From f2f15f54f981b7fc35cca0b2b2f4e2afebd3bb1e Mon Sep 17 00:00:00 2001 From: Douglas Greenshields Date: Fri, 22 Nov 2013 21:24:14 +0000 Subject: [PATCH] [SecurityBundle] Added csrf_token_generator and csrf_token_id as new names for csrf_provider and intention options --- .../Bundle/SecurityBundle/CHANGELOG.md | 3 ++ .../DependencyInjection/MainConfiguration.php | 37 ++++++++++++++- .../Security/Factory/SimpleFormFactory.php | 2 +- .../DependencyInjection/SecurityExtension.php | 10 ++--- .../MainConfigurationTest.php | 45 +++++++++++++++++++ 5 files changed, 89 insertions(+), 8 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index 5ff5a77d4e262..0791bcbc798b8 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -5,6 +5,9 @@ CHANGELOG ----- * Added 'host' option to firewall configuration + * Added 'csrf_token_generator' and 'csrf_token_id' options to firewall logout + listener configuration to supercede/alias 'csrf_provider' and 'intention' + respectively * Moved 'security.secure_random' service configuration to FrameworkBundle 2.3.0 diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php index e14cd119f49e4..a707e485c8b21 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php @@ -212,10 +212,43 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->arrayNode('logout') ->treatTrueLike(array()) ->canBeUnset() + ->beforeNormalization() + ->ifTrue(function($v) { return isset($v['csrf_provider']) && isset($v['csrf_token_generator']); }) + ->thenInvalid("You should define a value for only one of 'csrf_provider' and 'csrf_token_generator' on a security firewall. Use 'csrf_token_generator' as this replaces 'csrf_provider'.") + ->end() + ->beforeNormalization() + ->ifTrue(function($v) { return isset($v['intention']) && isset($v['csrf_token_id']); }) + ->thenInvalid("You should define a value for only one of 'intention' and 'csrf_token_id' on a security firewall. Use 'csrf_token_id' as this replaces 'intention'.") + ->end() + ->beforeNormalization() + ->ifTrue(function($v) { return isset($v['csrf_provider']); }) + ->then(function($v) { + $v['csrf_token_generator'] = $v['csrf_provider']; + + return $v; + }) + ->end() + ->beforeNormalization() + ->ifTrue(function($v) { return isset($v['intention']); }) + ->then(function($v) { + $v['csrf_token_id'] = $v['intention']; + + return $v; + }) + ->end() + ->beforeNormalization() + ->always() + ->then(function ($v) { + unset($v['csrf_provider']); + unset($v['intention']); + + return $v; + }) + ->end() ->children() ->scalarNode('csrf_parameter')->defaultValue('_csrf_token')->end() - ->scalarNode('csrf_provider')->cannotBeEmpty()->end() - ->scalarNode('intention')->defaultValue('logout')->end() + ->scalarNode('csrf_token_generator')->cannotBeEmpty()->end() + ->scalarNode('csrf_token_id')->defaultValue('logout')->end() ->scalarNode('path')->defaultValue('/logout')->end() ->scalarNode('target')->defaultValue('/')->end() ->scalarNode('success_handler')->end() diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php index 8fdef89a7415e..91012af61eef3 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SimpleFormFactory.php @@ -65,7 +65,7 @@ protected function createListener($container, $id, $config, $userProvider) $listenerId = parent::createListener($container, $id, $config, $userProvider); $listener = $container->getDefinition($listenerId); - if (!isset($config['csrf_provider'])) { + if (!isset($config['csrf_token_generator'])) { $listener->addArgument(null); } diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 86e9d8fbd8bb8..d95082b69efc3 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -291,7 +291,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.logout_listener')); $listener->replaceArgument(3, array( 'csrf_parameter' => $firewall['logout']['csrf_parameter'], - 'intention' => $firewall['logout']['intention'], + 'intention' => $firewall['logout']['csrf_token_id'], 'logout_path' => $firewall['logout']['path'], )); $listeners[] = new Reference($listenerId); @@ -307,8 +307,8 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a $listener->replaceArgument(2, new Reference($logoutSuccessHandlerId)); // add CSRF provider - if (isset($firewall['logout']['csrf_provider'])) { - $listener->addArgument(new Reference($firewall['logout']['csrf_provider'])); + if (isset($firewall['logout']['csrf_token_generator'])) { + $listener->addArgument(new Reference($firewall['logout']['csrf_token_generator'])); } // add session logout handler @@ -336,9 +336,9 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a ->addMethodCall('registerListener', array( $id, $firewall['logout']['path'], - $firewall['logout']['intention'], + $firewall['logout']['csrf_token_id'], $firewall['logout']['csrf_parameter'], - isset($firewall['logout']['csrf_provider']) ? new Reference($firewall['logout']['csrf_provider']) : null, + isset($firewall['logout']['csrf_token_generator']) ? new Reference($firewall['logout']['csrf_token_generator']) : null, )) ; } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php index 047821cfdb378..402b321968739 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php @@ -67,4 +67,49 @@ public function testManyConfigForProvider() $configuration = new MainConfiguration(array(), array()); $config = $processor->processConfiguration($configuration, array($config)); } + + public function testCsrfAliases() + { + $config = array( + 'firewalls' => array( + 'stub' => array( + 'logout' => array( + 'csrf_provider' => 'a_token_generator', + 'intention' => 'a_token_id', + ), + ), + ), + ); + $config = array_merge(static::$minimalConfig, $config); + + $processor = new Processor(); + $configuration = new MainConfiguration(array(), array()); + $processedConfig = $processor->processConfiguration($configuration, array($config)); + $this->assertTrue(isset($processedConfig['firewalls']['stub']['logout']['csrf_token_generator'])); + $this->assertEquals('a_token_generator', $processedConfig['firewalls']['stub']['logout']['csrf_token_generator']); + $this->assertTrue(isset($processedConfig['firewalls']['stub']['logout']['csrf_token_id'])); + $this->assertEquals('a_token_id', $processedConfig['firewalls']['stub']['logout']['csrf_token_id']); + } + + /** + * @expectedException InvalidArgumentException + */ + public function testCsrfOriginalAndAliasValueCausesException() + { + $config = array( + 'firewalls' => array( + 'stub' => array( + 'logout' => array( + 'csrf_token_id' => 'a_token_id', + 'intention' => 'old_name', + ), + ), + ), + ); + $config = array_merge(static::$minimalConfig, $config); + + $processor = new Processor(); + $configuration = new MainConfiguration(array(), array()); + $processedConfig = $processor->processConfiguration($configuration, array($config)); + } } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy