feature #16723 [Form] remove deprecated CSRF options (xabbuh)
This PR was merged into the 3.0-dev branch.
Discussion
----------
[Form] remove deprecated CSRF options
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
d641fc5
[Form] remove deprecated CSRF options
This commit is contained in:
commit
07ac1229d3
@ -231,36 +231,6 @@ class MainConfiguration implements ConfigurationInterface
|
|||||||
->arrayNode('logout')
|
->arrayNode('logout')
|
||||||
->treatTrueLike(array())
|
->treatTrueLike(array())
|
||||||
->canBeUnset()
|
->canBeUnset()
|
||||||
->beforeNormalization()
|
|
||||||
->ifTrue(function ($v) { return isset($v['csrf_provider']) && isset($v['csrf_token_generator']); })
|
|
||||||
->thenInvalid("You should define a value for only one of 'csrf_provider' and 'csrf_token_generator' on a security firewall. Use 'csrf_token_generator' as this replaces 'csrf_provider'.")
|
|
||||||
->end()
|
|
||||||
->beforeNormalization()
|
|
||||||
->ifTrue(function ($v) { return isset($v['intention']) && isset($v['csrf_token_id']); })
|
|
||||||
->thenInvalid("You should define a value for only one of 'intention' and 'csrf_token_id' on a security firewall. Use 'csrf_token_id' as this replaces 'intention'.")
|
|
||||||
->end()
|
|
||||||
->beforeNormalization()
|
|
||||||
->ifTrue(function ($v) { return isset($v['csrf_provider']); })
|
|
||||||
->then(function ($v) {
|
|
||||||
@trigger_error("Setting the 'csrf_provider' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_generator' configuration key instead.", E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
$v['csrf_token_generator'] = $v['csrf_provider'];
|
|
||||||
unset($v['csrf_provider']);
|
|
||||||
|
|
||||||
return $v;
|
|
||||||
})
|
|
||||||
->end()
|
|
||||||
->beforeNormalization()
|
|
||||||
->ifTrue(function ($v) { return isset($v['intention']); })
|
|
||||||
->then(function ($v) {
|
|
||||||
@trigger_error("Setting the 'intention' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_id' key instead.", E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
$v['csrf_token_id'] = $v['intention'];
|
|
||||||
unset($v['intention']);
|
|
||||||
|
|
||||||
return $v;
|
|
||||||
})
|
|
||||||
->end()
|
|
||||||
->children()
|
->children()
|
||||||
->scalarNode('csrf_parameter')->defaultValue('_csrf_token')->end()
|
->scalarNode('csrf_parameter')->defaultValue('_csrf_token')->end()
|
||||||
->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
|
->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
|
||||||
|
@ -48,21 +48,6 @@ class FormLoginFactory extends AbstractFactory
|
|||||||
parent::addConfiguration($node);
|
parent::addConfiguration($node);
|
||||||
|
|
||||||
$node
|
$node
|
||||||
->beforeNormalization()
|
|
||||||
->ifTrue(function ($v) { return isset($v['csrf_provider']) && isset($v['csrf_token_generator']); })
|
|
||||||
->thenInvalid("You should define a value for only one of 'csrf_provider' and 'csrf_token_generator' on a security firewall. Use 'csrf_token_generator' as this replaces 'csrf_provider'.")
|
|
||||||
->end()
|
|
||||||
->beforeNormalization()
|
|
||||||
->ifTrue(function ($v) { return isset($v['csrf_provider']); })
|
|
||||||
->then(function ($v) {
|
|
||||||
@trigger_error("Setting the 'csrf_provider' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_generator' configuration key instead.", E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
$v['csrf_token_generator'] = $v['csrf_provider'];
|
|
||||||
unset($v['csrf_provider']);
|
|
||||||
|
|
||||||
return $v;
|
|
||||||
})
|
|
||||||
->end()
|
|
||||||
->children()
|
->children()
|
||||||
->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
|
->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
|
||||||
->end()
|
->end()
|
||||||
|
@ -111,22 +111,12 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
|||||||
*/
|
*/
|
||||||
public function configureOptions(OptionsResolver $resolver)
|
public function configureOptions(OptionsResolver $resolver)
|
||||||
{
|
{
|
||||||
// BC clause for the "intention" option
|
|
||||||
$csrfTokenId = function (Options $options) {
|
|
||||||
if (null !== $options['intention']) {
|
|
||||||
@trigger_error('The form option "intention" is deprecated since version 2.8 and will be removed in 3.0. Use "csrf_token_id" instead.', E_USER_DEPRECATED);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $options['intention'];
|
|
||||||
};
|
|
||||||
|
|
||||||
$resolver->setDefaults(array(
|
$resolver->setDefaults(array(
|
||||||
'csrf_protection' => $this->defaultEnabled,
|
'csrf_protection' => $this->defaultEnabled,
|
||||||
'csrf_field_name' => $this->defaultFieldName,
|
'csrf_field_name' => $this->defaultFieldName,
|
||||||
'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
|
'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
|
||||||
'csrf_token_manager' => $this->defaultTokenManager,
|
'csrf_token_manager' => $this->defaultTokenManager,
|
||||||
'csrf_token_id' => $csrfTokenId,
|
'csrf_token_id' => null,
|
||||||
'intention' => null, // deprecated
|
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user