[FrameworkBundle][SecurityBundle] Added service configuration for the new Security CSRF sub-component

2013-09-27 09:38:53 +02:00 · 2013-09-27 09:38:53 +02:00 · bf85e8365a
commit bf85e8365a
parent 2048cf6d35
11 changed files with 65 additions and 35 deletions
--- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@ -6,6 +6,8 @@ CHANGELOG

 * allowed multiple IP addresses in profiler matcher settings
 * added stopwatch helper to time templates with the WebProfilerBundle
+ * added service definition for "security.secure_random" service
+ * added service definitions for the new Security CSRF sub-component

 2.3.0
 -----
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@ -56,6 +56,10 @@ class FrameworkExtension extends Extension

        $loader->load('debug_prod.xml');

+        // Enable services for CSRF protection (even without forms)
+        $loader->load('security.xml');
+        $loader->load('security_csrf.xml');
+
        if ($container->getParameter('kernel.debug')) {
            $loader->load('debug.xml');

@ -158,9 +162,7 @@ class FrameworkExtension extends Extension
            if (!isset($config['session'])) {
                throw new \LogicException('CSRF protection needs that sessions are enabled.');
            }
-            if (!isset($config['secret'])) {
-                throw new \LogicException('CSRF protection needs a secret to be set.');
-            }
+
            $loader->load('form_csrf.xml');

            $container->setParameter('form.type_extension.csrf.enabled', true);
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
@ -4,15 +4,8 @@
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">

-    <parameters>
-        <parameter key="form.csrf_provider.class">Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider</parameter>
-    </parameters>
-
    <services>
-        <service id="form.csrf_provider" class="%form.csrf_provider.class%">
-            <argument type="service" id="session" />
-            <argument>%kernel.secret%</argument>
-        </service>
+        <service id="form.csrf_provider" class="Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfTokenGeneratorAdapter" parent="security.csrf.token_generator" />

        <service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
            <tag name="form.type_extension" alias="form" />
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/security.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/security.xml
@ -0,0 +1,19 @@
+<?xml version="1.0" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <parameters>
+        <parameter key="security.secure_random.class">Symfony\Component\Security\Core\Util\SecureRandom</parameter>
+    </parameters>
+
+    <services>
+        <!-- Pseudo-Random Number Generator -->
+        <service id="security.secure_random" class="%security.secure_random.class%">
+            <tag name="monolog.logger" channel="security" />
+            <argument>%kernel.cache_dir%/secure_random.seed</argument>
+            <argument type="service" id="logger" on-invalid="ignore" />
+        </service>
+    </services>
+</container>
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml
@ -0,0 +1,22 @@
+<?xml version="1.0" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <parameters>
+        <parameter key="security.csrf.token_generator.class">Symfony\Component\Security\Csrf\CsrfTokenGenerator</parameter>
+        <parameter key="security.csrf.token_storage.class">Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage</parameter>
+    </parameters>
+
+    <services>
+        <service id="security.csrf.token_storage" class="%security.csrf.token_storage.class%" public="false">
+            <argument type="service" id="session" />
+        </service>
+
+        <service id="security.csrf.token_generator" class="%security.csrf.token_generator.class%">
+            <argument type="service" id="security.csrf.token_storage" />
+            <argument type="service" id="security.secure_random" />
+        </service>
+    </services>
+</container>
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@ -30,7 +30,6 @@ abstract class FrameworkExtensionTest extends TestCase
        $this->assertEquals('%form.type_extension.csrf.enabled%', $def->getArgument(1));
        $this->assertEquals('_csrf', $container->getParameter('form.type_extension.csrf.field_name'));
        $this->assertEquals('%form.type_extension.csrf.field_name%', $def->getArgument(2));
-        $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
    }

    public function testProxies()
--- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@ -5,6 +5,7 @@ CHANGELOG
 -----

 * Added 'host' option to firewall configuration
+ * Moved 'security.secure_random' service configuration to FrameworkBundle

 2.3.0
 -----
@ -79,9 +80,9 @@ CHANGELOG
                logout:
                    path: /logout_path
                    target: /
-                    csrf_parameter: _csrf_token        # Optional (defaults to "_csrf_token")
-                    csrf_provider:  form.csrf_provider # Required to enable protection
-                    intention:      logout             # Optional (defaults to "logout")
+                    csrf_parameter: _csrf_token                   # Optional (defaults to "_csrf_token")
+                    csrf_provider:  security.csrf.token_generator # Required to enable protection
+                    intention:      logout                        # Optional (defaults to "logout")
    ```

