Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: symfony/security-http
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v5.4.12
Choose a base ref
...
head repository: symfony/security-http
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 7.3
Choose a head ref

Commits on May 19, 2021

  1. Copy the full SHA
    8a4e6fa View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      Allow Symfony 6
    derrabus committed May 19, 2021
    Copy the full SHA
    8abdb29 View commit details

Commits on May 20, 2021

  1. Copy the full SHA
    6a2ff9b View commit details

Commits on May 23, 2021

  1. Copy the full SHA
    06ffe74 View commit details

Commits on May 24, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Form] fix support for years outside of the 32b range on x86 arch
      CS fix
      remove duplicate test
      Add an upgrade note about the removal of Serializable
      [SecurityBundle] Don't register deprecated listeners with authenticator manager enabled
    nicolas-grekas committed May 24, 2021
    Copy the full SHA
    3bf424a View commit details

Commits on May 26, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      Fix CS in README files
      Fix markdown
      [HttpKernel] Fixes tests for PHP7.4+
      fix test
      [HttpKernel] Throw when HttpKernel is created and the env is empty
      [FrameworkBundle] Deprecate the `AdapterInterface` autowiring alias, use `CacheItemPoolInterface` instead
      [Filesystem] fix readlink for Windows
    nicolas-grekas committed May 26, 2021
    Copy the full SHA
    dea9937 View commit details

Commits on May 28, 2021

  1. Leverage Stringable

    nicolas-grekas committed May 28, 2021
    Copy the full SHA
    80035ef View commit details
  2. Copy the full SHA
    b729a92 View commit details

Commits on Jun 2, 2021

  1. Copy the full SHA
    26620ac View commit details

Commits on Jun 3, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      Fix KernelBrowser
      fix
      [Console] Escape synopsis output
      Remove hidden dependency on HttpFoundation for SmsBiurasTransport
      [SecurityBundle] Link UserProviderListener to correct firewall dispatcher
      Move symfony/runtime from require to require-dev in main composer.json
      Bump Symfony version to 5.3.2
      Update VERSION for 5.3.1
      Update CHANGELOG for 5.3.1
      [FrameworkBundle] fix KernelBrowser::loginUser with a stateless firewall
      [HttpFoundation] Add ReturnTypeWillChange to SessionHandlers
      [Security] Readd deprecated methods to the interfaces
      remove service if its class doesn't exist
      Fix not null return from "getCollectionValueTypes"
      Document null support in NumberToLocalizedStringTransformer
      Update loader’s directory when calling ContainerConfigurator::withPath
    nicolas-grekas committed Jun 3, 2021
    Copy the full SHA
    507390f View commit details

Commits on Jun 17, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [FrameworkBundle] fix leftover
      [Uid] fix performance and prevent collisions with the real clock_seq
      Fix RequestContext not updated
      bug #41715: [FrameworkBundle] Partial backport of PR#41530
      [Security] Restore extension point in MessageDigestPasswordEncoder
      Fix some typos in Greek language
      [Security] Fix deprecation notice on TokenInterface::getUser() stringable return
      Remove TLS related options when not using TLS
    nicolas-grekas committed Jun 17, 2021
    Copy the full SHA
    05f7137 View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      Only trigger for the correct firewall in ContextListener::onKernelResponse()
    nicolas-grekas committed Jun 17, 2021
    Copy the full SHA
    ccc9dc7 View commit details

Commits on Jun 21, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [PasswordHasher] UserPasswordHasher only calls getSalt when method exists
      Do not use static::class for final messages
      prevent reflection usages when classes do not exist
      Service 'security.command.debug_firewall' is only available if symfony/console is installed
      [Security] Fix invalid cookie when migrating to new Security
      [HttpFoundation] allow savePath of NativeFileSessionHandler to be null
      [Security] Fix value lost in RememberMe update
      make the getter usable if no user identifier is set
    derrabus committed Jun 21, 2021
    Copy the full SHA
    bcc76aa View commit details

Commits on Jun 22, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      Implement fluent interface on RememberMeBadge::disable()
      Reapply the change to allow to set the composer binary path
      [DependencyInjection] throw proper exception when decorating a synthetic service
      [WebLink] Sync type with parent interface
      [WebLink] fix types on Link::withAttribute()
      [ErrorHandler][DebugClassLoader] Do not check Phake mocks classes
    derrabus committed Jun 22, 2021
    Copy the full SHA
    e2b7f7e View commit details

Commits on Jun 24, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4: (29 commits)
      [DI] fix fixture
      [ErrorHandler] fix handling buffered SilencedErrorContext
      [HttpClient] fix Psr18Client when allow_url_fopen=0
      [DependencyInjection] Add support of PHP enumerations
      [Cache] handle prefixed redis connections when clearing pools
      [Cache] fix eventual consistency when using RedisTagAwareAdapter with a cluster
      [Uid] Prevent double validation in Uuid::fromString() with base32 values
      [Uid] Fix fromString() with low base58 values
      [Notifier] Add options to Microsoft Teams notifier
      [Notifier] Add Telnyx notifier bridge
      [Validator][Translation] Add ExpressionLanguageSyntax en and fr
      [HttpKernel] [HttpCache] Keep s-maxage=0 from ESI sub-responses
      Avoid broken action URL in text notification mail
      [FrameworkBundle] Add commented base64 version of secrets' keys
      [WebProfilerBundle] Improved the light/dark theme switching
      Fix references to CheckRememberMeConditionsListener
      [DependencyInjection] accept service locator definitions with no class
      [Cache] Disable locking on Windows by default
      [HttpClient] Add default base_uri to MockHttpClient
      [DependencyInjection] Fix binding "iterable $foo" when using the PHP-DSL
      ...
    nicolas-grekas committed Jun 24, 2021
    Copy the full SHA
    d9e4178 View commit details

