Merge branch '2.7' into 2.8

fabpot · fabpot · commit bb21b1a293e2 · 2015-06-04T22:21:09.000+02:00
* 2.7: (95 commits)
  [DependencyInjection] provide better error message when using deprecated configuration options
  [console][TableCell] get cell width without decoration.
  Improve the config validation in TwigBundle
  [VarDumper] Changed tooltip to expand-all keybinding in OS X
  [Bridge\PhpUnit] Fix composer installed phpunit detection
  [VarDumper] Fix generic casters calling order
  [2.7][SecurityBundle] Remove SecurityContext from Compile
  [WebProfilerBundle][logger] added missing deprecation message.
  Fix profiler CSS
  [Security][Acl] enforce string identifiers
  [FrameworkBundle] make `templating.helper.router` service available again for BC reasons
  [BrowserKit] Fix bug when uri starts with http.
  bumped Symfony version to 2.7.1
  updated VERSION for 2.7.0
  updated CHANGELOG for 2.7.0
  bumped Symfony version to 2.6.10
  updated VERSION for 2.6.9
  updated CHANGELOG for 2.6.9
  fixed tests
  bumped Symfony version to 2.3.31
  ...

Conflicts:
	src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
	src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
	src/Symfony/Component/HttpKernel/Kernel.php
	src/Symfony/Component/Translation/Loader/JsonFileLoader.php
diff --git a/Acl/Domain/ObjectIdentity.php b/Acl/Domain/ObjectIdentity.php
@@ -36,7 +36,7 @@ final class ObjectIdentity implements ObjectIdentityInterface
      */
     public function __construct($identifier, $type)
     {
-        if (empty($identifier)) {
+        if ('' === $identifier) {
             throw new \InvalidArgumentException('$identifier cannot be empty.');
         }
         if (empty($type)) {
@@ -66,7 +66,7 @@ public static function fromDomainObject($domainObject)
             if ($domainObject instanceof DomainObjectInterface) {
                 return new self($domainObject->getObjectIdentifier(), ClassUtils::getRealClass($domainObject));
             } elseif (method_exists($domainObject, 'getId')) {
-                return new self($domainObject->getId(), ClassUtils::getRealClass($domainObject));
+                return new self((string) $domainObject->getId(), ClassUtils::getRealClass($domainObject));
             }
         } catch (\InvalidArgumentException $invalid) {
             throw new InvalidDomainObjectException($invalid->getMessage(), 0, $invalid);
diff --git a/Acl/Tests/Domain/EntryTest.php b/Acl/Tests/Domain/EntryTest.php
@@ -36,7 +36,7 @@ public function testSetAuditSuccess()
         $this->assertTrue($ace->isAuditSuccess());
         $ace->setAuditSuccess(false);
         $this->assertFalse($ace->isAuditSuccess());
-        $ace->setAuditsuccess(true);
+        $ace->setAuditSuccess(true);
         $this->assertTrue($ace->isAuditSuccess());
     }
 
diff --git a/Acl/Tests/Domain/ObjectIdentityTest.php b/Acl/Tests/Domain/ObjectIdentityTest.php
@@ -64,6 +64,26 @@ public function testFromDomainObjectWithProxy()
             $this->assertEquals('Symfony\Component\Security\Acl\Tests\Domain\TestDomainObject', $id->getType());
         }
 
+        public function testFromDomainObjectWithoutInterfaceEnforcesStringIdentifier()
+        {
+            $domainObject = new TestDomainObject();
+            $domainObject->id = 1;
+            $id = ObjectIdentity::fromDomainObject($domainObject);
+
+            $this->assertSame('1', $id->getIdentifier());
+            $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+        }
+
+        public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier()
+        {
+            $domainObject = new TestDomainObject();
+            $domainObject->id = '0';
+            $id = ObjectIdentity::fromDomainObject($domainObject);
+
+            $this->assertSame('0', $id->getIdentifier());
+            $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+        }
+
         /**
          * @dataProvider getCompareData
          */
@@ -89,14 +109,16 @@ public function getCompareData()
 
     class TestDomainObject
     {
+        public $id = 'getId()';
+
         public function getObjectIdentifier()
         {
             return 'getObjectIdentifier()';
         }
 
