Merge branch '3.4'

Author: Tobion

UPGRADE-3.4.md

@@ -205,6 +205,24 @@ FrameworkBundle
    `TranslationDebugCommand`, `TranslationUpdateCommand`, `XliffLintCommand`
     and `YamlLintCommand` classes have been marked as final
 
+HttpFoundation
+--------------
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeSessionHandler`
+   class has been deprecated and will be removed in 4.0. Use the `\SessionHandler` class instead.
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy` class has been
+   deprecated and will be removed in 4.0. Use your `\SessionHandlerInterface` implementation directly.
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy` class has been
+   deprecated and will be removed in 4.0. Use your `\SessionHandlerInterface` implementation directly.
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy` class has been
+   deprecated and will be removed in 4.0. Use your `\SessionHandlerInterface` implementation directly.
+
+ * `NativeSessionStorage::setSaveHandler()` now takes an instance of `\SessionHandlerInterface` as argument.
+   Not passing it is deprecated and will throw a `TypeError` in 4.0.
+
 HttpKernel
 ----------
 
@@ -269,6 +287,10 @@ SecurityBundle
     as first argument. Not passing it is deprecated and will throw a `TypeError`
     in 4.0.
 
+ * Added `logout_on_user_change` to the firewall options. This config item will
+   trigger a logout when the user has changed. Should be set to true to avoid
+   deprecations in the configuration.
+
 Translation
 -----------
 

UPGRADE-4.0.md

@@ -524,6 +524,13 @@ HttpFoundation
  * The ability to check only for cacheable HTTP methods using `Request::isMethodSafe()` is
    not supported anymore, use `Request::isMethodCacheable()` instead.
 
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeSessionHandler`, 
+   `Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy`,
+   `Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy` and 
+   `Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy` classes have been removed.
+
+ * `NativeSessionStorage::setSaveHandler()` now requires an instance of `\SessionHandlerInterface` as argument.
+
 HttpKernel
 ----------
 
@@ -642,6 +649,9 @@ Security
 
  * Support for defining voters that don't implement the `VoterInterface` has been removed.
 
+ * Calling `ContextListener::setLogoutOnUserChange(false)` won't have any
+   effect anymore.
+
 SecurityBundle
 --------------
 
@@ -660,6 +670,9 @@ SecurityBundle
    `Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
     as first argument.
 
+ * The firewall option `logout_on_user_change` is now always true, which will
+   trigger a logout if the user changes between requests.
+
 Serializer
 ----------
 

src/Symfony/Bridge/Twig/Tests/AppVariableTest.php

@@ -47,8 +47,9 @@ public function testEnvironment()
 
     public function testGetSession()
     {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
         $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
-        $request->method('getSession')->willReturn($session = new Session());
+        $request->method('getSession')->willReturn($session);
 
         $this->setRequestStack($request);
 
@@ -167,8 +168,9 @@ public function testGetFlashesWithNoRequest()
 
     public function testGetFlashesWithNoSessionStarted()
     {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
         $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
-        $request->method('getSession')->willReturn(new Session());
+        $request->method('getSession')->willReturn($session);
 
         $this->setRequestStack($request);
 
@@ -257,7 +259,7 @@ private function setFlashMessages()
         $flashBag = new FlashBag();
         $flashBag->initialize($flashMessages);
 
-        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->getMock();
+        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->disableOriginalConstructor()->getMock();
         $session->method('isStarted')->willReturn(true);
         $session->method('getFlashBag')->willReturn($flashBag);
 

src/Symfony/Bundle/FrameworkBundle/Resources/config/session.xml

@@ -38,6 +38,7 @@
         </service>
 
         <service id="session.flash_bag" class="Symfony\Component\HttpFoundation\Session\Flash\FlashBag" />
+        <service id="Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface" alias="session.flash_bag" />
 
         <service id="session.attribute_bag" class="Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag" />
 

src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTraitTest.php

@@ -376,7 +376,7 @@ public function testRedirectToRoute()
     public function testAddFlash()
     {
         $flashBag = new FlashBag();
-        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->getMock();
+        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->disableOriginalConstructor()->getMock();
         $session->expects($this->once())->method('getFlashBag')->willReturn($flashBag);
 
         $container = new Container();

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

@@ -22,6 +22,9 @@ CHANGELOG
  * `SetAclCommand::__construct()` now takes an instance of
    `Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
    as first argument
+ * Added `logout_on_user_change` to the firewall options. This config item will
+   trigger a logout when the user has changed. Should be set to true to avoid
+   deprecations in the configuration.
 
