- [BC break] The deprecated entity classes have been removed.
- The minimum requirement for Symfony has been bumped to 2.3 (older versions are already EOLed).
- [BC break]
UserInterface::isUser
has been removed as it was used only by the old validation logic removed a long time ago. - [BC break] The
FOSUserBundle:Security:login.html.twig
template now receives an AuthenticationException in theerror
variable rather than an error message. - [BC break] The templating engine configuration has been removed, as well as the related code.
- [BC break] Changed the XML namespace to
http://friendsofsymfony.github.io/schema/dic/user
- Updated many translations
- Changed the way to pass the email to the page asking to check the email to avoid issues with non-blocking sessions
- Changed the fos_user_security_check route to enforce POST
- Removed the deprecated UserManager and GroupManager classes for the different Doctrine implementations
- [BC break] Refactored the structure of controller to dispatch events instead of using form handlers
- Removed all form handlers
- [BC break] Changed Datetime properties of default User entity that were nullable to default to null when no value supplied
- [BC break] Updated schema.xml for Propel BaseUser class to allow nullable and typehint accordingly
This release fixes a security issue. You are encouraged to update as soon as possible.
BC break: The characters used in generated tokens have changed. They
now include dashes and underscores as well. Any routing requirement
matching them should be updated to [\w\-]+
.
- Fixed the TokenGenerator to preserve entropy.
- Fixed the compatibility with FrameworkBundle 2.5
- Fixed a few issues in translations
- Enforce the POST method for the login_check route
This releases prevents a potential DOS attack. You are encouraged to update as soon as possible.
- Added a max length validation on the password
- Changed the flash message handling to use the non-deprecated api
- Updated the composer constraint to allow Symfony 2.3
- Replaced the deprecated validation constraints by the new ones
- Added an error message when the repeated password is invalid
- Updated many translations
- Made the composer requirement compatible with Symfony 2.2.*
- Fixed the handling of the target url after the registration
- Refactored the Propel implementation to get rid of the UserProxy
- Changed the expectation for
FOS\UserBundle\Model\GroupableInterface#getGroups
toTraversable
- Moved the role constants to the UserInterface instead of the abstract User class
- Refactored the Doctrine implementations to use the same manager classes
- Removed the custom uniqueness validation in favor of the core constraints
- Added getRedirectionUrl method to ProfileController
- Added an extension point in the registration handler
- Moved the generation of the token to a dedicated class
- Added new user provider classes. They should be preferred over using the UserManager as UserProvider.
- Removed the custom password validation in favor of the Symfony 2.1 constraint
- Refactored the translation of form labels using the translation_domain option of Symfony 2.1
- Bumped the requirement to Symfony 2.1
This releases prevents a potential DOS attack. You are encouraged to update as soon as possible.
- Added a max length on the password field
- Fixed a Yaml parsing error in the Japanese translations
This release fixes another security issue. Please update to it as soon as possible.
- Fixes a security issue where the session could be hijacked
- Fixed the serialization of users to include the id
- Fixed a bug in the previous fix
This release fixes a security issue. You are encouraged to update to it as soon as possible.
- Fixed the user refreshing to check the identity by primary key instead of username
- Prefixed fos table names in propel schema with "fos_" to avoid using reserved sql words
- Added a fluent interface for the entities
- Added a mailer able to use twig blocks for the each part of the message
- Fixed the authentication in case of locked or disabled users. Github issue #464
- Add CSRF protection to the login form
- Added translations: bg, hr
- Updated translations
- Added translations for the validation errors and the login error
- Removed the user-level algorithm. Use FOSAdvancedEncoderBundle instead if you need such feature.
- Fixed resetting password clearing the token but not the token expiration. Github issue #501
- Renamed UsernameToUsernameTransformer to UserToUsernameTransformer and changed its service ID to
fos_user.user_to_username_transformer
.
- Added "custom" as valid driver
- Hide part of the email when requesting a password reset
- Changed the validation messages to translation keys
- Added the default validation group by default
- Fixed updating of changed fields in listener. Github issue #403
- Added support for Propel
- Added composer.json
- Made it possible to override the role constants in derived User class
- Updated translations: da, de, en, es, et, fr, hu, lb, nl, pl, pt_BR, pt_PT, ru
- Added translations: ca, cs, it, ja, ro, sk, sl, sv
- Changed the instanceof check for refreshUser to class instead of interface to allow multiple firewalls and correct use of UnsupportedUserException
- Added an extension point in the form handlers. Closes #291
- Rewrote the documentation entirely
- Initial release