8000 [Security] Add the ability for voter to return decision reason by alamirault · Pull Request #46493 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security] Add the ability for voter to return decision reason #46493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

[Security] Add the ability for voter to return decision reason #46493

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ef68205
[Security] Add the ability for voter to return decision reason
alamirault May 26, 2022
5e4733b
[Security] Vote can have multiple messages
alamirault Jun 28, 2022
a23e15b
Rebase for 6.3
alamirault Mar 10, 2023
068a117
Fix rebase tests
alamirault Sep 5, 2023
5a3bf54
Rebase for 7.1
alamirault Mar 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
Prev Previous commit
Rebase for 7.1
  • Loading branch information
@alamirault
alamirault committed Apr 1, 2024
commit 5a3bf541820363d57a49529bd99ff9806c5a00e7
The diff you're trying to view is too large. We only load the first 3000 changed files.
17 changes: 9 additions & 8 deletions .appveyor.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,20 @@ init:

install:
- mkdir c:\php && cd c:\php
- appveyor DownloadFile https://github.com/symfony/binary-utils/releases/download/v0.1/php-8.1.0-Win32-vs16-x86.zip
- 7z x php-8.1.0-Win32-vs16-x86.zip -y >nul
- appveyor DownloadFile https://github.com/symfony/binary-utils/releases/download/v0.1/php-8.2.0-Win32-vs16-x86.zip
- 7z x php-8.2.0-Win32-vs16-x86.zip -y >nul
- cd ext
- appveyor DownloadFile https://github.com/symfony/binary-utils/releases/download/v0.1/php_apcu-5.1.21-8.1-ts-vs16-x86.zip
- 7z x php_apcu-5.1.21-8.1-ts-vs16-x86.zip -y >nul
- appveyor DownloadFile https://github.com/symfony/binary-utils/releases/download/v0.1/php_redis-5.3.7-8.1-ts-vs16-x86.zip
- 7z x php_redis-5.3.7-8.1-ts-vs16-x86.zip -y >nul
- appveyor DownloadFile https://github.com/symfony/binary-utils/releases/download/v0.1/php_apcu-5.1.22-8.2-ts-vs16-x86.zip
- 7z x php_apcu-5.1.22-8.2-ts-vs16-x86.zip -y >nul
- appveyor DownloadFile https://github.com/symfony/binary-utils/releases/download/v0.1/php_redis-6.0.0-dev-8.2-ts-vs16-x86.zip
- 7z x php_redis-6.0.0-dev-8.2-ts-vs16-x86.zip -y >nul
- cd ..
- copy /Y php.ini-development php.ini-min
- echo memory_limit=-1 >> php.ini-min
- echo serialize_precision=-1 >> php.ini-min
- echo max_execution_time=1200 >> php.ini-min
- echo post_max_size=4G >> php.ini-min
- echo upload_max_filesize=4G >> php.ini-min
- echo post_max_size=2047M >> php.ini-min
- echo upload_max_filesize=2047M >> php.ini-min
- echo date.timezone="America/Los_Angeles" >> php.ini-min
- echo extension_dir=ext >> php.ini-min
- echo extension=php_xsl.dll >> php.ini-min
Expand All @@ -35,6 +35,7 @@ install:
- echo opcache.enable_cli=1 >> php.ini-max
- echo extension=php_openssl.dll >> php.ini-max
- echo extension=php_apcu.dll >> php.ini-max
- echo extension=php_igbinary.dll >> php.ini-max
- echo extension=php_redis.dll >> php.ini-max
- echo apc.enable_cli=1 >> php.ini-max
- echo extension=php_intl.dll >> php.ini-max
Expand Down
6 changes: 6 additions & 0 deletions .git-blame-ignore-revs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Apply php-cs-fixer fix --rules nullable_type_declaration_for_default_null_value
f4118e110a46de3ffb799e7d79bf15128d1646ea
9519b54417c09c49496a4a6be238e63be9a73465
ae0a783425b80b78376488619bf9106e69193fa4
9c1e36257c4df0929179462d6b2bdd00453ac8aa
6ae74d38e3d20d0ffcc66c7c3d28767fab76bdfb
3 changes: 3 additions & 0 deletions .gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,6 @@
/src/Symfony/Component/Messenger/Bridge export-ignore
/src/Symfony/Component/Notifier/Bridge export-ignore
/src/Symfony/Component/Runtime export-ignore
/src/Symfony/Component/Translation/Bridge export-ignore
/src/Symfony/Component/Emoji/Resources/data/* linguist-generated=true
/src/Symfony/Component/Intl/Resources/data/*/* linguist-generated=true
8 changes: 4 additions & 4 deletions .github/PULL_REQUEST_TEMPLATE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
| Q | A
| ------------- | ---
| Branch? | 6.4 for features / 5.4, or 6.3 for bug fixes <!-- see below -->
| Branch? | 7.1 for features / 5.4, 6.4, or 7.0 for bug fixes <!-- see below -->
| Bug fix? | yes/no
| New feature? | yes/no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | yes/no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exists, explain below instead -->
| Issues | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exists, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->

