Permalink
Browse files

bug #27454 [FrameworkBundle][TwigBridge] Fix BC break from strong dep…

…endency on CSRF token storage (tgalopin)

This PR was merged into the 4.1 branch.

Discussion
----------

[FrameworkBundle][TwigBridge] Fix BC break from strong dependency on CSRF token storage

| Q             | A
| ------------- | ---
| Branch?       | 4.1
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

The PR #25197 introduced the `csrf_token` function in Twig. This extension relies on `CsrfTokenManagerInterface`, which itself relies on the session. In some contexts such as when sessions are stored in Redis and we try to warmup the cache in CLI without Redis available, this makes the process fails.

This PR fixes this by using a Twig runtime instead of a direct extension to avoid a strong dependency on `CsrfTokenManagerInterface`.

Commits
-------

68994a6 [FrameworkBundle][TwigBridge] Fix BC break from strong dependency on CSRF token storage
  • Loading branch information...
fabpot committed May 31, 2018
2 parents 8bbd738 + 68994a6 commit ca5e5611f9e533d02bcad081080f94abcc3476ab
@@ -11,34 +11,22 @@
namespace Symfony\Bridge\Twig\Extension;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Twig\Extension\AbstractExtension;
use Twig\TwigFunction;
/**
* @author Christian Flothmann <christian.flothmann@sensiolabs.de>
* @author Titouan Galopin <galopintitouan@gmail.com>
*/
class CsrfExtension extends AbstractExtension
{
private $csrfTokenManager;
public function __construct(CsrfTokenManagerInterface $csrfTokenManager)
{
$this->csrfTokenManager = $csrfTokenManager;
}
/**
* {@inheritdoc}
*/
public function getFunctions(): array
{
return array(
new TwigFunction('csrf_token', array($this, 'getCsrfToken')),
new TwigFunction('csrf_token', array(CsrfRuntime::class, 'getCsrfToken')),
);
}
public function getCsrfToken(string $tokenId): string
{
return $this->csrfTokenManager->getToken($tokenId)->getValue();
}
}
@@ -0,0 +1,33 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Bridge\Twig\Extension;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
/**
* @author Christian Flothmann <christian.flothmann@sensiolabs.de>
* @author Titouan Galopin <galopintitouan@gmail.com>
*/
class CsrfRuntime
{
private $csrfTokenManager;
public function __construct(CsrfTokenManagerInterface $csrfTokenManager)
{
$this->csrfTokenManager = $csrfTokenManager;
}
public function getCsrfToken(string $tokenId): string
{
return $this->csrfTokenManager->getToken($tokenId)->getValue();
}
}
@@ -22,9 +22,13 @@
</service>
<service id="Symfony\Component\Security\Csrf\CsrfTokenManagerInterface" alias="security.csrf.token_manager" />
<service id="twig.runtime.security_csrf" class="Symfony\Bridge\Twig\Extension\CsrfRuntime">
<tag name="twig.runtime" />
<argument type="service" id="security.csrf.token_manager" />
</service>
<service id="twig.extension.security_csrf" class="Symfony\Bridge\Twig\Extension\CsrfExtension">
<tag name="twig.extension" />
<argument type="service" id="security.csrf.token_manager" />
</service>
</services>
</container>

0 comments on commit ca5e561

Please sign in to comment.