Commits on Jun 30, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      Fix tests
      CS fix
      CS fix
      CS fix
      CS fixes
      Bump Symfony version to 5.3.4
      Update VERSION for 5.3.3
      Update CHANGELOG for 5.3.3
      Bump Symfony version to 5.2.12
      Update VERSION for 5.2.11
      Update CHANGELOG for 5.2.11
      Bump Symfony version to 4.4.27
      Update VERSION for 4.4.26
      Update CONTRIBUTORS for 4.4.26
      Update CHANGELOG for 4.4.26
    nicolas-grekas committed Jun 30, 2021
    Copy the full SHA
    e336ec9 View commit details

Commits on Jul 1, 2021

  1. Copy the full SHA
    fcd36ee View commit details

Commits on Jul 3, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4: (21 commits)
      Backport type fixes
      [Messenger] Added StopWorkerException
      [Workflown] Add support for getting updated context after a transition
      Fix CS
      fix annot
      Backport type fixes
      Fix CS
      Avoid triggering the autoloader in Deprecation::isLegacy()
      fix markdown markup
      Backport type fixes
      [TwigBundle] Improve comment on error silencing
      [SecurityBundle] Fix wrongly inverted condition
      [Notifier] Add MessageMedia Bridge
      uzb translation
      [DependencyInjection] Fix doc blocks
      [DependencyInjection] Turn $defaultDeprecationTemplate into a constant
      [SecurityBundle] Hide Security item if no firewall matched
      [GHA] restore phpunit-bridge job
      rethrow caught exception
      [Form] better form doc types to support static analysis
      ...
    nicolas-grekas committed Jul 3, 2021
    Copy the full SHA
    f2612f1 View commit details

Commits on Jul 4, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [FrameworkBundle] Add missing dep
      CS fix
      Missing translations from traits
      Fix SkippedTestSuite
      [Console] Fix type annotation on InputInterface::hasArgument()
      [Notifier] add Mailjet SMS bridge
      Revert "minor #41949 [Console] fix type annotations on InputInterface (nicolas-grekas)"
      [EventDispatcher] Correct the called event listener method case
      [Serializer] Need to clear cache when updating Annotation Groups on Entities
      Add missing translations for Japanese.
      Revert "bug #41952 [Console] fix handling positional arguments (nicolas-grekas)"
      Fix test
      [Security] Don't skip UserPasswordValidatorTest
      [DI] CS fix
      [Console] fix handling positional arguments
      Add TesterTrait::assertCommandIsSuccessful() helper
      [Validator] add translation for Vietnamese
      Add Bulgarian translation for the validator
      fix backport
      [Console] fix type annotations on InputInterface
    nicolas-grekas committed Jul 4, 2021
    Copy the full SHA
    6ac09b3 View commit details
  2. Copy the full SHA
    ba701dd View commit details

Commits on Jul 6, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      Prepare PasswordUpgraderInterface implementations for 6.0 signatures
      Stop using service "session" in our tests
      [Console] SymfonyStyle - add string type to confirm() $question by contract
    nicolas-grekas committed Jul 6, 2021
    Copy the full SHA
    61aa9f1 View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      [Security] Make fixture compatible with both 5.x and 6.x
      Adding missing class name in deprecation notice
    chalasr committed Jul 6, 2021
    Copy the full SHA
    1b7f6a1 View commit details

Commits on Jul 8, 2021

  1. Copy the full SHA
    5a963af View commit details

Commits on Jul 10, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      clean up remaining event mocks
      fetch type information only once
      do not mock the Request class
      do not mock event classes
      Fix use_notify default value for PostgreSqlConnection
      recover from failed deserializations
      fix setDefaultCommand
      [ErrorHandle] Remove a link from the exception page
      [Validator] Added Ukrainian translations
      [DependencyInjection] Fix TaggedLocator attribute without index argument
      [GHA] Clarify some bits in the deps=high script
      [Cache] make `LockRegistry` use semaphores when possible
      [Security] Deprecate "always authenticate" and "exception on no token"
    xabbuh committed Jul 10, 2021
    Copy the full SHA
    0725076 View commit details

Commits on Jul 13, 2021

  1. Copy the full SHA
    a745316 View commit details

Commits on Jul 14, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Security] Deprecate `TokenInterface::isAuthenticated()` and `setAuthenticated()`
      Include additional errors to slack notifier error message
    chalasr committed Jul 14, 2021
    Copy the full SHA
    b2f7367 View commit details
  2. Copy the full SHA
    4f0ad91 View commit details

Commits on Jul 17, 2021

  1. Merge branch '5.4' into 6.0

    Tobion committed Jul 17, 2021
    Copy the full SHA
    abf4e36 View commit details

Commits on Jul 18, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      Indicate compatibility with psr/log 2 and 3
      [ci] Fix wrongly skipped integration tests
    derrabus committed Jul 18, 2021
    Copy the full SHA
    4cde350 View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      Simplify some code with null coalesce operator
      Don't use deprecated TestLogger class
    derrabus committed Jul 18, 2021
    Copy the full SHA
    c6fff78 View commit details

Commits on Jul 21, 2021

  1. Copy the full SHA
    75e16f2 View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      Leverage str_contains/str_starts_with
      Leverage str_ends_with
    nicolas-grekas committed Jul 21, 2021
    Copy the full SHA
    44214b1 View commit details

