Merge branch '4.1'

javiereguiluz · javiereguiluz · commit 707956b37b68 · 2018-10-19T08:37:34.000+02:00
* 4.1:
  Mentioned the new file upload exception classes
  Fixing bad logic, caused by merge originally
  Update docs now that sessions are enabled automatically
  Mentioned user_checkers in the main security config reference
  If multiple guard authenticators have different providers, link to the details on chaining providers together.
diff --git a/controller.rst b/controller.rst
@@ -383,24 +383,12 @@ Managing the Session
 --------------------
 
 Symfony provides a session service that you can use to store information
-about the user between requests. Session storage and other configuration can
-be controlled under the :ref:`framework.session configuration <config-framework-session>`.
+about the user between requests. Session is enabled by default, but will only be
+started if you read or write from it.
 
-First, activate the session by uncommenting the ``session`` key in ``config/packages/framework.yaml``:
-
-.. code-block:: diff
-
-    # config/packages/framework.yaml
-    framework:
-        # ...
-
-    -     #session:
-    -     #    # The native PHP session handler will be used
-    -     #    handler_id: ~
-    +     session:
-    +         # The native PHP session handler will be used
-    +         handler_id: ~
-        # ...
+Session storage and other configuration can be controlled under the
+:ref:`framework.session configuration <config-framework-session>` in
+``config/packages/framework.yaml``.
 
 To get the session, add an argument and type-hint it with
 :class:`Symfony\\Component\\HttpFoundation\\Session\\SessionInterface`::
diff --git a/controller/upload_file.rst b/controller/upload_file.rst
@@ -255,6 +255,21 @@ logic to a separate service::
         }
     }
 
+.. tip::
+
+    In addition to the generic :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\FileException`
+    class there are other exception classes to handle failed file uploads:
+    :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\CannotWriteFileException`,
+    :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\ExtensionFileException`,
+    :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\FormSizeFileException`,
+    :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\IniSizeFileException`,
+    :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\NoFileException`,
+    :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\NoTmpDirFileException`,
+    and :class:`Symfony\\Component\\HttpFoundation\\File\\Exception\\PartialFileException`.
+
+    .. versionadded:: 4.1
+        The detailed exception classes were introduced in Symfony 4.1.
+
 Then, define a service for this class:
 
 .. configuration-block::
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -493,6 +493,15 @@ multiple firewalls, the "context" could actually be shared:
     ignored and you won't be able to authenticate on multiple firewalls at the
     same time.
 
+User Checkers
+-------------
+
+During the authentication of a user, additional checks might be required to
+verify if the identified user is allowed to log in. Each firewall can include
+a ``user_checker`` option to define the service used to perform those checks.
+
+Learn more about user checkers in :doc:`/security/user_checkers`.
+
 .. _`PBKDF2`: https://en.wikipedia.org/wiki/PBKDF2
 .. _`ircmaxell/password-compat`: https://packagist.org/packages/ircmaxell/password-compat
 .. _`libsodium`: https://pecl.php.net/package/libsodium
diff --git a/security.rst b/security.rst
@@ -17,9 +17,9 @@ security system step-by-step:
 
 #. :ref:`Create your User Class <create-user-class>`;
 
-#. :ref:`*Authentication* & Firewalls <security-yaml-firewalls>`;
+#. :ref:`Authentication & Firewalls <security-yaml-firewalls>`;
 
-#. :ref:`Denying access to your app (*authorization*) <security-authorization>`;
+#. :ref:`Denying access to your app (authorization) <security-authorization>`;
 
 #. :ref:`Fetching the current User object <retrieving-the-user-object>`.
 
@@ -175,7 +175,7 @@ create dummy database users:
 .. code-block:: terminal
 
     $ php bin/console make:fixtures
-    
+
     The class name of the fixtures to create (e.g. AppFixtures):
     > UserFixture
 
@@ -702,7 +702,7 @@ If you need to get the logged in user from a service, use the
     // ...
 
     use Symfony\\Component\\Security\\Core\\Security;
-    
+
     class ExampleService
     {
         private $security;
@@ -1001,7 +1001,7 @@ Authorization (Denying Access)
     security/securing_services
     security/access_control
     security/access_denied_handler
-    security/acl    
+    security/acl
     security/force_https
     security/security_checker
 
diff --git a/security/form_login_setup.rst b/security/form_login_setup.rst
@@ -13,7 +13,7 @@ class.
 Generating the Login Form
 -------------------------
 
-Creating a pwoerful login form is easy thanks to the ``make:auth`` command from
+Creating a powerful login form is easy thanks to the ``make:auth`` command from
 `MakerBundle`_. Depending on your setup, you may be asked different questions
 and your generated code may be slightly different:
 
@@ -223,7 +223,7 @@ When you submit the form, the ``LoginFormAuthenticator`` will intercept the requ
 read the email (or whatever field you're using) & password from the form, find the
 ``User`` object, validate the CSRF token and check the password.
 
-But, wepending on your setup, you'll need to finish one or more TODOs before the
+But, depending on your setup, you'll need to finish one or more TODOs before the
 whole process works. You will *at least* need to fill in *where* you want your user to
 be redirected after success:
 
diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
@@ -438,10 +438,8 @@ can ignore this. Here is an example of good and bad behavior::
 
     public function supports(Request $request)
     {
-        // GOOD behavior: only authenticate on a specific route
-        if ($request->attributes->get('_route') !== 'login_route' || !$request->isMethod('POST')) {
-            return true;
-        }
+        // GOOD behavior: only authenticate (i.e. return true) on a specific route
+        return 'login_route' === $request->attributes->get('_route') && $request->isMethod('POST');
 
         // e.g. your login system authenticates by the user's IP address
         // BAD behavior: So, you decide to *always* return true so that
diff --git a/security/multiple_guard_authenticators.rst b/security/multiple_guard_authenticators.rst
@@ -78,6 +78,9 @@ This is how your security configuration can look in action:
             ),
         ));
 
+If your authenticators need separate providers, you will need to create a 
+:doc:`chain of user providers </security/multiple_user_providers>`.
+
 There is one limitation with this approach - you have to use exactly one entry point.
 
 Multiple Authenticators with Separate Entry Points
