[Csrf] component fixes

9 files changed, 28 insertions, 35 deletions

diff --git a/Csrf/CsrfToken.php b/Csrf/CsrfToken.php
index aa3da45..619e0ea 100644
--- a/Csrf/CsrfToken.php
+++ b/Csrf/CsrfToken.php
@@ -28,6 +28,12 @@ class CsrfToken
      */
     private $value;
 
+    /**
+     * Constructor.
+     *
+     * @param string $id    The token ID
+     * @param string $value The actual token value
+     */
     public function  __construct($id, $value)
     {
         $this->id = (string) $id;
@@ -57,7 +63,7 @@ class CsrfToken
     /**
      * Returns the value of the CSRF token.
      *
-     * @return string The token value.
+     * @return string The token value
      */
     public function __toString()
     {
diff --git a/Csrf/CsrfTokenManager.php b/Csrf/CsrfTokenManager.php
index fa6e19e..e129502 100644
--- a/Csrf/CsrfTokenManager.php
+++ b/Csrf/CsrfTokenManager.php
@@ -37,23 +37,14 @@ class CsrfTokenManager implements CsrfTokenManagerInterface
     /**
      * Creates a new CSRF provider using PHP's native session storage.
      *
-     * @param TokenGeneratorInterface $generator The token generator
-     * @param TokenStorageInterface   $storage   The storage for storing
-     *                                           generated CSRF tokens
-     *
+     * @param TokenGeneratorInterface|null $generator The token generator
+     * @param TokenStorageInterface|null   $storage   The storage for storing
+     *                                                generated CSRF tokens
      */
     public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null)
     {
-        if (null === $generator) {
-            $generator = new UriSafeTokenGenerator();
-        }
-
-        if (null === $storage) {
-            $storage = new NativeSessionTokenStorage();
-        }
-
-        $this->generator = $generator;
-        $this->storage = $storage;
+        $this->generator = $generator ?: new UriSafeTokenGenerator();
+        $this->storage = $storage ?: new NativeSessionTokenStorage();
     }
 
     /**
@@ -101,6 +92,6 @@ class CsrfTokenManager implements CsrfTokenManagerInterface
             return false;
         }
 
-        return StringUtils::equals((string) $this->storage->getToken($token->getId()), $token->getValue());
+        return StringUtils::equals($this->storage->getToken($token->getId()), $token->getValue());
     }
 }
diff --git a/Csrf/CsrfTokenManagerInterface.php b/Csrf/CsrfTokenManagerInterface.php
index 878237b..2b9254b 100644
--- a/Csrf/CsrfTokenManagerInterface.php
+++ b/Csrf/CsrfTokenManagerInterface.php
@@ -23,7 +23,8 @@ interface CsrfTokenManagerInterface
      * Returns a CSRF token for the given ID.
      *
      * If previously no token existed for the given ID, a new token is
-     * generated. Otherwise the existing token is returned.
+     * generated. Otherwise the existing token is returned (with the same value,
+     * not the same instance).
      *
      * @param string $tokenId The token ID. You may choose an arbitrary value
      *                        for the ID
@@ -51,8 +52,8 @@ interface CsrfTokenManagerInterface
      *
      * @param string $tokenId The token ID
      *
-     * @return Boolean Returns true if a token existed for this ID, false
-     *                 otherwise
+     * @return string|null Returns the removed token value if one existed, NULL
+     *                     otherwise
      */
     public function removeToken($tokenId);
 
diff --git a/Csrf/Tests/CsrfTokenManagerTest.php b/Csrf/Tests/CsrfTokenManagerTest.php
index 67c66fb..3112038 100644
--- a/Csrf/Tests/CsrfTokenManagerTest.php
+++ b/Csrf/Tests/CsrfTokenManagerTest.php
@@ -9,7 +9,7 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\Form\Tests\Extension\Csrf\CsrfProvider;
+namespace Symfony\Component\Security\Csrf\Tests;
 
 use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Security\Csrf\CsrfTokenManager;
diff --git a/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php b/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php
index a55056f..ea2f457 100644
--- a/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php
+++ b/Csrf/Tests/TokenGenerator/UriSafeTokenGeneratorTest.php
@@ -9,7 +9,7 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\Form\Tests\Extension\Csrf\CsrfProvider\TokenGenerator;
+namespace Symfony\Component\Security\Csrf\Tests\TokenGenerator;
 
 use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator;
 
diff --git a/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php b/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php
index ada04c8..724806c 100644
--- a/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php
+++ b/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php
@@ -9,7 +9,7 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\Form\Tests\Extension\Csrf\CsrfProvider;
+namespace Symfony\Component\Security\Csrf\Tests\TokenStorage;
 
 use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage;
 
diff --git a/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php b/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php
index 799b16d..4166c1e 100644
--- a/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php
+++ b/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php
@@ -9,7 +9,7 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\Form\Tests\Extension\Csrf\CsrfProvider;
+namespace Symfony\Component\Security\Csrf\Tests\TokenStorage;
 
 use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage;
 
diff --git a/Csrf/TokenGenerator/UriSafeTokenGenerator.php b/Csrf/TokenGenerator/UriSafeTokenGenerator.php
index 0662854..558273d 100644
--- a/Csrf/TokenGenerator/UriSafeTokenGenerator.php
+++ b/Csrf/TokenGenerator/UriSafeTokenGenerator.php
@@ -39,24 +39,19 @@ class UriSafeTokenGenerator implements TokenGeneratorInterface
     /**
      * Generates URI-safe CSRF tokens.
      *
-     * @param SecureRandomInterface $random  The random value generator used for
-     *                                       generating entropy
-     * @param integer               $entropy The amount of entropy collected for
-     *                                       each token (in bits)
-     *
+     * @param SecureRandomInterface|null $random  The random value generator used for
+     *                                            generating entropy
+     * @param integer                    $entropy The amount of entropy collected for
+     *                                            each token (in bits)
      */
     public function __construct(SecureRandomInterface $random = null, $entropy = 256)
     {
-        if (null === $random) {
-            $random = new SecureRandom();
-        }
-
-        $this->random = $random;
+        $this->random = $random ?: new SecureRandom();
         $this->entropy = $entropy;
     }
 
     /**
-     * {@inheritDoc}
+     * {@inheritdoc}
      */
     public function generateToken()
     {
diff --git a/Csrf/TokenStorage/NativeSessionTokenStorage.php b/Csrf/TokenStorage/NativeSessionTokenStorage.php
index c01967c..8e9b280 100644
--- a/Csrf/TokenStorage/NativeSessionTokenStorage.php
+++ b/Csrf/TokenStorage/NativeSessionTokenStorage.php
@@ -98,7 +98,7 @@ class NativeSessionTokenStorage implements TokenStorageInterface
         }
 
         $token = isset($_SESSION[$this->namespace][$tokenId])
-            ? $_SESSION[$this->namespace][$tokenId]
+            ? (string) $_SESSION[$this->namespace][$tokenId]
             : null;
 
         unset($_SESSION[$this->namespace][$tokenId]);