         public function getId()
         {
-            return 'getId()';
+            return $this->id;
         }
     }
 }
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
@@ -205,7 +205,7 @@ private function startAuthentication(Request $request, AuthenticationException $
     protected function setTargetPath(Request $request)
     {
         // session isn't required when using HTTP basic authentication mechanism for example
-        if ($request->hasSession() && $request->isMethodSafe()) {
+        if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {
             $request->getSession()->set('_security.'.$this->providerKey.'.target_path', $request->getUri());
         }
     }
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
@@ -268,9 +268,17 @@ protected function decodeCookie($rawCookie)
      * @param array $cookieParts
      *
      * @return string
+     *
+     * @throws \InvalidArgumentException When $cookieParts contain the cookie delimiter. Extending class should either remove or escape it.
      */
     protected function encodeCookie(array $cookieParts)
     {
+        foreach ($cookieParts as $cookiePart) {
+            if (false !== strpos($cookiePart, self::COOKIE_DELIMITER)) {
+                throw new \InvalidArgumentException(sprintf('$cookieParts should not contain the cookie delimiter "%s"', self::COOKIE_DELIMITER));
+            }
+        }
+
         return base64_encode(implode(self::COOKIE_DELIMITER, $cookieParts));
     }
 
diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -98,7 +98,6 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
             throw new AuthenticationException('The cookie has expired.');
         }
 
-        $series = $persistentToken->getSeries();
         $tokenValue = base64_encode($this->secureRandom->nextBytes(64));
         $this->tokenProvider->updateToken($series, $tokenValue, new \DateTime());
         $request->attributes->set(self::COOKIE_ATTR_NAME,
diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -95,12 +95,12 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
      * @param int    $expires  The Unix timestamp when the cookie expires
      * @param string $password The encoded password
      *
-     * @throws \RuntimeException if username contains invalid chars
-     *
      * @return string
      */
     protected function generateCookieValue($class, $username, $expires, $password)
     {
+        // $username is encoded because it might contain COOKIE_DELIMITER,
+        // we assume other values don't
         return $this->encodeCookie(array(
             $class,
             base64_encode($username),
@@ -117,8 +117,6 @@ protected function generateCookieValue($class, $username, $expires, $password)
      * @param int    $expires  The Unix timestamp when the cookie expires
      * @param string $password The encoded password
      *
-     * @throws \RuntimeException when the private key is empty
-     *
      * @return string
      */
     protected function generateCookieHash($class, $username, $expires, $password)
diff --git a/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php b/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php
@@ -14,6 +14,7 @@
 use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices;
 
 class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
 {
@@ -236,6 +237,30 @@ public function getPositiveRememberMeParameterValues()
         );
     }
 
+    public function testEncodeCookieAndDecodeCookieAreInvertible()
+    {
+        $cookieParts = array('aa', 'bb', 'cc');
+        $service = $this->getService();
+
+        $encoded = $this->callProtected($service, 'encodeCookie', array($cookieParts));
+        $this->assertInternalType('string', $encoded);
+
+        $decoded = $this->callProtected($service, 'decodeCookie', array($encoded));
+        $this->assertSame($cookieParts, $decoded);
+    }
+
+    /**
+     * @expectedException InvalidArgumentException
+     * @expectedExceptionMessage cookie delimiter
+     */
+    public function testThereShouldBeNoCookieDelimiterInCookieParts()
+    {
+        $cookieParts = array('aa', 'b'.AbstractRememberMeServices::COOKIE_DELIMITER.'b', 'cc');
+        $service = $this->getService();
+
+        $this->callProtected($service, 'encodeCookie', array($cookieParts));
+    }
+
     protected function getService($userProvider = null, $options = array(), $logger = null)
     {
         if (null === $userProvider) {
@@ -258,4 +283,13 @@ protected function getProvider()
 
         return $provider;
     }
+
+    private function callProtected($object, $method, array $args)
+    {
+        $reflection = new \ReflectionClass(get_class($object));
+        $reflectionMethod = $reflection->getMethod($method);
+        $reflectionMethod->setAccessible(true);
+
+        return $reflectionMethod->invokeArgs($object, $args);
+    }
 }
diff --git a/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php b/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php
@@ -105,7 +105,12 @@ public function testAutoLoginDoesNotAcceptAnExpiredCookie()
         $this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared());
     }
 
-    public function testAutoLogin()
+    /**
+     * @dataProvider provideUsernamesForAutoLogin
+     *
+     * @param string $username
+     */
+    public function testAutoLogin($username)
     {
         $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
         $user
@@ -123,13 +128,13 @@ public function testAutoLogin()
         $userProvider
             ->expects($this->once())
             ->method('loadUserByUsername')
-            ->with($this->equalTo('foouser'))
+            ->with($this->equalTo($username))
             ->will($this->returnValue($user))
         ;
 
         $service = $this->getService($userProvider, array('name' => 'foo', 'always_remember_me' => true, 'lifetime' => 3600));
         $request = new Request();
-        $request->cookies->set('foo', $this->getCookie('fooclass', 'foouser', time() + 3600, 'foopass'));
+        $request->cookies->set('foo', $this->getCookie('fooclass', $username, time() + 3600, 'foopass'));
 
