From e72f1a98737b8b444d0c4738b0aedab084a1a9d5 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 28 Apr 2011 10:49:59 +0200 Subject: [PATCH] added a global secret setting to configure CSRF, the temporary storage, and possibly more --- UPDATE.md | 14 ++++++++++++++ .../Tests/Resources/config/config.yml | 2 +- .../DependencyInjection/Configuration.php | 2 +- .../DependencyInjection/FrameworkExtension.php | 4 ++-- .../FrameworkBundle/Resources/config/form.xml | 6 ++---- .../Resources/config/schema/symfony-1.0.xsd | 2 +- .../DependencyInjection/Fixtures/php/full.php | 2 +- .../Fixtures/php/validation_annotations.php | 1 + .../DependencyInjection/Fixtures/xml/full.xml | 4 ++-- .../Fixtures/xml/validation_annotations.xml | 2 +- .../DependencyInjection/Fixtures/yml/full.yml | 2 +- .../Fixtures/yml/validation_annotations.yml | 1 + .../DependencyInjection/FrameworkExtensionTest.php | 2 +- 13 files changed, 29 insertions(+), 15 deletions(-) diff --git a/UPDATE.md b/UPDATE.md index 3a5917dc0b..d2181ef418 100644 --- a/UPDATE.md +++ b/UPDATE.md @@ -9,6 +9,20 @@ timeline closely anyway. PR12 to beta1 ------------- +* The CSRF secret configuration has been moved to a mandatory global `secret` + setting (as the secret is now used for everything and not just CSRF): + + Before: + + framework: + csrf_protection: + secret: S3cr3t + + After: + + framework: + secret: S3cr3t + * The `File::getWebPath()` and `File::rename()` methods have been removed, as well as the `framework.document_root` configuration setting. diff --git a/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml b/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml index bbc87b4daa..e0521cbf73 100644 --- a/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml +++ b/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml @@ -1,9 +1,9 @@ framework: charset: UTF-8 error_handler: null + secret: xxxxxxxxxx csrf_protection: enabled: true - secret: xxxxxxxxxx router: { resource: "%kernel.root_dir%/config/routing.yml" } validation: { enabled: true, annotations: true } templating: { engines: ['twig', 'php'] } diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php index d9e39a3909..647043c514 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php @@ -39,6 +39,7 @@ class Configuration implements ConfigurationInterface ->children() ->scalarNode('cache_warmer')->defaultValue(!$this->debug)->end() ->scalarNode('charset')->end() + ->scalarNode('secret')->isRequired()->end() ->scalarNode('error_handler')->end() ->scalarNode('exception_controller')->defaultValue('Symfony\\Bundle\\FrameworkBundle\\Controller\\ExceptionController::showAction')->end() ->scalarNode('ide')->defaultNull()->end() @@ -69,7 +70,6 @@ class Configuration implements ConfigurationInterface ->children() ->booleanNode('enabled')->defaultTrue()->end() ->scalarNode('field_name')->defaultValue('_token')->end() - ->scalarNode('secret')->defaultValue('secret')->end() ->end() ->end() ->end() diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php index a95bf273aa..5c42d5d30d 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php @@ -65,6 +65,8 @@ class FrameworkExtension extends Extension $container->setParameter('kernel.charset', $config['charset']); } + $container->setParameter('kernel.secret', $config['secret']); + if (isset($config['error_handler'])) { if (false === $config['error_handler']) { $container->getDefinition('error_handler')->setMethodCalls(array()); @@ -157,8 +159,6 @@ class FrameworkExtension extends Extension */ private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container) { - $container->getDefinition('form.csrf_provider')->replaceArgument(1, $config['secret']); - // FIXME: those are not used $container->setParameter('form.csrf_protection.field_name', $config['field_name']); $container->setParameter('form.csrf_protection.enabled', $config['enabled']); diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml index 907d9bb0a8..7b2b4b7731 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml @@ -9,9 +9,7 @@ Symfony\Component\Form\FormFactory Symfony\Component\Form\Extension\Validator\ValidatorTypeGuesser Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider - Symfony\Component\HttpFoundation\File\SessionBasedTemporaryStorage - abcdef @@ -56,13 +54,13 @@ - + %kernel.secret% - %file.temporary_storage.secret% + %kernel.secret% %kernel.cache_dir%/upload diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd index 41714f8fcc..bdc3addf80 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd @@ -24,6 +24,7 @@ + @@ -37,7 +38,6 @@ - diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php index c91c531cae..b11be834f4 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php @@ -1,10 +1,10 @@ loadFromExtension('framework', array( + 'secret' => 's3cr3t', 'csrf_protection' => array( 'enabled' => true, 'field_name' => '_csrf', - 'secret' => 's3cr3t', ), 'esi' => array( 'enabled' => true, diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php index 765a00868f..4268fbe35c 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php @@ -1,6 +1,7 @@ loadFromExtension('framework', array( + 'secret' => 's3cr3t', 'validation' => array( 'enabled' => true, 'annotations' => array( diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml index 2c418a662c..e4071758f9 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml @@ -6,8 +6,8 @@ xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd"> - - + + diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml index 8980e16a3b..191daf6181 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml @@ -6,7 +6,7 @@ xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd"> - + Application\Validator\Constraints\ diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml index 702f6abede..028cb7adf7 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml @@ -1,8 +1,8 @@ framework: + secret: s3cr3t csrf_protection: enabled: true field_name: _csrf - secret: s3cr3t esi: enabled: true profiler: diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml index dc4fc7bcc7..345808c689 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml @@ -1,4 +1,5 @@ framework: + secret: s3cr3t validation: enabled: true annotations: diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php index b1df76fbf3..e717852bf0 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php @@ -27,7 +27,7 @@ abstract class FrameworkExtensionTest extends TestCase $this->assertTrue($container->getParameter('form.csrf_protection.enabled')); $this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name')); $arguments = $container->findDefinition('form.csrf_provider')->getArguments(); - $this->assertEquals('s3cr3t', $arguments[1]); + $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($arguments[1])); } public function testEsi()