Commits on Jul 27, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4: (33 commits)
      [HttpFoundation] Fixed type mismatch
      Bump Symfony version to 5.3.6
      Update VERSION for 5.3.5
      Update CHANGELOG for 5.3.5
      Update VERSION for 5.2.13
      Update CHANGELOG for 5.2.13
      Bump Symfony version to 4.4.29
      Update VERSION for 4.4.28
      Update CHANGELOG for 4.4.28
      fix Check if it has session before getSession()
      [WebProfiler] "empty" filter bugfix. Filter with name "empty" is not exists in twig.
      Bump Symfony version to 5.3.5
      Update VERSION for 5.3.4
      Update CHANGELOG for 5.3.4
      Bump Symfony version to 4.4.28
      Update VERSION for 4.4.27
      Update CONTRIBUTORS for 4.4.27
      Update CHANGELOG for 4.4.27
      Update VERSION for 5.2.12
      Update CHANGELOG for 5.2.12
      ...
    derrabus committed Jul 27, 2021
    Copy the full SHA
    344194d View commit details

Commits on Jul 30, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Serializer] Add support for serializing empty array as object
      [Security] Fix str_contains type mismatch in ChannelListener
      [Security] Deprecate remaining `LogoutHandlerInterface` implementations
      remove 5.2 branch from PR template
      [PasswordHasher] Fix usage of PasswordHasherAdapter in PasswordHasherFactory
    chalasr committed Jul 30, 2021
    Copy the full SHA
    4b47a69 View commit details

Commits on Jul 31, 2021

  1. Copy the full SHA
    3958983 View commit details

Commits on Aug 4, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Notifier] Add TurboSms Bridge
      Add FakeChat Logger transport
      Typehint against doctrine/persistence interfaces
      [Serializer] Better value for constant Serializer::EMPTY_ARRAYS_AS_OBJECT
      Remove time-sensitivity from LoginLinkHandlerTest
    derrabus committed Aug 4, 2021
    Copy the full SHA
    533b9f0 View commit details

Commits on Aug 9, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4: (31 commits)
      fix test
      Clarify goals of AbstractController
      cs fix
      [Security][Validator] Add missing translations for Indonesian (id)
      [Security] Deprecate legacy signatures
      [Notifier] fix typo firebase
      [SecurityBundle] Create a smooth upgrade path for security factories
      Add trailing Line return if last line is non empty
      Add trailing Line return if last line is non empty
      [Security] Deprecate `PassportInterface`
      Report mismatches between trans-unit id and source text via status script
      Do not add namespace argument to NullAdapter in CachePoolPass
      [FrameworkBundle] Update cache:clear help
      [HttpFoundation] Add `litespeed_finish_request` to `Response`
      Fix markup
      (minor) remove author tags from test classes
      [Notifier] add `SentMessageEvent` and `FailedMessageEvent`
      [HttpFoundation] Mark Request::get() internal
      Add missing to semi-colon to exception.js
      [FrameworkBundle] remove dead conditions in Translation Commands
      ...
    chalasr committed Aug 9, 2021
    Copy the full SHA
    616d9f2 View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      [Ldap] remove needless code
      Drop irrelevant UPGRADE note
      cs fix
      [Security] Add a little explanations in supports() description
      [Serializer] Rename Serializer::EMPTY_ARRAYS_AS_OBJECT to EMPTY_ARRAY_AS_OBJECT
    nicolas-grekas committed Aug 9, 2021
    Copy the full SHA
    620a7e2 View commit details
  3. Copy the full SHA
    b4be749 View commit details

Commits on Aug 10, 2021

  1. minor #42213 Narrow existing return types on private/internal/final/t…

    …est methods (nicolas-grekas)
    
    This PR was merged into the 6.0 branch.
    
    Discussion
    ----------
    
    Narrow existing return types on private/internal/final/test methods
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 6.0
    | Bug fix?      | no
    | New feature?  | no
    | Deprecations? | no
    | Tickets       | -
    | License       | MIT
    | Doc PR        | -
    
    More progress from #42149
    
    Commits
    -------
    
    d67a927659 Narrow existing return types on private/internal/final/test methods
    nicolas-grekas committed Aug 10, 2021
    Copy the full SHA
    5d28169 View commit details

Commits on Aug 11, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      More return type fixes
      [EventDispatcher] fix getSubscribedEvents() event yielding instead or returning array
      Update Tagalog translations
    nicolas-grekas committed Aug 11, 2021
    Copy the full SHA
    5ffb4db View commit details

Commits on Aug 12, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      More return type fixes (bis)
      Cleanup `@return` annotations
    nicolas-grekas committed Aug 12, 2021
    Copy the full SHA
    3c48b14 View commit details

Commits on Aug 14, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Security] Deprecate remaining anonymous checks
      [Security] Deprecate AnonymousToken, non-UserInterface users, and token credentials
      Fix deprecation messages
      Fix deprecation messages
      Do not use str_start_with
      Add the Path class
      Add Estonian (et) translations
      [SecurityBundle] Simplify LDAP factories
    wouterj committed Aug 14, 2021
    Copy the full SHA
    cd2310e View commit details

Commits on Aug 15, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Security] Fix token user usage in SwitchUserListenerTest
      [Security] PassportInterface deprecations fixes
      [Security] Remove faulty legacy mark from SwitchUserListenerTest
      [Yaml] Add an --exclude option to lint:yaml command
      * Deprecated calling `FormErrorIterator::children()` if the current element is not iterable
    wouterj committed Aug 15, 2021
    Copy the full SHA
    5031ce2 View commit details

