summaryrefslogtreecommitdiffstats
path: root/Tests
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Merge branch '2.3' into 2.4Fabien Potencier2013-12-291-0/+190
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [Security] made code easier to understand, added some missing unit tests [DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop) [DomCrawler] Fixed creating form objects from form nodes. disabled php.ini changes when using HHVM in .travis.yml [Process] fixed HHVM support Add support for HHVM in the getting of the PHP executable [Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
| * | [Security] made code easier to understand, added some missing unit testsFabien Potencier2013-12-291-0/+190
| | |
| * | fixed CS for lambdasFabien Potencier2013-12-281-1/+1
| | |
| * | Fix parent serialization of user objectDavid de Boer2013-12-231-0/+41
| | |
| * | Merge branch '2.2' into 2.3v2.3.8Fabien Potencier2013-11-2511-11/+11
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: fixed some typos fixed @expectedException class names Conflicts: src/Symfony/Component/Config/Tests/Definition/ArrayNodeTest.php src/Symfony/Component/Console/Tests/Command/CommandTest.php src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php src/Symfony/Component/Locale/Tests/Stub/StubNumberFormatterTest.php
| | * | fixed @expectedException class namesv2.2.11Fabien Potencier2013-11-2511-11/+11
| | | |
| * | | Merge branch '2.2' into 2.3Fabien Potencier2013-11-231-0/+48
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: No Entity Manager defined exception fixed CS [Acl] Fix for issue #9433 [Validator] fix docblock typos [DependencyInjection] removed the unused Reference and Parameter classes use statements from the compiled container class Fix mistake in translation's service definition. if handler_id is identical to null fix CS fix Fixed ModelChoiceList tests in Propel1 bridge. [AclProvider] Fix incorrect behaviour when partial results returned from cache Check if the pipe array is empty before calling stream_select() re-factor Propel1 ModelChoiceList [Locale] fixed the failing test described in #9455 [Process] fix phpdoc and timeout of 0 bug #9445 [BrowserKit] fixed protocol-relative url redirection Conflicts: src/Symfony/Component/BrowserKit/Tests/ClientTest.php src/Symfony/Component/Locale/Tests/Stub/StubIntlDateFormatterTest.php
| | * | [Acl] Fix for issue #9433Guillaume Royer2013-11-221-0/+48
| | | |
| * | | Merge branch '2.2' into 2.3v2.3.6Fabien Potencier2013-10-105-0/+84
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: bumped Symfony version to 2.2.10 updated VERSION for 2.2.9 update CONTRIBUTORS for 2.2.9 updated CHANGELOG for 2.2.9 [Security] limited the password length passed to encoders assets:install command should mirror .dotfiles (.htaccess) PoFileDumper - PO headers removed whitespaces Conflicts: src/Symfony/Component/HttpKernel/Kernel.php src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
| | * | [Security] limited the password length passed to encodersv2.2.9Fabien Potencier2013-10-105-0/+84
| | | |
| * | | Merge branch '2.2' into 2.3Fabien Potencier2013-09-192-2/+1
| |\ \ \ | | |/ / | | | / | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: Fix some annotates [FrameworkBundle] made sure that the debug event dispatcher is used everywhere [HttpKernel] remove unneeded strtoupper updated the composer install command to reflect changes in Composer Conflicts: src/Symfony/Component/Console/Application.php src/Symfony/Component/Console/Command/Command.php src/Symfony/Component/Console/Input/InputDefinition.php src/Symfony/Component/CssSelector/Node/CombinedSelectorNode.php src/Symfony/Component/Form/Form.php src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php src/Symfony/Component/HttpKernel/Tests/DependencyInjection/RegisterListenersPassTest.php src/Symfony/Component/Locale/Locale.php src/Symfony/Component/Locale/README.md src/Symfony/Component/Locale/Stub/DateFormat/FullTransformer.php
| | * Fix some annotatesbronze1man2013-09-192-2/+1
| | |
* | | [Security] Split the component into 3 sub-components Core, ACL, HTTPBernhard Schussek2013-09-1882-10905/+0
| | |
* | | [Security] Keep other query string parameters when switching usersLars Vierbergen2013-08-271-0/+35
| | |
* | | Fixed typosPascal Borreli2013-08-242-2/+2
| | |
* | | removed deps checks in unit testsFabien Potencier2013-08-1936-318/+0
| | | | | | | | | | | | | | | | | | | | | | | | As Composer is now widely used in the PHP world, having to run composer install before running the test suite is expected. This also has the nice benefit of removing a bunch of code, making things easier to maintain (there is only one place to declare a dev dependency), and probably more.
