS: Binary operators should be arounded by at least one spaceDariusz Ruminski2015-03-273-12/+12
| |
* | remove useless tests that fail in php 7Tobias Schultze2015-03-271-17/+0
|/
* CS: Convert double quotes to single quotesDariusz Ruminski2015-03-213-7/+7
|
* minor #13862 [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] ↵Fabien Potencier2015-03-073-11/+11
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup (kalessil) This PR was squashed before being merged into the 2.3 branch (closes #13862). Discussion ---------- [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Split <a href="https://github.com/symfony/symfony/pull/13813">PR 13813</a>: part 1 - targeting v2.3 Following is included (no functional changes, found with <a href="https://plugins.jetbrains.com/plugin/7622?pr=phpStorm">Php Inspections (EA Extended)</a>): - Fixed couple of concatenation as array index warnings - Unset calls can be merged inspection fixes - array_search in in_array context inspection fixes - Is null usage inspection fixes - Prefixed increment/decrement inspection fixes - Elvis operator can be used inspection fixes - Alias functions usage inspection fixes - Ternary operator simplification inspection fixes - _ _ DIR _ _ equivalent inspection fixes Commits ------- f13b5f7 [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup
| * [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] ↵Vladimir Reznichenko2015-03-073-11/+11
| | | | | | | | [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup
* | CS fixesDariusz Ruminski2015-03-022-10/+10
|/
* [Security] Remove ContextListener's onKernelResponse listener as it is usedDave Marshall2015-02-051-3/+33
|
* [Security] Don't destroy the session on buggy php releases.v2.3.24Alexander M. Turek2015-01-071-0/+17
|
* minor #13206 [2.3] Cleanup deprecations (nicolas-grekas)Fabien Potencier2015-01-0336-322/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [2.3] Cleanup deprecations | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | let's see | Fixed tickets | - | License | MIT | Doc PR | - Commits ------- d649bef [2.3] Remove useless tests skips 1d68ad3 [2.3] Cleanup deprecations
| * [2.3] Remove useless tests skipsNicolas Grekas2015-01-0336-322/+0
| |
* | adapted previous commit for 2.3Fabien Potencier2015-01-031-1/+0
| |
* | [Security] Don't send remember cookie for sub requestblanchonvincent2015-01-031-2/+20
|/
* Fix phpdoc and coding standardsChristophe Coevoet2014-12-295-6/+0
| | | | | | This removes the unused use statements which were not catched by PHP-CS-Fixer because of string occurences. It also fixes some invalid phpdoc (scalar is not recognized as a valid type for instance).
* [2.3] CS And DocBlock FixesGraham Campbell2014-12-223-6/+8
|
* [Security] Delete old session on auth strategy migrateAlexander Schwenn2014-12-201-1/+1
|
* CS fixesGraham Campbell2014-12-035-6/+0
|
* PSR-2 fixesv2.3.23Graham Campbell2014-12-024-12/+12
|
* Docblock fixesGraham Campbell2014-11-301-0/+1
|
* compare version using PHP_VERSION_IDChristian Flothmann2014-11-171-1/+1
| | | | | | To let opcode caches optimize cached code, the `PHP_VERSION_ID` constant is used to detect the current PHP version instead of calling `version_compare()` with `PHP_VERSION`.
