diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[FrameworkBundle] Force users to set "kernel.secret" to something different than default "ThisTokenIsNotSoSecretChangeIt"

Browse Source
This commit is contained in:
Joseph Bielawski 2013-01-07 09:41:41 +01:00
parent dc4a10e931
commit f5290b95a9
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
View File

@ -51,7 +51,12 @@ class Configuration implements ConfigurationInterface
}) })
->end() ->end()
->end() ->end()
->scalarNode('secret')->end() ->scalarNode('secret')
->validate()
->ifTrue(function($v) { return 'ThisTokenIsNotSoSecretChangeIt' === $v; })
->thenInvalid('The "secret" parameter is currently set to the default. It is really important that you change it to something unique.')
->end()
->end()
->scalarNode('trust_proxy_headers')->defaultFalse()->end() // @deprecated, to be removed in 2.3 ->scalarNode('trust_proxy_headers')->defaultFalse()->end() // @deprecated, to be removed in 2.3
->arrayNode('trusted_proxies') ->arrayNode('trusted_proxies')
->beforeNormalization() ->beforeNormalization()

14
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
View File

@ -66,7 +66,7 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
{ {
$processor = new Processor(); $processor = new Processor();
$configuration = new Configuration(array()); $configuration = new Configuration(array());
$config = $processor->processConfiguration($configuration, array(array('secret' => 's3cr3t', 'trusted_proxies' => 'Not an IP address'))); $processor->processConfiguration($configuration, array(array('secret' => 's3cr3t', 'trusted_proxies' => 'Not an IP address')));
} }
/** /**
@ -76,6 +76,16 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
{ {
$processor = new Processor(); $processor = new Processor();
$configuration = new Configuration(array()); $configuration = new Configuration(array());
$config = $processor->processConfiguration($configuration, array(array('secret' => 's3cr3t', 'trusted_proxies' => array('Not an IP address')))); $processor->processConfiguration($configuration, array(array('secret' => 's3cr3t', 'trusted_proxies' => array('Not an IP address'))));
}
/**
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
*/
public function testDefaultSecretIsUsed()
{
$processor = new Processor();
$configuration = new Configuration(array());
$processor->processConfiguration($configuration, array(array('secret' => 'ThisTokenIsNotSoSecretChangeIt')));
} }
} }