Commits on Aug 16, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Security] Deprecated build-in authentication entry points
    fabpot committed Aug 16, 2021
    Copy the full SHA
    5dc9306 View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      [Security] Deprecate legacy remember me services
      [Form] Fix return types in form builder
    nicolas-grekas committed Aug 16, 2021
    Copy the full SHA
    1ce1e1d View commit details
  3. Run php-cs-fixer

    nicolas-grekas committed Aug 16, 2021
    Copy the full SHA
    cf93611 View commit details

Commits on Aug 17, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [Serializer] cs fix
      Cleanup more `@return` annotations
      [Form] Fix phpdoc on FormBuilderInterface
    nicolas-grekas committed Aug 17, 2021
    Copy the full SHA
    7263434 View commit details
  2. Merge branch '5.4' into 6.0

    * 5.4:
      [SecurityHttp] Fix incompatibility with 6.0
      [SecurityGuard] Fix incompatibility with 6.0
      [SecurityBundle] Fix incompatibility with 6.0
      [FrameworkBundle] Fix incompatibility with 6.0
      [SecurityHttp] Fix incompatibility with 6.0
      [PasswordHasher] Fix incompatibility with 6.0
      [MonologBridge] Fix incompatibility with 6.0
      [Security] Minor fixes
      [Security] Fix wrong cache directive when using the new PUBLIC_ACCESS attribute
    wouterj committed Aug 17, 2021
    Copy the full SHA
    049031c View commit details

