Skip to content

Commit

Permalink
Merge branch '5.3' into 5.4
Browse files Browse the repository at this point in the history 
* 5.3:
  Enable CSRF in FORM by default
  • Loading branch information
@nicolas-grekas
nicolas-grekas committed Jan 29, 2022
2 parents 11b0d38 + fef224d commit d848b8c
Show file tree
Hide file tree
Showing 5 changed files with 108 additions and 59 deletions.
125 changes: 66 additions & 59 deletions DependencyInjection/FrameworkExtension.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,26 +345,6 @@ public function load(array $configs, ContainerBuilder $container)
$this->registerRequestConfiguration($config['request'], $container, $loader);
}

if ($this->isConfigEnabled($container, $config['form'])) {
if (!class_exists(Form::class)) {
throw new LogicException('Form support cannot be enabled as the Form component is not installed. Try running "composer require symfony/form".');
}

$this->formConfigEnabled = true;
$this->registerFormConfiguration($config, $container, $loader);

if (ContainerBuilder::willBeAvailable('symfony/validator', Validation::class, ['symfony/framework-bundle', 'symfony/form'], true)) {
$config['validation']['enabled'] = true;
} else {
$container->setParameter('validator.translation_domain', 'validators');

$container->removeDefinition('form.type_extension.form.validator');
$container->removeDefinition('form.type_guesser.validator');
}
} else {
$container->removeDefinition('console.command.form_debug');
}

if ($this->isConfigEnabled($container, $config['assets'])) {
if (!class_exists(\Symfony\Component\Asset\Package::class)) {
throw new LogicException('Asset support cannot be enabled as the Asset component is not installed. Try running "composer require symfony/asset".');
Expand All @@ -373,39 +353,6 @@ public function load(array $configs, ContainerBuilder $container)
$this->registerAssetsConfiguration($config['assets'], $container, $loader);
}

if ($this->messengerConfigEnabled = $this->isConfigEnabled($container, $config['messenger'])) {
$this->registerMessengerConfiguration($config['messenger'], $container, $loader, $config['validation']);
} else {
$container->removeDefinition('console.command.messenger_consume_messages');
$container->removeDefinition('console.command.messenger_debug');
$container->removeDefinition('console.command.messenger_stop_workers');
$container->removeDefinition('console.command.messenger_setup_transports');
$container->removeDefinition('console.command.messenger_failed_messages_retry');
$container->removeDefinition('console.command.messenger_failed_messages_show');
$container->removeDefinition('console.command.messenger_failed_messages_remove');
$container->removeDefinition('cache.messenger.restart_workers_signal');

if ($container->hasDefinition('messenger.transport.amqp.factory') && !class_exists(AmqpTransportFactory::class)) {
if (class_exists(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)) {
$container->getDefinition('messenger.transport.amqp.factory')
->setClass(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)
->addTag('messenger.transport_factory');
} else {
$container->removeDefinition('messenger.transport.amqp.factory');
}
}

if ($container->hasDefinition('messenger.transport.redis.factory') && !class_exists(RedisTransportFactory::class)) {
if (class_exists(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)) {
$container->getDefinition('messenger.transport.redis.factory')
->setClass(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)
->addTag('messenger.transport_factory');
} else {
$container->removeDefinition('messenger.transport.redis.factory');
}
}
}

if ($this->httpClientConfigEnabled = $this->isConfigEnabled($container, $config['http_client'])) {
$this->registerHttpClientConfiguration($config['http_client'], $container, $loader, $config['profiler']);
}
Expand All @@ -414,18 +361,12 @@ public function load(array $configs, ContainerBuilder $container)
$this->registerMailerConfiguration($config['mailer'], $container, $loader);
}

if ($this->notifierConfigEnabled = $this->isConfigEnabled($container, $config['notifier'])) {
$this->registerNotifierConfiguration($config['notifier'], $container, $loader);
}

$propertyInfoEnabled = $this->isConfigEnabled($container, $config['property_info']);
$this->registerValidationConfiguration($config['validation'], $container, $loader, $propertyInfoEnabled);
$this->registerHttpCacheConfiguration($config['http_cache'], $container, $config['http_method_override']);
$this->registerEsiConfiguration($config['esi'], $container, $loader);
$this->registerSsiConfiguration($config['ssi'], $container, $loader);
$this->registerFragmentsConfiguration($config['fragments'], $container, $loader);
$this->registerTranslatorConfiguration($config['translator'], $container, $loader, $config['default_locale'], $config['enabled_locales']);
$this->registerProfilerConfiguration($config['profiler'], $container, $loader);
$this->registerWorkflowConfiguration($config['workflows'], $container, $loader);
$this->registerDebugConfiguration($config['php_errors'], $container, $loader);
// @deprecated since Symfony 5.4, in 6.0 change to:
Expand Down Expand Up @@ -502,6 +443,72 @@ public function load(array $configs, ContainerBuilder $container)
}
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);

