Merge branch '1.1.x' into temp-46a4ed

.gitattributes

@@ -12,4 +12,9 @@
 /phpstan.neon export-ignore
 /phpstan-baseline.neon export-ignore
 /phpunit.xml.dist export-ignore
-/rector export-ignore
+/rector.php export-ignore
+/bin export-ignore
+/babel.config.js export-ignore
+/jest.config.js export-ignore
+/rollup.config.js export-ignore
+/tsconfig.json export-ignore

.github/workflows/exported_files.yml

@@ -0,0 +1,18 @@
+name: Exported files
+
+on: [push]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: "actions/checkout@v4"
+
+      - name: "Check exported files"
+        run: |
+          EXPECTED="LICENSE,README.md,RELEASES.md,SECURITY.md,composer.json,package.json"
+          CURRENT="$(git archive HEAD | tar --list --exclude="assets" --exclude="assets/*" --exclude="src" --exclude="src/*" | paste -s -d ",")"
+          echo "CURRENT =${CURRENT}"
+          echo "EXPECTED=${EXPECTED}"
+          test "${CURRENT}" == "${EXPECTED}"

.gitignore

@@ -1,3 +1,8 @@
-/vendor/
+.phpunit.result.cache
+*.cache
+*.log
+node_modules
+package-lock.json
 /composer.lock
-/.phpunit.cache
+/vendor
+/.phpunit.cache/

CODE_OF_CONDUCT.md

@@ -8,19 +8,19 @@ In the interest of fostering an open and welcoming environment, we as contributo
 
 Examples of behavior that contributes to creating a positive environment include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+-   Using welcoming and inclusive language
+-   Being respectful of differing viewpoints and experiences
+-   Gracefully accepting constructive criticism
+-   Focusing on what is best for the community
+-   Showing empathy towards other community members
 
 Examples of unacceptable behavior by participants include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
+-   The use of sexualized language or imagery and unwelcome sexual attention or advances
+-   Trolling, insulting/derogatory comments, and personal or political attacks
+-   Public or private harassment
+-   Publishing others' private information, such as a physical or electronic address, without explicit permission
+-   Other conduct which could reasonably be considered inappropriate in a professional setting
 
 ## Our Responsibilities
 

README.md

@@ -1,5 +1,4 @@
-Progressive Web App for Symfony
-===============================
+# Progressive Web App for Symfony
 
 ![Build Status](https://github.com/Spomky-Labs/pwa-bundle/workflows/Coding%20Standards/badge.svg)
 ![Build Status](https://github.com/Spomky-Labs/pwa-bundle/workflows/Static%20Analyze/badge.svg)
@@ -24,7 +23,7 @@ Please have a look at the [Web app manifests](https://developer.mozilla.org/en-U
 
