Merge branch '3.4'

Author: Tobion

UPGRADE-3.4.md

@@ -205,6 +205,24 @@ FrameworkBundle
    `TranslationDebugCommand`, `TranslationUpdateCommand`, `XliffLintCommand`
     and `YamlLintCommand` classes have been marked as final
 
+HttpFoundation
+--------------
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeSessionHandler`
+   class has been deprecated and will be removed in 4.0. Use the `\SessionHandler` class instead.
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy` class has been
+   deprecated and will be removed in 4.0. Use your `\SessionHandlerInterface` implementation directly.
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy` class has been
+   deprecated and will be removed in 4.0. Use your `\SessionHandlerInterface` implementation directly.
+
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy` class has been
+   deprecated and will be removed in 4.0. Use your `\SessionHandlerInterface` implementation directly.
+
+ * `NativeSessionStorage::setSaveHandler()` now takes an instance of `\SessionHandlerInterface` as argument.
+   Not passing it is deprecated and will throw a `TypeError` in 4.0.
+
 HttpKernel
 ----------
 
@@ -269,6 +287,10 @@ SecurityBundle
     as first argument. Not passing it is deprecated and will throw a `TypeError`
     in 4.0.
 
+ * Added `logout_on_user_change` to the firewall options. This config item will
+   trigger a logout when the user has changed. Should be set to true to avoid
+   deprecations in the configuration.
+
 Translation
 -----------
 

UPGRADE-4.0.md

@@ -524,6 +524,13 @@ HttpFoundation
  * The ability to check only for cacheable HTTP methods using `Request::isMethodSafe()` is
    not supported anymore, use `Request::isMethodCacheable()` instead.
 
+ * The `Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeSessionHandler`, 
+   `Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy`,
+   `Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy` and 
+   `Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy` classes have been removed.
+
+ * `NativeSessionStorage::setSaveHandler()` now requires an instance of `\SessionHandlerInterface` as argument.
+
 HttpKernel
 ----------
 
@@ -642,6 +649,9 @@ Security
 
  * Support for defining voters that don't implement the `VoterInterface` has been removed.
 
+ * Calling `ContextListener::setLogoutOnUserChange(false)` won't have any
+   effect anymore.
+
 SecurityBundle
 --------------
 
@@ -660,6 +670,9 @@ SecurityBundle
    `Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
     as first argument.
 
+ * The firewall option `logout_on_user_change` is now always true, which will
+   trigger a logout if the user changes between requests.
+
 Serializer
 ----------
 

src/Symfony/Bridge/Twig/Tests/AppVariableTest.php

@@ -47,8 +47,9 @@ public function testEnvironment()
 
     public function testGetSession()
     {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
         $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
-        $request->method('getSession')->willReturn($session = new Session());
+        $request->method('getSession')->willReturn($session);
 
         $this->setRequestStack($request);
 
@@ -167,8 +168,9 @@ public function testGetFlashesWithNoRequest()
 
     public function testGetFlashesWithNoSessionStarted()
     {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
         $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock();
-        $request->method('getSession')->willReturn(new Session());
+        $request->method('getSession')->willReturn($session);
 
         $this->setRequestStack($request);
 
@@ -257,7 +259,7 @@ private function setFlashMessages()
         $flashBag = new FlashBag();
         $flashBag->initialize($flashMessages);
 
-        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->getMock();
+        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->disableOriginalConstructor()->getMock();
         $session->method('isStarted')->willReturn(true);
         $session->method('getFlashBag')->willReturn($flashBag);
 

src/Symfony/Bundle/FrameworkBundle/Resources/config/session.xml

@@ -38,6 +38,7 @@
         </service>
 
         <service id="session.flash_bag" class="Symfony\Component\HttpFoundation\Session\Flash\FlashBag" />
+        <service id="Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface" alias="session.flash_bag" />
 
         <service id="session.attribute_bag" class="Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag" />
 

src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTraitTest.php

@@ -376,7 +376,7 @@ public function testRedirectToRoute()
     public function testAddFlash()
     {
         $flashBag = new FlashBag();
-        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->getMock();
+        $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\Session')->disableOriginalConstructor()->getMock();
         $session->expects($this->once())->method('getFlashBag')->willReturn($flashBag);
 
         $container = new Container();

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

@@ -22,6 +22,9 @@ CHANGELOG
  * `SetAclCommand::__construct()` now takes an instance of
    `Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
    as first argument
+ * Added `logout_on_user_change` to the firewall options. This config item will
+   trigger a logout when the user has changed. Should be set to true to avoid
+   deprecations in the configuration.
 