* Remove aligned '=>' and '='Disquedur2014-10-266-11/+11
|
* bug #10242 Missing checkPreAuth from RememberMeAuthenticationProviderv2.3.20Mathieu Morlon2014-09-241-12/+8
|
* fixed CSFabien Potencier2014-09-2222-75/+88
|
* [Security] Added more testsMarc Torres2014-09-151-0/+42
|
* [Security] Add more tests for StringUtils::equalsKévin Dunglas2014-09-041-3/+41
|
* [Security] Add check for supported attributes in AclVoterv2.3.16v2.3.15v2.3.14Arturs Vonda2014-05-081-2/+29
|
* Fixed incompatibility of x509 auth with nginxalcaeus2014-04-221-18/+33
|
* [Security] Replace exception mocks with actual exception instances.v2.3.12Jakub Zalas2014-04-015-13/+17
| | | | | | It is done for two reasons: * consistency - we use real exception objects in most of the code * latest phpunit does not like the way we were creating mocks for exceptions (it could be also fixed by letting phpunit to call the original constructor)
* fixed various inconsistenciesv2.3.10Fabien Potencier2014-02-118-48/+48
|
* [Security] fixed pre/post authentication checksFabien Potencier2013-12-311-16/+16
|
* fixes PSR-0 issues in testsFabien Potencier2013-12-307-4/+4
|
* bug #8997 [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role. ↵Fabien Potencier2013-12-291-1/+43
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (pawaclawczyk) This PR was squashed before being merged into the 2.3 branch (closes #8997). Discussion ---------- [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role. <table> <tr> <td><b>Q</b></td> <td><b>A</b></td> </tr> <tr> <td>Bug fix?</td> <td>yes</td> </tr> <tr> <td>New feature</td> <td>no</td> </tr> <tr> <td>BC breaks?</td> <td>no</td> </tr> <tr> <td>Deprecations?</td> <td>no</td> </tr> <tr> <td>Tests pass?</td> <td>yes</td> </tr> <tr> <td>Fixed tickets</td> <td>#3085, #8974</td> </tr> <tr> <td>License</td> <td>MIT</td> </tr> <tr> <td>Doc PR</td> <td>n/a</td> </tr> </table> Problem occurs while user is impersonated. Authentication process generates new token and doeas not preserve role ```ROLE_PREVIOUS_ADMIN```. Ex. when parameter ```security.always_authenticate_before_granting``` is enabled. Commits ------- a7baa3b [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
| * [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.Paweł Wacławczyk2013-12-291-1/+43
| |
* | [Security] removed obsolete commentFabien Potencier2013-12-291-1/+0
| |
* | [Security] made code easier to understand, added some missing unit testsFabien Potencier2013-12-291-0/+190
| |
* | fixed CS for lambdasFabien Potencier2013-12-281-1/+1
| |
* | Fix parent serialization of user objectDavid de Boer2013-12-231-0/+41
| |
* | Merge branch '2.2' into 2.3v2.3.8Fabien Potencier2013-11-2511-11/+11
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: fixed some typos fixed @expectedException class names Conflicts: src/Symfony/Component/Config/Tests/Definition/ArrayNodeTest.php src/Symfony/Component/Console/Tests/Command/CommandTest.php src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php src/Symfony/Component/Locale/Tests/Stub/StubNumberFormatterTest.php
| * | fixed @expectedException class namesv2.2.11Fabien Potencier2013-11-2511-11/+11
| | |
* | | Merge branch '2.2' into 2.3Fabien Potencier2013-11-231-0/+48
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: No Entity Manager defined exception fixed CS [Acl] Fix for issue #9433 [Validator] fix docblock typos [DependencyInjection] removed the unused Reference and Parameter classes use statements from the compiled container class Fix mistake in translation's service definition. if handler_id is identical to null fix CS fix Fixed ModelChoiceList tests in Propel1 bridge. [AclProvider] Fix incorrect behaviour when partial results returned from cache Check if the pipe array is empty before calling stream_select() re-factor Propel1 ModelChoiceList [Locale] fixed the failing test described in #9455 [Process] fix phpdoc and timeout of 0 bug #9445 [BrowserKit] fixed protocol-relative url redirection Conflicts: src/Symfony/Component/BrowserKit/Tests/ClientTest.php src/Symfony/Component/Locale/Tests/Stub/StubIntlDateFormatterTest.php
| * | [Acl] Fix for issue #9433Guillaume Royer2013-11-221-0/+48
