Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit fad3d38

Browse filesBrowse files
nicolas-grekasnicolas-grekas
committed
bug #16704 [Form+SecurityBundle] Trigger deprecation for csrf_provider+intention options (nicolas-grekas)
This PR was merged into the 2.8 branch. Discussion ---------- [Form+SecurityBundle] Trigger deprecation for csrf_provider+intention options | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - ping @stof Commits ------- 62eba7c [Form+SecurityBundle] Trigger deprecation for csrf_provider+intention options
2 parents de08816 + 62eba7c commit fad3d38
Copy full SHA for fad3d38

File tree

5 files changed

+44
-8
lines changed
Filter options

5 files changed

+44
-8
lines changed

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,8 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
242242
->beforeNormalization()
243243
->ifTrue(function ($v) { return isset($v['csrf_provider']); })
244244
->then(function ($v) {
245+
@trigger_error("Setting the 'csrf_provider' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_generator' configuration key instead.", E_USER_DEPRECATED);
246+
245247
$v['csrf_token_generator'] = $v['csrf_provider'];
246248
unset($v['csrf_provider']);
247249

@@ -251,6 +253,8 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
251253
->beforeNormalization()
252254
->ifTrue(function ($v) { return isset($v['intention']); })
253255
->then(function ($v) {
256+
@trigger_error("Setting the 'intention' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_id' key instead.", E_USER_DEPRECATED);
257+
254258
$v['csrf_token_id'] = $v['intention'];
255259
unset($v['intention']);
256260

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
+17-2Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,23 @@ public function addConfiguration(NodeDefinition $node)
4848
parent::addConfiguration($node);
4949

5050
$node
51+
->beforeNormalization()
52+
->ifTrue(function ($v) { return isset($v['csrf_provider']) && isset($v['csrf_token_generator']); })
53+
->thenInvalid("You should define a value for only one of 'csrf_provider' and 'csrf_token_generator' on a security firewall. Use 'csrf_token_generator' as this replaces 'csrf_provider'.")
54+
->end()
55+
->beforeNormalization()
56+
->ifTrue(function ($v) { return isset($v['csrf_provider']); })
57+
->then(function ($v) {
58+
@trigger_error("Setting the 'csrf_provider' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_generator' configuration key instead.", E_USER_DEPRECATED);
59+
60+
$v['csrf_token_generator'] = $v['csrf_provider'];
61+
unset($v['csrf_provider']);
62+
63+
return $v;
64+
})
65+
->end()
5166
->children()
52-
->scalarNode('csrf_provider')->cannotBeEmpty()->end()
67+
->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
5368
->end()
5469
;
5570
}
@@ -78,7 +93,7 @@ protected function createListener($container, $id, $config, $userProvider)
7893

7994
$container
8095
->getDefinition($listenerId)
81-
->addArgument(isset($config['csrf_provider']) ? new Reference($config['csrf_provider']) : null)
96+
->addArgument(isset($config['csrf_token_generator']) ? new Reference($config['csrf_token_generator']) : null)
8297
;
8398

8499
return $listenerId;

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,8 @@ public function testCsrfAliases()
7474
'firewalls' => array(
7575
'stub' => array(
7676
'logout' => array(
77-
'csrf_provider' => 'a_token_generator',
78-
'intention' => 'a_token_id',
77+
'csrf_token_generator' => 'a_token_generator',
78+
'csrf_token_id' => 'a_token_id',
7979
),
8080
),
8181
),

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,12 +36,12 @@ security:
3636
username_parameter: "user_login[username]"
3737
password_parameter: "user_login[password]"
3838
csrf_parameter: "user_login[_token]"
39-
csrf_provider: security.csrf.token_manager
39+
csrf_token_generator: security.csrf.token_manager
4040
anonymous: ~
4141
logout:
4242
path: /logout_path
4343
target: /
44-
csrf_provider: security.csrf.token_manager
44+
csrf_token_generator: security.csrf.token_manager
4545

4646
access_control:
4747
- { path: .*, roles: IS_AUTHENTICATED_FULLY }

‎src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
+19-2Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,10 @@ public function configureOptions(OptionsResolver $resolver)
123123
{
124124
// BC clause for the "intention" option
125125
$csrfTokenId = function (Options $options) {
126+
if (null !== $options['intention']) {
127+
@trigger_error('The form option "intention" is deprecated since version 2.8 and will be removed in 3.0. Use "csrf_token_id" instead.', E_USER_DEPRECATED);
128+
}
129+
126130
return $options['intention'];
127131
};
128132

@@ -137,15 +141,28 @@ public function configureOptions(OptionsResolver $resolver)
137141
: new CsrfProviderAdapter($options['csrf_provider']);
138142
};
139143

144+
$defaultTokenManager = $this->defaultTokenManager;
145+
$csrfProviderNormalizer = function (Options $options, $csrfProvider) use ($defaultTokenManager) {
146+
if (null !== $csrfProvider) {
147+
@trigger_error('The form option "csrf_provider" is deprecated since version 2.8 and will be removed in 3.0. Use "csrf_token_manager" instead.', E_USER_DEPRECATED);
148+
149+
return $csrfProvider;
150+
}
151+
152+
return $defaultTokenManager;
153+
};
154+
140155
$resolver->setDefaults(array(
141156
'csrf_protection' => $this->defaultEnabled,
142157
'csrf_field_name' => $this->defaultFieldName,
143158
'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
144159
'csrf_token_manager' => $csrfTokenManager,
145160
'csrf_token_id' => $csrfTokenId,
146-
'csrf_provider' => $this->defaultTokenManager,
147-
'intention' => null,
161+
'csrf_provider' => null, // deprecated
162+
'intention' => null, // deprecated
148163
));
164+
165+
$resolver->setNormalizer('csrf_provider', $csrfProviderNormalizer);
149166
}
150167

151168
/**

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.