Merge remote-tracking branch 'upstream/7.0' into 7.0

* upstream/7.0:
  Fix table length
  -
  -
  Rename Service name
  Remove obsolete versionadded directive
  [Form] Document using TranslatableMessage in form Fields
  [#19122] Reword
  -
  -
  [Workflow] feature symfony#50604 metadata dumping
  [Bundle] add tip for marking internal services as hidden
  [DependencyInjection] Mention `exclude_self`
  minor
  Update serverVersion for MariaDB
  Update console.rst
  Fix custom form type docs.
  [Security] Migrate to ConfigBuilder format for 6.3+
  [SecurityBundle] Improve support for authenticators that don't need a user provider

Author: javiereguiluz

_images/components/workflow/blogpost_metadata.png

@@ -476,6 +476,13 @@ can be used for autowiring.
 Services should not use autowiring or autoconfiguration. Instead, all services should
 be defined explicitly.
 
+.. tip::
+
+    If there is no intention for the service id to be used by the end user, you can
+    mark it as *hidden* by prefixing it with a dot (e.g. ``.acme_blog.logger``).
+    This prevents the service from being listed in the default ``debug:container``
+    command output.
+
 .. seealso::
 
     You can learn much more about service loading in bundles reading this article:

bundles/best_practices.rst

@@ -489,8 +489,8 @@ console::
     {
         public function testExecute(): void
         {
-            $kernel = self::bootKernel();
-            $application = new Application($kernel);
+            self::bootKernel();
+            $application = new Application(self::$kernel);
 
             $command = $application->find('app:create-user');
             $commandTester = new CommandTester($command);

console.rst

@@ -44,7 +44,10 @@ The database connection information is stored as an environment variable called
     DATABASE_URL="mysql://db_user:[email protected]:3306/db_name?serverVersion=5.7"
 
     # to use mariadb:
-    DATABASE_URL="mysql://db_user:[email protected]:3306/db_name?serverVersion=mariadb-10.5.8"
+    # Before doctrine/dbal < 3.7
+    # DATABASE_URL="mysql://db_user:[email protected]:3306/db_name?serverVersion=mariadb-10.5.8"
+    # Since doctrine/dbal 3.7
+    # DATABASE_URL="mysql://db_user:[email protected]:3306/db_name?serverVersion=10.5.8-MariaDB"
 
     # to use sqlite:
     # DATABASE_URL="sqlite:///%kernel.project_dir%/var/app.db"

doctrine.rst

@@ -363,9 +363,8 @@ fragments used to render the types:
 
     {# ... here you will add the Twig code ... #}
 
-Then, update the :ref:`form_themes option <reference-twig-tag-form-theme>` to
-add this new template at the beginning of the list (the first one overrides the
-rest of files):
+Then, update the :ref:`form_themes option <config-twig-form-themes>` to
+add this new template at the end of the list (each theme overrides all the previous ones):
 
 .. configuration-block::
 
@@ -374,8 +373,8 @@ rest of files):
         # config/packages/twig.yaml
         twig:
             form_themes:
-                - 'form/custom_types.html.twig'
                 - '...'
+                - 'form/custom_types.html.twig'
 
     .. code-block:: xml
 
@@ -390,8 +389,8 @@ rest of files):
                 https://symfony.com/schema/dic/twig/twig-1.0.xsd">
 
             <twig:config>
-                <twig:form-theme>form/custom_types.html.twig</twig:form-theme>
                 <twig:form-theme>...</twig:form-theme>
+                <twig:form-theme>form/custom_types.html.twig</twig:form-theme>
             </twig:config>
         </container>
 
@@ -402,8 +401,8 @@ rest of files):
 
         return static function (TwigConfig $twig): void {
             $twig->formThemes([
-                'form/custom_types.html.twig',
                 '...',
+                'form/custom_types.html.twig',
             ]);
         };
 

form/create_custom_field_type.rst

@@ -99,17 +99,17 @@ Using a 3rd Party Transport
 Instead of using your own SMTP server or sendmail binary, you can send emails
 via a third-party provider:
 
