The `icinga-php-legacy` library is the successor to the standalone
`icingaweb2-module-incubator` module. Modules such as director and
vspheredb that still declare `incubator` as a dependency should load
without a separate incubator installation once `icinga-php-legacy` is
present.
`Module::getRequiredLibraries` now maps an `incubator` module
requirement to an `icinga-php-legacy` library requirement when that
library is available, and `getRequiredModules` drops `incubator` from
the list so the dependency check does not fail. `Manager::loadModule`
skips calling `register()` for the incubator module under the same
condition, folding that guard into the existing `ipl`/`reactbundle`
exclusion to avoid a double-registration.
https://github.com/Icinga/icinga-php-legacy replaces
https://github.com/Icinga/icingaweb2-module-incubator.
Replace deprecated `PDO::MYSQL_*` constant usage with the driver-specific
`Pdo\Mysql::ATTR_*` constants introduced in PHP 8.4.
This prepares the code for PHP 8.5, where accessing MySQL driver constants
through the generic `PDO` class is deprecated.
This change requires a compatibility shim on older PHP versions to provide
`Pdo\Mysql` for runtimes that do not expose the driver-specific class yet. The
shim is provided in `ipl-sql`. As a consequence, the required version of the
Icinga PHP library has been raised.
Forward compatibility fix: `ipl\Html` will introduce strict types, which
declares `$name` as string. Passing `null` will result in a `TypeError` once
strict types are enforced.
PHP 8.4 has deprecated `session.sid_bits_per_character` along with
`session.sid_length`, as part of a broader effort to standardize session ID
generation for improved security and interoperability.
`ReflectionProperty::setAccessible()` has had no effect since PHP 8.1, as all
properties are accessible via reflection by default. The method is deprecated
as of PHP 8.5.
Since PHP 8.4 implicitly nullable parameter types are deprecated.
Normalize scoped PHPDoc for nullable-parameter updates: use `?Type` instead of
`Type|null`, remove column alignment, and indent continuation lines with 2
spaces.
Co-authored-by: "Eric Lippmann <eric.lippmann@icinga.com>"
"even if already authenticated in Icinga Web" already made one colleague
thinking `onLogin()` is called even during authentication from session.
Latter is not true and not desired by hook providers, e.g.
`icinga-notifications-web`.
Currently, as authenticated user, I can't even use
`/authentication/login`. It redirects me to the dashboard.
Introduces `LoginButtonHook`, a new hook for rendering additional buttons
below the login form. Extend this class to display custom buttons on the
Icinga Web login page — useful for alternative authentication flows such
as SSO. Register your implementation by calling
`YourLoginButtons::register()` during module initialization.
Replaced the unused `Zend_Config_Exception` with a more appropriate
`NotWritableError` in `IniWriter::write()`.
- The old `Zend_Config_Exception` was never caught anywhere in the
codebase.
- Changed to `NotWritableError` to better reflect file permission and
write issues.
- Added `@` suppression to the `file_put_contents()` call so that the
method can throw `NotWritableError` instead of crashing on PHP warnings.
This is preparation for a GitHub action to streamline tests, which
* expects the `phpunit.xml` configuration at the root level, and
* installs dependencies via `composer`.
Proof that the same number of tests are run after moving the
configuration file:
*
[main](https://github.com/Icinga/icingaweb2/actions/runs/18972121136/job/54182208796#step:6:243)
* [this
PR](https://github.com/Icinga/icingaweb2/actions/runs/19137281980/job/54692472598#step:6:243)
Rationale for introducing `composer`:
GitHub Actions for this repository and any other module that requires
Mockery must specify this dependency themselves. Module tests require
Icinga Web anyway, so all (development) dependencies and any changes to
them should be automatically applied instead of having to adjust each
individual module affected. If we eventually upload our library bundles
to Packagist as well, we could also specify them in `composer.json` once
instead of having to require them in every action.
in ApplicationBootstrap#setupErrorHandling(). In webrouter.php disable
them unconditionally (until ApplicationBootstrap#setupErrorHandling())
not to duplicate the check. ApplicationBootstrap#setupErrorHandling())
is called pretty early, so we won't miss much.
fixes#5117
* In addition, this provides #5269 and mitigates #5152 in production
where ICINGAWEB_ENVIRONMENT isn't set.
Trusted in this case means, it was Icinga Web that
rendered a link and the user followed it. Whether
a source is trustworthy or not is detected by use
of the user's session id to hash it combined with
the source similar to how CSRF tokens are assembled.