* | | [Security] Added a check for strategies in AccessDecisionManagerDennis Benkert2013-08-121-0/+8
| | |
* | | [HttpKernel] added $event->isMasterRequest()Kris Wallsmith2013-08-081-2/+2
|/ /
* | Merge branch '2.2' into 2.3v2.3.3Fabien Potencier2013-08-062-0/+0
|\ \ | |/ | | | | | | * 2.2: fix some file mode bug 755->644
| * fix some file mode bug 755->644v2.2.5bronze1man2013-08-062-0/+0
| |
* | Merge branch '2.2' into 2.3Fabien Potencier2013-07-203-2/+436
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | * 2.2: [PropertyAccess] added moves to pluralMap [Security] fixed issue where authentication listeners clear unrelated tokens fix issue #8499 modelChoiceList call getPrimaryKey on a non object [DependencyInjection] Add exception for service name not dumpable in PHP Conflicts: src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php src/Symfony/Component/Security/Tests/Http/Firewall/BasicAuthenticationListenerTest.php
| * [Security] fixed issue where authentication listeners clear unrelated tokensalcaeus2013-07-193-2/+436
| | | | | | | | | | This commit fixes an issue where authentication listeners clear all security tokens in case of authentication failure. This behavior makes it impossible to combine certain authentication mechanisms, notably x509 with form-based login.
* | [Security] Added few new test cases for the HttpUtils and improved ↵v2.3.1Jakub Zalas2013-06-021-18/+127
| | | | | | | | readability of existing tests.
* | [Security] Added tests for the SwitchUserListener.Jakub Zalas2013-06-021-0/+175
| |
* | [Security] Added tests for the ContextListener.Jakub Zalas2013-06-021-7/+75
| |
* | [Security] Added a test to the BasicAuthenticationListener.Jakub Zalas2013-06-021-0/+14
| |
* | [Security] Removed an unnecessary call to sprintf() and added a test case.Jakub Zalas2013-06-021-0/+17
| |
* | [Security] Fixed the check if an interface exists.Jakub Zalas2013-05-261-1/+1
| |
* | [Security] Added tests for the DefaultLogoutSuccessHandler.Jakub Zalas2013-05-253-2/+48
| |
* | [Security] Added tests for the DefaultAuthenticationSuccessHandler.Jakub Zalas2013-05-241-0/+173
| |
* | [Security] Added tests for the DefaultAuthenticationFailureHandler.Jakub Zalas2013-05-241-0/+182
| |
* | [Security] Added tests for the remember me ReponseListener.Jakub Zalas2013-05-241-0/+92
| |
* | [Security] Added tests for the SessionAuthenticationStrategy.Jakub Zalas2013-05-241-0/+80
| |
* | [Security] Added tests for the AccessMap.Jakub Zalas2013-05-241-0/+58
| |
* | [Security] Disabled the BCryptPasswordEncoder tests for PHP versions lower ↵Jakub Zalas2013-05-101-0/+11
| | | | | | | | | | | | than 5.3.7. See https://github.com/ircmaxell/password_compat/issues/10#issuecomment-11203833.
* | Outsource all the BCrypt heavy lifting to a libraryElnur Abdurrakhimov2013-04-251-55/+5
| |
* | Fixed typosPascal Borreli2013-04-211-2/+2
| |
* | Merge branch '2.2'Fabien Potencier2013-04-071-0/+17
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.2: Fix finding ACLs from ObjectIdentity's with different types [HttpKernel] tweaked previous merge #7531: [HttpKernel][Config] FileLocator adds NULL as global resource path Fix autocompletion of command names when namespaces conflict Fix timeout in Process::stop method fixed CS Round stream_select fifth argument up. Fix Process timeout [HttpKernel] Remove args from 5.3 stack traces to avoid filling log files, fixes #7259 bumped Symfony version to 2.2.2-DEV updated VERSION for 2.2.1 updated CHANGELOG for 2.2.1 Fixed phpdoc blocks to show that $uri can be passed as a string or ControllerReference (rather than just as a string) [HttpFoundation] Fixed copy pasted comment from FlashBag in AttributeBag [FrameworkBundle] fixed the discovery of the PHPUnit configuration file when using aggregate options like in -vc app/ (closes #7562) [WebProfilerBundle] removed next pointer class in a template fix overwriting of request's locale if attribute _locale is missing Conflicts: src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php src/Symfony/Component/HttpKernel/EventListener/LocaleListener.php src/Symfony/Component/HttpKernel/Kernel.php
| * Fix finding ACLs from ObjectIdentity's with different typesSamuel Gordalina2013-04-071-0/+17
| |
* | [CS Fix] Consistent coding-style of concatenation operator usageDariusz Górecki2013-04-022-7/+7
| |
* | [Security] Return 401 when using use_forward for form authenticationGunnar Lium2013-03-231-2/+5
|/
* Merge branch '2.1' into 2.2Fabien Potencier2013-03-191-4/+4
|\ | | | | | | | | | | | | | | | | * 2.1: Add a public modifier to an interface method [HttpRequest] fixes Request::getLanguages() bug [HttpCache] added a test (cached content should be kept after purging) [DoctrineBridge] Fixed non-utf-8 recognition [Security] fixed HttpUtils class tests