    If the LogoutListener has CSRF protection enabled but cannot validate a token,
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@ -151,12 +151,5 @@
            <argument type="service" id="security.context" />
            <argument type="service" id="security.encoder_factory" />
        </service>
-
-        <!-- Pseudorandom Number Generator -->
-        <service id="security.secure_random" class="Symfony\Component\Security\Core\Util\SecureRandom">
-            <tag name="monolog.logger" channel="security" />
-            <argument>%kernel.cache_dir%/secure_random.seed</argument>
-            <argument type="service" id="logger" on-invalid="ignore" />
-        </service>
    </services>
 </container>
--- a/src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php
+++ b/src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php
@ -12,8 +12,8 @@
 namespace Symfony\Bundle\SecurityBundle\Templating\Helper;

 use Symfony\Component\DependencyInjection\ContainerInterface;
-use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Csrf\CsrfTokenGeneratorInterface;
 use Symfony\Component\Templating\Helper\Helper;

 /**
@ -43,15 +43,15 @@ class LogoutUrlHelper extends Helper
    /**
     * Registers a firewall's LogoutListener, allowing its URL to be generated.
     *
-     * @param string                $key           The firewall key
-     * @param string                $logoutPath    The path that starts the logout process
-     * @param string                $intention     The intention for CSRF token generation
-     * @param string                $csrfParameter The CSRF token parameter name
-     * @param CsrfProviderInterface $csrfProvider  A CsrfProviderInterface instance
+     * @param string                      $key                The firewall key
+     * @param string                      $logoutPath         The path that starts the logout process
+     * @param string                      $csrfTokenId        The ID of the CSRF token
+     * @param string                      $csrfParameter      The CSRF token parameter name
+     * @param CsrfTokenGeneratorInterface $csrfTokenGenerator A CsrfTokenGeneratorInterface instance
     */
-    public function registerListener($key, $logoutPath, $intention, $csrfParameter, CsrfProviderInterface $csrfProvider = null)
+    public function registerListener($key, $logoutPath, $csrfTokenId, $csrfParameter, CsrfTokenGeneratorInterface $csrfTokenGenerator = null)
    {
-        $this->listeners[$key] = array($logoutPath, $intention, $csrfParameter, $csrfProvider);
+        $this->listeners[$key] = array($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenGenerator);
    }

    /**
@ -94,9 +94,9 @@ class LogoutUrlHelper extends Helper
            throw new \InvalidArgumentException(sprintf('No LogoutListener found for firewall key "%s".', $key));
        }

-        list($logoutPath, $intention, $csrfParameter, $csrfProvider) = $this->listeners[$key];
+        list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenGenerator) = $this->listeners[$key];

-        $parameters = null !== $csrfProvider ? array($csrfParameter => $csrfProvider->generateCsrfToken($intention)) : array();
+        $parameters = null !== $csrfTokenGenerator ? array($csrfParameter => $csrfTokenGenerator->generateCsrfToken($csrfTokenId)) : array();

        if ('/' === $logoutPath[0]) {
            $request = $this->container->get('request');
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml
@ -37,12 +37,12 @@ security:
                username_parameter: "user_login[username]"
                password_parameter: "user_login[password]"
                csrf_parameter: "user_login[_token]"
-                csrf_provider: form.csrf_provider
+                csrf_provider: security.csrf.token_generator
            anonymous: ~
            logout:
                path: /logout_path
                target: /
-                csrf_provider: form.csrf_provider
+                csrf_provider: security.csrf.token_generator

    access_control:
        - { path: .*, roles: IS_AUTHENTICATED_FULLY }
--- a/src/Symfony/Bundle/SecurityBundle/composer.json
+++ b/src/Symfony/Bundle/SecurityBundle/composer.json
@ -23,7 +23,6 @@
    "require-dev": {
        "symfony/framework-bundle": "~2.2",
        "symfony/twig-bundle": "~2.2",
-        "symfony/form": "~2.1",
        "symfony/validator": "~2.2",
        "symfony/yaml": "~2.0",
        "symfony/expression-language": "~2.4"