gergely
/
kekrozsak
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
kekrozsak/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

2.9 KiB
Raw Blame History

CHANGELOG

2.1.0

  • [BC BREAK] The custom factories for the firewall configuration are now registered during the build method of bundles instead of being registered by the end-user (you need to remove the 'factories' keys in your security configuration).

  • [BC BREAK] The Firewall listener is now registered after the Router one. This means that specific Firewall URLs (like /login_check and /logout must now have proper route defined in your routing configuration)

  • [BC BREAK] refactored the user provider configuration. The configuration changed for the chain provider and the memory provider:

    Before:

    security:
    providers:
        my_chain_provider:
            providers: [my_memory_provider, my_doctrine_provider]
        my_memory_provider:
            users:
                toto: { password: foobar, roles: [ROLE_USER] }
                foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }

    After:

    security:
    providers:
        my_chain_provider:
            chain:
                providers: [my_memory_provider, my_doctrine_provider]
        my_memory_provider:
            memory:
                users:
                    toto: { password: foobar, roles: [ROLE_USER] }
                    foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }

  • [BC BREAK] Method equals was removed from UserInterface to its own new EquatableInterface. The user class can now implement this interface to override the default implementation of users equality test.

  • added a validator for the user password

  • added 'erase_credentials' as a configuration key (true by default)

  • added new events: security.authentication.success and security.authentication.failure fired on authentication success/failure, regardless of authentication method, events are defined in new event class: Symfony\Component\Security\Core\AuthenticationEvents.

  • Added optional CSRF protection to LogoutListener:

    security:
    firewalls:
        default:
            logout:
                path: /logout_path
                target: /
                csrf_parameter: _csrf_token        # Optional (defaults to "_csrf_token")
                csrf_provider:  form.csrf_provider # Required to enable protection
                intention:      logout             # Optional (defaults to "logout")

    If the LogoutListener has CSRF protection enabled but cannot validate a token, then a LogoutException will be thrown.

  • Added logout_url templating helper and Twig extension, which may be used to generate logout URL's within templates. The security firewall's config key must be specified. If a firewall's logout listener has CSRF protection enabled, a token will be automatically added to the generated URL.