| * [Security] fixed HttpUtils class testsJean-François Simon2013-03-151-4/+4
| |
* | Merge branch '2.1' into 2.2Fabien Potencier2013-03-151-2/+14
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: sub-requests are now created with the same class as their parent [FrameworkBundle] removed BC break [FrameworkBundle] changed temp kernel name in cache:clear [DoctrineBridge] Avoids blob values to be logged by doctrine [Security] use current request attributes to generate redirect url? [Validator] fix showing wrong max file size for upload errors [TwigBridge] removed double var initialization (refs #7344) [2.1][TwigBridge] Fixes Issue #7342 in TwigBridge [FrameworkBundle] fixed cahe:clear command's warmup [TwigBridge] now enter/leave scope on Twig_Node_Module [TwigBridge] fixed fixed scope & trans_default_domain node visitor [TwigBridge] fixed non probant tests & added new one [BrowserKit] added ability to ignored malformed set-cookie header [Translation] removed wriong 'use' [Translation] added xliff loader/dumper with resname support [TwigBridge] fixes Conflicts: src/Symfony/Bundle/FrameworkBundle/HttpKernel.php src/Symfony/Component/Security/Http/HttpUtils.php src/Symfony/Component/Translation/Loader/XliffFileLoader.php src/Symfony/Component/Translation/Tests/Loader/XliffFileLoaderTest.php
| * [Security] use current request attributes to generate redirect url?Jean-François Simon2013-03-131-2/+14
| |
* | fixed CSFabien Potencier2013-03-011-1/+1
| |
* | Merge branch '2.1' into 2.2Fabien Potencier2013-02-111-0/+19
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: added support for the X-Forwarded-For header (closes #6982, closes #7000) fixed the IP address in HttpCache when calling the backend [EventDispatcher] Added assertion. [EventDispathcer] Fix removeListener [DependencyInjection] Add clone for resources which were introduced in 2.1 [DependencyInjection] Allow frozen containers to be dumped to graphviz Fix 'undefined index' error, when entering scope recursively [Security] fixed session creation on login (closes #7011) Add dot character `.` to legal mime subtype regular expression [HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes #6923, closes #6936)
| * [Security] fixed session creation on login (closes #7011)Adrien Samson2013-02-071-0/+19
| |
* | Merge branch '2.1' into 2.2Fabien Potencier2013-02-071-28/+30
|\ \ | |/ | | | | | | | | | | * 2.1: [HttpKernel] fixed the creation of the Profiler directory [Security] fixed session creation when none is needed (closes #6917) [FrameworkBundle] removed obsolete comment (see 2e356c1)
| * [Security] fixed session creation when none is needed (closes #6917)Fabien Potencier2013-02-041-28/+30
| |
* | [Security] fixed interface implementation (closes #6974)Fabien Potencier2013-02-051-6/+6
| |
* | Added BCrypt password encoder.Elnur Abdurrakhimov2013-02-051-0/+112
| |
* | [Security] renamed Constraint namespace to Constraints for validator classes ↵Hugo Hamon2013-02-041-3/+3
| | | | | | | | in order to be consistent with the whole current validator API.
* | [Security] [Tests] added unit tests for the UserPasswordValidator class and ↵Hugo Hamon2013-02-021-0/+161
| | | | | | | | made the validator service for the UserPassword constraint configurable.
* | merged branch Seldaek/psr3 (PR #6628)Fabien Potencier2013-01-101-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the master branch. Commits ------- 67d7423 Remove use of deprecated HttpKernel LoggerInterface dca4528 [HttpKernel] Extend psr/log's NullLogger class 1e5a890 [Monolog] Mark old non-PSR3 methods as deprecated 91a86f8 [HttpKernel][Monolog] Add PSR-3 support to the LoggerInterface Discussion ---------- [HttpKernel][MonologBridge] PSR-3 support This enables PSR-3 support and monolog 1.3+. The first commit is the main part. The rest deals with deprecation of short-hand methods (warn/err/crit/emerg) that are fully expanded in PSR-3 (warning/error/critical/emergency). The downside of deprecating them is that for bundles it's a bit harder to support older and newer versions. If that is too much of a hassle you can drop that for now and cherry pick the first commit. The upside is that it forces people to move towards PSR-3 compatible stuff, which means eventually we could completely drop the LoggerInterface from the framework. In any case I think the documentation should only mention the `Psr\Log\LoggerInterface` and people should start hinting against that. The change should be done in core as well I suppose. Anyway I wanted to throw this out there as it is to get feedback. --------------------------------------------------------------------------- by stof at 2013-01-09T09:15:15Z @Seldaek I also think you should change the typehint to use the PSR LoggerInterface in all classes using the logger --------------------------------------------------------------------------- by Seldaek at 2013-01-09T09:54:55Z OK updated according to all the feedback. I tested it in an app and it still seems to work so there shouldn't be any major issues. --------------------------------------------------------------------------- by Seldaek at 2013-01-09T09:59:55Z @fabpot if you merge please merge also the bundle PR, otherwise it won't be possible to update without conflict. --------------------------------------------------------------------------- by frosas at 2013-01-10T14:59:20Z I'm trying to understand why a `composer update` of a Symfony 2.1.