feature #20075 [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle (fabpot)

This PR was merged into the 3.2-dev branch. Discussion ---------- [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no (except for people using FrameworkBundle without requiring symfony/symfony which should be pretty rare; and fixing this is easy by adding symfony/security-core and symfony/security-csrf explicitly) | Deprecations? | no | Tests pass? | yes | Fixed tickets | #15748 partially | License | MIT | Doc PR | n/a Another PR to reduce the number of required dependencies on FrameworkBundle. This PR removes the Security Core and CSRF components from the list. Commits ------- d703784 [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle
2016-09-28 10:27:44 -07:00 · 2016-09-28 10:27:44 -07:00 · 469818cceb
parent 0e4523fc31 d703784d1f
commit 469818cceb
4 changed files with 11 additions and 2 deletions
--- a/UPGRADE-3.2.md
+++ b/UPGRADE-3.2.md
@ -4,6 +4,10 @@ UPGRADE FROM 3.1 to 3.2
 FrameworkBundle
 ---------------

+ * The `symfony/security-core` and `symfony/security-csrf` dependencies have
+   been removed; require them via `composer require symfony/security-core
+   symfony/security-csrf` if you depend on them and don't already depend on
+   `symfony/symfony`
 * The `symfony/templating` dependency has been removed; require it via `composer
   require symfony/templating` if you depend on it and don't already depend on
   `symfony/symfony`
--- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@ -4,6 +4,7 @@ CHANGELOG
 3.2.0
 -----

+ * Removed `symfony/security-core` and `symfony/security-csrf` from the list of required dependencies in `composer.json`
 * Removed `symfony/templating` from the list of required dependencies in `composer.json`
 * Removed `symfony/translation` from the list of required dependencies in `composer.json`
 * Removed `symfony/asset` from the list of required dependencies in `composer.json`
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@ -1021,6 +1021,10 @@ class FrameworkExtension extends Extension
            return;
        }

+        if (!class_exists('Symfony\Component\Security\Csrf\CsrfToken')) {
+            throw new LogicException('CSRF support cannot be enabled as the Security CSRF component is not installed.');
+        }
+
        if (!$this->sessionConfigEnabled) {
            throw new \LogicException('CSRF protection needs sessions to be enabled.');
        }
--- a/src/Symfony/Bundle/FrameworkBundle/composer.json
+++ b/src/Symfony/Bundle/FrameworkBundle/composer.json
@ -28,8 +28,6 @@
        "symfony/filesystem": "~2.8|~3.0",
        "symfony/finder": "~2.8|~3.0",
        "symfony/routing": "~3.0",
-        "symfony/security-core": "~3.2",
-        "symfony/security-csrf": "~2.8|~3.0",
        "symfony/stopwatch": "~2.8|~3.0",
        "doctrine/cache": "~1.0",
        "doctrine/annotations": "~1.0"
@ -45,6 +43,8 @@
        "symfony/form": "~2.8|~3.0",
        "symfony/expression-language": "~2.8|~3.0",
        "symfony/process": "~2.8|~3.0",
+        "symfony/security-core": "~3.2",
+        "symfony/security-csrf": "~2.8|~3.0",
        "symfony/serializer": "~2.8|~3.0",
        "symfony/translation": "~2.8|~3.0",
        "symfony/templating": "~2.8|~3.0",