Merge branch '2.8'

Conflicts: composer.json src/Symfony/Bundle/FrameworkBundle/Resources/config/annotations.xml src/Symfony/Bundle/FrameworkBundle/Resources/config/routing.xml src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Component/DependencyInjection/ContainerBuilder.php src/Symfony/Component/Security/Core/composer.json src/Symfony/Component/Security/Csrf/composer.json src/Symfony/Component/Security/Http/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Translation/PluralizationRules.php src/Symfony/Component/VarDumper/Exception/ThrowingCasterException.php
author: Nicolas Grekas <nicolas.grekas@gmail.com> 2015-10-07 09:44:07 +0200
committer: Nicolas Grekas <nicolas.grekas@gmail.com> 2015-10-07 09:44:07 +0200
commit: 82a1ebbc0f0a570b28d5ede8243733c20971564c (patch)
tree: 8f5c8b38de75c2eb26bf7412cd714b6756c9738f /Http/RememberMe
parent: 4e3ea9f244ad465865c2384f3d9ba2f89361d364 (diff)
parent: 5d74e1996313fc483fed9d4040acfa7f7b4fd297 (diff)
download: symfony-security-82a1ebbc0f0a570b28d5ede8243733c20971564c.zip
symfony-security-82a1ebbc0f0a570b28d5ede8243733c20971564c.tar.gz
symfony-security-82a1ebbc0f0a570b28d5ede8243733c20971564c.tar.bz2
2 files changed, 8 insertions, 24 deletions
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
index 0352eb4..c22105b 100644
--- a/Http/RememberMe/AbstractRememberMeServices.php
+++ b/Http/RememberMe/AbstractRememberMeServices.php
@@ -35,7 +35,10 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
     const COOKIE_DELIMITER = ':';
 
     protected $logger;
-    protected $options;
+    protected $options = array(
+        'secure' => false,
+        'httponly' => true,
+    );
     private $providerKey;
     private $secret;
     private $userProviders;
@@ -66,7 +69,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
         $this->userProviders = $userProviders;
         $this->secret = $secret;
         $this->providerKey = $providerKey;
-        $this->options = $options;
+        $this->options = array_merge($this->options, $options);
         $this->logger = $logger;
     }
 
diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
index 3e465d6..a8c086c 100644
--- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
+++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -19,7 +19,6 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\CookieTheftException;
 use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Util\SecureRandomInterface;
 use Psr\Log\LoggerInterface;
 
 /**
@@ -32,24 +31,6 @@ use Psr\Log\LoggerInterface;
 class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
 {
     private $tokenProvider;
-    private $secureRandom;
-
-    /**
-     * Constructor.
-     *
-     * @param array                 $userProviders
-     * @param string                $secret
-     * @param string                $providerKey
-     * @param array                 $options
-     * @param LoggerInterface       $logger
-     * @param SecureRandomInterface $secureRandom
-     */
-    public function __construct(array $userProviders, $secret, $providerKey, array $options = array(), LoggerInterface $logger = null, SecureRandomInterface $secureRandom)
-    {
-        parent::__construct($userProviders, $secret, $providerKey, $options, $logger);
-
-        $this->secureRandom = $secureRandom;
-    }
 
     /**
      * Sets the token provider.
@@ -98,7 +79,7 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
             throw new AuthenticationException('The cookie has expired.');
         }
 
-        $tokenValue = base64_encode($this->secureRandom->nextBytes(64));
+        $tokenValue = base64_encode(random_bytes(64));
         $this->tokenProvider->updateToken($series, $tokenValue, new \DateTime());
         $request->attributes->set(self::COOKIE_ATTR_NAME,
             new Cookie(
@@ -120,8 +101,8 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
      */
     protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
     {
-        $series = base64_encode($this->secureRandom->nextBytes(64));
-        $tokenValue = base64_encode($this->secureRandom->nextBytes(64));
+        $series = base64_encode(random_bytes(64));
+        $tokenValue = base64_encode(random_bytes(64));
 
         $this->tokenProvider->createNewToken(
             new PersistentToken(
author	Nicolas Grekas <nicolas.grekas@gmail.com>	2015-10-07 09:44:07 +0200
committer	Nicolas Grekas <nicolas.grekas@gmail.com>	2015-10-07 09:44:07 +0200
commit	82a1ebbc0f0a570b28d5ede8243733c20971564c (patch)
tree	8f5c8b38de75c2eb26bf7412cd714b6756c9738f /Http/RememberMe
parent	4e3ea9f244ad465865c2384f3d9ba2f89361d364 (diff)
parent	5d74e1996313fc483fed9d4040acfa7f7b4fd297 (diff)
download	symfony-security-82a1ebbc0f0a570b28d5ede8243733c20971564c.zip symfony-security-82a1ebbc0f0a570b28d5ede8243733c20971564c.tar.gz symfony-security-82a1ebbc0f0a570b28d5ede8243733c20971564c.tar.bz2