* resulted in a fatal error. Shouldn't a stable version don't break like this? As @olaurendeau points, why Symfony depends 1.* instead of 1.2.*? Or why Monolog 1.3 breaks its public interface (EDIT: I'm not sure about it)? Or why isn't this PR being merged (into branch 2.1) at the same time Monolog 1.3 is released? Please, understand I'm not looking for who to blame, it's just I want to know if this situation is unexpected or if otherwise a `composer update` on a stable branch is not as innocent as it seems. --------------------------------------------------------------------------- by stof at 2013-01-10T15:06:51Z @frosas it cannot be merged into 2.1 as it is a BC break. The 2.1 branch has been updated to forbid Monolog 1.3 already --------------------------------------------------------------------------- by Seldaek at 2013-01-10T15:11:58Z @frosas you can blame me for releasing as 1.3.0 and not 2.0, but technically for monolog this isn't really a BC break, I just added an interface. The problem is due to the way it's used in symfony, it ended up as a fatal error. In any case the situation is now sorted out I think. --------------------------------------------------------------------------- by frosas at 2013-01-10T15:26:43Z @stof now I see this `>=1.0,<1.3-dev` change in the 2.1 branch. Now, shouldn't a new (2.1.7) version be released for all of us not in the dev minimum-stability? @Seldaek then do you see feasible to rely only in X.Y.* versions to avoid this kind of errors? --------------------------------------------------------------------------- by Seldaek at 2013-01-10T15:45:22Z @frosas relying on X.Y.* is painful because you always need to wait until someone updates the constraint to get the new version. Of course using ~1.3 like in this PR means if I fuck up and break BC people will update to it, but that's a less likely occurrence than the alternative I think, so I would rather not use X.Y.* --------------------------------------------------------------------------- by frosas at 2013-01-10T15:50:50Z @Seldaek you are right about this, but I was thinking more in changing it only for the stable versions. EDIT: I mean, how often do you need a new feature in a branch you only apply fixes to? --------------------------------------------------------------------------- by stof at 2013-01-10T15:57:32Z @frosas Monolog and Symfony have separate release cycles. Foorcing Symfony users to use an old version of Monolog until they update to a new version of Symfony whereas the newer Monolog is compatible is a bad idea. Thus, as Monolog keeps BC, it does not maintain bugfix releases for all older versions (just like Twig does too). So it would also forbid you to get the fixes done in newer Monolog versions. The incompatibility between Symfony 2.1 LoggerInterface and PSR-3 (whereas they expect exactly the same behavior and signature for methods with the same name) is unfortunate and is the reason why we get some issues here. --------------------------------------------------------------------------- by frosas at 2013-01-10T16:21:06Z @stof I appreciate you prefer to allow newer versions at the price of having to be constantly monitoring its changes to avoid breaks. Another similar but safer strategy would be to stick to X.Y.* versions and upgrade to X.Y+1.* once the new version integration is tested, but I understand this is discutible in projects as close to Symfony as Monolog. Returning to the issue, what do you say to release this 2.1.7 version? Or is it only me who is having issues here? --------------------------------------------------------------------------- by stof at 2013-01-10T16:26:20Z @frosas a minor release should not break BC when following smeantic versionning (Symfony warned about the fact it is not strictly followed for the first releases of 2.x). But as far as monolog is concerned, 1.3 is BC with 1.2. --------------------------------------------------------------------------- by Seldaek at 2013-01-10T16:49:55Z @frosas sorry I didn't get you still had the problem. I tagged a 2.1.7 of monologbundle which hopefully fixes your issue.