// form depends on csrf being registered
if ($this->isConfigEnabled($container, $config['form'])) {
if (!class_exists(Form::class)) {
throw new LogicException('Form support cannot be enabled as the Form component is not installed. Try running "composer require symfony/form".');
}

$this->formConfigEnabled = true;
$this->registerFormConfiguration($config, $container, $loader);

if (ContainerBuilder::willBeAvailable('symfony/validator', Validation::class, ['symfony/framework-bundle', 'symfony/form'], true)) {
$config['validation']['enabled'] = true;
} else {
$container->setParameter('validator.translation_domain', 'validators');

$container->removeDefinition('form.type_extension.form.validator');
$container->removeDefinition('form.type_guesser.validator');
}
} else {
$container->removeDefinition('console.command.form_debug');
}

// validation depends on form, annotations being registered
$this->registerValidationConfiguration($config['validation'], $container, $loader, $propertyInfoEnabled);

// messenger depends on validation being registered
if ($this->messengerConfigEnabled = $this->isConfigEnabled($container, $config['messenger'])) {
$this->registerMessengerConfiguration($config['messenger'], $container, $loader, $config['validation']);
} else {
$container->removeDefinition('console.command.messenger_consume_messages');
$container->removeDefinition('console.command.messenger_debug');
$container->removeDefinition('console.command.messenger_stop_workers');
$container->removeDefinition('console.command.messenger_setup_transports');
$container->removeDefinition('console.command.messenger_failed_messages_retry');
$container->removeDefinition('console.command.messenger_failed_messages_show');
$container->removeDefinition('console.command.messenger_failed_messages_remove');
$container->removeDefinition('cache.messenger.restart_workers_signal');

if ($container->hasDefinition('messenger.transport.amqp.factory') && !class_exists(AmqpTransportFactory::class)) {
if (class_exists(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)) {
$container->getDefinition('messenger.transport.amqp.factory')
->setClass(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)
->addTag('messenger.transport_factory');
} else {
$container->removeDefinition('messenger.transport.amqp.factory');
}
}

if ($container->hasDefinition('messenger.transport.redis.factory') && !class_exists(RedisTransportFactory::class)) {
if (class_exists(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)) {
$container->getDefinition('messenger.transport.redis.factory')
->setClass(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)
->addTag('messenger.transport_factory');
} else {
$container->removeDefinition('messenger.transport.redis.factory');
}
}
}

// notifier depends on messenger, mailer being registered
if ($this->notifierConfigEnabled = $this->isConfigEnabled($container, $config['notifier'])) {
$this->registerNotifierConfiguration($config['notifier'], $container, $loader);
}

// profiler depends on form, validation, translation, messenger, mailer, http-client, notifier being registered
$this->registerProfilerConfiguration($config['profiler'], $container, $loader);

$this->addAnnotatedClassesToCompile([
'**\\Controller\\',
'**\\Entity\\',
Expand Down
11 changes: 11 additions & 0 deletions Tests/DependencyInjection/Fixtures/php/form_default_csrf.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?php

$container->loadFromExtension('framework', [
'form' => [
'legacy_error_messages' => false,
],
'session' => [
'storage_factory_id' => 'session.storage.factory.native',
'handler_id' => null,
],
]);
13 changes: 13 additions & 0 deletions Tests/DependencyInjection/Fixtures/xml/form_default_csrf.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0" ?>

<container xmlns="http://symfony.com/schema/dic/services"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:framework="http://symfony.com/schema/dic/symfony"
xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">

<framework:config>
<framework:form enabled="true" legacy-error-messages="false" />
<framework:session storage-factory-id="session.storage.factory.native" handler-id="null"/>
</framework:config>
</container>
6 changes: 6 additions & 0 deletions Tests/DependencyInjection/Fixtures/yml/form_default_csrf.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
framework:
form:
legacy_error_messages: false
session:
storage_factory_id: session.storage.factory.native
handler_id: null
12 changes: 12 additions & 0 deletions Tests/DependencyInjection/FrameworkExtensionTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,18 @@ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()
$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
}

public function testFormsCsrfIsEnabledByDefault()
{
if (class_exists(FullStack::class)) {
$this->markTestSkipped('testing with the FullStack prevents verifying default values');
}
$container = $this->createContainerFromFile('form_default_csrf');

$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
$this->assertTrue($container->hasParameter('form.type_extension.csrf.enabled'));
$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
}

public function testHttpMethodOverride()
{
$container = $this->createContainerFromFile('full');
Expand Down

0 comments on commit d848b8c

Please sign in to comment.