 3.3.0
 -----

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

@@ -252,6 +252,10 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
             ->scalarNode('provider')->end()
             ->booleanNode('stateless')->defaultFalse()->end()
             ->scalarNode('context')->cannotBeEmpty()->end()
+            ->booleanNode('logout_on_user_change')
+                ->defaultFalse()
+                ->info('When true, it will trigger a logout for the user if something has changed. This will be the default behavior as of Syfmony 4.0.')
+            ->end()
             ->arrayNode('logout')
                 ->treatTrueLike(array())
                 ->canBeUnset()
@@ -340,6 +344,17 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     return $firewall;
                 })
             ->end()
+            ->validate()
+                ->ifTrue(function ($v) {
+                    return (isset($v['stateless']) && true === $v['stateless']) || (isset($v['security']) && false === $v['security']);
+                })
+                ->then(function ($v) {
+                    // this option doesn't change behavior when true when stateless, so prevent deprecations
+                    $v['logout_on_user_change'] = true;
+
+                    return $v;
+                })
+            ->end()
         ;
     }
 

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

@@ -228,14 +228,14 @@ private function createFirewalls($config, ContainerBuilder $container)
         $providerIds = $this->createUserProviders($config, $container);
 
         // make the ContextListener aware of the configured user providers
-        $definition = $container->getDefinition('security.context_listener');
-        $arguments = $definition->getArguments();
+        $contextListenerDefinition = $container->getDefinition('security.context_listener');
+        $arguments = $contextListenerDefinition->getArguments();
         $userProviders = array();
         foreach ($providerIds as $userProviderId) {
             $userProviders[] = new Reference($userProviderId);
         }
         $arguments[1] = new IteratorArgument($userProviders);
-        $definition->setArguments($arguments);
+        $contextListenerDefinition->setArguments($arguments);
 
         $customUserChecker = false;
 
@@ -247,6 +247,12 @@ private function createFirewalls($config, ContainerBuilder $container)
                 $customUserChecker = true;
             }
 
+            if (!isset($firewall['logout_on_user_change']) || !$firewall['logout_on_user_change']) {
+                @trigger_error('Setting logout_on_user_change to false is deprecated as of 3.4 and will always be true in 4.0. Set logout_on_user_change to true in your firewall configuration.', E_USER_DEPRECATED);
+            }
+
+            $contextListenerDefinition->addMethodCall('setLogoutOnUserChange', array($firewall['logout_on_user_change']));
+
             $configId = 'security.firewall.map.config.'.$name;
 
             list($matcher, $listeners, $exceptionListener) = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php

@@ -73,18 +73,21 @@
             'logout' => true,
             'remember_me' => array('secret' => 'TheSecret'),
             'user_checker' => null,
+            'logout_on_user_change' => true,
         ),
         'host' => array(
             'pattern' => '/test',
             'host' => 'foo\\.example\\.org',
             'methods' => array('GET', 'POST'),
             'anonymous' => true,
             'http_basic' => true,
+            'logout_on_user_change' => true,
         ),
         'with_user_checker' => array(
             'user_checker' => 'app.user_checker',
             'anonymous' => true,
             'http_basic' => true,
+            'logout_on_user_change' => true,
         ),
     ),
 

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/firewall_provider.php

@@ -15,10 +15,12 @@
         'main' => array(
             'provider' => 'default',
             'form_login' => true,
+            'logout_on_user_change' => true,
         ),
         'other' => array(
             'provider' => 'with-dash',
             'form_login' => true,
+            'logout_on_user_change' => true,
         ),
     ),
 ));