| * | Remove use of deprecated HttpKernel LoggerInterfaceJordi Boggiano2013-01-091-1/+1
| | |
* | | merged branch asm89/issue-837 (PR #4935)Fabien Potencier2013-01-101-3/+3
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the master branch. Commits ------- 73db84f [Security] Move translations file to 'security' domain 324703a [Security] Switch to English messages as message keys aa74769 [Security] Fix CS + unreachable code 2d7a7ba [Security] Fix `AuthenticationException` serialization 50d5724 [Security] Introduced `UsernameNotFoundException#get/setUsername` 39da27a [Security] Removed `get/setExtraInformation`, added `get/set(Token|User)` 837ae15 [Security] Add note about changed constructor to changelog d6c57cf [FrameworkBundle] Register security exception translations d7129b9 [Security] Fix exception constructors called in `UserChecker` 0038fbb [Security] Add initial translations for AccountStatusException childs 50e2cfc [Security] Add custom `getMessageKey` AccountStatusException childs 1147977 [Security] Fix InsufficientAuthenticationException constructor calls 79430b8 [Security] Fix AuthenticationServiceException constructor calls 42cced4 [Security] Fix AuthenticationException constructor calls 963a1d7 [Security] Add initial translations for the exceptions ed6eed4 [Security] Add `getMessageKey` and `getMessageData` to auth exceptions 694c47c [Security] Change signature of `AuthenticationException` to match `\Exception` Discussion ---------- [2.2][Security] AuthenticationException enhancements Bug fix: semi Feature addition: yes Backwards compatibility break: yes Symfony2 tests pass: [![Build Status](https://secure.travis-ci.org/asm89/symfony.png?branch=issue-837)](http://travis-ci.org/asm89/symfony) Fixes the following tickets: #837 License of the code: MIT This PR adds the functionality discussed in #837 and changes the constructor of the `AuthenticationException` to match that of `\Exception`. This PR will allow developers to show a translated (save) authentication exception message to the user. :) *Todo:* - Add some functional test to check that the exceptions can indeed be translated? - Get feedback on the current English messages --------------------------------------------------------------------------- by asm89 at 2012-07-15T14:04:11Z ping @schmittjoh --------------------------------------------------------------------------- by schmittjoh at 2012-07-15T14:57:32Z Looks good to me. While you are at the exceptions, I think we can also get rid of the "extra information" thing and replace it by explicit getters/setters. Mostly that will mean adding set/getToken, set/getUser, set/getUsername. Bundles might add custom exceptions which have other data. This will make it a bit more useful and predictable. --------------------------------------------------------------------------- by asm89 at 2012-07-15T15:40:45Z @schmittjoh I removed the `get/setExtraInformation` and added the more explicit getters/setters as you suggested. --------------------------------------------------------------------------- by asm89 at 2012-07-15T19:33:15Z @fabpot Did you reschedule this for 2.2? Why? It was originally a 2.1 ticket. I think it is an important one because at the moment there is no reliable way to show users the cause of an `AuthenticationException` without the threat of exposing sensitive information. This issue has been around for a while, see the original issue this PR refers to, or for example [this TODO comment in FOSUB](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Controller/SecurityController.php#L37). The PR itself is ready to merge now. My only question that remains is about whether the actual translations should be functional tested? --------------------------------------------------------------------------- by fabpot at 2012-07-15T19:43:19Z We need to stop at some point. If not, we never release anything. beta3 was scheduled for today and I don't plan any other one before the first RC and I won't have time to review this PR next week. So, if you, @schmittjoh, @vicb, @stof, and a few other core devs "validate" this PR, I might consider merging it before 2.1. --------------------------------------------------------------------------- by asm89 at 2012-07-15T19:46:09Z @fabpot I totally agree with your point of view. I just have been trying to pickup some security issues that were still open. :) --------------------------------------------------------------------------- by stof at 2012-07-15T19:50:29Z This looks good to me --------------------------------------------------------------------------- by asm89 at 2012-08-12T09:06:24Z Since the beta period is over I assume the window was missed to get this security related PR in 2.1. If I have feedback from @fabpot I'll still try to make it mergeable asap though. --------------------------------------------------------------------------- by fabpot at 2012-08-13T10:10:32Z @asm89 This would indeed be considered for merging in 2.2. --------------------------------------------------------------------------- by Antek88 at 2012-10-03T10:30:46Z +1 --------------------------------------------------------------------------- by stof at 2012-10-04T21:27:15Z @asm89 could you rebase this PR ? It conflicts with master --------------------------------------------------------------------------- by fabpot at 2012-10-05T17:16:44Z What's the status of this PR? @asm89 Have you taken all the feedback into account? --------------------------------------------------------------------------- by stof at 2012-10-13T17:48:48Z @asm89 ping --------------------------------------------------------------------------- by fabpot at 2012-10-29T09:48:40Z @asm89 If you don't have time, I can finish the work on this PR, but can you just tell me what's left? --------------------------------------------------------------------------- by asm89 at 2012-10-29T10:02:22Z I can pick this up, but I have two outstanding questions: - One about adding `::create()`? https://github.com/symfony/symfony/pull/4935#discussion_r1358297 - And what is the final verdict on the messages? https://github.com/symfony/symfony/pull/4935#discussion_r1165701 