Skip to content
Permalink
Browse files

Merge branch '3.4' into 4.3

* 3.4:
  [Validator] Allow underscore character "_" in URL username and password
  [SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
  do not validate passwords when the hash is null
  [DI] Fix making the container path-independent when the app is in /app
  Allow copy instead of symlink for ./link script
  [FrameworkBundle] resolve service locators in `debug:*` commands
  bumped Symfony version to 3.4.37
  updated VERSION for 3.4.36
  update CONTRIBUTORS for 3.4.36
  updated CHANGELOG for 3.4.36
  • Loading branch information
xabbuh committed Dec 6, 2019
2 parents 56fac41 + 5807f5f commit 2ac56093a56ef7d157902a0a96bb6185fbf98d9b

Large diffs are not rendered by default.

21 link
@@ -23,11 +23,14 @@ use Symfony\Component\Filesystem\Filesystem;
* @author Kévin Dunglas <dunglas@gmail.com>
*/

$copy = false !== $k = array_search('--copy', $argv, true);
$copy && array_splice($argv, $k, 1);
$pathToProject = $argv[1] ?? getcwd();

if (!is_dir("$pathToProject/vendor/symfony")) {
echo 'Link dependencies to components to a local clone of the main symfony/symfony GitHub repository.'.PHP_EOL.PHP_EOL;
echo "Usage: $argv[0] /path/to/the/project".PHP_EOL.PHP_EOL;
echo 'Link (or copy) dependencies to components to a local clone of the main symfony/symfony GitHub repository.'.PHP_EOL.PHP_EOL;
echo "Usage: $argv[0] /path/to/the/project".PHP_EOL;
echo ' Use `--copy` to copy dependencies instead of symlink'.PHP_EOL.PHP_EOL;
echo "The directory \"$pathToProject\" does not exist or the dependencies are not installed, did you forget to run \"composer install\" in your project?".PHP_EOL;
exit(1);
}
@@ -50,7 +53,7 @@ foreach ($directories as $dir) {

foreach (glob("$pathToProject/vendor/symfony/*", GLOB_ONLYDIR | GLOB_NOSORT) as $dir) {
$package = 'symfony/'.basename($dir);
if (is_link($dir)) {
if (!$copy && is_link($dir)) {
echo "\"$package\" is already a symlink, skipping.".PHP_EOL;
continue;
}
@@ -59,11 +62,17 @@ foreach (glob("$pathToProject/vendor/symfony/*", GLOB_ONLYDIR | GLOB_NOSORT) as
continue;
}

$sfDir = '\\' === DIRECTORY_SEPARATOR ? $sfPackages[$package] : $filesystem->makePathRelative($sfPackages[$package], dirname(realpath($dir)));
$sfDir = ('\\' === DIRECTORY_SEPARATOR || $copy) ? $sfPackages[$package] : $filesystem->makePathRelative($sfPackages[$package], dirname(realpath($dir)));

$filesystem->remove($dir);
$filesystem->symlink($sfDir, $dir);
echo "\"$package\" has been linked to \"$sfPackages[$package]\".".PHP_EOL;

if ($copy) {
$filesystem->mirror($sfDir, $dir);
echo "\"$package\" has been copied from \"$sfPackages[$package]\".".PHP_EOL;
} else {
$filesystem->symlink($sfDir, $dir);
echo "\"$package\" has been linked to \"$sfPackages[$package]\".".PHP_EOL;
}
}

foreach (glob("$pathToProject/var/cache/*", GLOB_NOSORT) as $cacheDir) {
@@ -21,6 +21,7 @@
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\DependencyInjection\Compiler\ServiceLocatorTagPass;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException;
use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
@@ -229,6 +230,8 @@ protected function getContainerBuilder()
$container->compile();
} else {
(new XmlFileLoader($container = new ContainerBuilder(), new FileLocator()))->load($kernel->getContainer()->getParameter('debug.container.dump'));
$locatorPass = new ServiceLocatorTagPass();
$locatorPass->process($container);
}