<!--
Replace this notice by a short README for your feature/bugfix.
Replace this notice by a description of your feature/bugfix.
This will help reviewers and should be a good start for the documentation.

Additionally (see https://symfony.com/releases):
Expand Down
14,902 changes: 370 additions & 14,532 deletions .github/expected-missing-return-types.diff
View file
Open in desktop

Large diffs are not rendered by default.

40 changes: 13 additions & 27 deletions .github/get-modified-packages.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,31 +19,15 @@

function getPackageType(string $packageDir): string
{
if (preg_match('@Symfony/Bridge/@', $packageDir)) {
return 'bridge';
}

if (preg_match('@Symfony/Bundle/@', $packageDir)) {
return 'bundle';
}

if (preg_match('@Symfony/Component/[^/]+/Bridge/@', $packageDir)) {
return 'component_bridge';
}

if (preg_match('@Symfony/Component/@', $packageDir)) {
return 'component';
}

if (preg_match('@Symfony/Contracts/@', $packageDir)) {
return 'contract';
}

if (preg_match('@Symfony/Contracts$@', $packageDir)) {
return 'contracts';
}

throw new \LogicException();
return match (true) {
str_contains($packageDir, 'Symfony/Bridge/') => 'bridge',
str_contains($packageDir, 'Symfony/Bundle/') => 'bundle',
preg_match('@Symfony/Component/[^/]+/Bridge/@', $packageDir) => 'component_bridge',
str_contains($packageDir, 'Symfony/Component/') => 'component',
str_contains($packageDir, 'Symfony/Contracts/') => 'contract',
str_ends_with($packageDir, 'Symfony/Contracts') => 'contracts',
default => throw new \LogicException(),
};
}

$newPackage = [];
Expand All @@ -66,8 +50,10 @@ function getPackageType(string $packageDir): string

$output = [];
foreach ($modifiedPackages as $directory => $bool) {
$name = json_decode(file_get_contents($directory.'/composer.json'), true)['name'] ?? 'unknown';
$output[] = ['name' => $name, 'directory' => $directory, 'new' => $newPackage[$directory] ?? false, 'type' => getPackageType($directory)];
$composerData = json_decode(file_get_contents($directory.'/composer.json'), true);
$name = $composerData['name'] ?? 'unknown';
$requiresDeprecationContracts = isset($composerData['require']['symfony/deprecation-contracts']);
$output[] = ['name' => $name, 'directory' => $directory, 'new' => $newPackage[$directory] ?? false, 'type' => getPackageType($directory), 'requires_deprecation_contracts' => $requiresDeprecationContracts];
}

echo json_encode($output);
4 changes: 3 additions & 1 deletion .github/patch-types.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,10 @@
}
// no break;
case false !== strpos($file, '/vendor/'):
case false !== strpos($file, '/src/Symfony/Bridge/Doctrine/Logger/DbalLogger.php'):
case false !== strpos($file, '/src/Symfony/Bridge/Doctrine/Middleware/Debug/'):
case false !== strpos($file, '/src/Symfony/Bridge/Doctrine/Tests/Fixtures/LegacyQueryMock.php'):
case false !== strpos($file, '/src/Symfony/Bridge/PhpUnit/'):
case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/ContainerAwareController.php'):
case false !== strpos($file, '/src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Validation/Article.php'):
case false !== strpos($file, '/src/Symfony/Component/Cache/Tests/Fixtures/DriverWrapper.php'):
case false !== strpos($file, '/src/Symfony/Component/Config/Tests/Fixtures/BadFileName.php'):
Expand Down
129 changes: 129 additions & 0 deletions .github/sync-translations.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
<?php