The initial idea was that the exception itself have an exception message which is plain english and informative for the developer. If you want to display the 'safe' user messages you have the optional dependency on the translator. There is a comparison made with the Validator component, but in my opinion that's a different case because the violations always contain the message directed at the user and have no plain english message for the developer. Apart from that the Validator component contains it's own code for replacing `{{ }}` variables in messages (duplication? not as flexible as the translator). Concluding I'd opt for: optional dependency on translator component if you want to show 'safe' user messages + message keys. @schmittjoh Any things to add? --------------------------------------------------------------------------- by schmittjoh at 2012-10-29T10:14:09Z Message keys sound good to me. I wouldn't add the ``create`` method for now. On Mon, Oct 29, 2012 at 11:02 AM, Alexander <notifications@github.com>wrote: > I can pick this up, but I have two outstanding questions: > > - One about adding ::create()? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1358297> > - And what is the final verdict on the messages? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1165701>The initial idea was that the exception itself have an exception message > which is plain english and informative for the developer. If you want to > display the 'safe' user messages you have the optional dependency on the > translator. There is a comparison made with the Validator component, but in > my opinion that's a different case because the violations always contain > the message directed at the user and have no plain english message for the > developer. Apart from that the Validator component contains it's own code > for replacing {{ }} variables in messages (duplication? not as > flexible as the translator). Concluding I'd opt for: optional dependency on > translator component if you want to show 'safe' user messages + message > keys. > > @schmittjoh <https://github.com/schmittjoh> Any things to add? > > — > Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-9861016>. > > --------------------------------------------------------------------------- by fabpot at 2012-10-29T10:27:37Z As I said in the discussion about the translations, I'm -1 for the message keys to be consistent with how we manage translations everywhere else in the framework. --------------------------------------------------------------------------- by stof at 2012-10-29T10:30:50Z @fabpot When we changed the English translation for the validation errors in 2.1, we had to tag the commit as a BC rbeak as it was changing the source for all other translations. And if you look at the state of the files now, you will see that we are *not* using the English as source anymore in some places as some validation errors have a pluralized translation but the source has not been changed. So I think using a key is more future-proof. --------------------------------------------------------------------------- by asm89 at 2012-10-30T19:44:49Z Any final decision on this? On one hand I have @stof and @schmittjoh +1 on message keys, on the other @fabpot -1. I guess it's your call @fabpot. Edit: also @vicb seemed to be +1 on message keys earlier on. --------------------------------------------------------------------------- by drak at 2012-11-01T20:19:00Z I am also -1, I agree with @fabpot --------------------------------------------------------------------------- by asm89 at 2012-11-12T09:38:51Z @fabpot Can you please give a definite answer on this? I personally think @stof and @vicb have good points to do message keys, but with all these different people +1 and -1'ing the PR I'm lost on what it should actually do. --------------------------------------------------------------------------- by asm89 at 2012-11-14T09:59:06Z ping @fabpot --------------------------------------------------------------------------- by asm89 at 2012-11-26T10:01:27Z ping @fabpot We talked about this in Berlin. Any final thoughts on the PR? :) One idea was to do message keys + opt depend on the translator component if you want to use them, or use your own implementation. --------------------------------------------------------------------------- by fabpot at 2012-11-26T14:01:37Z The conclusion is: keep using plain English. On Mon, Nov 26, 2012 at 11:01 AM, Alexander <notifications@github.com>wrote: > ping @fabpot <https://github.com/fabpot> We talked about this in Berlin. > Any final thoughts on the PR? :) One idea was to do message keys + opt > depend on the translator component if you want to use them, or use your own > implementation. > > — > Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-10709997>. > > --------------------------------------------------------------------------- by Inori at 2012-11-26T15:00:22Z is this final? if not, then +1 for message keys --------------------------------------------------------------------------- by vicb at 2012-11-27T22:33:47Z @fabpot I can't understand why we keep discussing this for months as this implementation use *both* keys and plain Englis, ie using keys is optional ( if it was not it would not be an issue according to #6129) --------------------------------------------------------------------------- by asm89 at 2013-01-02T21:43:46Z @fabpot @vicb I'll rebase this PR, fix the comments and refactor the message keys to use plain English + {{ }} syntax for the placeholders. --------------------------------------------------------------------------- by asm89 at 2013-01-07T15:00:58Z @fabpot If I fix this tonight, will it make the beta? --------------------------------------------------------------------------- by fabpot at 2013-01-07T15:53:00Z yes, definitely. --------------------------------------------------------------------------- by asm89 at 2013-01-07T20:13:38Z @fabpot I switched the implementation to English messages instead of message keys and fixed the final comments + rebased. Anything you want me to do after this? Still happy with `getMessageKey()`?
