[Security][SecurityBundle] Use csrf_token_id instead of deprecated intention

author: Jakub Zalas <jakub@zalas.pl> 2015-11-28 11:32:42 +0000
committer: Fabien Potencier <fabien.potencier@gmail.com> 2015-11-28 16:40:40 +0100
commit: 9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca (patch)
tree: d81bad6c47e63d0c92c831c9e612a146e8d275b9 /Http/Firewall
parent: 3bc433a9e00e6f9d12e144fd47403357bdd2fdae (diff)
download: symfony-security-9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca.zip
symfony-security-9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca.tar.gz
symfony-security-9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca.tar.bz2
3 files changed, 36 insertions, 6 deletions
diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php
index 6211ee0..e19d39c 100644
--- a/Http/Firewall/LogoutListener.php
+++ b/Http/Firewall/LogoutListener.php
@@ -57,11 +57,21 @@ class LogoutListener implements ListenerInterface
             throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
         }
 
+        if (isset($options['intention'])) {
+            if (isset($options['csrf_token_id'])) {
+                throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__));
+            }
+
+            @trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED);
+
+            $options['csrf_token_id'] = $options['intention'];
+        }
+
         $this->tokenStorage = $tokenStorage;
         $this->httpUtils = $httpUtils;
         $this->options = array_merge(array(
             'csrf_parameter' => '_csrf_token',
-            'intention' => 'logout',
+            'csrf_token_id' => 'logout',
             'logout_path' => '/logout',
         ), $options);
         $this->successHandler = $successHandler;
@@ -101,7 +111,7 @@ class LogoutListener implements ListenerInterface
         if (null !== $this->csrfTokenManager) {
             $csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
 
-            if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
+            if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
                 throw new LogoutException('Invalid CSRF token.');
             }
         }
diff --git a/Http/Firewall/SimpleFormAuthenticationListener.php b/Http/Firewall/SimpleFormAuthenticationListener.php
index fedaa4e..4363763 100644
--- a/Http/Firewall/SimpleFormAuthenticationListener.php
+++ b/Http/Firewall/SimpleFormAuthenticationListener.php
@@ -70,6 +70,16 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
             throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
         }
 
+        if (isset($options['intention'])) {
+            if (isset($options['csrf_token_id'])) {
+                throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__));
+            }
+
+            @trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED);
+
+            $options['csrf_token_id'] = $options['intention'];
+        }
+
         $this->simpleAuthenticator = $simpleAuthenticator;
         $this->csrfTokenManager = $csrfTokenManager;
 
@@ -77,7 +87,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
             'username_parameter' => '_username',
             'password_parameter' => '_password',
             'csrf_parameter' => '_csrf_token',
-            'intention' => 'authenticate',
+            'csrf_token_id' => 'authenticate',
             'post_only' => true,
         ), $options);
 
@@ -104,7 +114,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
         if (null !== $this->csrfTokenManager) {
             $csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
 
-            if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
+            if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
             }
         }
diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
index d20ab19..24c3ca6 100644
--- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -48,11 +48,21 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
             throw new InvalidArgumentException('The CSRF token manager should be an instance of CsrfProviderInterface or CsrfTokenManagerInterface.');
         }
 
+        if (isset($options['intention'])) {
+            if (isset($options['csrf_token_id'])) {
+                throw new \InvalidArgumentException(sprintf('You should only define an option for one of "intention" or "csrf_token_id" for the "%s". Use the "csrf_token_id" as it replaces "intention".', __CLASS__));
+            }
+
+            @trigger_error('The "intention" option for the '.__CLASS__.' is deprecated since version 2.8 and will be removed in 3.0. Use the "csrf_token_id" option instead.', E_USER_DEPRECATED);
+
+            $options['csrf_token_id'] = $options['intention'];
+        }
+
         parent::__construct($tokenStorage, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
             'username_parameter' => '_username',
             'password_parameter' => '_password',
             'csrf_parameter' => '_csrf_token',
-            'intention' => 'authenticate',
+            'csrf_token_id' => 'authenticate',
             'post_only' => true,
         ), $options), $logger, $dispatcher);
 
@@ -79,7 +89,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
         if (null !== $this->csrfTokenManager) {
             $csrfToken = ParameterBagUtils::getRequestParameterValue($request, $this->options['csrf_parameter']);
 
-            if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
+            if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['csrf_token_id'], $csrfToken))) {
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
             }
         }
author	Jakub Zalas <jakub@zalas.pl>	2015-11-28 11:32:42 +0000
committer	Fabien Potencier <fabien.potencier@gmail.com>	2015-11-28 16:40:40 +0100
commit	9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca (patch)
tree	d81bad6c47e63d0c92c831c9e612a146e8d275b9 /Http/Firewall
parent	3bc433a9e00e6f9d12e144fd47403357bdd2fdae (diff)
download	symfony-security-9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca.zip symfony-security-9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca.tar.gz symfony-security-9e5425dc3f06ca0bd0d7e30eb7573702f3ce1eca.tar.bz2