Inicio Explorar Ayuda
Registro Iniciar sesión
VendorSoftware
/
symfony
2
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

added a global secret setting to configure CSRF, the temporary storage, and possibly more

Fabien Potencier hace 14 años
padre
2291af41c5
commit
e72f1a9873
Se han modificado 13 ficheros con 29 adiciones y 15 borrados
Dividir vista Mostrar estadísticas de diff
  1. 14 0
      UPDATE.md
  2. 1 1
      src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml
  3. 1 1
      src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
  4. 2 2
      src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
  5. 2 4
      src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
  6. 1 1
      src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
  7. 1 1
      src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
  8. 1 0
      src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php
  9. 2 2
      src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
  10. 1 1
      src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml
  11. 1 1
      src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
  12. 1 0
      src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml
  13. 1 1
      src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php

+ 14 - 0
UPDATE.md
Ver fichero 

@@ -9,6 +9,20 @@ timeline closely anyway.
 
 PR12 to beta1
 
 -------------
 
 
+* The CSRF secret configuration has been moved to a mandatory global `secret`
 
+  setting (as the secret is now used for everything and not just CSRF):
 
+
 
+    Before:
 
+
 
+        framework:
 
+            csrf_protection:
 
+                secret: S3cr3t
 
+
 
+    After:
 
+
 
+        framework:
 
+            secret: S3cr3t
 
+
 
 * The `File::getWebPath()` and `File::rename()` methods have been removed, as
 
   well as the `framework.document_root` configuration setting.

+ 1 - 1
src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml
Ver fichero 

@@ -1,9 +1,9 @@
 
 framework:
 
     charset:       UTF-8
 
     error_handler: null
 
+    secret: xxxxxxxxxx
 
     csrf_protection:
 
         enabled: true
 
-        secret: xxxxxxxxxx
 
     router:        { resource: "%kernel.root_dir%/config/routing.yml" }
 
     validation:    { enabled: true, annotations: true }
 
     templating:    { engines: ['twig', 'php'] }

+ 1 - 1
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
Ver fichero 

@@ -39,6 +39,7 @@ class Configuration implements ConfigurationInterface
 
             ->children()
 
                 ->scalarNode('cache_warmer')->defaultValue(!$this->debug)->end()
 
                 ->scalarNode('charset')->end()
 
+                ->scalarNode('secret')->isRequired()->end()
 
                 ->scalarNode('error_handler')->end()
 
                 ->scalarNode('exception_controller')->defaultValue('Symfony\\Bundle\\FrameworkBundle\\Controller\\ExceptionController::showAction')->end()
 
                 ->scalarNode('ide')->defaultNull()->end()
 
@@ -69,7 +70,6 @@ class Configuration implements ConfigurationInterface
 
                     ->children()
 
                         ->booleanNode('enabled')->defaultTrue()->end()
 
                         ->scalarNode('field_name')->defaultValue('_token')->end()
 
-                        ->scalarNode('secret')->defaultValue('secret')->end()
 
                     ->end()
 
                 ->end()
 
             ->end()

+ 2 - 2
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Ver fichero 

@@ -65,6 +65,8 @@ class FrameworkExtension extends Extension
 
             $container->setParameter('kernel.charset', $config['charset']);
 
         }
 
 
+        $container->setParameter('kernel.secret', $config['secret']);
 
+
 
         if (isset($config['error_handler'])) {
 
             if (false === $config['error_handler']) {
 
                 $container->getDefinition('error_handler')->setMethodCalls(array());
 
@@ -157,8 +159,6 @@ class FrameworkExtension extends Extension
 
      */
 
     private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
 
     {
 
-        $container->getDefinition('form.csrf_provider')->replaceArgument(1, $config['secret']);
 
-
 
         // FIXME: those are not used
 
         $container->setParameter('form.csrf_protection.field_name', $config['field_name']);
 
         $container->setParameter('form.csrf_protection.enabled', $config['enabled']);

+ 2 - 4
src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
Ver fichero 

@@ -9,9 +9,7 @@
 
         <parameter key="form.factory.class">Symfony\Component\Form\FormFactory</parameter>
 
         <parameter key="form.type_guesser.validator.class">Symfony\Component\Form\Extension\Validator\ValidatorTypeGuesser</parameter>
 
         <parameter key="form.csrf_provider.class">Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider</parameter>
 
-
 
         <parameter key="file.temporary_storage.class">Symfony\Component\HttpFoundation\File\SessionBasedTemporaryStorage</parameter>
 