// This script should be run after adding a new message to translate.
// It will ensure that all messages in "*.en.xlf" files are propagated to all languages.
// The resulting diff should then be submitted as a PR on the lowest maintained branch,
// possibly after using GPT to translate all the targets it contains
// (state="needs-review-translation" should then be used on corresponding target tags.)

use Symfony\Component\Finder\Finder;
use Symfony\Component\Translation\Loader\XliffFileLoader;
use Symfony\Component\Translation\MessageCatalogue;

require __DIR__.'/../vendor/autoload.php';

function dumpXliff1(string $defaultLocale, MessageCatalogue $messages, string $domain, ?\DOMElement $header = null)
{
$dom = new \DOMDocument('1.0', 'utf-8');
$dom->formatOutput = true;

$xliff = $dom->appendChild($dom->createElement('xliff'));
$xliff->setAttribute('version', '1.2');
$xliff->setAttribute('xmlns', 'urn:oasis:names:tc:xliff:document:1.2');

$xliffFile = $xliff->appendChild($dom->createElement('file'));
$xliffFile->setAttribute('source-language', str_replace('_', '-', $defaultLocale));
$xliffFile->setAttribute('target-language', 'no' === $messages->getLocale() ? 'nb' : str_replace('_', '-', $messages->getLocale()));
$xliffFile->setAttribute('datatype', 'plaintext');
$xliffFile->setAttribute('original', 'file.ext');

if (null !== $header) {
mergeDom($dom, $xliffFile, $header);
}

$xliffBody = $xliffFile->appendChild($dom->createElement('body'));
foreach ($messages->all($domain) as $source => $target) {
$translation = $dom->createElement('trans-unit');
$metadata = $messages->getMetadata($source, $domain);

$translation->setAttribute('id', $metadata['id']);
if (isset($metadata['resname'])) {
$translation->setAttribute('resname', $metadata['resname']);
}

$s = $translation->appendChild($dom->createElement('source'));
$s->appendChild($dom->createTextNode($source));

$text = 1 === preg_match('/[&<>]/', $target) ? $dom->createCDATASection($target) : $dom->createTextNode($target);

$targetElement = $dom->createElement('target');

if ('en' !== $messages->getLocale() && $target === $source && 'Error' !== $source) {
$targetElement->setAttribute('state', 'needs-translation');
}
if (isset($metadata['target-attributes'])) {
foreach ($metadata['target-attributes'] as $key => $value) {
$targetElement->setAttribute($key, $value);
}
}

$t = $translation->appendChild($targetElement);
$t->appendChild($text);

$xliffBody->appendChild($translation);
}

return preg_replace('/^ +/m', '$0$0', $dom->saveXML());
}

function mergeDom(\DOMDocument $dom, \DOMNode $tree, \DOMNode $input)
{
$new = $dom->createElement($input->tagName);
foreach ($input->attributes as $key => $value) {
$new->setAttribute($key, $value);
}
$tree->appendChild($new);
foreach ($input->childNodes as $child) {
if ($child instanceof \DOMText) {
$new->appendChild($dom->createTextNode(str_replace(' ', ' ', $child->textContent)));
} elseif ($child instanceof \DOMNode) {
mergeDom($dom, $new, $child);
} else {
// We just need to update our script to handle this node types
throw new \LogicException('Unsupported node type: '.get_class($child));
}
}
}

foreach (['Security/Core' => 'security', 'Form' => 'validators', 'Validator' => 'validators'] as $component => $domain) {
$dir = __DIR__.'/../src/Symfony/Component/'.$component.'/Resources/translations';

$enCatalogue = (new XliffFileLoader())->load($dir.'/'.$domain.'.en.xlf', 'en', $domain);
file_put_contents($dir.'/'.$domain.'.en.xlf', dumpXliff1('en', $enCatalogue, $domain));

