added a global secret setting to configure CSRF, the temporary storage, and possibly more
This commit is contained in:
Fabien Potencier
parent
2291af41c5
commit
e72f1a9873
14
UPDATE.md
14
UPDATE.md
@ -9,6 +9,20 @@ timeline closely anyway.
|
||||
PR12 to beta1
|
||||
-------------
|
||||
|
||||
* The CSRF secret configuration has been moved to a mandatory global `secret`
|
||||
setting (as the secret is now used for everything and not just CSRF):
|
||||
|
||||
Before:
|
||||
|
||||
framework:
|
||||
csrf_protection:
|
||||
secret: S3cr3t
|
||||
|
||||
After:
|
||||
|
||||
framework:
|
||||
secret: S3cr3t
|
||||
|
||||
* The `File::getWebPath()` and `File::rename()` methods have been removed, as
|
||||
well as the `framework.document_root` configuration setting.
|
||||
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
framework:
|
||||
charset: UTF-8
|
||||
error_handler: null
|
||||
secret: xxxxxxxxxx
|
||||
csrf_protection:
|
||||
enabled: true
|
||||
secret: xxxxxxxxxx
|
||||
router: { resource: "%kernel.root_dir%/config/routing.yml" }
|
||||
validation: { enabled: true, annotations: true }
|
||||
templating: { engines: ['twig', 'php'] }
|
||||
|
||||
@ -39,6 +39,7 @@ class Configuration implements ConfigurationInterface
|
||||
->children()
|
||||
->scalarNode('cache_warmer')->defaultValue(!$this->debug)->end()
|
||||
->scalarNode('charset')->end()
|
||||
->scalarNode('secret')->isRequired()->end()
|
||||
->scalarNode('error_handler')->end()
|
||||
->scalarNode('exception_controller')->defaultValue('Symfony\\Bundle\\FrameworkBundle\\Controller\\ExceptionController::showAction')->end()
|
||||
->scalarNode('ide')->defaultNull()->end()
|
||||
@ -69,7 +70,6 @@ class Configuration implements ConfigurationInterface
|
||||
->children()
|
||||
->booleanNode('enabled')->defaultTrue()->end()
|
||||
->scalarNode('field_name')->defaultValue('_token')->end()
|
||||
->scalarNode('secret')->defaultValue('secret')->end()
|
||||
->end()
|
||||
->end()
|
||||
->end()
|
||||
|
||||
@ -65,6 +65,8 @@ class FrameworkExtension extends Extension
|
||||
$container->setParameter('kernel.charset', $config['charset']);
|
||||
}
|
||||
|
||||
$container->setParameter('kernel.secret', $config['secret']);
|
||||
|
||||
if (isset($config['error_handler'])) {
|
||||
if (false === $config['error_handler']) {
|
||||
$container->getDefinition('error_handler')->setMethodCalls(array());
|
||||
@ -157,8 +159,6 @@ class FrameworkExtension extends Extension
|
||||
*/
|
||||
private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
|
||||
{
|
||||
$container->getDefinition('form.csrf_provider')->replaceArgument(1, $config['secret']);
|
||||
|
||||
// FIXME: those are not used
|
||||
$container->setParameter('form.csrf_protection.field_name', $config['field_name']);
|
||||
$container->setParameter('form.csrf_protection.enabled', $config['enabled']);
|
||||
|
||||
@ -9,9 +9,7 @@
|
||||
<parameter key="form.factory.class">Symfony\Component\Form\FormFactory</parameter>
|
||||
<parameter key="form.type_guesser.validator.class">Symfony\Component\Form\Extension\Validator\ValidatorTypeGuesser</parameter>
|
||||
<parameter key="form.csrf_provider.class">Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider</parameter>
|
||||
|
||||
<parameter key="file.temporary_storage.class">Symfony\Component\HttpFoundation\File\SessionBasedTemporaryStorage</parameter>
|
||||
<parameter key="file.temporary_storage.secret">abcdef</parameter>
|
||||
</parameters>
|
||||
|
||||
<services>
|
||||
@ -56,13 +54,13 @@
|
||||
<!-- CsrfProvider -->
|
||||
<service id="form.csrf_provider" class="%form.csrf_provider.class%">
|
||||
<argument type="service" id="session" />
|
||||
<argument /> <!-- secret -->
|
||||
<argument>%kernel.secret%</argument>
|
||||
</service>
|
||||
|
||||
<!-- TemporaryStorage - where should we put this? -->
|
||||
<service id="file.temporary_storage" class="%file.temporary_storage.class%">
|
||||
<argument type="service" id="session" />
|
||||
<argument>%file.temporary_storage.secret%</argument>
|
||||
<argument>%kernel.secret%</argument>
|
||||
<argument>%kernel.cache_dir%/upload</argument>
|
||||
</service>
|
||||
|
||||
|
||||
@ -24,6 +24,7 @@
|
||||
<xsd:attribute name="error-handler" type="xsd:string" />
|
||||
<xsd:attribute name="exception-controller" type="xsd:string" />
|
||||
<xsd:attribute name="ide" type="xsd:string" />
|
||||
<xsd:attribute name="secret" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:simpleType name="cache_warmer">
|
||||
@ -37,7 +38,6 @@
|
||||
<xsd:complexType name="csrf_protection">
|
||||
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||
<xsd:attribute name="field-name" type="xsd:string" />
|
||||
<xsd:attribute name="secret" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="esi">
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'secret' => 's3cr3t',
|
||||
'csrf_protection' => array(
|
||||
'enabled' => true,
|
||||
'field_name' => '_csrf',
|
||||
'secret' => 's3cr3t',
|
||||
),
|
||||
'esi' => array(
|
||||
'enabled' => true,
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
$container->loadFromExtension('framework', array(
|
||||
'secret' => 's3cr3t',
|
||||
'validation' => array(
|
||||
'enabled' => true,
|
||||
'annotations' => array(
|
||||
|
||||
@ -6,8 +6,8 @@
|
||||
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
|
||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config>
|
||||
<framework:csrf-protection enabled="true" field-name="_csrf" secret="s3cr3t" />
|
||||
<framework:config secret="s3cr3t">
|
||||
<framework:csrf-protection enabled="true" field-name="_csrf" />
|
||||
<framework:esi enabled="true" />
|
||||
<framework:profiler only-exceptions="true" />
|
||||
<framework:router cache-warmer="true" resource="%kernel.root_dir%/config/routing.xml" type="xml" />
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
|
||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config>
|
||||
<framework:config secret="s3cr3t">
|
||||
<framework:validation enabled="true" annotations="true">
|
||||
<framework:namespace prefix="app">Application\Validator\Constraints\</framework:namespace>
|
||||
</framework:validation>
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
framework:
|
||||
secret: s3cr3t
|
||||
csrf_protection:
|
||||
enabled: true
|
||||
field_name: _csrf
|
||||
secret: s3cr3t
|
||||
esi:
|
||||
enabled: true
|
||||
profiler:
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
framework:
|
||||
secret: s3cr3t
|
||||
validation:
|
||||
enabled: true
|
||||
annotations:
|
||||
|
||||
@ -27,7 +27,7 @@ abstract class FrameworkExtensionTest extends TestCase
|
||||
$this->assertTrue($container->getParameter('form.csrf_protection.enabled'));
|
||||
$this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
|
||||
$arguments = $container->findDefinition('form.csrf_provider')->getArguments();
|
||||
$this->assertEquals('s3cr3t', $arguments[1]);
|
||||
$this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($arguments[1]));
|
||||
}
|
||||
|
||||
public function testEsi()
|
||||
|
||||
Reference in New Issue
Block a user