-        <parameter key="file.temporary_storage.secret">abcdef</parameter>
 
     </parameters>
 
 
     <services>
 
@@ -56,13 +54,13 @@
 
         <!-- CsrfProvider -->
 
         <service id="form.csrf_provider" class="%form.csrf_provider.class%">
 
             <argument type="service" id="session" />
 
-            <argument /> <!-- secret -->
 
+            <argument>%kernel.secret%</argument>
 
         </service>
 
 
         <!-- TemporaryStorage - where should we put this? -->
 
         <service id="file.temporary_storage" class="%file.temporary_storage.class%">
 
             <argument type="service" id="session" />
 
-            <argument>%file.temporary_storage.secret%</argument>
 
+            <argument>%kernel.secret%</argument>
 
             <argument>%kernel.cache_dir%/upload</argument>
 
         </service>

+ 1 - 1
src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
Ver fichero 

@@ -24,6 +24,7 @@
 
         <xsd:attribute name="error-handler" type="xsd:string" />
 
         <xsd:attribute name="exception-controller" type="xsd:string" />
 
         <xsd:attribute name="ide" type="xsd:string" />
 
+        <xsd:attribute name="secret" type="xsd:string" />
 
     </xsd:complexType>
 
 
     <xsd:simpleType name="cache_warmer">
 
@@ -37,7 +38,6 @@
 
     <xsd:complexType name="csrf_protection">
 
         <xsd:attribute name="enabled" type="xsd:boolean" />
 
         <xsd:attribute name="field-name" type="xsd:string" />
 
-        <xsd:attribute name="secret" type="xsd:string" />
 
     </xsd:complexType>
 
 
     <xsd:complexType name="esi">

+ 1 - 1
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
Ver fichero 

@@ -1,10 +1,10 @@
 
 <?php
 
 
 $container->loadFromExtension('framework', array(
 
+    'secret' => 's3cr3t',
 
     'csrf_protection' => array(
 
         'enabled'    => true,
 
         'field_name' => '_csrf',
 
-        'secret'     => 's3cr3t',
 
     ),
 
     'esi' => array(
 
         'enabled' => true,

+ 1 - 0
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php
Ver fichero 

@@ -1,6 +1,7 @@
 
 <?php
 
 
 $container->loadFromExtension('framework', array(
 
+    'secret' => 's3cr3t',
 
     'validation' => array(
 
         'enabled'     => true,
 
         'annotations' => array(

+ 2 - 2
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
Ver fichero 

@@ -6,8 +6,8 @@
 
     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
 
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
 
-    <framework:config>
 
-        <framework:csrf-protection enabled="true" field-name="_csrf" secret="s3cr3t" />
 
+    <framework:config secret="s3cr3t">
 
+        <framework:csrf-protection enabled="true" field-name="_csrf" />
 
         <framework:esi enabled="true" />
 
         <framework:profiler only-exceptions="true" />
 
         <framework:router cache-warmer="true" resource="%kernel.root_dir%/config/routing.xml" type="xml" />

+ 1 - 1
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml
Ver fichero 

@@ -6,7 +6,7 @@
 
     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
 
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
 
-    <framework:config>
 
+    <framework:config secret="s3cr3t">
 
         <framework:validation enabled="true" annotations="true">
 
             <framework:namespace prefix="app">Application\Validator\Constraints\</framework:namespace>
 
         </framework:validation>

+ 1 - 1
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
Ver fichero 

@@ -1,8 +1,8 @@
 
 framework:
 
+    secret: s3cr3t
 
     csrf_protection:
 
         enabled:    true
 
         field_name: _csrf
 
-        secret:     s3cr3t
 
     esi:
 
         enabled: true
 
     profiler:

+ 1 - 0
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml
Ver fichero 

@@ -1,4 +1,5 @@
 
 framework:
 
+    secret: s3cr3t
 
     validation:
 
         enabled:     true
 
         annotations:

+ 1 - 1
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
Ver fichero 

@@ -27,7 +27,7 @@ abstract class FrameworkExtensionTest extends TestCase
 
         $this->assertTrue($container->getParameter('form.csrf_protection.enabled'));
 
         $this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
 
         $arguments = $container->findDefinition('form.csrf_provider')->getArguments();
 
-        $this->assertEquals('s3cr3t', $arguments[1]);
 
+        $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($arguments[1]));
 
     }
 
 
     public function testEsi()