feature #20075 [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle (fabpot)

fabpot · fabpot · commit d63247fdd580 · 2016-09-28T10:27:44.000-07:00
This PR was merged into the 3.2-dev branch.

Discussion
----------

[FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no (except for people using FrameworkBundle without requiring symfony/symfony which should be pretty rare; and fixing this is easy by adding symfony/security-core and symfony/security-csrf explicitly)
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #15748 partially
| License       | MIT
| Doc PR        | n/a

Another PR to reduce the number of required dependencies on FrameworkBundle. This PR removes the Security Core and CSRF components from the list.

Commits
-------

d703784 [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 3.2.0
 -----
 
+ * Removed `symfony/security-core` and `symfony/security-csrf` from the list of required dependencies in `composer.json`
  * Removed `symfony/templating` from the list of required dependencies in `composer.json`
  * Removed `symfony/translation` from the list of required dependencies in `composer.json`
  * Removed `symfony/asset` from the list of required dependencies in `composer.json`
diff --git a/DependencyInjection/FrameworkExtension.php b/DependencyInjection/FrameworkExtension.php
@@ -1021,6 +1021,10 @@ private function registerSecurityCsrfConfiguration(array $config, ContainerBuild
             return;
         }
 
+        if (!class_exists('Symfony\Component\Security\Csrf\CsrfToken')) {
+            throw new LogicException('CSRF support cannot be enabled as the Security CSRF component is not installed.');
+        }
+
         if (!$this->sessionConfigEnabled) {
             throw new \LogicException('CSRF protection needs sessions to be enabled.');
         }
diff --git a/composer.json b/composer.json
@@ -28,8 +28,6 @@
         "symfony/filesystem": "~2.8|~3.0",
         "symfony/finder": "~2.8|~3.0",
         "symfony/routing": "~3.0",
-        "symfony/security-core": "~3.2",
-        "symfony/security-csrf": "~2.8|~3.0",
         "symfony/stopwatch": "~2.8|~3.0",
         "doctrine/cache": "~1.0",
         "doctrine/annotations": "~1.0"
@@ -45,6 +43,8 @@
         "symfony/form": "~2.8|~3.0",
         "symfony/expression-language": "~2.8|~3.0",
         "symfony/process": "~2.8|~3.0",
+        "symfony/security-core": "~3.2",
+        "symfony/security-csrf": "~2.8|~3.0",
         "symfony/serializer": "~2.8|~3.0",
         "symfony/translation": "~2.8|~3.0",
         "symfony/templating": "~2.8|~3.0",

Original file line number	Diff line number	Diff line change
`@@ -1021,6 +1021,10 @@ private function registerSecurityCsrfConfiguration(array $config, ContainerBuild`
`1021`	`1021`	`return;`
`1022`	`1022`	`}`
`1023`	`1023`
	`1024`	`+ if (!class_exists('Symfony\Component\Security\Csrf\CsrfToken')) {`
	`1025`	`+ throw new LogicException('CSRF support cannot be enabled as the Security CSRF component is not installed.');`
	`1026`	`+ }`
	`1027`	`+`
`1024`	`1028`	`if (!$this->sessionConfigEnabled) {`
`1025`	`1029`	`throw new \LogicException('CSRF protection needs sessions to be enabled.');`
`1026`	`1030`	`}`