Commits on Aug 18, 2021

  1. Merge branch '5.4' into 6.0

    * 5.4:
      [ErrorHandler] improve parsing of phpdoc by DebugClassLoader
    nicolas-grekas committed Aug 18, 2021
    Copy the full SHA
    904bb9e View commit details
Showing with 8,008 additions and 8,456 deletions.
  1. +1 −2 .gitattributes
  2. +8 −0 .github/PULL_REQUEST_TEMPLATE.md
  3. +20 −0 .github/workflows/close-pull-request.yml
  4. +3 −6 AccessMap.php
  5. +1 −1 AccessMapInterface.php
  6. +24 −0 AccessToken/AccessTokenExtractorInterface.php
  7. +29 −0 AccessToken/AccessTokenHandlerInterface.php
  8. +85 −0 AccessToken/Cas/Cas2Handler.php
  9. +41 −0 AccessToken/ChainAccessTokenExtractor.php
  10. +47 −0 AccessToken/FormEncodedBodyExtractor.php
  11. +49 −0 AccessToken/HeaderAccessTokenExtractor.php
  12. +100 −0 AccessToken/OAuth2/Oauth2TokenHandler.php
  13. +25 −0 AccessToken/Oidc/Exception/InvalidSignatureException.php
  14. +25 −0 AccessToken/Oidc/Exception/MissingClaimException.php
  15. +248 −0 AccessToken/Oidc/OidcTokenHandler.php
  16. +53 −0 AccessToken/Oidc/OidcTrait.php
  17. +93 −0 AccessToken/Oidc/OidcUserInfoTokenHandler.php
  18. +44 −0 AccessToken/QueryAccessTokenExtractor.php
  19. +12 −1 Attribute/CurrentUser.php
  20. +37 −0 Attribute/IsCsrfTokenValid.php
  21. +42 −0 Attribute/IsGranted.php
  22. +48 −0 Attribute/IsGrantedContext.php
  23. +2 −6 Authentication/AuthenticationFailureHandlerInterface.php
  24. +2 −6 Authentication/AuthenticationSuccessHandlerInterface.php
  25. +14 −22 Authentication/AuthenticationUtils.php
  26. +111 −68 Authentication/AuthenticatorManager.php
  27. +6 −9 Authentication/CustomAuthenticationFailureHandler.php
  28. +7 −13 Authentication/CustomAuthenticationSuccessHandler.php
  29. +21 −29 Authentication/DefaultAuthenticationFailureHandler.php
  30. +16 −58 Authentication/DefaultAuthenticationSuccessHandler.php
  31. +22 −0 Authentication/ExposeSecurityLevel.php
  32. +0 −33 Authentication/NoopAuthenticationManager.php
  33. +3 −2 Authentication/UserAuthenticatorInterface.php
  34. +0 −22 Authenticator/AbstractAuthenticator.php
  35. +4 −6 Authenticator/AbstractLoginFormAuthenticator.php
  36. +12 −45 Authenticator/AbstractPreAuthenticatedAuthenticator.php
  37. +123 −0 Authenticator/AccessTokenAuthenticator.php
  38. +3 −12 Authenticator/AuthenticatorInterface.php
  39. +42 −29 Authenticator/Debug/TraceableAuthenticator.php
  40. +30 −33 Authenticator/Debug/TraceableAuthenticatorManagerListener.php
  41. +32 −0 Authenticator/FallbackUserLoader.php
  42. +32 −44 Authenticator/FormLoginAuthenticator.php
  43. +11 −37 Authenticator/HttpBasicAuthenticator.php
  44. +3 −3 Authenticator/InteractiveAuthenticatorInterface.php
  45. +35 −62 Authenticator/JsonLoginAuthenticator.php
  46. +21 −26 Authenticator/LoginLinkAuthenticator.php
  47. +5 −7 Authenticator/Passport/Badge/CsrfTokenBadge.php
  48. +5 −5 Authenticator/Passport/Badge/PasswordUpgradeBadge.php
  49. +8 −3 Authenticator/Passport/Badge/RememberMeBadge.php
  50. +43 −10 Authenticator/Passport/Badge/UserBadge.php
  51. +10 −11 Authenticator/Passport/Credentials/CustomCredentials.php
  52. +3 −3 Authenticator/Passport/Credentials/PasswordCredentials.php
  53. +23 −21 Authenticator/Passport/Passport.php
  54. +0 −48 Authenticator/Passport/PassportInterface.php
  55. +0 −54 Authenticator/Passport/PassportTrait.php
  56. +0 −30 Authenticator/Passport/UserPassportInterface.php
  57. +37 −32 Authenticator/RememberMeAuthenticator.php
  58. +11 −12 Authenticator/RemoteUserAuthenticator.php
  59. +6 −20 Authenticator/Token/PostAuthenticationToken.php
  60. +12 −11 Authenticator/X509Authenticator.php
  61. +1 −3 Authorization/AccessDeniedHandlerInterface.php
  62. +69 −0 CHANGELOG.md
  63. +50 −0 Controller/SecurityTokenValueResolver.php
  64. +25 −23 Controller/UserValueResolver.php
  65. +1 −3 EntryPoint/AuthenticationEntryPointInterface.php
  66. +0 −48 EntryPoint/BasicAuthenticationEntryPoint.php
  67. +3 −0 EntryPoint/Exception/NotAnEntryPointException.php
  68. +0 −66 EntryPoint/FormAuthenticationEntryPoint.php
  69. +0 −64 EntryPoint/RetryAuthenticationEntryPoint.php
  70. +7 −18 Event/AuthenticationTokenCreatedEvent.php
  71. +7 −17 Event/CheckPassportEvent.php
  72. +0 −56 Event/DeauthenticatedEvent.php
  73. +4 −7 Event/InteractiveLoginEvent.php
  74. +4 −31 Event/LazyResponseEvent.php
  75. +12 −26 Event/LoginFailureEvent.php
  76. +17 −32 Event/LoginSuccessEvent.php
  77. +5 −7 Event/LogoutEvent.php
  78. +6 −10 Event/SwitchUserEvent.php
  79. +4 −7 Event/TokenDeauthenticatedEvent.php
  80. +7 −30 EventListener/CheckCredentialsListener.php
  81. +8 −10 EventListener/CheckRememberMeConditionsListener.php
  82. +49 −0 EventListener/ClearSiteDataLogoutListener.php
  83. +4 −6 EventListener/CookieClearingLogoutListener.php
  84. +3 −5 EventListener/CsrfProtectionListener.php
  85. +8 −5 EventListener/CsrfTokenClearingLogoutListener.php
  86. +4 −7 EventListener/DefaultLogoutListener.php
  87. +78 −0 EventListener/IsCsrfTokenValidAttributeListener.php
  88. +107 −0 EventListener/IsGrantedAttributeListener.php
  89. +32 −13 EventListener/LoginThrottlingListener.php
  90. +14 −19 EventListener/PasswordMigratingListener.php
  91. +7 −16 EventListener/RememberMeListener.php
  92. +0 −64 EventListener/RememberMeLogoutListener.php
  93. +13 −6 EventListener/SessionStrategyListener.php
  94. +5 −8 EventListener/UserCheckerListener.php
  95. +4 −13 EventListener/UserProviderListener.php
  96. +15 −9 Firewall.php
  97. +0 −229 Firewall/AbstractAuthenticationListener.php
  98. +1 −1 Firewall/AbstractListener.php
  99. +0 −160 Firewall/AbstractPreAuthenticatedListener.php
  100. +21 −72 Firewall/AccessListener.php
  101. +0 −84 Firewall/AnonymousAuthenticationListener.php
  102. +3 −5 Firewall/AuthenticatorManagerListener.php
  103. +0 −132 Firewall/BasicAuthenticationListener.php
  104. +8 −35 Firewall/ChannelListener.php
  105. +80 −140 Firewall/ContextListener.php
  106. +30 −62 Firewall/ExceptionListener.php
  107. +1 −1 Firewall/FirewallListenerInterface.php
  108. +11 −53 Firewall/LogoutListener.php
  109. +0 −130 Firewall/RememberMeListener.php
  110. +0 −53 Firewall/RemoteUserAuthenticationListener.php
  111. +36 −54 Firewall/SwitchUserListener.php
  112. +0 −110 Firewall/UsernamePasswordFormAuthenticationListener.php
  113. +0 −235 Firewall/UsernamePasswordJsonAuthenticationListener.php
  114. +0 −64 Firewall/X509AuthenticationListener.php
  115. +3 −6 FirewallMap.php
  116. +1 −1 FirewallMapInterface.php
  117. +31 −44 HttpUtils.php
  118. +31 −19 Impersonate/ImpersonateUrlGenerator.php
  119. +1 −1 LICENSE
  120. +1 −4 LoginLink/Exception/InvalidLoginLinkAuthenticationException.php
  121. +5 −8 LoginLink/LoginLinkDetails.php
  122. +30 −29 LoginLink/LoginLinkHandler.php
  123. +3 −1 LoginLink/LoginLinkHandlerInterface.php
  124. +9 −10 LoginLink/LoginLinkNotification.php
  125. +0 −49 Logout/CookieClearingLogoutHandler.php
  126. +0 −40 Logout/CsrfTokenClearingLogoutHandler.php
  127. +0 −46 Logout/DefaultLogoutSuccessHandler.php
  128. +0 −33 Logout/LogoutHandlerInterface.php