| * | | [Security] Removed `get/setExtraInformation`, added `get/set(Token|User)`Alexander2013-01-071-3/+3
| |/ /
* | | Merge branch '2.1'Fabien Potencier2013-01-081-1/+1
|\ \ \ | |/ / |/| / | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: [Console] Fix style escaping parsing [Console] Make style formatter matching less greedy to avoid having to escape when not needed [Bundle] [FrameworkBundle] fixed indentation in esi.xml services file. [Component] [Security] fixed PSR-2 coding violation in ClassUtilsTest class. [Form] Fixed EntityChoiceList when loading objects with negative integer IDs [TwigBundle] There is no CSS visibility of display, should be visible instead [Form] corrected source node for a Danish translation [DependencyInjection] fixed a bug where the strict flag on references were lost (closes #6607) [HttpFoundation] Check if required shell functions for `FileBinaryMimeTypeGuesser` are not disabled [CssSelector] added css selector with empty string [HttpFoundation] Docblock for Request::isXmlHttpRequest() now points to Wikipedia [DependencyInjection] refactored code to avoid logic duplication [Form] Deleted references in FormBuilder::getFormConfig() to improve performance [HttpFoundation] Update docblock for non-working method Conflicts: src/Symfony/Bundle/TwigBundle/Resources/views/Exception/trace.html.twig src/Symfony/Bundle/TwigBundle/Resources/views/Exception/traces.html.twig
| * [Component] [Security] fixed PSR-2 coding violation in ClassUtilsTest class.Hugo Hamon2013-01-081-1/+1
| |
* | Fixed @expectedException definitions to reference absolute exception pathsBernhard Schussek2013-01-0515-34/+34
| |
* | Merge branch '2.1'Fabien Potencier2013-01-041-1/+1
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: (24 commits) updated license year Update src/Symfony/Component/HttpFoundation/Response.php [Form] Fixed inheritance of "error_bubbling" in RepeatedType [Form] Fixed DateType when used with the intl extension disabled. [HttpFoundation] fix return types and handling of zero in Response [HttpFoundation] better fix for non-parseable Expires header date Fixed missing plural message in portuguese validator Fix Expires when the header is -1 [DoctrineBridge] Allowing memcache port to be 0 to support memcache unix domain sockets. [Console] fixed unitialized properties (closes #5935) [Process] Prevented test from failing when pcntl extension is not enabled. Revert "[DoctrineBridge] Improved performance of the EntityType when used with the "query_builder" option" [Form] Fixed failing tests for DateTimeToStringTransformer. [Locale] Fixed the StubLocaleTest for ICU versions lower than 4.8. [Bundle] [FrameworkBundle] fixed typo in phpdoc of the SessionListener. [Form] Fixed test regression introduced in #6440 [Tests] Fix namespaces Fixed php doc of GenericEvent::__construct HttpUtils must handle RequestMatcher too use preferred_choices in favor of preferred_query ... Conflicts: src/Symfony/Bridge/Propel1/Form/ChoiceList/ModelChoiceList.php
| * [Tests] Fix namespacesFran Moreno2012-12-271-1/+1
| |
* | Merge branch '2.1'Fabien Potencier2012-12-111-0/+5
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: fixed CS fixed CS [Security] fixed path info encoding (closes #6040, closes #5695) [HttpFoundation] added some tests for the previous merge and removed dead code (closes #6037) Improved Cache-Control header when no-cache is sent removed unneeded comment Fix to allow null values in labels array fix date in changelog removed the Travis icon (as this is not stable enough -- many false positive, closes #6186) Revert "merged branch gajdaw/finder_splfileinfo_fpassthu (PR #4751)" (closes #6224) Fixed a typo Fixed: HeaderBag::parseCacheControl() not parsing quoted zero correctly [Form] Fix const inside an anonymous function [Config] Loader::import must return imported data [DoctrineBridge] Fixed caching in DoctrineType when "choices" or "preferred_choices" is passed [Form] Fixed the default value of "format" in DateType to DateType::DEFAULT_FORMAT if "widget" is not "single_text" [HttpFoundation] fixed a small regression Conflicts: src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
| * [Security] fixed path info encoding (closes #6040, closes #5695)Fabien Potencier2012-12-111-0/+5
| |
* | Merge branch '2.1'Fabien Potencier2012-12-061-0/+181
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | * 2.1: [Locale] fixed tests [Config] Fixed tests on Windows [TwigBundle] Fixed tests [Security] Move DigestDataTest.php inside the Security component Fixed DefaultValue for session.auto_start in NodeDefinition Fix namespace of Validator and BrowserKit Tests Conflicts: src/Symfony/Bundle/TwigBundle/Tests/DependencyInjection/TwigExtensionTest.php src/Symfony/Bundle/TwigBundle/Tests/TwigEngineTest.php
| * [Security] Move DigestDataTest.php inside the Security componentFran Moreno2012-12-041-0/+181
| |
* | Try to make sure cookies get deleted from the TokenProvider when no longer ↵Terje Bråten2012-11-212-9/+9
| | | | | | | | in use
* | made usage of Composer autoloader for subtree-split unit testsFabien Potencier2012-11-091-22/+0
| |
* | merged branch fabpot/401-status-code (PR #5882)Fabien Potencier2012-11-062-5/+0