         $returnedToken = $service->autoLogin($request);
 
@@ -138,6 +143,14 @@ public function testAutoLogin()
         $this->assertEquals('fookey', $returnedToken->getKey());
     }
 
+    public function provideUsernamesForAutoLogin()
+    {
+        return array(
+            array('foouser', 'Simple username'),
+            array('foo'.TokenBasedRememberMeServices::COOKIE_DELIMITER.'user', 'Username might contain the delimiter'),
+        );
+    }
+
     public function testLogout()
     {
         $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
diff --git a/Resources/translations/security.fr.xlf b/Resources/translations/security.fr.xlf
@@ -8,23 +8,23 @@
             </trans-unit>
             <trans-unit id="2">
                 <source>Authentication credentials could not be found.</source>
-                <target>Les droits d'authentification n'ont pas pu être trouvés.</target>
+                <target>Les identifiants d'authentification n'ont pas pu être trouvés.</target>
             </trans-unit>
             <trans-unit id="3">
                 <source>Authentication request could not be processed due to a system problem.</source>
                 <target>La requête d'authentification n'a pas pu être executée à cause d'un problème système.</target>
             </trans-unit>
             <trans-unit id="4">
                 <source>Invalid credentials.</source>
-                <target>Droits invalides.</target>
+                <target>Identifiants invalides.</target>
             </trans-unit>
             <trans-unit id="5">
                 <source>Cookie has already been used by someone else.</source>
                 <target>Le cookie a déjà été utilisé par quelqu'un d'autre.</target>
             </trans-unit>
             <trans-unit id="6">
                 <source>Not privileged to request the resource.</source>
-                <target>Pas de privilèges pour accéder à la ressource.</target>
+                <target>Privilèges insuffisants pour accéder à la ressource.</target>
             </trans-unit>
             <trans-unit id="7">
                 <source>Invalid CSRF token.</source>
@@ -40,23 +40,23 @@
             </trans-unit>
             <trans-unit id="10">
                 <source>No session available, it either timed out or cookies are not enabled.</source>
-                <target>Pas de session disponible, celle-ci a expiré ou les cookies ne sont pas activés.</target>
+                <target>Aucune session disponible, celle-ci a expiré ou les cookies ne sont pas activés.</target>
             </trans-unit>
             <trans-unit id="11">
                 <source>No token could be found.</source>
                 <target>Aucun jeton n'a pu être trouvé.</target>
             </trans-unit>
             <trans-unit id="12">
                 <source>Username could not be found.</source>
-                <target>Le nom d'utilisateur ne peut pas être trouvé.</target>
+                <target>Le nom d'utilisateur n'a pas pu être trouvé.</target>
             </trans-unit>
             <trans-unit id="13">
                 <source>Account has expired.</source>
                 <target>Le compte a expiré.</target>
             </trans-unit>
             <trans-unit id="14">
                 <source>Credentials have expired.</source>
-                <target>Les droits ont expirés.</target>
+                <target>Les identifiants ont expiré.</target>
             </trans-unit>
             <trans-unit id="15">
                 <source>Account is disabled.</source>