| | |
* | | Merge branch '2.2' into 2.3v2.3.6Fabien Potencier2013-10-105-0/+84
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: bumped Symfony version to 2.2.10 updated VERSION for 2.2.9 update CONTRIBUTORS for 2.2.9 updated CHANGELOG for 2.2.9 [Security] limited the password length passed to encoders assets:install command should mirror .dotfiles (.htaccess) PoFileDumper - PO headers removed whitespaces Conflicts: src/Symfony/Component/HttpKernel/Kernel.php src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
| * | [Security] limited the password length passed to encodersv2.2.9Fabien Potencier2013-10-105-0/+84
| | |
* | | Merge branch '2.2' into 2.3Fabien Potencier2013-09-192-2/+1
|\ \ \ | |/ / | | / | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: Fix some annotates [FrameworkBundle] made sure that the debug event dispatcher is used everywhere [HttpKernel] remove unneeded strtoupper updated the composer install command to reflect changes in Composer Conflicts: src/Symfony/Component/Console/Application.php src/Symfony/Component/Console/Command/Command.php src/Symfony/Component/Console/Input/InputDefinition.php src/Symfony/Component/CssSelector/Node/CombinedSelectorNode.php src/Symfony/Component/Form/Form.php src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php src/Symfony/Component/HttpKernel/Tests/DependencyInjection/RegisterListenersPassTest.php src/Symfony/Component/Locale/Locale.php src/Symfony/Component/Locale/README.md src/Symfony/Component/Locale/Stub/DateFormat/FullTransformer.php
| * Fix some annotatesbronze1man2013-09-192-2/+1
| |
* | Merge branch '2.2' into 2.3v2.3.3Fabien Potencier2013-08-062-0/+0
|\ \ | |/ | | | | | | * 2.2: fix some file mode bug 755->644
| * fix some file mode bug 755->644v2.2.5bronze1man2013-08-062-0/+0
| |
* | Merge branch '2.2' into 2.3Fabien Potencier2013-07-203-2/+436
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | * 2.2: [PropertyAccess] added moves to pluralMap [Security] fixed issue where authentication listeners clear unrelated tokens fix issue #8499 modelChoiceList call getPrimaryKey on a non object [DependencyInjection] Add exception for service name not dumpable in PHP Conflicts: src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php src/Symfony/Component/Security/Tests/Http/Firewall/BasicAuthenticationListenerTest.php
| * [Security] fixed issue where authentication listeners clear unrelated tokensalcaeus2013-07-193-2/+436
| | | | | | | | | | This commit fixes an issue where authentication listeners clear all security tokens in case of authentication failure. This behavior makes it impossible to combine certain authentication mechanisms, notably x509 with form-based login.
* | [Security] Added few new test cases for the HttpUtils and improved ↵v2.3.1Jakub Zalas2013-06-021-18/+127
| | | | | | | | readability of existing tests.
* | [Security] Added tests for the SwitchUserListener.Jakub Zalas2013-06-021-0/+175
| |
* | [Security] Added tests for the ContextListener.Jakub Zalas2013-06-021-7/+75
| |
* | [Security] Added a test to the BasicAuthenticationListener.Jakub Zalas2013-06-021-0/+14
| |
* | [Security] Removed an unnecessary call to sprintf() and added a test case.Jakub Zalas2013-06-021-0/+17
| |
* | [Security] Fixed the check if an interface exists.Jakub Zalas2013-05-261-1/+1
| |
* | [Security] Added tests for the DefaultLogoutSuccessHandler.Jakub Zalas2013-05-253-2/+48
| |
* | [Security] Added tests for the DefaultAuthenticationSuccessHandler.Jakub Zalas2013-05-241-0/+173
| |
* | [Security] Added tests for the DefaultAuthenticationFailureHandler.Jakub Zalas2013-05-241-0/+182
| |
* | [Security] Added tests for the remember me ReponseListener.Jakub Zalas2013-05-241-0/+92
| |
* | [Security] Added tests for the SessionAuthenticationStrategy.Jakub Zalas2013-05-241-0/+80
| |
* | [Security] Added tests for the AccessMap.Jakub Zalas2013-05-241-0/+58
| |
* | [Security] Disabled the BCryptPasswordEncoder tests for PHP versions lower ↵Jakub Zalas2013-05-101-0/+11
| | | | | | | | | | | | than 5.3.7. See https://github.com/ircmaxell/password_compat/issues/10#issuecomment-11203833.
