feature #16722 [Security][SecurityBundle] Use csrf_token_id instead of deprecated intention (jakzal)
This PR was squashed before being merged into the 2.8 branch (closes #16722).
Discussion
----------
[Security][SecurityBundle] Use csrf_token_id instead of deprecated intention
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16720
| License | MIT
| Doc PR | -
Commits
-------
0450865
[Security][SecurityBundle] Use csrf_token_id instead of deprecated intention
This commit is contained in:
commit
5486c689cf
@ -455,6 +455,15 @@ Security
|
|||||||
* The `VoterInterface::supportsClass` and `supportsAttribute` methods were
|
* The `VoterInterface::supportsClass` and `supportsAttribute` methods were
|
||||||
deprecated and will be removed from the interface in 3.0.
|
deprecated and will be removed from the interface in 3.0.
|
||||||
|
|
||||||
|
* The `intention` option is deprecated for all the authentication listeners,
|
||||||
|
and will be removed in 3.0. Use the `csrf_token_id` option instead.
|
||||||
|
|
||||||
|
SecurityBundle
|
||||||
|
--------------
|
||||||
|
|
||||||
|
* The `intention` firewall listener setting is deprecated, and will be removed in 3.0.
|
||||||
|
Use the `csrf_token_id` option instead.
|
||||||
|
|
||||||
Config
|
Config
|
||||||
------
|
------
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@ CHANGELOG
|
|||||||
|
|
||||||
* deprecated the `key` setting of `anonymous`, `remember_me` and `http_digest`
|
* deprecated the `key` setting of `anonymous`, `remember_me` and `http_digest`
|
||||||
in favor of the `secret` setting.
|
in favor of the `secret` setting.
|
||||||
|
* deprecated the `intention` firewall listener setting in favor of the `csrf_token_id`.
|
||||||
|
|
||||||
2.6.0
|
2.6.0
|
||||||
-----
|
-----
|
||||||
|
@ -29,7 +29,7 @@ class FormLoginFactory extends AbstractFactory
|
|||||||
$this->addOption('username_parameter', '_username');
|
$this->addOption('username_parameter', '_username');
|
||||||
$this->addOption('password_parameter', '_password');
|
$this->addOption('password_parameter', '_password');
|
||||||
$this->addOption('csrf_parameter', '_csrf_token');
|
$this->addOption('csrf_parameter', '_csrf_token');
|
||||||
$this->addOption('intention', 'authenticate');
|
$this->addOption('csrf_token_id', 'authenticate');
|
||||||
$this->addOption('post_only', true);
|
$this->addOption('post_only', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@ class SecurityExtension extends Extension
|
|||||||
$listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.logout_listener'));
|
$listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.logout_listener'));
|
||||||
$listener->replaceArgument(3, array(
|
$listener->replaceArgument(3, array(
|
||||||
'csrf_parameter' => $firewall['logout']['csrf_parameter'],
|
'csrf_parameter' => $firewall['logout']['csrf_parameter'],
|
||||||
'intention' => $firewall['logout']['csrf_token_id'],
|
'csrf_token_id' => $firewall['logout']['csrf_token_id'],
|
||||||
'logout_path' => $firewall['logout']['path'],
|
'logout_path' => $firewall['logout']['path'],
|
||||||
));
|
));
|
||||||
$listeners[] = new Reference($listenerId);
|
$listeners[] = new Reference($listenerId);
|
||||||
|
@ -79,12 +79,12 @@ class UserLoginType extends AbstractType
|
|||||||
*/
|
*/
|
||||||
public function configureOptions(OptionsResolver $resolver)
|
public function configureOptions(OptionsResolver $resolver)
|
||||||
{
|
{
|
||||||
/* Note: the form's intention must correspond to that for the form login
|
/* Note: the form's csrf_token_id must correspond to that for the form login
|
||||||
* listener in order for the CSRF token to validate successfully.
|
* listener in order for the CSRF token to validate successfully.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$resolver->setDefaults(array(
|
$resolver->setDefaults(array(
|
||||||
'intention' => 'authenticate',
|
'csrf_token_id' => 'authenticate',
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,8 @@ CHANGELOG
|
|||||||
`Symfony\Component\Security\Core\Authorization\Voter\VoterInterface`.
|
`Symfony\Component\Security\Core\Authorization\Voter\VoterInterface`.
|
||||||
* deprecated `getSupportedAttributes()` and `getSupportedClasses()` methods of
|
* deprecated `getSupportedAttributes()` and `getSupportedClasses()` methods of
|
||||||
`Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter`, use `supports()` instead.
|
`Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter`, use `supports()` instead.
|
||||||
|
* deprecated the `intention` option for all the authentication listeners,
|
||||||
|
use the `csrf_token_id` option instead.
