Skip to content

Commit 64455d7

Browse files
webmozartwebmozart
committed
[Security] Changed Security HTTP sub-component to depend on CSRF sub-component instead of Form
1 parent 1f82eeb commit 64455d7

File tree

4 files changed

+26
-25
lines changed

4 files changed

+26
-25
lines changed

Firewall/LogoutListener.php

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,12 @@
1111

1212
namespace Symfony\Component\Security\Http\Firewall;
1313

14-
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
1514
use Symfony\Component\HttpFoundation\Request;
1615
use Symfony\Component\HttpFoundation\Response;
1716
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
1817
use Symfony\Component\Security\Core\SecurityContextInterface;
1918
use Symfony\Component\Security\Core\Exception\LogoutException;
19+
use Symfony\Component\Security\Csrf\CsrfTokenGeneratorInterface;
2020
use Symfony\Component\Security\Http\HttpUtils;
2121
use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
2222
use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
@@ -34,18 +34,18 @@ class LogoutListener implements ListenerInterface
3434
private $handlers;
3535
private $successHandler;
3636
private $httpUtils;
37-
private $csrfProvider;
37+
private $csrfTokenGenerator;
3838

3939
/**
4040
* Constructor
4141
*
4242
* @param SecurityContextInterface $securityContext
43-
* @param HttpUtils $httpUtils An HttpUtilsInterface instance
44-
* @param LogoutSuccessHandlerInterface $successHandler A LogoutSuccessHandlerInterface instance
45-
* @param array $options An array of options to process a logout attempt
46-
* @param CsrfProviderInterface $csrfProvider A CsrfProviderInterface instance
43+
* @param HttpUtils $httpUtils An HttpUtilsInterface instance
44+
* @param LogoutSuccessHandlerInterface $successHandler A LogoutSuccessHandlerInterface instance
45+
* @param array $options An array of options to process a logout attempt
46+
* @param CsrfTokenGeneratorInterface $csrfTokenGenerator A CsrfTokenGeneratorInterface instance
4747
*/
48-
public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), CsrfProviderInterface $csrfProvider = null)
48+
public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), CsrfTokenGeneratorInterface $csrfTokenGenerator = null)
4949
{
5050
$this->securityContext = $securityContext;
5151
$this->httpUtils = $httpUtils;
@@ -55,7 +55,7 @@ public function __construct(SecurityContextInterface $securityContext, HttpUtils
5555
'logout_path' => '/logout',
5656
), $options);
5757
$this->successHandler = $successHandler;
58-
$this->csrfProvider = $csrfProvider;
58+
$this->csrfTokenGenerator = $csrfTokenGenerator;
5959
$this->handlers = array();
6060
}
6161

@@ -72,7 +72,7 @@ public function addHandler(LogoutHandlerInterface $handler)
7272
/**
7373
* Performs the logout if requested
7474
*
75-
* If a CsrfProviderInterface instance is available, it will be used to
75+
* If a CsrfTokenGeneratorInterface instance is available, it will be used to
7676
* validate the request.
7777
*
7878
* @param GetResponseEvent $event A GetResponseEvent instance
@@ -89,10 +89,10 @@ public function handle(GetResponseEvent $event)
8989
return;
9090
}
9191

92-
if (null !== $this->csrfProvider) {
92+
if (null !== $this->csrfTokenGenerator) {
9393
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
9494

95-
if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
95+
if (false === $this->csrfTokenGenerator->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
9696
throw new LogoutException('Invalid CSRF token.');
9797
}
9898
}

Firewall/SimpleFormAuthenticationListener.php

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,11 @@
1313

1414
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
1515
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
17+
use Symfony\Component\Security\Csrf\CsrfTokenGeneratorInterface;
1618
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
1719
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
1820
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
19-
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
2021
use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface;
2122
use Symfony\Component\Security\Core\SecurityContextInterface;
2223
use Symfony\Component\Security\Http\HttpUtils;
@@ -29,7 +30,7 @@
2930
class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
3031
{
3132
private $simpleAuthenticator;
32-
private $csrfProvider;
33+
private $csrfTokenGenerator;
3334

3435
/**
3536
* Constructor.
@@ -46,16 +47,16 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
4647
* @param LoggerInterface $logger A LoggerInterface instance
4748
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
4849
* @param SimpleFormAuthenticatorInterface $simpleAuthenticator A SimpleFormAuthenticatorInterface instance
49-
* @param CsrfProviderInterface $csrfProvider A CsrfProviderInterface instance
50+
* @param CsrfTokenGeneratorInterface $csrfTokenGenerator A CsrfTokenGeneratorInterface instance
5051
*/
51-
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null)
52+
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfTokenGeneratorInterface $csrfTokenGenerator = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null)
5253
{
5354
if (!$simpleAuthenticator) {
5455
throw new \InvalidArgumentException('Missing simple authenticator');
5556
}
5657

5758
$this->simpleAuthenticator = $simpleAuthenticator;
58-
$this->csrfProvider = $csrfProvider;
59+
$this->csrfTokenGenerator = $csrfTokenGenerator;
5960

6061
$options = array_merge(array(
6162
'username_parameter' => '_username',
@@ -84,10 +85,10 @@ protected function requiresAuthentication(Request $request)
8485
*/
8586
protected function attemptAuthentication(Request $request)
8687
{
87-
if (null !== $this->csrfProvider) {
88+
if (null !== $this->csrfTokenGenerator) {
8889
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
8990

90-
if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
91+
if (false === $this->csrfTokenGenerator->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
9192
throw new InvalidCsrfTokenException('Invalid CSRF token.');
9293
}
9394
}

Firewall/UsernamePasswordFormAuthenticationListener.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,9 @@
1111

1212
namespace Symfony\Component\Security\Http\Firewall;
1313

14-
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
1514
use Symfony\Component\HttpFoundation\Request;
1615
use Psr\Log\LoggerInterface;
16+
use Symfony\Component\Security\Csrf\CsrfTokenGeneratorInterface;
1717
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
1818
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
1919
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
@@ -32,12 +32,12 @@
3232
*/
3333
class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationListener
3434
{
35-
private $csrfProvider;
35+
private $csrfTokenGenerator;
3636

3737
/**
3838
* {@inheritdoc}
3939
*/
40-
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
40+
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfTokenGeneratorInterface $csrfTokenGenerator = null)
4141
{
4242
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
4343
'username_parameter' => '_username',
@@ -47,7 +47,7 @@ public function __construct(SecurityContextInterface $securityContext, Authentic
4747
'post_only' => true,
4848
), $options), $logger, $dispatcher);
4949

50-
$this->csrfProvider = $csrfProvider;
50+
$this->csrfTokenGenerator = $csrfTokenGenerator;
5151
}
5252

5353
/**
@@ -67,10 +67,10 @@ protected function requiresAuthentication(Request $request)
6767
*/
6868
protected function attemptAuthentication(Request $request)
6969
{
70-
if (null !== $this->csrfProvider) {
70+
if (null !== $this->csrfTokenGenerator) {
7171
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
7272

73-
if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
73+
if (false === $this->csrfTokenGenerator->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
7474
throw new InvalidCsrfTokenException('Invalid CSRF token.');
7575
}
7676
}

composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
"psr/log": "~1.0"
2929
},
3030
"suggest": {
31-
"symfony/form": "",
31+
"symfony/security-csrf": "",
3232
"symfony/routing": ""
3333
},
3434
"autoload": {

0 commit comments

Comments
 (0)