* | Outsource all the BCrypt heavy lifting to a libraryElnur Abdurrakhimov2013-04-251-55/+5
| |
* | Fixed typosPascal Borreli2013-04-211-2/+2
| |
* | Merge branch '2.2'Fabien Potencier2013-04-071-0/+17
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: Fix finding ACLs from ObjectIdentity's with different types [HttpKernel] tweaked previous merge #7531: [HttpKernel][Config] FileLocator adds NULL as global resource path Fix autocompletion of command names when namespaces conflict Fix timeout in Process::stop method fixed CS Round stream_select fifth argument up. Fix Process timeout [HttpKernel] Remove args from 5.3 stack traces to avoid filling log files, fixes #7259 bumped Symfony version to 2.2.2-DEV updated VERSION for 2.2.1 updated CHANGELOG for 2.2.1 Fixed phpdoc blocks to show that $uri can be passed as a string or ControllerReference (rather than just as a string) [HttpFoundation] Fixed copy pasted comment from FlashBag in AttributeBag [FrameworkBundle] fixed the discovery of the PHPUnit configuration file when using aggregate options like in -vc app/ (closes #7562) [WebProfilerBundle] removed next pointer class in a template fix overwriting of request's locale if attribute _locale is missing Conflicts: src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php src/Symfony/Component/HttpKernel/EventListener/LocaleListener.php src/Symfony/Component/HttpKernel/Kernel.php
| * Fix finding ACLs from ObjectIdentity's with different typesSamuel Gordalina2013-04-071-0/+17
| |
* | [CS Fix] Consistent coding-style of concatenation operator usageDariusz Górecki2013-04-022-7/+7
| |
* | [Security] Return 401 when using use_forward for form authenticationGunnar Lium2013-03-231-2/+5
|/
* Merge branch '2.1' into 2.2Fabien Potencier2013-03-191-4/+4
|\ | | | | | | | | | | | | | | | | * 2.1: Add a public modifier to an interface method [HttpRequest] fixes Request::getLanguages() bug [HttpCache] added a test (cached content should be kept after purging) [DoctrineBridge] Fixed non-utf-8 recognition [Security] fixed HttpUtils class tests
| * [Security] fixed HttpUtils class testsJean-François Simon2013-03-151-4/+4
| |
* | Merge branch '2.1' into 2.2Fabien Potencier2013-03-151-2/+14
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: sub-requests are now created with the same class as their parent [FrameworkBundle] removed BC break [FrameworkBundle] changed temp kernel name in cache:clear [DoctrineBridge] Avoids blob values to be logged by doctrine [Security] use current request attributes to generate redirect url? [Validator] fix showing wrong max file size for upload errors [TwigBridge] removed double var initialization (refs #7344) [2.1][TwigBridge] Fixes Issue #7342 in TwigBridge [FrameworkBundle] fixed cahe:clear command's warmup [TwigBridge] now enter/leave scope on Twig_Node_Module [TwigBridge] fixed fixed scope & trans_default_domain node visitor [TwigBridge] fixed non probant tests & added new one [BrowserKit] added ability to ignored malformed set-cookie header [Translation] removed wriong 'use' [Translation] added xliff loader/dumper with resname support [TwigBridge] fixes Conflicts: src/Symfony/Bundle/FrameworkBundle/HttpKernel.php src/Symfony/Component/Security/Http/HttpUtils.php src/Symfony/Component/Translation/Loader/XliffFileLoader.php src/Symfony/Component/Translation/Tests/Loader/XliffFileLoaderTest.php
| * [Security] use current request attributes to generate redirect url?Jean-François Simon2013-03-131-2/+14
| |
* | fixed CSFabien Potencier2013-03-011-1/+1
| |
* | Merge branch '2.1' into 2.2Fabien Potencier2013-02-111-0/+19
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: added support for the X-Forwarded-For header (closes #6982, closes #7000) fixed the IP address in HttpCache when calling the backend [EventDispatcher] Added assertion. [EventDispathcer] Fix removeListener [DependencyInjection] Add clone for resources which were introduced in 2.1 [DependencyInjection] Allow frozen containers to be dumped to graphviz Fix 'undefined index' error, when entering scope recursively [Security] fixed session creation on login (closes #7011) Add dot character `.` to legal mime subtype regular expression [HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes #6923, closes #6936)
| * [Security] fixed session creation on login (closes #7011)Adrien Samson2013-02-071-0/+19
| |
* | Merge branch '2.1' into 2.2Fabien Potencier2013-02-071-28/+30
|\ \ | |/ | | | | | | | | | | * 2.1: [HttpKernel] fixed the creation of the Profiler directory [Security] fixed session creation when none is needed (closes #6917) [FrameworkBundle] removed obsolete comment (see 2e356c1)
| * [Security] fixed session creation when none is needed (closes #6917)Fabien Potencier2013-02-041-28/+30
| |
* | [Security] fixed interface implementation (closes #6974)Fabien Potencier2013-02-051-6/+6
| |
* | Added BCrypt password encoder.Elnur Abdurrakhimov2013-02-051-0/+112
| |
* | [Security] renamed Constraint namespace to Constraints for validator classes ↵Hugo Hamon2013-02-041-3/+3
| | | | | | | | in order to be consistent with the whole current validator API.