$finder = new Finder();

foreach ($finder->files()->in($dir)->name('*.xlf') as $file) {
$locale = substr($file->getBasename(), 1 + strlen($domain), -4);

if ('en' === $locale) {
continue;
}

$catalogue = (new XliffFileLoader())->load($file, $locale, $domain);
$localeCatalogue = new MessageCatalogue($locale);

foreach ($enCatalogue->all($domain) as $resname => $source) {
$metadata = [];
if ($catalogue->defines($resname, $domain)) {
$translation = $catalogue->get($resname, $domain);
$metadata = $catalogue->getMetadata($resname, $domain);
}
$metadata['id'] = $enCatalogue->getMetadata($resname, $domain)['id'];
if ($resname !== $source) {
$metadata['resname'] = $resname;
}
$localeCatalogue->set($source, $translation, $domain);
$localeCatalogue->setMetadata($source, $metadata, $domain);
}

$inputDom = new \DOMDocument();
$inputDom->loadXML(file_get_contents($file->getRealPath()));
$header = null;
if (1 === $inputDom->getElementsByTagName('header')->count()) {
$header = $inputDom->getElementsByTagName('header')->item(0);
}

file_put_contents($file, dumpXliff1('en', $localeCatalogue, $domain, $header));
}
}
61 changes: 45 additions & 16 deletions .github/workflows/integration-tests.yml
View file
Open in desktop
9486
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:

strategy:
matrix:
php: ['8.1']
php: ['8.2']
fail-fast: false

services:
Expand All @@ -48,6 +48,12 @@ jobs:
image: redis:6.2.8
ports:
- 16379:6379
redis-authenticated:
image: redis:6.2.8
ports:
- 16380:6379
env:
REDIS_ARGS: "--requirepass p@ssword"
redis-cluster:
image: grokzen/redis-cluster:6.2.8
ports:
Expand Down Expand Up @@ -89,9 +95,9 @@ jobs:
- 8094:8094
- 11210:11210
sqs:
image: asyncaws/testing-sqs
image: localstack/localstack:3.0.2
ports:
- 9494:9494
- 4566:4566
zookeeper:
image: wurstmeister/zookeeper:3.4.6
kafka:
Expand All @@ -104,10 +110,20 @@ jobs:
KAFKA_ADVERTISED_HOST_NAME: 127.0.0.1
KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
KAFKA_ADVERTISED_PORT: 9092
frankenphp:
image: dunglas/frankenphp:1.1.0
ports:
- 80:80
volumes:
- ${{ github.workspace }}:/symfony
env:
SERVER_NAME: 'http://localhost'
CADDY_SERVER_EXTRA_DIRECTIVES: |
root * /symfony/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/

steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Install system dependencies
run: |
Expand All @@ -124,12 +140,20 @@ jobs:
sudo service redis-server restart
echo "::endgroup::"

- name: Install pgbouncer
run: |
sudo apt-get install -y pgbouncer
sudo cp src/Symfony/Component/Messenger/Bridge/Doctrine/Tests/Fixtures/pgbouncer/pgbouncer.ini /etc/pgbouncer/pgbouncer.ini
sudo cp src/Symfony/Component/Messenger/Bridge/Doctrine/Tests/Fixtures/pgbouncer/userlist.txt /etc/pgbouncer/userlist.txt
sudo service pgbouncer restart
sudo su - postgres -c "PGPASSWORD=password psql -Atq -h localhost -p 5432 -U postgres -d postgres -c \"SELECT usename, passwd FROM pg_shadow\""

