Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f76f4ed

Browse filesBrowse files
derrabusderrabus
committed
feature #42142 [Security] Remove CSRF deprecations (derrabus)
This PR was squashed before being merged into the 6.0 branch. Discussion ---------- [Security] Remove CSRF deprecations | Q | A | ------------- | --- | Branch? | 6.0 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A Commits ------- 5524da2 [Security] Remove CSRF deprecations
2 parents 52b9102 + 5524da2 commit f76f4ed
Copy full SHA for f76f4ed

File tree

3 files changed

+12
-74
lines changed
Filter options

3 files changed

+12
-74
lines changed

‎src/Symfony/Component/Security/Csrf/CHANGELOG.md

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Csrf/CHANGELOG.md
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
CHANGELOG
22
=========
33

4+
6.0
5+
---
6+
7+
* Remove the `SessionInterface $session` constructor argument of `SessionTokenStorage`, inject a `\Symfony\Component\HttpFoundation\RequestStack $requestStack` instead
8+
* Using `SessionTokenStorage` outside a request context throws a `SessionNotFoundException`
9+
410
5.3
511
---
612

‎src/Symfony/Component/Security/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php
-49Lines changed: 0 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
namespace Symfony\Component\Security\Csrf\Tests\TokenStorage;
1313

1414
use PHPUnit\Framework\TestCase;
15-
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1615
use Symfony\Component\HttpFoundation\Request;
1716
use Symfony\Component\HttpFoundation\RequestStack;
1817
use Symfony\Component\HttpFoundation\Session\Session;
@@ -25,8 +24,6 @@
2524
*/
2625
class SessionTokenStorageTest extends TestCase
2726
{
28-
use ExpectDeprecationTrait;
29-
3027
private const SESSION_NAMESPACE = 'foobar';
3128

3229
/**
@@ -162,50 +159,4 @@ public function testClearDoesNotRemoveNonNamespacedSessionValues()
162159
$this->assertTrue($this->session->has('foo'));
163160
$this->assertSame('baz', $this->session->get('foo'));
164161
}
165-
166-
/**
167-
* @group legacy
168-
*/
169-
public function testMockSessionIsCreatedWhenMissing()
170-
{
171-
$this->expectDeprecation('Since symfony/security-csrf 5.3: Using the "Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage" without a session has no effect and is deprecated. It will throw a "Symfony\Component\HttpFoundation\Exception\SessionNotFoundException" in Symfony 6.0');
172-
173-
$this->storage->setToken('token_id', 'TOKEN');
174-
175-
$requestStack = new RequestStack();
176-
$storage = new SessionTokenStorage($requestStack, self::SESSION_NAMESPACE);
177-
178-
$this->assertFalse($storage->hasToken('foo'));
179-
$storage->setToken('foo', 'bar');
180-
$this->assertTrue($storage->hasToken('foo'));
181-
$this->assertSame('bar', $storage->getToken('foo'));
182-
183-
$session = new Session(new MockArraySessionStorage());
184-
$request = new Request();
185-
$request->setSession($session);
186-
$requestStack->push($request);
187-
}
188-
189-
/**
190-
* @group legacy
191-
*/
192-
public function testMockSessionIsReusedEvenWhenRequestHasSession()
193-
{
194-
$this->expectDeprecation('Since symfony/security-csrf 5.3: Using the "Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage" without a session has no effect and is deprecated. It will throw a "Symfony\Component\HttpFoundation\Exception\SessionNotFoundException" in Symfony 6.0');
195-
196-
$this->storage->setToken('token_id', 'TOKEN');
197-
198-
$requestStack = new RequestStack();
199-
$storage = new SessionTokenStorage($requestStack, self::SESSION_NAMESPACE);
200-
201-
$storage->setToken('foo', 'bar');
202-
$this->assertSame('bar', $storage->getToken('foo'));
203-
204-
$session = new Session(new MockArraySessionStorage());
205-
$request = new Request();
206-
$request->setSession($session);
207-
$requestStack->push($request);
208-
209-
$this->assertSame('bar', $storage->getToken('foo'));
210-
}
211162
}

‎src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php
+6-25Lines changed: 6 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,8 @@
1212
namespace Symfony\Component\Security\Csrf\TokenStorage;
1313

1414
use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException;
15-
use Symfony\Component\HttpFoundation\Request;
1615
use Symfony\Component\HttpFoundation\RequestStack;
17-
use Symfony\Component\HttpFoundation\Session\Session;
1816
use Symfony\Component\HttpFoundation\Session\SessionInterface;
19-
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
2017
use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
2118

2219
/**
@@ -33,27 +30,14 @@ class SessionTokenStorage implements ClearableTokenStorageInterface
3330

3431
private $requestStack;
3532
private $namespace;
36-
/**
37-
* To be removed in Symfony 6.0.
38-
*/
39-
private $session;
4033

4134
/**
4235
* Initializes the storage with a RequestStack object and a session namespace.
4336
*
44-
* @param RequestStack $requestStack
45-
* @param string $namespace The namespace under which the token is stored in the requestStack
37+
* @param string $namespace The namespace under which the token is stored in the requestStack
4638
*/
47-
public function __construct(/* RequestStack*/ $requestStack, string $namespace = self::SESSION_NAMESPACE)
39+
public function __construct(RequestStack $requestStack, string $namespace = self::SESSION_NAMESPACE)
4840
{
49-
if ($requestStack instanceof SessionInterface) {
50-
trigger_deprecation('symfony/security-csrf', '5.3', 'Passing a "%s" to "%s" is deprecated, use a "%s" instead.', SessionInterface::class, __CLASS__, RequestStack::class);
51-
$request = new Request();
52-
$request->setSession($requestStack);
53-
54-
$requestStack = new RequestStack();
55-
$requestStack->push($request);
56-
}
5741
$this->requestStack = $requestStack;
5842
$this->namespace = $namespace;
5943
}
@@ -127,14 +111,11 @@ public function clear()
127111
}
128112
}
129113

114+
/**
115+
* @throws SessionNotFoundException
116+
*/
130117
private function getSession(): SessionInterface
131118
{
132-
try {
133-
return $this->session ?? $this->requestStack->getSession();
134-
} catch (SessionNotFoundException $e) {
135-
trigger_deprecation('symfony/security-csrf', '5.3', 'Using the "%s" without a session has no effect and is deprecated. It will throw a "%s" in Symfony 6.0', __CLASS__, SessionNotFoundException::class);
136-
137-
return $this->session ?? $this->session = new Session(new MockArraySessionStorage());
138-
}
119+
return $this->requestStack->getSession();
139120
}
140121
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.