return $this->containerBuilder = $container;
@@ -399,7 +399,13 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)
->performNoDeepMerging()
->beforeNormalization()->ifString()->then(function ($v) { return ['algorithm' => $v]; })->end()
->children()
->scalarNode('algorithm')->cannotBeEmpty()->end()
->scalarNode('algorithm')
->cannotBeEmpty()
->validate()
->ifTrue(function ($v) { return !\is_string($v); })
->thenInvalid('You must provide a string value.')
->end()
->end()
->scalarNode('hash_algorithm')->info('Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms.')->defaultValue('sha512')->end()
->scalarNode('key_length')->defaultValue(40)->end()
->booleanNode('ignore_case')->defaultFalse()->end()
@@ -194,14 +194,14 @@ public function dump(array $options = [])
if (!empty($options['file']) && is_dir($dir = \dirname($options['file']))) {
// Build a regexp where the first root dirs are mandatory,
// but every other sub-dir is optional up to the full path in $dir
// Mandate at least 2 root dirs and not more that 5 optional dirs.
// Mandate at least 1 root dir and not more than 5 optional dirs.

$dir = explode(\DIRECTORY_SEPARATOR, realpath($dir));
$i = \count($dir);

if (3 <= $i) {
if (2 + (int) ('\\' === \DIRECTORY_SEPARATOR) <= $i) {
$regex = '';
$lastOptionalDir = $i > 8 ? $i - 5 : 3;
$lastOptionalDir = $i > 8 ? $i - 5 : (2 + (int) ('\\' === \DIRECTORY_SEPARATOR));
$this->targetDirMaxMatches = $i - $lastOptionalDir;

while (--$i >= $lastOptionalDir) {
@@ -54,7 +54,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
throw new BadCredentialsException('The presented password cannot be empty.');
}

if (!$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
if (null === $user->getPassword() || !$this->encoderFactory->getEncoder($user)->isPasswordValid($user->getPassword(), $presentedPassword, $user->getSalt())) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
@@ -42,6 +42,10 @@ public function encodePassword(UserInterface $user, $plainPassword)
*/
public function isPasswordValid(UserInterface $user, $raw)
{
if (null === $user->getPassword()) {
return false;
}

$encoder = $this->encoderFactory->getEncoder($user);

return $encoder->isPasswordValid($user->getPassword(), $raw, $user->getSalt());
@@ -15,6 +15,7 @@
use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider;
use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\User;

class DaoAuthenticationProviderTest extends TestCase
{
@@ -151,7 +152,7 @@ public function testCheckAuthenticationWhenCredentialsAre0()

$method->invoke(
$provider,
$this->getMockBuilder('Symfony\\Component\\Security\\Core\\User\\UserInterface')->getMock(),
new User('username', 'password'),
$token
);
}
@@ -175,7 +176,7 @@ public function testCheckAuthenticationWhenCredentialsAreNotValid()
->willReturn('foo')
;

$method->invoke($provider, $this->getMockBuilder('Symfony\\Component\\Security\\Core\\User\\UserInterface')->getMock(), $token);
$method->invoke($provider, new User('username', 'password'), $token);
}

public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChanged()
@@ -247,7 +248,7 @@ public function testCheckAuthentication()
->willReturn('foo')
;

$method->invoke($provider, $this->getMockBuilder('Symfony\\Component\\Security\\Core\\User\\UserInterface')->getMock(), $token);
$method->invoke($provider, new User('username', 'password'), $token);
}

protected function getSupportedToken()
@@ -53,7 +53,7 @@ public function validate($password, Constraint $constraint)

$encoder = $this->encoderFactory->getEncoder($user);

if (!$encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) {
if (null === $user->getPassword() || !$encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) {
$this->context->addViolation($constraint->message);
}
}
@@ -24,7 +24,7 @@ class UrlValidator extends ConstraintValidator
{
const PATTERN = '~^
(%s):// # protocol
(([\.\pL\pN-]+:)?([\.\pL\pN-]+)@)? # basic auth
(([\_\.\pL\pN-]+:)?([\_\.\pL\pN-]+)@)? # basic auth
(
([\pL\pN\pS\-\_\.])+(\.?([\pL\pN]|xn\-\-[\pL\pN-]+)+\.?) # a domain name
| # or
@@ -152,9 +152,11 @@ public function getValidUrls()
['http://☎.com/'],
['http://username:password@symfony.com'],
['http://user.name:password@symfony.com'],
['http://user_name:pass_word@symfony.com'],
['http://username:pass.word@symfony.com'],
['http://user.name:pass.word@symfony.com'],
['http://user-name@symfony.com'],
['http://user_name@symfony.com'],
['http://symfony.com?'],
['http://symfony.com?query=1'],
['http://symfony.com/?query=1'],

0 comments on commit 2ac5609

Please sign in to comment.
You can’t perform that action at this time.