-===================== ==============================================
+===================== ===============================================
 Service               Install with
-===================== ==============================================
+===================== ===============================================
 `Amazon SES`_         ``composer require symfony/amazon-mailer``
 `Brevo`_              ``composer require symfony/brevo-mailer``
 `Infobip`_            ``composer require symfony/infobip-mailer``
-`Mailchimp Mandrill`_ ``composer require symfony/mailchimp-mailer``
 `Mailgun`_            ``composer require symfony/mailgun-mailer``
 `Mailjet`_            ``composer require symfony/mailjet-mailer``
 `MailPace`_           ``composer require symfony/mail-pace-mailer``
 `MailerSend`_         ``composer require symfony/mailer-send-mailer``
+`Mandrill`_           ``composer require symfony/mailchimp-mailer``
 `Postmark`_           ``composer require symfony/postmark-mailer``
 `Scaleway`_           ``composer require symfony/scaleway-mailer``
 `SendGrid`_           ``composer require symfony/sendgrid-mailer``
@@ -1826,8 +1826,8 @@ the :class:`Symfony\\Bundle\\FrameworkBundle\\Test\\MailerAssertionsTrait`::
 .. _`Inky`: https://get.foundation/emails/docs/inky.html
 .. _`league/html-to-markdown`: https://github.com/thephpleague/html-to-markdown
 .. _`load balancing`: https://en.wikipedia.org/wiki/Load_balancing_(computing)
-.. _`Mailchimp Mandrill`: https://github.com/symfony/symfony/blob/{version}/src/Symfony/Component/Mailer/Bridge/Mailchimp/README.md
 .. _`MailerSend`: https://github.com/symfony/symfony/blob/{version}/src/Symfony/Component/Mailer/Bridge/MailerSend/README.md
+.. _`Mandrill`: https://github.com/symfony/symfony/blob/{version}/src/Symfony/Component/Mailer/Bridge/Mailchimp/README.md
 .. _`Mailgun`: https://github.com/symfony/symfony/blob/{version}/src/Symfony/Component/Mailer/Bridge/Mailgun/README.md
 .. _`Mailjet`: https://github.com/symfony/symfony/blob/{version}/src/Symfony/Component/Mailer/Bridge/Mailjet/README.md
 .. _`Markdown syntax`: https://commonmark.org/

mailer.rst

@@ -348,7 +348,7 @@ the :class:`Symfony\\Component\\RateLimiter\\Reservation` object returned by the
             $limit = $limiter->consume();
             $headers = [
                 'X-RateLimit-Remaining' => $limit->getRemainingTokens(),
-                'X-RateLimit-Retry-After' => $limit->calculateTimeForTokens(1, 1),
+                'X-RateLimit-Retry-After' => $limit->getRetryAfter()->getTimestamp() - time(),
                 'X-RateLimit-Limit' => $limit->getLimit(),
             ];
 

rate_limiter.rst

@@ -479,25 +479,21 @@ user logs out::
     .. code-block:: php
 
         // config/packages/security.php
-        $container->loadFromExtension('security', [
+
+        // ...
+
+        return static function (SecurityConfig $securityConfig): void {
             // ...
-            'firewalls' => [
-                'main' => [
-                    'logout' => [
-                        'delete_cookies' => [
-                            'cookie1-name' => null,
-                            'cookie2-name' => [
-                                'path' => '/',
-                            ],
-                            'cookie3-name' => [
-                                'path' => null,
-                                'domain' => 'example.com',
-                            ],
-                        ],
-                    ],
-                ],
-            ],
-        ]);
+
+            $securityConfig->firewall('main')
+                ->logout()
+                    ->deleteCookie('cookie1-name')
+                    ->deleteCookie('cookie2-name')
+                        ->path('/')
+                    ->deleteCookie('cookie3-name')
+                        ->path(null)
+                        ->domain('example.com');
+        };
 
 
 clear_site_data
@@ -554,19 +550,16 @@ It's also possible to use ``*`` as a wildcard for all directives:
     .. code-block:: php
 
         // config/packages/security.php
-        $container->loadFromExtension('security', [
+
+        // ...
+
+        return static function (SecurityConfig $securityConfig): void {
             // ...
-            'firewalls' => [
-                'main' => [
-                    'logout' => [
-                        'clear-site-data' => [
-                            'cookies',
-                            'storage',
-                        ],
-                    ],
-                ],
-            ],
-        ]);
+
+            $securityConfig->firewall('main')
+                ->logout()
+                    ->clearSiteData(['cookies', 'storage']);
+        };
 
 invalidate_session
 ..................
@@ -1020,6 +1013,8 @@ multiple firewalls, the "context" could actually be shared:
     ignored and you won't be able to authenticate on multiple firewalls at the
     same time.
 
+.. _reference-security-stateless:
+
 stateless
 ~~~~~~~~~
 

reference/configuration/security.rst

@@ -1,7 +1,7 @@
 ``label``
 ~~~~~~~~~
 
-**type**: ``string`` **default**: The label is "guessed" from the field name
+**type**: ``string`` or ``TranslatableMessage`` **default**: The label is "guessed" from the field name
 
 Sets the label that will be displayed on the button. The label can also
 be directly set inside the template:

