SecurityServiceProvider now registers a UserPasswordValidator if ValidatorServiceProvider is registered.

Registering a ValidatorServiceProvider can take a validator.validator_service_ids parameter which is now an associative array of aliases as keys and service names as values so that ConstraintValidatorFactory can lazy load the validators.

Removed Symfony\Component\Validator\ConstraintValidatorFactory altogether from ValidatorServiceProvider. Custom validators are now lazy loaded. removed obsolete test.

- Modifed Silex\Provider\ValidatorServiceProvider to accept an optional
  'validator.validator_service_ids' parameter wich allows users to register
  custom validators.
- Added test to verify that if users registered ValidatorServiceProvider
  using optional 'validator.validator_service_ids' parameter then the new
  Silex\ConstraintValidatorFactory will be used instead of the one provided
  in  Symfony.

This PR was merged into the master branch.

Commits
-------

94685096 Make reason of prenatal code visible.

Discussion
----------

Make reason of prenatal code visible.

Code is commented since ages, the reason is missing (because there is a reason).

See #594

This PR was merged into the master branch.

Commits
-------

48ec9b11 Make test ignore JSON semantics

Discussion
----------

Make test ignore JSON semantics

One fix for Symfony 2.2, related to #607 and symfony/symfony#5506

This PR was squashed before being merged into the master branch (closes #607).

Commits
-------

dc8ee5d8 [WIP] Make test suite run against symfony/* 2.2

Discussion
----------

[WIP] Make test suite run against symfony/* 2.2

There are still quite a few tests failing. Feel free to send PRs my way.

This PR was squashed before being merged into the master branch (closes #605).

Commits
-------

b6606a7c Updated HttpCacheServiceProvider documentation

Discussion
----------

Updated HttpCacheServiceProvider documentation

---------------------------------------------------------------------------

by igorw at 2013-01-23T12:38:25Z

👍

This PR was merged into the master branch.

Commits
-------

310d316d Make ValidatorServiceProvider work with both 2.1 and 2.2 of symfony/validator

Discussion
----------

Make ValidatorServiceProvider work with both 2.1 and 2.2 of symfony/validator

Closes #584, #585.

---------------------------------------------------------------------------

by davedevelopment at 2013-01-23T14:59:35Z

👍 Let's get this in

Closes #584, #585.

This PR was merged into the master branch.

Commits
-------

11fda10c Updated Application register and mount methods to return Application

Discussion
----------

Updated Application register and mount methods to return Application

---------------------------------------------------------------------------

by jeremyFreeAgent at 2013-01-21T17:43:08Z

Thanky @igorw, I've fixed that.

---------------------------------------------------------------------------

by igorw at 2013-01-21T17:44:15Z

I'm not opposed to this, but if we add it for `register` we should also do it for `mount` imo.

---------------------------------------------------------------------------

by jeremyFreeAgent at 2013-01-21T17:44:18Z

You were faster than @stof on that one!

---------------------------------------------------------------------------

by jeremyFreeAgent at 2013-01-21T17:48:03Z

Yes, for `mount` too... Do I add it ?

---------------------------------------------------------------------------

by igorw at 2013-01-21T18:49:33Z

You can add it as a separate commit. If we decide that it is not needed for `mount`, you can rebase that commit out ;-)

---------------------------------------------------------------------------

by jeremyFreeAgent at 2013-01-21T23:17:50Z

I've pushed it in the PR #604.

---------------------------------------------------------------------------

by jeremyFreeAgent at 2013-01-22T10:15:19Z

Is that better this way?

---------------------------------------------------------------------------

by igorw at 2013-01-22T14:09:29Z

I would have two tests in the ApplicationTest: `testRegisterShouldReturnSelf`, `testMountShouldReturnSelf`.

---------------------------------------------------------------------------

by jeremyFreeAgent at 2013-01-22T14:17:21Z

Done!

This PR was merged into the master branch.

Commits
-------

8e8b96ec Remove all "before 1.0" exceptions and services.

Discussion
----------

Remove all "before 1.0" exceptions and services.

All theese 1.0 exceptions have been deprecated for a long time. At least since composer started to be used and since it have become so widespread i think i is time to remove thoose.

---------------------------------------------------------------------------

by fabpot at 2013-01-21T09:54:36Z

👍

---------------------------------------------------------------------------

by Baachi at 2013-01-21T10:00:08Z

👍

---------------------------------------------------------------------------

by GromNaN at 2013-01-21T14:12:22Z

👍

---------------------------------------------------------------------------

by igorw at 2013-01-21T14:58:39Z

👍 It's been 7 months and removing these will not break anything.

Code is commented since ages, the reason is missing (because there is a reason).

This PR was merged into the master branch.

Commits
-------

61bbc748 Update doc/providers/serializer.rst

Discussion
----------

Update doc/providers/serializer.rst

fixed links

---------------------------------------------------------------------------

by igorw at 2013-01-20T00:48:17Z

👍 thanks

fixed links

This PR was merged into the master branch.

Commits
-------

d740c4e2 Sample user insert snippet.

Discussion
----------

Sample user insert snippet.

The execute_query command to insert users into a sample database doesn't work with postgres due to the use of database specific string escape quotes. Changed to use the doctrine insert command which is less DB specific and better illustrates the use of DBAL.

---------------------------------------------------------------------------

by stof at 2013-01-19T11:57:24Z

👍

The execute_query command to insert users into a sample database doesn't work with postgres due to the use of database specific string escape quotes. Changed to use the doctrine insert command which is less DB specific and better illustrates the use of DBAL.

This PR was merged into the master branch.

Commits
-------

e21b3803 Support 'security' and 'stateless' flags in security config

Discussion
----------

Support 'security' and 'stateless' flags in security config

`'security' => false` will disable the firewall (for a particular area) even if there are listeners configured.

`'stateless' => true` will prevent `ContextListener` from getting registered.

---------------------------------------------------------------------------

by davedevelopment at 2013-01-05T15:01:38Z

I'm not sure I understand what you'd use these flags for, perhaps some
documentation would be useful?
 On Jan 5, 2013 10:05 AM, "Chris Heng" <notifications@github.com> wrote:

> 'security' => false will disable the firewall even if there are listeners
> configured.
>
> 'stateless' => true will prevent ContextListener from getting registered.
> ------------------------------
> You can merge this Pull Request by running:
>
>   git pull https://github.com/gigablah/Silex security-flags
>
> Or view, comment on, or merge it at:
>
>   https://github.com/fabpot/Silex/pull/573
> Commit Summary
>
>    - Support 'security' and 'stateless' flags in security config
>
> File Changes
>
>    - *M* src/Silex/Provider/SecurityServiceProvider.php (10)
>
> Patch Links
>
>    - https://github.com/fabpot/Silex/pull/573.patch
>    - https://github.com/fabpot/Silex/pull/573.diff
>
>  —
> Reply to this email directly or view it on GitHub<https://github.com/fabpot/Silex/pull/573>.
>
>

---------------------------------------------------------------------------

by gigablah at 2013-01-05T15:30:13Z

These are the same flags you can use in Symfony2. I guess `'security' => false` by itself isn't too useful, but you could hypothetically do something like:

```php
$app->register(new SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'api' => array(
            'pattern' => '^/api',
            'stateless' => true,
            'security' => !$app['debug'],
            'oauth' => true
        )
    )
));
```

Which will (a) turn off oauth access token authentication when you're debugging (b) turn off read/write on the session during authentication, which isn't wanted since the oauth access token is sent for each request.

---------------------------------------------------------------------------

by davedevelopment at 2013-01-06T20:48:20Z

Sorry, I think I got confused by the security flag, I understand the stateless one.

---------------------------------------------------------------------------

by stof at 2013-01-06T21:13:04Z

The goal of the ``security`` flag is to create a firewall pattern without firewall. The only reason for this is to whitelist a pattern by placing it before another pattern without having to create a crazy regex

---------------------------------------------------------------------------

by fabpot at 2013-01-18T15:00:19Z

Can you also update the documentation about these two new settings? Thanks.

---------------------------------------------------------------------------

by gigablah at 2013-01-19T04:37:08Z

It's done. Added a section for Stateless Authentication, and a tip for the `security` flag.

This PR was merged into the master branch.

Commits
-------

ff75c9e0 Update doc/providers/security.rst

Discussion
----------

Update doc/providers/security.rst

Added closing bracket

This PR was merged into the master branch.

Commits
-------

5e0a609d Minor WS fixes in documentation

Discussion
----------

Minor WS fixes in documentation

Spaces at the end of line.

Added closing bracket

Spaces at the end of line.

This PR was merged into the master branch.

Commits
-------

eded6c78 Update doc/usage.rst

Discussion
----------

Update doc/usage.rst

I'm new to http methods other than GET and POST and spent a good few minutes searching google for "PUT DELETE"... So I thought I'd separate them somehow in the docs.

---------------------------------------------------------------------------

by davedevelopment at 2013-01-16T13:41:49Z

👍 might be better with a comma though?

---------------------------------------------------------------------------

by robincawser at 2013-01-16T13:53:08Z

Isn't the last item of a list usually separated with "or" or "and"?

---------------------------------------------------------------------------

by davedevelopment at 2013-01-16T14:01:25Z

Usually yes, not a big deal, but you never know, it might avoid people doing a google search for the "PUT or DELETE" HTTP method ;)

This PR was merged into the master branch.

Commits
-------

ae7daed9 Update doc/providers/security.rst

Discussion
----------

Take 2 on sorting out the parenthesis in the registration code snippet.

Take 2 on sorting out the parenthesis in the registration code snippet.

Take 2 on sorting out the parenthesis in the registration code snippet.

This PR was merged into the master branch.

Commits
-------

853a16a3 Fix route name in security service doc

Discussion
----------

Fix route name in security service doc

Fix a little bit confusing mistake in security doc.

I'm new to http methods other than GET and POST and spent a good few minutes searching google for PUT DELETE... So I thought I'd separate them somehow in the docs

This PR was merged into the master branch.

Commits
-------

661d632e Update doc/providers/security.rst

Discussion
----------

Update doc/providers/security.rst

Fixed spelling mistake

---------------------------------------------------------------------------

by igorw at 2013-01-15T13:26:30Z

👍

Fixed spelling mistake

This PR was merged into the master branch.

Commits
-------

d784eaeb [docs] Clarify wording of controllers-in-classes to create object

Discussion
----------

[docs] Clarify wording of controllers-in-classes to create object