|
||||||
|
|
||||||
2.7.0
|
2.7.0
|
||||||
-----
|
-----
|
||||||
|
@ -57,11 +57,21 @@ class LogoutListener implements ListenerInterface
|
|||||||
throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
|
throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($options['intention'])) {
|
||||||
|
if (isset($options['csrf_token_id'])) {
|
||||||
|
throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__));
|
||||||
|
}
|
||||||
|
|
||||||
|
@trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED);
|
||||||
|
|
||||||
|
$options['csrf_token_id'] = $options['intention'];
|
||||||
|
}
|
||||||
|
|
||||||
$this->tokenStorage = $tokenStorage;
|
$this->tokenStorage = $tokenStorage;
|
||||||
$this->httpUtils = $httpUtils;
|
$this->httpUtils = $httpUtils;
|
||||||
$this->options = array_merge(array(
|
$this->options = array_merge(array(
|
||||||
'csrf_parameter' => '_csrf_token',
|
'csrf_parameter' => '_csrf_token',
|
||||||
'intention' => 'logout',
|
'csrf_token_id' => 'logout',
|
||||||
'logout_path' => '/logout',
|
'logout_path' => '/logout',
|
||||||
), $options);
|
), $options);
|
||||||
$this->successHandler = $successHandler;
|
$this->successHandler = $successHandler;
|
||||||
@ -101,7 +111,7 @@ class LogoutListener implements ListenerInterface
|
|||||||
if (null !== $this->csrfTokenManager) {
|
if (null !== $this->csrfTokenManager) {
|
||||||
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
|
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
|
||||||
|
|
||||||
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
|
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
|
||||||
throw new LogoutException('Invalid CSRF token.');
|
throw new LogoutException('Invalid CSRF token.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -70,6 +70,16 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
|
|||||||
throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
|
throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($options['intention'])) {
|
||||||
|
if (isset($options['csrf_token_id'])) {
|
||||||
|
throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__));
|
||||||
|
}
|
||||||
|
|
||||||
|
@trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED);
|
||||||
|
|
||||||
|
$options['csrf_token_id'] = $options['intention'];
|
||||||
|
}
|
||||||
|
|
||||||
$this->simpleAuthenticator = $simpleAuthenticator;
|
$this->simpleAuthenticator = $simpleAuthenticator;
|
||||||
$this->csrfTokenManager = $csrfTokenManager;
|
$this->csrfTokenManager = $csrfTokenManager;
|
||||||
|
|
||||||
@ -77,7 +87,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
|
|||||||
'username_parameter' => '_username',
|
'username_parameter' => '_username',
|
||||||
'password_parameter' => '_password',
|
'password_parameter' => '_password',
|
||||||
'csrf_parameter' => '_csrf_token',
|
'csrf_parameter' => '_csrf_token',
|
||||||
'intention' => 'authenticate',
|
'csrf_token_id' => 'authenticate',
|
||||||
'post_only' => true,
|
'post_only' => true,
|
||||||
), $options);
|
), $options);
|
||||||
|
|
||||||
@ -104,7 +114,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
|
|||||||
if (null !== $this->csrfTokenManager) {
|
if (null !== $this->csrfTokenManager) {
|
||||||
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
|
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
|
||||||
|
|
||||||
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
|
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
|
||||||
throw new InvalidCsrfTokenException('Invalid CSRF token.');
|
throw new InvalidCsrfTokenException('Invalid CSRF token.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -48,11 +48,21 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
|||||||
throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
|
throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($options['intention'])) {
|
||||||
|
if (isset($options['csrf_token_id'])) {
|
||||||
|
throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__));
|
||||||
|
}
|
||||||
|
|
||||||
|
@trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED);
|
||||||
|
|
||||||
|
$options['csrf_token_id'] = $options['intention'];
|
||||||
|
}
|
||||||
|
|
||||||
parent::__construct($tokenStorage, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
|
parent::__construct($tokenStorage, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
|
||||||
'username_parameter' => '_username',
|
'username_parameter' => '_username',
|
||||||
'password_parameter' => '_password',
|
'password_parameter' => '_password',
|
||||||
'csrf_parameter' => '_csrf_token',
|
'csrf_parameter' => '_csrf_token',
|
||||||
'intention' => 'authenticate',
|
'csrf_token_id' => 'authenticate',
|
||||||
'post_only' => true,
|
'post_only' => true,
|
||||||
), $options), $logger, $dispatcher);
|
), $options), $logger, $dispatcher);
|
||||||
|
|
||||||
@ -79,7 +89,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
|||||||
if (null !== $this->csrfTokenManager) {
|
if (null !== $this->csrfTokenManager) {
|
||||||
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
|
$csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
|
||||||
|
|
||||||
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
|
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
|
||||||
throw new InvalidCsrfTokenException('Invalid CSRF token.');
|
throw new InvalidCsrfTokenException('Invalid CSRF token.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -213,7 +213,7 @@ class LogoutListenerTest extends \PHPUnit_Framework_TestCase
|
|||||||
$successHandler ?: $this->getSuccessHandler(),
|
$successHandler ?: $this->getSuccessHandler(),
|
||||||
$options = array(
|
$options = array(
|
||||||
'csrf_parameter' => '_csrf_token',
|
'csrf_parameter' => '_csrf_token',
|
||||||
'intention' => 'logout',
|
'csrf_token_id' => 'logout',
|
||||||
'logout_path' => '/logout',
|
'logout_path' => '/logout',
|
||||||
'target_url' => '/',
|
'target_url' => '/',
|
||||||
),
|
),
|
||||||
|
Reference in New Issue
Block a user