Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the wrong CSRF token storage being wired #1625

Merged
merged 1 commit into from
May 1, 2020
Merged

Fix the wrong CSRF token storage being wired #1625

merged 1 commit into from
May 1, 2020

Conversation

Toflar
Copy link
Member

@Toflar Toflar commented Apr 2, 2020

Q A
Fixed issues Fixes #1491
Docs PR or issue -

If not specified explicitly, Symfony will autowire to the default CSRF token storage which is the session one :)

@Toflar Toflar self-assigned this Apr 2, 2020
@Toflar Toflar requested a review from a team April 2, 2020 19:46
@Toflar Toflar added the bug label Apr 2, 2020
@Toflar Toflar added this to the 4.9 milestone Apr 2, 2020
@Toflar Toflar force-pushed the bugfix/wrong-csrf-token-storage-service branch from 8aa8854 to 95f4dbc Compare April 2, 2020 19:50
aschempp
aschempp reviewed Apr 2, 2020
View reviewed changes
Copy link
Member

@aschempp aschempp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain what the change does?

aschempp
aschempp reviewed Apr 3, 2020
View reviewed changes
Copy link
Member

@aschempp aschempp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain how the change works?

@Toflar
Copy link
Member Author

Toflar commented Apr 3, 2020

What do you mean by explain? You want me to add a comment in the services.yml or what should I do? It just wires the correct service, I don‘t know what else to say?🤷‍♂️

@aschempp
Copy link
Member

aschempp commented Apr 7, 2020
edited by bytehead

I had to read up on the Symfony docs 😇

So the issue is exactly the reason people argument that you should not use autowiring in a bundle. Now I wonder:

  1. why do we use autowiring here, but „forbid“ it for everything else?
  2. should we „solve“ the autowiring issue by creating our own „subclass“ of the CsrfTokenStorage?

@Toflar
Copy link
Member Author

Toflar commented Apr 7, 2020
edited 

1. why do we use autowiring here, but „forbid“ it for everything else?

I was asking myself the same, I didn't understand why you guys did that.

2. should we „solve“ the autowiring issue by creating our own „subclass“ of the `CsrfTokenStorage`?

How would that help? Was that maybe a mistake and you meant the TokenStorageInterface?

@leofeyer
Copy link
Member

leofeyer commented Apr 7, 2020 

1. why do we use autowiring here, but „forbid“ it for everything else?

I was asking myself the same, I didn't understand why you guys did that.

Me neither. Who added this anyway?

@fritzmg
Copy link
Contributor

fritzmg commented Apr 7, 2020
edited

Hm, not really sure. I added the controller.service_arguments tag in ad125f7 . Is that what makes the subscribed services "autowired"? How did it work before that?

@aschempp
Copy link
Member

aschempp commented Apr 8, 2020

I was asking myself the same, I didn't understand why you guys did that.

We‘re using Symfony‘s AbstractController which uses autowiring by default. Probably because controllers usually live in the app and not bundles.
However, it‘s currently good to use a service locator for lazy loading, because our controller has way too many actions (which is a bad thing).

How would that help? Was that maybe a mistake and you meant the TokenStorageInterface?

Not really. We can add an interface as we, but the current issue is because our service uses a „default“ Symfony class. We‘d need to override/extend that to make autowiring work.

@aschempp aschempp added the up for discussion Issues and PRs which will be discussed in our monthly Mumble calls. label Apr 8, 2020
@aschempp
Copy link
Member

aschempp commented Apr 8, 2020

I‘ve added „up for discussion“ because we probably want to talk about it tomorrow on Mumble.

@leofeyer
Copy link
Member

leofeyer commented Apr 9, 2020

As discussed in Mumble on April, 9th, we want to merge the PR to fix the issue.

@leofeyer leofeyer removed the up for discussion Issues and PRs which will be discussed in our monthly Mumble calls. label Apr 9, 2020
@Toflar Toflar closed this Apr 22, 2020
@Toflar Toflar deleted the bugfix/wrong-csrf-token-storage-service branch April 22, 2020 11:48
@Toflar Toflar restored the bugfix/wrong-csrf-token-storage-service branch April 22, 2020 11:50
@Toflar Toflar reopened this Apr 22, 2020
@Toflar
Copy link
Member Author

Toflar commented Apr 22, 2020

Sorry, accidentally deleted the branch.

@tabcontao tabcontao mentioned this pull request Apr 24, 2020
Closed
@leofeyer leofeyer merged commit 1810310 into contao:4.9 May 1, 2020
@leofeyer
Copy link
Member

leofeyer commented May 1, 2020

Thank you @Toflar.

@Toflar Toflar deleted the bugfix/wrong-csrf-token-storage-service branch May 1, 2020 17:14
@leofeyer leofeyer changed the title Fixed wrong CSRF token storage being wired Fix the wrong CSRF token storage being wired May 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aschempp aschempp aschempp left review comments

@ausi ausi ausi approved these changes

@bytehead bytehead bytehead approved these changes

@leofeyer leofeyer leofeyer approved these changes

Assignees

@Toflar Toflar

Labels
bug
Projects
None yet
Milestone
4.9
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@Toflar @aschempp @leofeyer @fritzmg @ausi @bytehead