Merge branch '3.4' into 4.1

* 3.4: (21 commits)
  Added the Code of Conduct file
  do not override custom access decision configs
  [Security] Do not deauthenticate user when the first refreshed user has changed
  invalidate stale commits for PRs too
  add missing cache prefix seed attribute to XSD
  fix command description
  Fix class documentation
  [Validator] Add a missing translation
  [FrameworkBundle] Fix 3.4 tests
  [DI] fix dumping inline services again
  Fix phpdocs
  [EventDispatcher] Remove template method in test case
  Added LB translation for #27993 (UUID validator message translation)
  Replace deprecated validateValue with validate
  [FWBundle] Automatically enable PropertyInfo when using Flex
  [Process] fix locking of pipe files on Windows
  Correct PHPDoc type for float ttl
  bumped Symfony version to 3.4.18
  updated VERSION for 3.4.17
  updated CHANGELOG for 3.4.17
  ...

Author: nicolas-grekas

DependencyInjection/MainConfiguration.php

@@ -58,9 +58,7 @@ public function getConfigTreeBuilder()
                     return false;
                 })
                 ->then(function ($v) {
-                    $v['access_decision_manager'] = array(
-                        'strategy' => AccessDecisionManager::STRATEGY_AFFIRMATIVE,
-                    );
+                    $v['access_decision_manager']['strategy'] = AccessDecisionManager::STRATEGY_AFFIRMATIVE;
 
                     return $v;
                 })

Tests/DependencyInjection/CompleteConfigurationTest.php

@@ -438,11 +438,22 @@ public function testCustomAccessDecisionManagerService()
 
     /**
      * @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
-     * @expectedExceptionMessage "strategy" and "service" cannot be used together.
+     * @expectedExceptionMessage Invalid configuration for path "security.access_decision_manager": "strategy" and "service" cannot be used together.
      */
     public function testAccessDecisionManagerServiceAndStrategyCannotBeUsedAtTheSameTime()
     {
-        $container = $this->getContainer('access_decision_manager_service_and_strategy');
+        $this->getContainer('access_decision_manager_service_and_strategy');
+    }
+
+    public function testAccessDecisionManagerOptionsAreNotOverriddenByImplicitStrategy()
+    {
+        $container = $this->getContainer('access_decision_manager_customized_config');
+
+        $accessDecisionManagerDefinition = $container->getDefinition('security.access.decision_manager');
+
+        $this->assertSame(AccessDecisionManager::STRATEGY_AFFIRMATIVE, $accessDecisionManagerDefinition->getArgument(1));
+        $this->assertTrue($accessDecisionManagerDefinition->getArgument(2));
+        $this->assertFalse($accessDecisionManagerDefinition->getArgument(3));
     }
 
     /**

Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php

@@ -0,0 +1,20 @@
+<?php
+
+$container->loadFromExtension('security', array(
+    'access_decision_manager' => array(
+        'allow_if_all_abstain' => true,
+        'allow_if_equal_granted_denied' => false,
+    ),
+    'providers' => array(
+        'default' => array(
+            'memory' => array(
+                'users' => array(
+                    'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
+                ),
+            ),
+        ),
+    ),
+    'firewalls' => array(
+        'simple' => array('pattern' => '/login', 'security' => false),
+    ),
+));

Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<srv:container xmlns="http://symfony.com/schema/dic/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:srv="http://symfony.com/schema/dic/services"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <config>
+        <access-decision-manager allow-if-all-abstain="true" allow-if-equal-granted-denied="false" />
+
+        <provider name="default">
+            <memory>
+                <user name="foo" password="foo" roles="ROLE_USER" />
+            </memory>
+        </provider>
+
+        <firewall name="simple" pattern="/login" security="false" />
+    </config>
+</srv:container>

Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml

@@ -0,0 +1,11 @@
+security:
+    access_decision_manager:
+        allow_if_all_abstain: true
+        allow_if_equal_granted_denied: false
+    providers:
+        default:
+            memory:
+                users:
+                    foo: { password: foo, roles: ROLE_USER }
+    firewalls:
+        simple: { pattern: /login, security: false }