reference/forms/types/options/button_label.rst.inc

@@ -1,7 +1,7 @@
 ``placeholder``
 ~~~~~~~~~~~~~~~
 
-**type**: ``string`` or ``boolean``
+**type**: ``string`` or ``TranslatableMessage`` or ``boolean``
 
 This option determines whether or not a special "empty" option (e.g. "Choose
 an option") will appear at the top of a select widget. This option only
@@ -14,6 +14,9 @@ applies if the ``multiple`` option is set to false.
 
     $builder->add('states', ChoiceType::class, [
         'placeholder' => 'Choose an option',
+
+        // or if you want to translate the text
+        'placeholder' => new TranslatableMessage('form.placeholder.select_option', [], 'form'),
     ]);
 
 * Guarantee that no "empty" value option is displayed::

reference/forms/types/options/placeholder.rst.inc

@@ -697,6 +697,36 @@ create your own User from the claims, you must
         }
     }
 
+Creating Users from Token
+-------------------------
+
+Some types of tokens (for instance OIDC) contain all information required
+to create a user entity (e.g. username and roles). In this case, you don't
+need a user provider to create a user from the database::
+
+    // src/Security/AccessTokenHandler.php
+    namespace App\Security;
+
+    // ...
+    class AccessTokenHandler implements AccessTokenHandlerInterface
+    {
+        // ...
+
+        public function getUserBadgeFrom(string $accessToken): UserBadge
+        {
+            // get the data from the token
+            $payload = ...;
+
+            return new UserBadge(
+                $payload->getUserId(),
+                fn (string $userIdentifier) => new User($userIdentifier, $payload->getRoles())
+            );
+        }
+    }
+
+When using this strategy, you can omit the ``user_provider`` configuration
+for :ref:`stateless firewalls <reference-security-stateless>`.
+
 .. _`JSON Web Tokens (JWT)`: https://datatracker.ietf.org/doc/html/rfc7519
 .. _`SAML2 (XML structures)`: https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html
 .. _`RFC6750`: https://datatracker.ietf.org/doc/html/rfc6750

security/access_token.rst

@@ -838,10 +838,88 @@ iterator, add the ``exclude`` option:
             ;
         };
 
-.. note::
+In the case the referencing service is itself tagged with the tag being used in the tagged
+iterator, it is automatically excluded from the injected iterable. This behavior can be
+disabled by setting the ``exclude_self`` option to ``false``:
+
+.. configuration-block::
+
+    .. code-block:: php-attributes
+
+        // src/HandlerCollection.php
+        namespace App;
+
+        use Symfony\Component\DependencyInjection\Attribute\TaggedIterator;
+
+        class HandlerCollection
+        {
+            public function __construct(
+                #[TaggedIterator('app.handler', exclude: ['App\Handler\Three'], excludeSelf: false)]
+                iterable $handlers
+            ) {
+            }
+        }
+
+    .. code-block:: yaml
+
+        # config/services.yaml
+        services:
+            # ...
 
-    In the case the referencing service is itself tagged with the tag being used in the tagged
-    iterator, it is automatically excluded from the injected iterable.
+            # This is the service we want to exclude, even if the 'app.handler' tag is attached
+            App\Handler\Three:
+                tags: ['app.handler']
+
+            App\HandlerCollection:
+                arguments:
+                    - !tagged_iterator { tag: app.handler, exclude: ['App\Handler\Three'], exclude_self: false }
+
+    .. code-block:: xml
+
+        <!-- config/services.xml -->
+        <?xml version="1.0" encoding="UTF-8" ?>
+        <container xmlns="http://symfony.com/schema/dic/services"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:schemaLocation="http://symfony.com/schema/dic/services
+                https://symfony.com/schema/dic/services/services-1.0.xsd">
+
+            <services>
+                <!-- ... -->
+
+                <!-- This is the service we want to exclude, even if the 'app.handler' tag is attached -->
+                <service id="App\Handler\Three">
+                    <tag name="app.handler"/>
+                </service>
+
+                <service id="App\HandlerCollection">
+                    <!-- inject all services tagged with app.handler as first argument -->
+                    <argument type="tagged_iterator" tag="app.handler" exclude-self="false">
+                        <exclude>App\Handler\Three</exclude>
+                    </argument>
+                </service>
+            </services>
+        </container>
+
+    .. code-block:: php
+
+        // config/services.php
+        namespace Symfony\Component\DependencyInjection\Loader\Configurator;
+
+        return function(ContainerConfigurator $containerConfigurator) {
+            $services = $containerConfigurator->services();
+
+            // ...
+
+            // This is the service we want to exclude, even if the 'app.handler' tag is attached
+            $services->set(App\Handler\Three::class)
+                ->tag('app.handler')
+            ;
+
+            $services->set(App\HandlerCollection::class)
+                // inject all services tagged with app.handler as first argument
+                ->args([tagged_iterator('app.handler', exclude: [App\Handler\Three::class], excludeSelf: false)])
+            ;
+        };
 
 .. seealso::
 

service_container/tags.rst

@@ -65,6 +65,21 @@ files and ``PlantUmlDumper`` to create the PlantUML files::
 Styling
 -------
 
+You can use ``--with-metadata`` option in the ``workflow:dump`` command to include places, transitions and
+workflow's metadata.
+
+The DOT image will look like this :
+
+.. image:: /_images/components/workflow/blogpost_metadata.png
+
+.. note::
+
+    The ``--with-metadata`` option only works for the DOT dumper for now.
+
+.. note::
+
+    The ``label`` metadata is not included in the dumped metadata, because it is used as a place's title.
+
 You can use ``metadata`` with the following keys to style the workflow:
 
 * for places: