bug #27454 [FrameworkBundle][TwigBridge] Fix BC break from strong dep…

…endency on CSRF token storage (tgalopin) This PR was merged into the 4.1 branch. Discussion ---------- [FrameworkBundle][TwigBridge] Fix BC break from strong dependency on CSRF token storage | Q | A | ------------- | --- | Branch? | 4.1 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - The PR #25197 introduced the `csrf_token` function in Twig. This extension relies on `CsrfTokenManagerInterface`, which itself relies on the session. In some contexts such as when sessions are stored in Redis and we try to warmup the cache in CLI without Redis available, this makes the process fails. This PR fixes this by using a Twig runtime instead of a direct extension to avoid a strong dependency on `CsrfTokenManagerInterface`. Commits ------- 68994a6 [FrameworkBundle][TwigBridge] Fix BC break from strong dependency on CSRF token storage
symfony · May 31, 2018 · ca5e561 · ca5e561
2 parents 8bbd738 + 68994a6
commit ca5e561
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 15 deletions.
diff --git a/src/Symfony/Bridge/Twig/Extension/CsrfExtension.php b/src/Symfony/Bridge/Twig/Extension/CsrfExtension.php
@@ -11,34 +11,22 @@
 
 namespace Symfony\Bridge\Twig\Extension;
 
-use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
 use Twig\Extension\AbstractExtension;
 use Twig\TwigFunction;
 
 /**
  * @author Christian Flothmann <christian.flothmann@sensiolabs.de>
+ * @author Titouan Galopin <galopintitouan@gmail.com>
  */
 class CsrfExtension extends AbstractExtension
 {
-    private $csrfTokenManager;
-
-    public function __construct(CsrfTokenManagerInterface $csrfTokenManager)
-    {
-        $this->csrfTokenManager = $csrfTokenManager;
-    }
-
     /**
      * {@inheritdoc}
      */
     public function getFunctions(): array
     {
         return array(
-            new TwigFunction('csrf_token', array($this, 'getCsrfToken')),
+            new TwigFunction('csrf_token', array(CsrfRuntime::class, 'getCsrfToken')),
         );
     }
-
-    public function getCsrfToken(string $tokenId): string
-    {
-        return $this->csrfTokenManager->getToken($tokenId)->getValue();
-    }
 }
diff --git a/src/Symfony/Bridge/Twig/Extension/CsrfRuntime.php b/src/Symfony/Bridge/Twig/Extension/CsrfRuntime.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Twig\Extension;
+
+use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
+
+/**
+ * @author Christian Flothmann <christian.flothmann@sensiolabs.de>
+ * @author Titouan Galopin <galopintitouan@gmail.com>
+ */
+class CsrfRuntime
+{
+    private $csrfTokenManager;
+
+    public function __construct(CsrfTokenManagerInterface $csrfTokenManager)
+    {
+        $this->csrfTokenManager = $csrfTokenManager;
+    }
+
+    public function getCsrfToken(string $tokenId): string
+    {
+        return $this->csrfTokenManager->getToken($tokenId)->getValue();
+    }
+}
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/security_csrf.xml
@@ -22,9 +22,13 @@
         </service>
         <service id="Symfony\Component\Security\Csrf\CsrfTokenManagerInterface" alias="security.csrf.token_manager" />
 
+        <service id="twig.runtime.security_csrf" class="Symfony\Bridge\Twig\Extension\CsrfRuntime">
+            <tag name="twig.runtime" />
+            <argument type="service" id="security.csrf.token_manager" />
+        </service>
+
         <service id="twig.extension.security_csrf" class="Symfony\Bridge\Twig\Extension\CsrfExtension">
             <tag name="twig.extension" />
-            <argument type="service" id="security.csrf.token_manager" />
         </service>
     </services>
 </container>