 # Installation
 
-Install the bundle with Composer: 
+Install the bundle with Composer:
 
 ```bash
 composer require spomky-labs/pwa-bundle
@@ -42,9 +41,9 @@ I bring solutions to your problems and answer your questions.
 
 If you really love that project and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of :beers: or more!
 
-* [Become a sponsor](https://github.com/sponsors/Spomky)
-* [Become a Patreon](https://www.patreon.com/FlorentMorselli)
-* [Buy me a coffee](https://www.buymeacoffee.com/FlorentMorselli)
+-   [Become a sponsor](https://github.com/sponsors/Spomky)
+-   [Become a Patreon](https://www.patreon.com/FlorentMorselli)
+-   [Buy me a coffee](https://www.buymeacoffee.com/FlorentMorselli)
 
 # Contributing
 
@@ -58,7 +57,7 @@ Please make sure to [follow these best practices](.github/CONTRIBUTING.md).
 # Security Issues
 
 If you discover a security vulnerability within the project, please **don't use the bug tracker and don't publish it publicly**.
-Instead, all security issues must be sent to security [at] spomky-labs.com. 
+Instead, all security issues must be sent to security [at] spomky-labs.com.
 
 # Licence
 

RELEASES.md

@@ -0,0 +1,8 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+| < 1.0.x | :x:                |

SECURITY.md

@@ -1,13 +1,74 @@
-# Security Policy
+# Security Release Process
+
+Spomky-Labs is devoted in providing the best experience for all developers.
+We has adopted this security disclosure and response policy to ensure we responsibly handle critical issues.
 
 ## Supported Versions
 
-| Version | Supported          |
-|---------|--------------------|
-| 1.0.x   | :white_check_mark: |
-| < 1.0.x | :x:                |
+This project maintains release branches for the three most recent minor releases.
+Applicable fixes, including security fixes, may be backported to those three release branches, depending on severity and feasibility. Please refer to [RELEASES.md](RELEASES.md) for details.
+
+## Reporting a Vulnerability - Private Disclosure Process
+
+Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported privately, to minimize attacks against current users before they are fixed.
+Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible.
+This information could be kept entirely internal to the project.
+
+If you know of a publicly disclosed security vulnerability, please **IMMEDIATELY** contact [email protected] to inform the Security Team.
+
+**IMPORTANT: Do not file public issues on GitHub for security vulnerabilities**
+
+To report a vulnerability or a security-related issue, please email the private address [email protected] with the details of the vulnerability.
+The email will be fielded by the Security Team, which is made up of the maintainers and main contributors who have committer and release permissions.
+Do not report non-security-impacting bugs through this channel. Use [GitHub issues](https://github.com/spomky-labs/phpwa/issues/new/choose) instead.
+
+Emails can be encrypted if you wish to share the vulnerability details securely.
+The Security Team's PGP is key is available on the [PGP keyservers](https://keys.openpgp.org/search?q=security%40spomky-labs.com).
+
+### Proposed Email Content
+
+Provide a descriptive subject line and in the body of the email include the following information:
+
+-   Basic identity information, such as your name and your affiliation or company.
+-   Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us).
+-   Description of the effects of the vulnerability and the related hardware and software configurations, so that the Security Team can reproduce it.
+-   How the vulnerability affects Webauthn Framework usage and an estimation of the attack surface, if there is one.
+-   List other projects or dependencies that were used to produce the vulnerability.
+
+## When to report a vulnerability
+
+-   When you think a potential security vulnerability exists.
+-   When you suspect a potential vulnerability, but you are unsure its impact.
+-   When you know of or suspect a potential vulnerability on another dependent project.
+
+## Patch, Release, and Disclosure
+
+The Security Team will respond to vulnerability reports as follows:
+
+1.  The Security Team will investigate the vulnerability and determine its effects and criticality.
+2.  If the issue is not deemed to be a vulnerability, the Security Team will follow up with a detailed reason for rejection.
+3.  The Security Team will initiate a conversation with the reporter as soon as possible.
+4.  If a vulnerability is acknowledged and the timeline for a fix is determined, the Security Team will work on a plan to communicate with the appropriate community, including identifying mitigating steps that affected users can take to protect themselves until the fix is rolled out.
+5.  The Security Team will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix.
+6.  A public disclosure date is negotiated by the Security Team and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation or patch is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for distributor coordination. The timeframe for disclosure is from immediate (especially if it’s already publicly known) to a few weeks. For a critical vulnerability with a straightforward mitigation, we expect report date to public disclosure date to be on the order of 14 business days. The Security Team holds the final say when setting a public disclosure date.
+7.  Once the fix is confirmed, the Security Team will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases. Upon release of the patched version, we will follow the **Public Disclosure Process**.
+
+### Public Disclosure Process
+
+The Security Team publishes a public [advisory](https://github.com/spomky-labs/phpwa/security/advisories) to the community via GitHub. In most cases, additional communication via Twitter, blog and other channels will assist in educating users and rolling out the patched release to affected users.
+
+The Security Team will also publish any mitigating steps users can take until the fix can be applied to their instances. Distributors will handle creating and publishing their own security advisories.
+
+## Mailing lists
+