  129. +0 −41 Logout/LogoutSuccessHandlerInterface.php
  130. +26 −39 Logout/LogoutUrlGenerator.php
  131. +0 −37 Logout/SessionLogoutHandler.php
  132. +17 −18 ParameterBagUtils.php
  133. +3 −3 README.md
  134. +21 −11 RateLimiter/DefaultLoginRateLimiter.php
  135. +15 −44 RememberMe/AbstractRememberMeHandler.php
  136. +0 −309 RememberMe/AbstractRememberMeServices.php
  137. +51 −40 RememberMe/PersistentRememberMeHandler.php
  138. +0 −167 RememberMe/PersistentTokenBasedRememberMeServices.php
  139. +13 −14 RememberMe/RememberMeDetails.php
  140. +0 −79 RememberMe/RememberMeServicesInterface.php
  141. +1 −4 RememberMe/ResponseListener.php
  142. +21 −13 RememberMe/SignatureRememberMeHandler.php
  143. +0 −136 RememberMe/TokenBasedRememberMeServices.php
  144. +24 −0 SecurityRequestAttributes.php
  145. +13 −10 Session/SessionAuthenticationStrategy.php
  146. +1 −1 Session/SessionAuthenticationStrategyInterface.php
  147. +123 −0 Tests/AccessToken/Cas/Cas2HandlerTest.php
  148. +52 −0 Tests/AccessToken/OAuth2/OAuth2TokenHandlerTest.php
  149. +195 −0 Tests/AccessToken/Oidc/OidcTokenHandlerTest.php
  150. +87 −0 Tests/AccessToken/Oidc/OidcUserInfoTokenHandlerTest.php
  151. +127 −0 Tests/Authentication/AuthenticationUtilsTest.php
  152. +488 −0 Tests/Authentication/AuthenticatorManagerBCTest.php
  153. +134 −52 Tests/Authentication/AuthenticatorManagerTest.php
  154. +39 −21 Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php
  155. +32 −6 Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
  156. +1 −23 Tests/Authenticator/AbstractAuthenticatorTest.php
  157. +122 −0 Tests/Authenticator/AbstractLoginFormAuthenticatorTest.php
  158. +112 −0 Tests/Authenticator/AccessToken/ChainedAccessTokenExtractorsTest.php
  159. +127 −0 Tests/Authenticator/AccessToken/FormEncodedBodyAccessTokenAuthenticatorTest.php
  160. +151 −0 Tests/Authenticator/AccessToken/HeaderAccessTokenAuthenticatorTest.php
  161. +119 −0 Tests/Authenticator/AccessToken/QueryAccessTokenAuthenticatorTest.php
  162. +190 −0 Tests/Authenticator/AccessTokenAuthenticatorTest.php
  163. +23 −0 Tests/Authenticator/Debug/TraceableAuthenticatorTest.php
  164. +2 −1 Tests/Authenticator/Fixtures/PasswordUpgraderProvider.php
  165. +136 −21 Tests/Authenticator/FormLoginAuthenticatorTest.php
  166. +8 −9 Tests/Authenticator/HttpBasicAuthenticatorTest.php
  167. +47 −0 Tests/Authenticator/InMemoryAccessTokenHandler.php
  168. +21 −16 Tests/Authenticator/JsonLoginAuthenticatorTest.php
  169. +11 −8 Tests/Authenticator/LoginLinkAuthenticatorTest.php
  170. +47 −1 Tests/Authenticator/Passport/Badge/UserBadgeTest.php
  171. +14 −10 Tests/Authenticator/RememberMeAuthenticatorTest.php
  172. +2 −1 Tests/Authenticator/RemoteUserAuthenticatorTest.php
  173. +31 −2 Tests/Authenticator/X509AuthenticatorTest.php
  174. +105 −0 Tests/Controller/SecurityTokenValueResolverTest.php
  175. +74 −23 Tests/Controller/UserValueResolverTest.php
  176. +0 −48 Tests/EntryPoint/BasicAuthenticationEntryPointTest.php
  177. +0 −75 Tests/EntryPoint/FormAuthenticationEntryPointTest.php
  178. +0 −69 Tests/EntryPoint/RetryAuthenticationEntryPointTest.php
  179. +23 −21 Tests/EventListener/CheckCredentialsListenerTest.php
  180. +69 −17 Tests/EventListener/CheckRememberMeConditionsListenerTest.php
  181. +48 −0 Tests/EventListener/ClearSiteDataLogoutListenerTest.php
  182. +18 −1 Tests/EventListener/CookieClearingLogoutListenerTest.php
  183. +11 −8 Tests/EventListener/CsrfProtectionListenerTest.php
  184. +36 −0 Tests/EventListener/CsrfTokenClearingLogoutListenerTest.php
  185. +346 −0 Tests/EventListener/IsCsrfTokenValidAttributeListenerTest.php
  186. +458 −0 Tests/EventListener/IsGrantedAttributeListenerTest.php
  187. +374 −0 Tests/EventListener/IsGrantedAttributeWithClosureListenerTest.php
  188. +10 −13 Tests/EventListener/LoginThrottlingListenerTest.php
  189. +63 −47 Tests/EventListener/PasswordMigratingListenerTest.php
  190. +10 −11 Tests/EventListener/RememberMeListenerTest.php
  191. +0 −33 Tests/EventListener/RememberMeLogoutListenerTest.php
  192. +48 −7 Tests/EventListener/SessionStrategyListenerTest.php
  193. +10 −30 Tests/EventListener/UserCheckerListenerTest.php
  194. +3 −9 Tests/EventListener/UserProviderListenerTest.php
  195. +0 −233 Tests/Firewall/AbstractPreAuthenticatedListenerTest.php
  196. +18 −150 Tests/Firewall/AccessListenerTest.php
  197. +0 −98 Tests/Firewall/AnonymousAuthenticationListenerTest.php
  198. +0 −220 Tests/Firewall/BasicAuthenticationListenerTest.php
  199. +0 −39 Tests/Firewall/ChannelListenerTest.php
  200. +83 −135 Tests/Firewall/ContextListenerTest.php
  201. +10 −26 Tests/Firewall/ExceptionListenerTest.php
  202. +5 −45 Tests/Firewall/LogoutListenerTest.php
  203. +0 −380 Tests/Firewall/RememberMeListenerTest.php
  204. +0 −96 Tests/Firewall/RemoteUserAuthenticationListenerTest.php
  205. +36 −54 Tests/Firewall/SwitchUserListenerTest.php
  206. +0 −302 Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
  207. +0 −271 Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php
  208. +0 −130 Tests/Firewall/X509AuthenticationListenerTest.php
  209. +7 −7 Tests/FirewallMapTest.php
  210. +59 −0 Tests/Fixtures/CustomUser.php
  211. +49 −0 Tests/Fixtures/DummyAuthenticator.php
  212. +29 −0 Tests/Fixtures/DummySupportsAuthenticator.php
  213. +22 −0 Tests/Fixtures/IsCsrfTokenValidAttributeController.php
  214. +62 −0 Tests/Fixtures/IsCsrfTokenValidAttributeMethodsController.php
  215. +27 −0 Tests/Fixtures/IsGrantedAttributeController.php
  216. +80 −0 Tests/Fixtures/IsGrantedAttributeMethodsController.php
  217. +98 −0 Tests/Fixtures/IsGrantedAttributeMethodsWithClosureController.php
  218. +32 −0 Tests/Fixtures/IsGrantedAttributeWithClosureController.php
  219. +23 −0 Tests/Fixtures/NullUserToken.php
  220. +77 −18 Tests/HttpUtilsTest.php
  221. +134 −64 Tests/LoginLink/LoginLinkHandlerTest.php
  222. +0 −59 Tests/Logout/CookieClearingLogoutHandlerTest.php
  223. +0 −91 Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php
  224. +0 −41 Tests/Logout/DefaultLogoutSuccessHandlerTest.php
  225. +20 −23 Tests/Logout/LogoutUrlGeneratorTest.php
  226. +0 −47 Tests/Logout/SessionLogoutHandlerTest.php
  227. +0 −326 Tests/RememberMe/AbstractRememberMeServicesTest.php
  228. +84 −35 Tests/RememberMe/PersistentRememberMeHandlerTest.php
  229. +0 −331 Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php
  230. +20 −39 Tests/RememberMe/SignatureRememberMeHandlerTest.php
  231. +0 −232 Tests/RememberMe/TokenBasedRememberMeServicesTest.php
  232. +17 −2 Tests/Session/SessionAuthenticationStrategyTest.php
  233. +2 −2 Util/TargetPathTrait.php
  234. +23 −20 composer.json
  235. +9 −9 phpunit.xml.dist
3 changes: 1 addition & 2 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
/Tests export-ignore
/phpunit.xml.dist export-ignore
/.gitattributes export-ignore
/.gitignore export-ignore
/.git* export-ignore
8 changes: 8 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
Please do not submit any Pull Requests here. They will be closed.
---