 3.3.0
 -----

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

@@ -252,6 +252,10 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
             ->scalarNode('provider')->end()
             ->booleanNode('stateless')->defaultFalse()->end()
             ->scalarNode('context')->cannotBeEmpty()->end()
+            ->booleanNode('logout_on_user_change')
+                ->defaultFalse()
+                ->info('When true, it will trigger a logout for the user if something has changed. This will be the default behavior as of Syfmony 4.0.')
+            ->end()
             ->arrayNode('logout')
                 ->treatTrueLike(array())
                 ->canBeUnset()
@@ -340,6 +344,17 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     return $firewall;
                 })
             ->end()
+            ->validate()
+                ->ifTrue(function ($v) {
+                    return (isset($v['stateless']) && true === $v['stateless']) || (isset($v['security']) && false === $v['security']);
+                })
+                ->then(function ($v) {
+                    // this option doesn't change behavior when true when stateless, so prevent deprecations
+                    $v['logout_on_user_change'] = true;
+
+                    return $v;
+                })
+            ->end()
         ;
     }
 

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

@@ -228,14 +228,14 @@ private function createFirewalls($config, ContainerBuilder $container)
         $providerIds = $this->createUserProviders($config, $container);
 
         // make the ContextListener aware of the configured user providers
-        $definition = $container->getDefinition('security.context_listener');
-        $arguments = $definition->getArguments();
+        $contextListenerDefinition = $container->getDefinition('security.context_listener');
+        $arguments = $contextListenerDefinition->getArguments();
         $userProviders = array();
         foreach ($providerIds as $userProviderId) {
             $userProviders[] = new Reference($userProviderId);
         }
         $arguments[1] = new IteratorArgument($userProviders);
-        $definition->setArguments($arguments);
+        $contextListenerDefinition->setArguments($arguments);
 
         $customUserChecker = false;
 
@@ -247,6 +247,12 @@ private function createFirewalls($config, ContainerBuilder $container)
                 $customUserChecker = true;
             }
 
+            if (!isset($firewall['logout_on_user_change']) || !$firewall['logout_on_user_change']) {
+                @trigger_error('Setting logout_on_user_change to false is deprecated as of 3.4 and will always be true in 4.0. Set logout_on_user_change to true in your firewall configuration.', E_USER_DEPRECATED);
+            }
+
+            $contextListenerDefinition->addMethodCall('setLogoutOnUserChange', array($firewall['logout_on_user_change']));
+
             $configId = 'security.firewall.map.config.'.$name;
 
             list($matcher, $listeners, $exceptionListener) = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php

@@ -73,18 +73,21 @@
             'logout' => true,
             'remember_me' => array('secret' => 'TheSecret'),
             'user_checker' => null,
+            'logout_on_user_change' => true,
         ),
         'host' => array(
             'pattern' => '/test',
             'host' => 'foo\\.example\\.org',
             'methods' => array('GET', 'POST'),
             'anonymous' => true,
             'http_basic' => true,
+            'logout_on_user_change' => true,
         ),
         'with_user_checker' => array(
             'user_checker' => 'app.user_checker',
             'anonymous' => true,
             'http_basic' => true,
+            'logout_on_user_change' => true,
         ),
     ),
 

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php

@@ -15,10 +15,12 @@
         'main' => array(
             'provider' => 'default',
             'form_login' => true,
+            'logout_on_user_change' => true,
         ),
         'other' => array(
             'provider' => 'with-dash',
             'form_login' => true,
+            'logout_on_user_change' => true,
         ),
     ),
 ));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_undefined_provider.php

@@ -12,6 +12,7 @@
         'main' => array(
             'provider' => 'undefined',
             'form_login' => true,
+            'logout_on_user_change' => true,
         ),
     ),
 ));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_provider.php

@@ -11,6 +11,7 @@
     'firewalls' => array(
         'main' => array(
             'form_login' => array('provider' => 'default'),
+            'logout_on_user_change' => true,
         ),
     ),
 ));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/listener_undefined_provider.php

@@ -11,6 +11,7 @@
     'firewalls' => array(
         'main' => array(
             'form_login' => array('provider' => 'undefined'),
+            'logout_on_user_change' => true,
         ),
     ),
 ));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php

@@ -11,6 +11,7 @@
         'main' => array(
             'form_login' => false,
             'http_basic' => null,
+            'logout_on_user_change' => true,
         ),
     ),
 