+-   Use [email protected] to report security concerns to the Security Team, who uses the list to privately discuss security issues and fixes prior to disclosure.
+
+## Early Disclosure to Distributors List
+
+This private list is intended to be used primarily to provide actionable information to multiple distributor projects at once. This list is not intended to inform individuals about security issues.
 
-## Reporting a Vulnerability
+## Confidentiality, integrity and availability
 
-If you discover a security vulnerability within the project, please **don't use the bug tracker and don't publish it publicly**.
-Instead, all security issues must be sent to security [at] spomky-labs.com. 
+We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns.
+Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern.
+The Security Team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner.

assets/dist/controller.d.ts

@@ -0,0 +1,21 @@
+import { Controller } from '@hotwired/stimulus';
+export default class extends Controller {
+    static targets: string[];
+    static values: {
+        onlineMessage: {
+            type: StringConstructor;
+            default: string;
+        };
+        offlineMessage: {
+            type: StringConstructor;
+            default: string;
+        };
+    };
+    readonly onlineMessageValue: string;
+    readonly offlineMessageValue: string;
+    readonly attributeTargets: HTMLElement[];
+    readonly messageTargets: HTMLElement[];
+    connect(): void;
+    dispatchEvent(name: any, payload: any): void;
+    statusChanged(data: any): void;
+}

assets/dist/controller.js

@@ -0,0 +1,55 @@
+import { Controller } from '@hotwired/stimulus';
+
+var Status;
+(function (Status) {
+    Status["OFFLINE"] = "OFFLINE";
+    Status["ONLINE"] = "ONLINE";
+})(Status || (Status = {}));
+class default_1 extends Controller {
+    connect() {
+        this.dispatchEvent('connect', {});
+        if (navigator.onLine) {
+            this.statusChanged({
+                status: Status.ONLINE,
+                message: this.onlineMessageValue,
+            });
+        }
+        else {
+            this.statusChanged({
+                status: Status.OFFLINE,
+                message: this.offlineMessageValue,
+            });
+        }
+        window.addEventListener("offline", () => {
+            this.statusChanged({
+                status: Status.OFFLINE,
+                message: this.offlineMessageValue,
+            });
+        });
+        window.addEventListener("online", () => {
+            this.statusChanged({
+                status: Status.ONLINE,
+                message: this.onlineMessageValue,
+            });
+        });
+    }
+    dispatchEvent(name, payload) {
+        this.dispatch(name, { detail: payload, prefix: 'connection-status' });
+    }
+    statusChanged(data) {
+        this.messageTargets.forEach((element) => {
+            element.innerHTML = data.message;
+        });
+        this.attributeTargets.forEach((element) => {
+            element.setAttribute('data-connection-status', data.status);
+        });
+        this.dispatchEvent('status-changed', { detail: data });
+    }
+}
+default_1.targets = ['message', 'attribute'];
+default_1.values = {
+    onlineMessage: { type: String, default: 'You are online.' },
+    offlineMessage: { type: String, default: 'You are offline.' },
+};
+
+export { default_1 as default };

assets/jest.config.js

@@ -0,0 +1 @@
+module.exports = require('../jest.config.js');

assets/package.json

@@ -0,0 +1,28 @@
+{
+    "name": "@pwa/connection-status",
+    "description": "PWA for Symfony",
+    "license": "MIT",
+    "version": "1.0.0",
+    "main": "dist/controller.js",
+    "types": "dist/controller.d.ts",
+    "symfony": {
+        "controllers": {
+            "connection-status": {
+                "main": "dist/controller.js",
+                "name": "pwa/connection-status",
+                "webpackMode": "eager",
+                "fetch": "eager",
+                "enabled": true
+            }
+        },
+        "importmap": {
+            "@hotwired/stimulus": "^3.0.0"
+        }
+    },
+    "peerDependencies": {
+        "@hotwired/stimulus": "^3.0.0"
+    },
+    "devDependencies": {
+        "@hotwired/stimulus": "^3.0.0"
+    }
+}

assets/src/controller.ts

@@ -0,0 +1,61 @@
+'use strict';
+
+import { Controller } from '@hotwired/stimulus';
+
+enum Status {
+    OFFLINE = 'OFFLINE',
+    ONLINE = 'ONLINE',
+}
+export default class extends Controller {
+    static targets = ['message', 'attribute'];
+    static values = {
+        onlineMessage: { type: String, default: 'You are online.' },
+        offlineMessage: { type: String, default: 'You are offline.' },
+    };
+
+    declare readonly onlineMessageValue: string;
+    declare readonly offlineMessageValue: string;
+    declare readonly attributeTargets: HTMLElement[];
+    declare readonly messageTargets: HTMLElement[];
+
+    connect() {
+        this.dispatchEvent('connect', {});
+        if (navigator.onLine) {
+            this.statusChanged({
+                status: Status.ONLINE,
+                message: this.onlineMessageValue,
+            });
+        } else {
+            this.statusChanged({
+                status: Status.OFFLINE,
+                message: this.offlineMessageValue,
+            });
+        }
+
+        window.addEventListener('offline', () => {
+            this.statusChanged({
+                status: Status.OFFLINE,
+                message: this.offlineMessageValue,
+            });
+        });
+        window.addEventListener('online', () => {
+            this.statusChanged({
+                status: Status.ONLINE,
+                message: this.onlineMessageValue,
+            });
+        });
+    }
+    dispatchEvent(name, payload) {
+        this.dispatch(name, { detail: payload, prefix: 'connection-status' });
+    }
+
+    statusChanged(data) {
+        this.messageTargets.forEach((element) => {
+            element.innerHTML = data.message;
+        });
+        this.attributeTargets.forEach((element) => {
+            element.setAttribute('data-connection-status', data.status);
+        });
+        this.dispatchEvent('status-changed', { detail: data });
+    }
+}