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ final class ObjectIdentity implements ObjectIdentityInterface`
`36`	`36`	`*/`
`37`	`37`	`public function __construct($identifier, $type)`
`38`	`38`	`{`
`39`		`- if (empty($identifier)) {`
	`39`	`+ if ('' === $identifier) {`
`40`	`40`	`throw new \InvalidArgumentException('$identifier cannot be empty.');`
`41`	`41`	`}`
`42`	`42`	`if (empty($type)) {`
`@@ -66,7 +66,7 @@ public static function fromDomainObject($domainObject)`
`66`	`66`	`if ($domainObject instanceof DomainObjectInterface) {`
`67`	`67`	`return new self($domainObject->getObjectIdentifier(), ClassUtils::getRealClass($domainObject));`
`68`	`68`	`} elseif (method_exists($domainObject, 'getId')) {`
`69`		`- return new self($domainObject->getId(), ClassUtils::getRealClass($domainObject));`
	`69`	`+ return new self((string) $domainObject->getId(), ClassUtils::getRealClass($domainObject));`
`70`	`70`	`}`
`71`	`71`	`} catch (\InvalidArgumentException $invalid) {`
`72`	`72`	`throw new InvalidDomainObjectException($invalid->getMessage(), 0, $invalid);`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ public function testSetAuditSuccess()`
`36`	`36`	`$this->assertTrue($ace->isAuditSuccess());`
`37`	`37`	`$ace->setAuditSuccess(false);`
`38`	`38`	`$this->assertFalse($ace->isAuditSuccess());`
`39`		`- $ace->setAuditsuccess(true);`
	`39`	`+ $ace->setAuditSuccess(true);`
`40`	`40`	`$this->assertTrue($ace->isAuditSuccess());`
`41`	`41`	`}`
`42`	`42`
Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,26 @@ public function testFromDomainObjectWithProxy()`
`64`	`64`	`$this->assertEquals('Symfony\Component\Security\Acl\Tests\Domain\TestDomainObject', $id->getType());`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ public function testFromDomainObjectWithoutInterfaceEnforcesStringIdentifier()`
	`68`	`+ {`
	`69`	`+ $domainObject = new TestDomainObject();`
	`70`	`+ $domainObject->id = 1;`
	`71`	`+ $id = ObjectIdentity::fromDomainObject($domainObject);`
	`72`	`+`
	`73`	`+ $this->assertSame('1', $id->getIdentifier());`
	`74`	`+ $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());`
	`75`	`+ }`
	`76`	`+`
	`77`	`+ public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier()`
	`78`	`+ {`
	`79`	`+ $domainObject = new TestDomainObject();`
	`80`	`+ $domainObject->id = '0';`
	`81`	`+ $id = ObjectIdentity::fromDomainObject($domainObject);`
	`82`	`+`
	`83`	`+ $this->assertSame('0', $id->getIdentifier());`
	`84`	`+ $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());`
	`85`	`+ }`
	`86`	`+`
`67`	`87`	`/**`
`68`	`88`	`* @dataProvider getCompareData`
`69`	`89`	`*/`
`@@ -89,14 +109,16 @@ public function getCompareData()`
`89`	`109`
`90`	`110`	`class TestDomainObject`
`91`	`111`	`{`
	`112`	`+ public $id = 'getId()';`
	`113`	`+`
`92`	`114`	`public function getObjectIdentifier()`
`93`	`115`	`{`
`94`	`116`	`return 'getObjectIdentifier()';`
`95`	`117`	`}`
`96`	`118`
`97`	`119`	`public function getId()`
`98`	`120`	`{`
`99`		`- return 'getId()';`
	`121`	`+ return $this->id;`
`100`	`122`	`}`
`101`	`123`	`}`
`102`	`124`	`}`
Original file line number	Diff line number	Diff line change
`@@ -205,7 +205,7 @@ private function startAuthentication(Request $request, AuthenticationException $`
`205`	`205`	`protected function setTargetPath(Request $request)`
`206`	`206`	`{`
`207`	`207`	`// session isn't required when using HTTP basic authentication mechanism for example`
`208`		`- if ($request->hasSession() && $request->isMethodSafe()) {`
	`208`	`+ if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {`
`209`	`209`	`$request->getSession()->set('_security.'.$this->providerKey.'.target_path', $request->getUri());`
`210`	`210`	`}`
`211`	`211`	`}`
Original file line number	Diff line number	Diff line change
`@@ -268,9 +268,17 @@ protected function decodeCookie($rawCookie)`
`268`	`268`	`* @param array $cookieParts`
`269`	`269`	`*`
`270`	`270`	`* @return string`
	`271`	`+ *`
	`272`	`+ * @throws \InvalidArgumentException When $cookieParts contain the cookie delimiter. Extending class should either remove or escape it.`
`271`	`273`	`*/`
`272`	`274`	`protected function encodeCookie(array $cookieParts)`
`273`	`275`	`{`
	`276`	`+ foreach ($cookieParts as $cookiePart) {`
	`277`	`+ if (false !== strpos($cookiePart, self::COOKIE_DELIMITER)) {`
	`278`	`+ throw new \InvalidArgumentException(sprintf('$cookieParts should not contain the cookie delimiter "%s"', self::COOKIE_DELIMITER));`
	`279`	`+ }`
	`280`	`+ }`
	`281`	`+`
`274`	`282`	`return base64_encode(implode(self::COOKIE_DELIMITER, $cookieParts));`
`275`	`283`	`}`
`276`	`284`
Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,6 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)`
`98`	`98`	`throw new AuthenticationException('The cookie has expired.');`
`99`	`99`	`}`
`100`	`100`
`101`		`- $series = $persistentToken->getSeries();`
`102`	`101`	`$tokenValue = base64_encode($this->secureRandom->nextBytes(64));`
`103`	`102`	`$this->tokenProvider->updateToken($series, $tokenValue, new \DateTime());`
`104`	`103`	`$request->attributes->set(self::COOKIE_ATTR_NAME,`