Please submit your PR here instead:
https://github.com/symfony/symfony

This repository is what we call a "subtree split": a read-only subset of that main repository.
We're looking forward to your PR there!
20 changes: 20 additions & 0 deletions .github/workflows/close-pull-request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Close Pull Request

on:
pull_request_target:
types: [opened]

jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: superbrothers/close-pull-request@v3
with:
comment: |
Thanks for your Pull Request! We love contributions.
However, you should instead open your PR on the main repository:
https://github.com/symfony/symfony
This repository is what we call a "subtree split": a read-only subset of that main repository.
We're looking forward to your PR there!
9 changes: 3 additions & 6 deletions AccessMap.php
Original file line number Diff line number Diff line change
@@ -22,21 +22,18 @@
*/
class AccessMap implements AccessMapInterface
{
private $map = [];
private array $map = [];

/**
* @param array $attributes An array of attributes to pass to the access decision manager (like roles)
* @param string|null $channel The channel to enforce (http, https, or null)
*/
public function add(RequestMatcherInterface $requestMatcher, array $attributes = [], string $channel = null)
public function add(RequestMatcherInterface $requestMatcher, array $attributes = [], ?string $channel = null): void
{
$this->map[] = [$requestMatcher, $attributes, $channel];
}

/**
* {@inheritdoc}
*/
public function getPatterns(Request $request)
public function getPatterns(Request $request): array
{
foreach ($this->map as $elements) {
if (null === $elements[0] || $elements[0]->matches($request)) {
2 changes: 1 addition & 1 deletion AccessMapInterface.php
Original file line number Diff line number Diff line change
@@ -27,5 +27,5 @@ interface AccessMapInterface
*
* @return array{0: array|null, 1: string|null} A tuple of security attributes and the required channel
*/
public function getPatterns(Request $request);
public function getPatterns(Request $request): array;
}
24 changes: 24 additions & 0 deletions AccessToken/AccessTokenExtractorInterface.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Http\AccessToken;

use Symfony\Component\HttpFoundation\Request;

/**
* The token extractor retrieves the token from a request.
*
* @author Florent Morselli <florent.morselli@spomky-labs.com>
*/
interface AccessTokenExtractorInterface
{
public function extractAccessToken(Request $request): ?string;
}
29 changes: 29 additions & 0 deletions AccessToken/AccessTokenHandlerInterface.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Http\AccessToken;

use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;