* | [Security] [Tests] added unit tests for the UserPasswordValidator class and ↵Hugo Hamon2013-02-021-0/+161
| | | | | | | | made the validator service for the UserPassword constraint configurable.
* | merged branch Seldaek/psr3 (PR #6628)Fabien Potencier2013-01-101-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the master branch. Commits ------- 67d7423 Remove use of deprecated HttpKernel LoggerInterface dca4528 [HttpKernel] Extend psr/log's NullLogger class 1e5a890 [Monolog] Mark old non-PSR3 methods as deprecated 91a86f8 [HttpKernel][Monolog] Add PSR-3 support to the LoggerInterface Discussion ---------- [HttpKernel][MonologBridge] PSR-3 support This enables PSR-3 support and monolog 1.3+. The first commit is the main part. The rest deals with deprecation of short-hand methods (warn/err/crit/emerg) that are fully expanded in PSR-3 (warning/error/critical/emergency). The downside of deprecating them is that for bundles it's a bit harder to support older and newer versions. If that is too much of a hassle you can drop that for now and cherry pick the first commit. The upside is that it forces people to move towards PSR-3 compatible stuff, which means eventually we could completely drop the LoggerInterface from the framework. In any case I think the documentation should only mention the `Psr\Log\LoggerInterface` and people should start hinting against that. The change should be done in core as well I suppose. Anyway I wanted to throw this out there as it is to get feedback. --------------------------------------------------------------------------- by stof at 2013-01-09T09:15:15Z @Seldaek I also think you should change the typehint to use the PSR LoggerInterface in all classes using the logger --------------------------------------------------------------------------- by Seldaek at 2013-01-09T09:54:55Z OK updated according to all the feedback. I tested it in an app and it still seems to work so there shouldn't be any major issues. --------------------------------------------------------------------------- by Seldaek at 2013-01-09T09:59:55Z @fabpot if you merge please merge also the bundle PR, otherwise it won't be possible to update without conflict. --------------------------------------------------------------------------- by frosas at 2013-01-10T14:59:20Z I'm trying to understand why a `composer update` of a Symfony 2.1.* resulted in a fatal error. Shouldn't a stable version don't break like this? As @olaurendeau points, why Symfony depends 1.* instead of 1.2.*? Or why Monolog 1.3 breaks its public interface (EDIT: I'm not sure about it)? Or why isn't this PR being merged (into branch 2.1) at the same time Monolog 1.3 is released? Please, understand I'm not looking for who to blame, it's just I want to know if this situation is unexpected or if otherwise a `composer update` on a stable branch is not as innocent as it seems. --------------------------------------------------------------------------- by stof at 2013-01-10T15:06:51Z @frosas it cannot be merged into 2.1 as it is a BC break. The 2.1 branch has been updated to forbid Monolog 1.3 already --------------------------------------------------------------------------- by Seldaek at 2013-01-10T15:11:58Z @frosas you can blame me for releasing as 1.3.0 and not 2.0, but technically for monolog this isn't really a BC break, I just added an interface. The problem is due to the way it's used in symfony, it ended up as a fatal error. In any case the situation is now sorted out I think. --------------------------------------------------------------------------- by frosas at 2013-01-10T15:26:43Z @stof now I see this `>=1.0,<1.3-dev` change in the 2.1 branch. Now, shouldn't a new (2.1.7) version be released for all of us not in the dev minimum-stability? @Seldaek then do you see feasible to rely only in X.Y.* versions to avoid this kind of errors? --------------------------------------------------------------------------- by Seldaek at 2013-01-10T15:45:22Z @frosas relying on X.Y.* is painful because you always need to wait until someone updates the constraint to get the new version. Of course using ~1.3 like in this PR means if I fuck up and break BC people will update to it, but that's a less likely occurrence than the alternative I think, so I would rather not use X.Y.