So that authentication can suspend it. There are cases,
e.g. cube, where authentication is required in run.php.
During bootstrapping loading modules is mostly required
to load libraries, register routes and hooks. Most of the
time authentication is not required for these, but if
it is, evaluation is now interrupted and continued
after authentication has actually been performed.
I don't see a real risk for any breaking change here,
since authentication happens shortly after. It actually
avoids a breaking change, since without this, cube's
Icinga DB support would break or at least malfunction.
And cube is only a single example.
refs #5265
Since authentication is now performed even for static
resources, there's no reason anymore to support implicit
authentication. This also limits authentication attempts
to a single one, previously failed attempts were repeated.
Requiring authentication during bootstrapping, i.e. before
authentication has been performed, will now trigger a
deprecation notice.
refs #5265
It is nowadays no exception that stylesheet may be dependent
on who's using the app. So to avoid race conditions like
in #5385 authentication is an explicit step during bootstrap
now.
fixes#5385
Providing a user or user group backend in configuration.php
now has no effect anymore. They are expected to be announced
in run.php, just like hooks. A warning appears in the log
for cases where a configuration.php still attempts it. Should
help with troubleshooting since it will appear after an error
that a specific backend has not been found.
refs #5265
in ApplicationBootstrap#setupErrorHandling(). In webrouter.php disable
them unconditionally (until ApplicationBootstrap#setupErrorHandling())
not to duplicate the check. ApplicationBootstrap#setupErrorHandling())
is called pretty early, so we won't miss much.
fixes#5117
* In addition, this provides #5269 and mitigates #5152 in production
where ICINGAWEB_ENVIRONMENT isn't set.
Trusted in this case means, it was Icinga Web that
rendered a link and the user followed it. Whether
a source is trustworthy or not is detected by use
of the user's session id to hash it combined with
the source similar to how CSRF tokens are assembled.
- Replaced the gradient mixin with a simple color
for odd rows. This fixes and markdown table rows
in light mode and - since there are very gradients
in general - it makes the overall look more uniform.
See https://github.com/Icinga/icingaweb2/issues/5320