- name: Configure Couchbase
run: |
curl -s -u 'username=Administrator&password=111111' -X POST http://localhost:8091/node/controller/setupServices -d 'services=kv%2Cn1ql%2Cindex%2Cfts'
curl -s -X POST http://localhost:8091/settings/web -d 'username=Administrator&password=111111&port=SAME'
curl -s -u Administrator:111111 -X POST http://localhost:8091/pools/default/buckets -d 'ramQuotaMB=100&bucketType=ephemeral&name=cache'
curl -s -u Administrator:111111 -X POST http://localhost:8091/pools/default -d 'memoryQuota=256'
curl -s -u 'username=Administrator&password=111111@' -X POST http://localhost:8091/node/controller/setupServices -d 'services=kv%2Cn1ql%2Cindex%2Cfts'
curl -s -X POST http://localhost:8091/settings/web -d 'username=Administrator&password=111111%40&port=SAME'
curl -s -u Administrator:111111@ -X POST http://localhost:8091/pools/default/buckets -d 'ramQuotaMB=100&bucketType=ephemeral&name=cache'
curl -s -u Administrator:111111@ -X POST http://localhost:8091/pools/default -d 'memoryQuota=256'

- name: Setup PHP
uses: shivammathur/setup-php@v2
Expand Down Expand Up @@ -159,7 +183,6 @@ jobs:
echo COMPOSER_ROOT_VERSION=$COMPOSER_ROOT_VERSION >> $GITHUB_ENV

echo "::group::composer update"
composer require --dev --no-update mongodb/mongodb
composer update --no-progress --ansi
echo "::endgroup::"

Expand All @@ -171,29 +194,35 @@ jobs:
run: ./phpunit --group integration -v
env:
REDIS_HOST: 'localhost:16379'
REDIS_AUTHENTICATED_HOST: 'localhost:16380'
REDIS_CLUSTER_HOSTS: 'localhost:7000 localhost:7001 localhost:7002 localhost:7003 localhost:7004 localhost:7005'
REDIS_SENTINEL_HOSTS: 'localhost:26379 localhost:26379 localhost:26379'
REDIS_SENTINEL_HOSTS: 'unreachable-host:26379 localhost:26379 localhost:26379'
REDIS_SENTINEL_SERVICE: redis_sentinel
MESSENGER_REDIS_DSN: redis://127.0.0.1:7006/messages
MESSENGER_AMQP_DSN: amqp://localhost/%2f/messages
MESSENGER_SQS_DSN: "sqs://localhost:9494/messages?sslmode=disable&poll_timeout=0.01"
MESSENGER_SQS_FIFO_QUEUE_DSN: "sqs://localhost:9494/messages.fifo?sslmode=disable&poll_timeout=0.01"
MESSENGER_SQS_DSN: "sqs://localhost:4566/messages?sslmode=disable&poll_timeout=0.01"
MESSENGER_SQS_FIFO_QUEUE_DSN: "sqs://localhost:4566/messages.fifo?sslmode=disable&poll_timeout=0.01"
KAFKA_BROKER: 127.0.0.1:9092
POSTGRES_HOST: localhost
PGBOUNCER_HOST: localhost:6432

#- name: Run HTTP push tests
# if: matrix.php == '8.1'
# if: matrix.php == '8.2'
# run: |
# [ -d .phpunit ] && mv .phpunit .phpunit.bak
# wget -q https://github.com/symfony/binary-utils/releases/download/v0.1/vulcain_0.1.3_Linux_x86_64.tar.gz -O - | tar xz && mv vulcain /usr/local/bin
# docker run --rm -e COMPOSER_ROOT_VERSION -v $(pwd):/app -v $(which composer):/usr/local/bin/composer -v $(which vulcain):/usr/local/bin/vulcain -w /app php:8.1-alpine ./phpunit src/Symfony/Component/HttpClient/Tests/CurlHttpClientTest.php --filter testHttp2Push
# sudo rm -rf .phpunit
# [ -d .phpunit.bak ] && mv .phpunit.bak .phpunit

- uses: marceloprado/has-changed-path@v1
- name: Check for changes in translation files
id: changed-translation-files
with:
paths: src/**/Resources/translations/*.xlf
run: |
if git diff --quiet HEAD~1 HEAD -- 'src/**/Resources/translations/*.xlf'; then
echo "{changed}={true}" >> $GITHUB_OUTPUT
else
echo "{changed}={false}" >> $GITHUB_OUTPUT
fi

- name: Check Translation Status
if: steps.changed-translation-files.outputs.changed == 'true'
Expand Down
Loading
You are viewing a condensed version of this merge commit. You can view the full changes here.
0