* --------------------------------------------------------------------------- by frosas at 2013-01-10T15:50:50Z @Seldaek you are right about this, but I was thinking more in changing it only for the stable versions. EDIT: I mean, how often do you need a new feature in a branch you only apply fixes to? --------------------------------------------------------------------------- by stof at 2013-01-10T15:57:32Z @frosas Monolog and Symfony have separate release cycles. Foorcing Symfony users to use an old version of Monolog until they update to a new version of Symfony whereas the newer Monolog is compatible is a bad idea. Thus, as Monolog keeps BC, it does not maintain bugfix releases for all older versions (just like Twig does too). So it would also forbid you to get the fixes done in newer Monolog versions. The incompatibility between Symfony 2.1 LoggerInterface and PSR-3 (whereas they expect exactly the same behavior and signature for methods with the same name) is unfortunate and is the reason why we get some issues here. --------------------------------------------------------------------------- by frosas at 2013-01-10T16:21:06Z @stof I appreciate you prefer to allow newer versions at the price of having to be constantly monitoring its changes to avoid breaks. Another similar but safer strategy would be to stick to X.Y.* versions and upgrade to X.Y+1.* once the new version integration is tested, but I understand this is discutible in projects as close to Symfony as Monolog. Returning to the issue, what do you say to release this 2.1.7 version? Or is it only me who is having issues here? --------------------------------------------------------------------------- by stof at 2013-01-10T16:26:20Z @frosas a minor release should not break BC when following smeantic versionning (Symfony warned about the fact it is not strictly followed for the first releases of 2.x). But as far as monolog is concerned, 1.3 is BC with 1.2. --------------------------------------------------------------------------- by Seldaek at 2013-01-10T16:49:55Z @frosas sorry I didn't get you still had the problem. I tagged a 2.1.7 of monologbundle which hopefully fixes your issue.
| * | Remove use of deprecated HttpKernel LoggerInterfaceJordi Boggiano2013-01-091-1/+1
| | |
* | | merged branch asm89/issue-837 (PR #4935)Fabien Potencier2013-01-101-3/+3
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the master branch. Commits ------- 73db84f [Security] Move translations file to 'security' domain 324703a [Security] Switch to English messages as message keys aa74769 [Security] Fix CS + unreachable code 2d7a7ba [Security] Fix `AuthenticationException` serialization 50d5724 [Security] Introduced `UsernameNotFoundException#get/setUsername` 39da27a [Security] Removed `get/setExtraInformation`, added `get/set(Token|User)` 837ae15 [Security] Add note about changed constructor to changelog d6c57cf [FrameworkBundle] Register security exception translations d7129b9 [Security] Fix exception constructors called in `UserChecker` 0038fbb [Security] Add initial translations for AccountStatusException childs 50e2cfc [Security] Add custom `getMessageKey` AccountStatusException childs 1147977 [Security] Fix InsufficientAuthenticationException constructor calls 79430b8 [Security] Fix AuthenticationServiceException constructor calls 42cced4 [Security] Fix AuthenticationException constructor calls 963a1d7 [Security] Add initial translations for the exceptions ed6eed4 [Security] Add `getMessageKey` and `getMessageData` to auth exceptions 694c47c [Security] Change signature of `AuthenticationException` to match `\Exception` Discussion ---------- [2.2][Security] AuthenticationException enhancements Bug fix: semi Feature addition: yes Backwards compatibility break: yes Symfony2 tests pass: [![Build Status](https://secure.travis-ci.org/asm89/symfony.png?branch=issue-837)](http://travis-ci.org/asm89/symfony) Fixes the following tickets: #837 License of the code: MIT This PR adds the functionality discussed in #837 and changes the constructor of the `AuthenticationException` to match that of `\Exception`. This PR will allow developers to show a translated (save) authentication exception message to the user. :) *Todo:* - Add some functional test to check that the exceptions can indeed be translated? - Get feedback on the current English messages --------------------------------------------------------------------------- by asm89 at 2012-07-15T14:04:11Z ping @schmittjoh --------------------------------------------------------------------------- by schmittjoh at 2012-07-15T14:57:32Z Looks good to me. While you are at the exceptions, I think we can also get rid of the "extra information" thing and replace it by explicit getters/setters. Mostly that will mean adding set/getToken, set/getUser, set/getUsername. Bundles might add custom exceptions which have other data. This will make it a bit more useful and predictable. --------------------------------------------------------------------------- by asm89 at 2012-07-15T15:40:45Z @schmittjoh I removed the `get/setExtraInformation` and