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the master branch. Commits ------- e193590 [Security] removed the 401 error custom status message Discussion ---------- [Security] removed the 401 error custom status message see fabpot/Silex#496 --------------------------------------------------------------------------- by pborreli at 2012-10-31T17:29:24Z @fabpot please fix the test suite, if you don't know how to do it, read http://symfony.com/doc/current/contributing/code/tests.html, thx :smile_cat:
| * | [Security] removed the 401 error custom status messageFabien Potencier2012-11-062-5/+0
| | |
* | | removed unused use statementsFabien Potencier2012-11-041-1/+0
|/ /
* | [Security] fixed tests when OpenSSL is not installedFabien Potencier2012-10-282-5/+2
| |
* | fixed tests when OpenSsl is not enabled in PHP, renamed a missnamed test, ↵Fabien Potencier2012-10-283-3/+48
| | | | | | | | added missing license doc blocks
* | fixed CSFabien Potencier2012-10-281-9/+9
| |
* | rename String to StringUtilsFabien Potencier2012-10-281-3/+3
| |
* | moved the secure random dep for remember me as a constructor argumentFabien Potencier2012-10-281-4/+1
| |
* | renamed Prng to SecureRandomFabien Potencier2012-10-282-33/+32
| |
* | simplified the Prng codeFabien Potencier2012-10-281-2/+2
| |
* | moved the secure random class from JMSSecurityExtraBundle to Symfony (closes ↵Fabien Potencier2012-10-283-1/+198
| | | | | | | | #3595)
* | [Security] Added Pbkdf2PasswordEncoderSebastiaan Stok2012-10-081-0/+45
|/ | | | | | | | | | | | | | | | [Security] changed default iterations of Pbkdf2PasswordEncoder to 1000 instead of 5000 [Security] Improved description of PBKDF2 encoder [SecurityBundle] added PBKDF2 PasswordEncoder updated CHANGELOG.md [Security] Use the build-in hash_pbkdf2() when available [SecurityBundle] added information about hash_algorithm for configuration [Security] always check algorithm and fixed CS
* [Security] fixed typo in a testFabien Potencier2012-08-311-1/+1
|
* merged 2.0Fabien Potencier2012-08-101-0/+43
|
* Fixed typosPascal Borreli2012-07-284-4/+4
|
* [Security] Extract default logout success handling logicAlexander2012-07-141-5/+7
|
* fixed CSFabien Potencier2012-07-092-3/+0
|
* [Security] changed the HttpUtils constructor to tak both a UrlGenerator and ↵Fabien Potencier2012-06-261-23/+23
| | | | a UrlMatcher instead of a Router (to make it useable by Silex)
* merged 2.0Fabien Potencier2012-06-201-28/+66
|
* [Security] removed test that fail on PHP 5.3.3Fabien Potencier2012-06-181-4/+0
|
* [Security] fixed some unit tests for PHP 5.3.3 (see ↵Fabien Potencier2012-06-181-4/+17
| | | | https://bugs.php.net/bug.php?id=53727)
* [Security] Add failing testcases for EncoderFactoryAlexander2012-06-181-0/+23
|
* [Security] allowed class names to be passed as an argument to ↵Fabien Potencier2012-06-181-0/+19
| | | | EncoderFactoryInterface::getEncoder()
* merged 2.0Fabien Potencier2012-05-201-2/+1
|
* merged 2.0Fabien Potencier2012-05-191-1/+0
|
* fixed CSFabien Potencier2012-05-181-1/+1
|
* merged branch willdurand/fix-components (PR #4155)Fabien Potencier2012-05-011-26/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commits ------- c195957 [Components] Tests/Autoloading fixes Discussion ---------- Fix components See #4141 ---- This PR: * configures each component to use composer to manage "dev" dependencies instead of env variables; * adds phpunit configuration file on Filesystem component; * fixes READMEs. It's mergeable without any problems, but I would recommend to wait a fix in Composer in order to use `self.version` in `require`/`require-dev` sections. Note: I kept `suggest` sections because it makes sense but this PR doesn't aim to provide useful explanations for each entry. It could be another PR, not that one. --------------------------------------------------------------------------- by willdurand at 2012-04-30T20:43:13Z @fabpot I reviewed each component, one by one. Now `phpunit` always works, even if tests are skipped. A simple `composer install --dev` allows to run the complete test suite. Each commit is well separated from the others. I guess, everything is ok now. --------------------------------------------------------------------------- by Tobion at 2012-04-30T20:47:00Z Please squash, as it makes no sense to have the same commit for each component. --------------------------------------------------------------------------- by fabpot at 2012-05-01T14:26:11Z Can you squash your commits before I merge? Thanks. --------------------------------------------------------------------------- by willdurand at 2012-05-01T14:29:38Z done --------------------------------------------------------------------------- by fabpot at 2012-05-01T15:48:25Z It does not seem that the commits are squashed. --------------------------------------------------------------------------- by willdurand at 2012-05-01T15:54:08Z done
| * [Components] Tests/Autoloading fixesWilliam DURAND2012-05-011-26/+4
| | | | | | | | | | | | | | | | * Switched to Composer to manage "dev" dependencies * Fixed READMEs * Excluded vendor in phpunit.xml.dist files * Fixed message in bootstrap.php files * Added autoloader for the component itself
* | fixed CSFabien Potencier2012-05-012-12/+12
|/
* [Security][ACL] Fixed ObjectIdentity::fromDomainObject and ↵Jordan Alliot2012-04-123-64/+139
| | | | | | | UserSecurityIdentity::from(Account|Token) when working with proxies Backported ClassUtils class from Doctrine Common 2.2 Fixes #2611, #2056, #2048, #2035
* fixed CS (missing or misplaced license blocks)Eriksen Costa2012-04-0211-0/+99
|
generated by cgit v1.1 at 2025-05-12 18:19:07 +0000