/**
* The token handler retrieves the user identifier from the token.
* In order to get the user identifier, implementations may need to load and validate the token (e.g. revocation, expiration time, digital signature...).
*
* @author Florent Morselli <florent.morselli@spomky-labs.com>
*/
interface AccessTokenHandlerInterface
{
/**
* @throws AuthenticationException
*/
public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge;
}
85 changes: 85 additions & 0 deletions AccessToken/Cas/Cas2Handler.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Http\AccessToken\Cas;

use Symfony\Component\HttpClient\HttpClient;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\AccessToken\AccessTokenHandlerInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Contracts\HttpClient\HttpClientInterface;

/**
* @see https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-V2-Specification.html
*
* @author Nicolas Attard <contact@nicolasattard.fr>
*/
final class Cas2Handler implements AccessTokenHandlerInterface
{
public function __construct(
private readonly RequestStack $requestStack,
private readonly string $validationUrl,
private readonly string $prefix = 'cas',
private ?HttpClientInterface $client = null,
) {
if (null === $client) {
if (!class_exists(HttpClient::class)) {
throw new \LogicException(\sprintf('You cannot use "%s" as the HttpClient component is not installed. Try running "composer require symfony/http-client".', __CLASS__));
}

$this->client = HttpClient::create();
}
}

/**
* @throws AuthenticationException
*/
public function getUserBadgeFrom(string $accessToken): UserBadge
{
$response = $this->client->request('GET', $this->getValidationUrl($accessToken));

$xml = new \SimpleXMLElement($response->getContent(), 0, false, $this->prefix, true);

if (isset($xml->authenticationSuccess)) {
return new UserBadge((string) $xml->authenticationSuccess->user);
}

if (isset($xml->authenticationFailure)) {
throw new AuthenticationException('CAS Authentication Failure: '.trim((string) $xml->authenticationFailure));
}

throw new AuthenticationException('Invalid CAS response.');
}

private function getValidationUrl(string $accessToken): string
{
$request = $this->requestStack->getCurrentRequest();

if (null === $request) {
throw new \LogicException('Request should exist so it can be processed for error.');
}

$query = $request->query->all();

if (!isset($query['ticket'])) {
throw new AuthenticationException('No ticket found in request.');
}
unset($query['ticket']);
$queryString = $query ? '?'.http_build_query($query) : '';

return \sprintf('%s?ticket=%s&service=%s',
$this->validationUrl,
urlencode($accessToken),
urlencode($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$queryString)
);
}
}
41 changes: 41 additions & 0 deletions AccessToken/ChainAccessTokenExtractor.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Http\AccessToken;

use Symfony\Component\HttpFoundation\Request;

/**
* The token extractor retrieves the token from a request.
*
* @author Florent Morselli <florent.morselli@spomky-labs.com>
*/
final class ChainAccessTokenExtractor implements AccessTokenExtractorInterface
{
/**
* @param AccessTokenExtractorInterface[] $accessTokenExtractors
*/
public function __construct(
private readonly iterable $accessTokenExtractors,
) {
}

public function extractAccessToken(Request $request): ?string
{
foreach ($this->accessTokenExtractors as $extractor) {
if ($accessToken = $extractor->extractAccessToken($request)) {
return $accessToken;
}
}

return null;
}
}
47 changes: 47 additions & 0 deletions AccessToken/FormEncodedBodyExtractor.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Http\AccessToken;

use Symfony\Component\HttpFoundation\Request;

/**
* Extracts a token from the body request.
*
* WARNING!
* Because of the security weaknesses associated with this method,
* the request body method SHOULD NOT be used except in application contexts
* where participating browsers do not have access to the "Authorization" request header field.
*
* @author Florent Morselli <florent.morselli@spomky-labs.com>
*
* @see https://datatracker.ietf.org/doc/html/rfc6750#section-2.2
*/
final class FormEncodedBodyExtractor implements AccessTokenExtractorInterface
{
public function __construct(
private readonly string $parameter = 'access_token',
) {
}

public function extractAccessToken(Request $request): ?string
{
if (
Request::METHOD_POST !== $request->getMethod()
|| !str_starts_with($request->headers->get('CONTENT_TYPE', ''), 'application/x-www-form-urlencoded')
) {
return null;
}
$parameter = $request->request->get($this->parameter);

return \is_string($parameter) ? $parameter : null;
}
}
49 changes: 49 additions & 0 deletions AccessToken/HeaderAccessTokenExtractor.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Http\AccessToken;

use Symfony\Component\HttpFoundation\Request;

/**
* Extracts a token from the request header.
*
* @author Florent Morselli <florent.morselli@spomky-labs.com>
*
* @see https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
*/
final class HeaderAccessTokenExtractor implements AccessTokenExtractorInterface
{
private string $regex;

public function __construct(
private readonly string $headerParameter = 'Authorization',
private readonly string $tokenType = 'Bearer',
) {
$this->regex = \sprintf(
'/^%s([a-zA-Z0-9\-_\+~\/\.]+=*)$/',
'' === $this->tokenType ? '' : preg_quote($this->tokenType).'\s+'
);
}

public function extractAccessToken(Request $request): ?string
{
if (!$request->headers->has($this->headerParameter) || !\is_string($header = $request->headers->get($this->headerParameter))) {
return null;
}

if (preg_match($this->regex, $header, $matches)) {
return $matches[1];
}

return null;
}
}
Loading