added the more explicit getters/setters as you suggested. --------------------------------------------------------------------------- by asm89 at 2012-07-15T19:33:15Z @fabpot Did you reschedule this for 2.2? Why? It was originally a 2.1 ticket. I think it is an important one because at the moment there is no reliable way to show users the cause of an `AuthenticationException` without the threat of exposing sensitive information. This issue has been around for a while, see the original issue this PR refers to, or for example [this TODO comment in FOSUB](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Controller/SecurityController.php#L37). The PR itself is ready to merge now. My only question that remains is about whether the actual translations should be functional tested? --------------------------------------------------------------------------- by fabpot at 2012-07-15T19:43:19Z We need to stop at some point. If not, we never release anything. beta3 was scheduled for today and I don't plan any other one before the first RC and I won't have time to review this PR next week. So, if you, @schmittjoh, @vicb, @stof, and a few other core devs "validate" this PR, I might consider merging it before 2.1. --------------------------------------------------------------------------- by asm89 at 2012-07-15T19:46:09Z @fabpot I totally agree with your point of view. I just have been trying to pickup some security issues that were still open. :) --------------------------------------------------------------------------- by stof at 2012-07-15T19:50:29Z This looks good to me --------------------------------------------------------------------------- by asm89 at 2012-08-12T09:06:24Z Since the beta period is over I assume the window was missed to get this security related PR in 2.1. If I have feedback from @fabpot I'll still try to make it mergeable asap though. --------------------------------------------------------------------------- by fabpot at 2012-08-13T10:10:32Z @asm89 This would indeed be considered for merging in 2.2. --------------------------------------------------------------------------- by Antek88 at 2012-10-03T10:30:46Z +1 --------------------------------------------------------------------------- by stof at 2012-10-04T21:27:15Z @asm89 could you rebase this PR ? It conflicts with master --------------------------------------------------------------------------- by fabpot at 2012-10-05T17:16:44Z What's the status of this PR? @asm89 Have you taken all the feedback into account? --------------------------------------------------------------------------- by stof at 2012-10-13T17:48:48Z @asm89 ping --------------------------------------------------------------------------- by fabpot at 2012-10-29T09:48:40Z @asm89 If you don't have time, I can finish the work on this PR, but can you just tell me what's left? --------------------------------------------------------------------------- by asm89 at 2012-10-29T10:02:22Z I can pick this up, but I have two outstanding questions: - One about adding `::create()`? https://github.com/symfony/symfony/pull/4935#discussion_r1358297 - And what is the final verdict on the messages? https://github.com/symfony/symfony/pull/4935#discussion_r1165701 The initial idea was that the exception itself have an exception message which is plain english and informative for the developer. If you want to display the 'safe' user messages you have the optional dependency on the translator. There is a comparison made with the Validator component, but in my opinion that's a different case because the violations always contain the message directed at the user and have no plain english message for the developer. Apart from that the Validator component contains it's own code for replacing `{{ }}` variables in messages (duplication? not as flexible as the translator). Concluding I'd opt for: optional dependency on translator component if you want to show 'safe' user messages + message keys. @schmittjoh Any things to add? --------------------------------------------------------------------------- by schmittjoh at 2012-10-29T10:14:09Z Message keys sound good to me. I wouldn't add the ``create`` method for now. On Mon, Oct 29, 2012 at 11:02 AM, Alexander <notifications@github.com>wrote: > I can pick this up, but I have two outstanding questions: > > - One about adding ::create()? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1358297> > - And what is the final verdict on the messages? