Jáchym Toušek

@foxycode Actually the User class is problematic in quite a few use-cases so in advanced systems it's better to not use it at all. Rather than a PR it's better...

@foxycode It would become a new package separate from nette/security anyway (because of BC). In which case it doesn't matter if it is in nette namespace or not. Can't speak...

Related: http://forum.nette.org/cs/9574-jak-rozsirit-userstorage Also have a look at https://github.com/Majkl578/nette-identity-doctrine

Yeah. I know it's dirty. Better than nothing though. ;-)

@dg Any chance to get this solved for Nette 3.0?

@JanTvrdik What about the JSON decode DOS vulnerability? I didn't see anything that would solve it in your code (but I might have missed it of course).

Can you show an example of a test where you need this? I never needed anything like it, instead it would be really benefitial for my tests if Request would...

In my opinion you should just write a static helper method `cloneRequestWithUrl($request, $url)` outside of this class.

It gets even better when you use module-specific ErrorPresenters like I do. I'll try to send a PR with that later if this is merged.

@JanTvrdik You missed the purpose of this PR entirely. I'm not looking for ways to do what the PR does without changing Nette, I already know several ways to do...