diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
index dbeaf3ab8f..338139128b 100644
--- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -6,6 +6,8 @@ CHANGELOG
* allowed multiple IP addresses in profiler matcher settings
* added stopwatch helper to time templates with the WebProfilerBundle
+ * added service definition for "security.secure_random" service
+ * added service definitions for the new Security CSRF sub-component
2.3.0
-----
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index 74fe18e91d..915269919c 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -56,6 +56,10 @@ class FrameworkExtension extends Extension
$loader->load('debug_prod.xml');
+ // Enable services for CSRF protection (even without forms)
+ $loader->load('security.xml');
+ $loader->load('security_csrf.xml');
+
if ($container->getParameter('kernel.debug')) {
$loader->load('debug.xml');
@@ -158,9 +162,7 @@ class FrameworkExtension extends Extension
if (!isset($config['session'])) {
throw new \LogicException('CSRF protection needs that sessions are enabled.');
}
- if (!isset($config['secret'])) {
- throw new \LogicException('CSRF protection needs a secret to be set.');
- }
+
$loader->load('form_csrf.xml');
$container->setParameter('form.type_extension.csrf.enabled', true);
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
index 57cad204aa..6d9ff2e046 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
@@ -4,15 +4,8 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
-
- Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider
-
-
-
-
- %kernel.secret%
-
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/security.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/security.xml
new file mode 100644
index 0000000000..2b6307a9ef
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/security.xml
@@ -0,0 +1,19 @@
+
+
+
+
+
+ Symfony\Component\Security\Core\Util\SecureRandom
+
+
+
+
+
+
+ %kernel.cache_dir%/secure_random.seed
+
+
+
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml
new file mode 100644
index 0000000000..b83bf2402a
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
+ Symfony\Component\Security\Csrf\CsrfTokenGenerator
+ Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
index 3aef0dc6a0..285679a7ae 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -30,7 +30,6 @@ abstract class FrameworkExtensionTest extends TestCase
$this->assertEquals('%form.type_extension.csrf.enabled%', $def->getArgument(1));
$this->assertEquals('_csrf', $container->getParameter('form.type_extension.csrf.field_name'));
$this->assertEquals('%form.type_extension.csrf.field_name%', $def->getArgument(2));
- $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
}
public function testProxies()
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
index 06d56b3361..5ff5a77d4e 100644
--- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
-----
* Added 'host' option to firewall configuration
+ * Moved 'security.secure_random' service configuration to FrameworkBundle
2.3.0
-----
@@ -79,9 +80,9 @@ CHANGELOG
logout:
path: /logout_path
target: /
- csrf_parameter: _csrf_token # Optional (defaults to "_csrf_token")
- csrf_provider: form.csrf_provider # Required to enable protection
- intention: logout # Optional (defaults to "logout")
+ csrf_parameter: _csrf_token # Optional (defaults to "_csrf_token")
+ csrf_provider: security.csrf.token_generator # Required to enable protection
+ intention: logout # Optional (defaults to "logout")
```
If the LogoutListener has CSRF protection enabled but cannot validate a token,
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
index 82c98d815a..d90f3206db 100644
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -151,12 +151,5 @@
-
-
-
-
- %kernel.cache_dir%/secure_random.seed
-
-
diff --git a/src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php b/src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php
index c7135f54e1..7900c15f11 100644
--- a/src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php
+++ b/src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php
@@ -12,8 +12,8 @@
namespace Symfony\Bundle\SecurityBundle\Templating\Helper;
use Symfony\Component\DependencyInjection\ContainerInterface;
-use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Csrf\CsrfTokenGeneratorInterface;
use Symfony\Component\Templating\Helper\Helper;
/**
@@ -43,15 +43,15 @@ class LogoutUrlHelper extends Helper
/**
* Registers a firewall's LogoutListener, allowing its URL to be generated.
*
- * @param string $key The firewall key
- * @param string $logoutPath The path that starts the logout process
- * @param string $intention The intention for CSRF token generation
- * @param string $csrfParameter The CSRF token parameter name
- * @param CsrfProviderInterface $csrfProvider A CsrfProviderInterface instance
+ * @param string $key The firewall key
+ * @param string $logoutPath The path that starts the logout process
+ * @param string $csrfTokenId The ID of the CSRF token
+ * @param string $csrfParameter The CSRF token parameter name
+ * @param CsrfTokenGeneratorInterface $csrfTokenGenerator A CsrfTokenGeneratorInterface instance
*/
- public function registerListener($key, $logoutPath, $intention, $csrfParameter, CsrfProviderInterface $csrfProvider = null)
+ public function registerListener($key, $logoutPath, $csrfTokenId, $csrfParameter, CsrfTokenGeneratorInterface $csrfTokenGenerator = null)
{
- $this->listeners[$key] = array($logoutPath, $intention, $csrfParameter, $csrfProvider);
+ $this->listeners[$key] = array($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenGenerator);
}
/**
@@ -94,9 +94,9 @@ class LogoutUrlHelper extends Helper
throw new \InvalidArgumentException(sprintf('No LogoutListener found for firewall key "%s".', $key));
}
- list($logoutPath, $intention, $csrfParameter, $csrfProvider) = $this->listeners[$key];
+ list($logoutPath, $csrfTokenId, $csrfParameter, $csrfTokenGenerator) = $this->listeners[$key];
- $parameters = null !== $csrfProvider ? array($csrfParameter => $csrfProvider->generateCsrfToken($intention)) : array();
+ $parameters = null !== $csrfTokenGenerator ? array($csrfParameter => $csrfTokenGenerator->generateCsrfToken($csrfTokenId)) : array();
if ('/' === $logoutPath[0]) {
$request = $this->container->get('request');
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml
index e0347e1dc4..ee41001d7c 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/CsrfFormLogin/config.yml
@@ -37,12 +37,12 @@ security:
username_parameter: "user_login[username]"
password_parameter: "user_login[password]"
csrf_parameter: "user_login[_token]"
- csrf_provider: form.csrf_provider
+ csrf_provider: security.csrf.token_generator
anonymous: ~
logout:
path: /logout_path
target: /
- csrf_provider: form.csrf_provider
+ csrf_provider: security.csrf.token_generator
access_control:
- { path: .*, roles: IS_AUTHENTICATED_FULLY }
diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json
index dbeeb18daa..c9b80eb8e6 100644
--- a/src/Symfony/Bundle/SecurityBundle/composer.json
+++ b/src/Symfony/Bundle/SecurityBundle/composer.json
@@ -23,7 +23,6 @@
"require-dev": {
"symfony/framework-bundle": "~2.2",
"symfony/twig-bundle": "~2.2",
- "symfony/form": "~2.1",
"symfony/validator": "~2.2",
"symfony/yaml": "~2.0",
"symfony/expression-language": "~2.4"