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1165701>The initial idea was that the exception itself have an exception message > which is plain english and informative for the developer. If you want to > display the 'safe' user messages you have the optional dependency on the > translator. There is a comparison made with the Validator component, but in > my opinion that's a different case because the violations always contain > the message directed at the user and have no plain english message for the > developer. Apart from that the Validator component contains it's own code > for replacing {{ }} variables in messages (duplication? not as > flexible as the translator). Concluding I'd opt for: optional dependency on > translator component if you want to show 'safe' user messages + message > keys. > > @schmittjoh <https://github.com/schmittjoh> Any things to add? > > — > Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-9861016>. > > --------------------------------------------------------------------------- by fabpot at 2012-10-29T10:27:37Z As I said in the discussion about the translations, I'm -1 for the message keys to be consistent with how we manage translations everywhere else in the framework. --------------------------------------------------------------------------- by stof at 2012-10-29T10:30:50Z @fabpot When we changed the English translation for the validation errors in 2.1, we had to tag the commit as a BC rbeak as it was changing the source for all other translations. And if you look at the state of the files now, you will see that we are *not* using the English as source anymore in some places as some validation errors have a pluralized translation but the source has not been changed. So I think using a key is more future-proof. --------------------------------------------------------------------------- by asm89 at 2012-10-30T19:44:49Z Any final decision on this? On one hand I have @stof and @schmittjoh +1 on message keys, on the other @fabpot -1. I guess it's your call @fabpot. Edit: also @vicb seemed to be +1 on message keys earlier on. --------------------------------------------------------------------------- by drak at 2012-11-01T20:19:00Z I am also -1, I agree with @fabpot --------------------------------------------------------------------------- by asm89 at 2012-11-12T09:38:51Z @fabpot Can you please give a definite answer on this? I personally think @stof and @vicb have good points to do message keys, but with all these different people +1 and -1'ing the PR I'm lost on what it should actually do. --------------------------------------------------------------------------- by asm89 at 2012-11-14T09:59:06Z ping @fabpot --------------------------------------------------------------------------- by asm89 at 2012-11-26T10:01:27Z ping @fabpot We talked about this in Berlin. Any final thoughts on the PR? :) One idea was to do message keys + opt depend on the translator component if you want to use them, or use your own implementation. --------------------------------------------------------------------------- by fabpot at 2012-11-26T14:01:37Z The conclusion is: keep using plain English. On Mon, Nov 26, 2012 at 11:01 AM, Alexander <notifications@github.com>wrote: > ping @fabpot <https://github.com/fabpot> We talked about this in Berlin. > Any final thoughts on the PR? :) One idea was to do message keys + opt > depend on the translator component if you want to use them, or use your own > implementation. > > — > Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-10709997>. > > --------------------------------------------------------------------------- by Inori at 2012-11-26T15:00:22Z is this final? if not, then +1 for message keys --------------------------------------------------------------------------- by vicb at 2012-11-27T22:33:47Z @fabpot I can't understand why we keep discussing this for months as this implementation use *both* keys and plain Englis, ie using keys is optional ( if it was not it would not be an issue according to #6129) --------------------------------------------------------------------------- by asm89 at 2013-01-02T21:43:46Z @fabpot @vicb I'll rebase this PR, fix the comments and refactor the message keys to use plain English + {{ }} syntax for the placeholders. --------------------------------------------------------------------------- by asm89 at 2013-01-07T15:00:58Z @fabpot If I fix this tonight, will it make the beta? --------------------------------------------------------------------------- by fabpot at 2013-01-07T15:53:00Z yes, definitely. --------------------------------------------------------------------------- by asm89 at 2013-01-07T20:13:38Z @fabpot I switched the implementation to English messages instead of message keys and fixed the final comments + rebased. Anything you want me to do after this? Still happy with `getMessageKey()`?
generated by cgit v1.1 at 2025-06-02 14:44:06 +0000