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge_import.php

@@ -6,6 +6,7 @@
             'form_login' => array(
                 'login_path' => '/login',
             ),
+        'logout_on_user_change' => true,
         ),
     ),
     'role_hierarchy' => array(

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php

@@ -12,7 +12,8 @@
     ),
     'firewalls' => array(
         'simple' => array('pattern' => '/login', 'security' => false),
-        'secure' => array('stateless' => true,
+        'secure' => array(
+            'stateless' => true,
             'http_basic' => true,
             'http_digest' => array('secret' => 'TheSecret'),
             'form_login' => true,

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/remember_me_options.php

@@ -13,6 +13,7 @@
                 'catch_exceptions' => false,
                 'token_provider' => 'token_provider_id',
             ),
+            'logout_on_user_change' => true,
         ),
     ),
 ));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml

@@ -60,12 +60,12 @@
             <remember-me secret="TheSecret"/>
         </firewall>
 
-        <firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST">
+        <firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST" logout-on-user-change="true">
             <anonymous />
             <http-basic />
         </firewall>
 
-        <firewall name="with_user_checker">
+        <firewall name="with_user_checker" logout-on-user-change="true">
             <anonymous />
             <http-basic />
             <user-checker>app.user_checker</user-checker>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml

@@ -11,7 +11,7 @@
         </sec:providers>
 
         <sec:firewalls>
-            <sec:firewall name="main" provider="with-dash">
+            <sec:firewall name="main" provider="with-dash" logout-on-user-change="true">
                 <sec:form_login />
             </sec:firewall>
         </sec:firewalls>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml

@@ -11,7 +11,7 @@
         </sec:providers>
 
         <sec:firewalls>
-            <sec:firewall name="main" provider="undefined">
+            <sec:firewall name="main" provider="undefined" logout-on-user-change="true">
                 <sec:form_login />
             </sec:firewall>
         </sec:firewalls>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml

@@ -11,7 +11,7 @@
         </sec:providers>
 
         <sec:firewalls>
-            <sec:firewall name="main">
+            <sec:firewall name="main" logout-on-user-change="true">
                 <sec:form_login provider="default" />
             </sec:firewall>
         </sec:firewalls>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml

@@ -11,7 +11,7 @@
         </sec:providers>
 
         <sec:firewalls>
-            <sec:firewall name="main">
+            <sec:firewall name="main" logout-on-user-change="true">
                 <sec:form_login provider="undefined" />
             </sec:firewall>
         </sec:firewalls>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml

@@ -12,7 +12,7 @@
     <sec:config>
         <sec:provider name="default" id="foo" />
 
-        <sec:firewall name="main" form-login="false">
+        <sec:firewall name="main" form-login="false" logout-on-user-change="true">
             <sec:http-basic />
         </sec:firewall>
 

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge_import.xml

@@ -6,7 +6,7 @@
     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
 
     <config>
-        <firewall name="main">
+        <firewall name="main" logout-on-user-change="true">
             <form-login login-path="/login" />
         </firewall>
 

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml

@@ -9,7 +9,7 @@
         <sec:providers>
             <sec:default id="foo"/>
         </sec:providers>
-        <sec:firewall name="main">
+        <sec:firewall name="main" logout-on-user-change="true">
             <sec:form-login/>
             <sec:remember-me secret="TheSecret" catch-exceptions="false" token-provider="token_provider_id" />
         </sec:firewall>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml

@@ -64,11 +64,13 @@ security:
             methods: [GET,POST]
             anonymous: true
             http_basic: true
+            logout_on_user_change: true
 
         with_user_checker:
             anonymous: ~
             http_basic: ~
             user_checker: app.user_checker
+            logout_on_user_change: true
 
     role_hierarchy:
         ROLE_ADMIN:       ROLE_USER

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_provider.yml

@@ -11,6 +11,8 @@ security:
         main:
             provider: default
             form_login: true
+            logout_on_user_change: true
         other:
             provider: with-dash
             form_login: true
+            logout_on_user_change: true

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/firewall_undefined_provider.yml

@@ -8,3 +8,4 @@ security:
         main:
             provider: undefined
             form_login: true
+            logout_on_user_change: true

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_provider.yml

@@ -8,3 +8,4 @@ security:
         main:
             form_login:
                 provider: default
+            logout_on_user_change: true

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/listener_undefined_provider.yml

@@ -8,3 +8,4 @@ security:
         main:
             form_login:
                 provider: undefined
+            logout_on_user_change: true