Skip to content

[Security] Rename logout’s csrf_token_generator to csrf_token_manager #17482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 30, 2023
Merged

[Security] Rename logout’s csrf_token_generator to csrf_token_manager #17482

merged 1 commit into from
Jan 30, 2023

Conversation

MatTheCat
Copy link
Contributor

@MatTheCat MatTheCat commented Nov 29, 2022
edited
Loading

Follow-up of symfony/symfony#48387

Should I still mention the deprecated csrf_token_generator in the documentation? If yes, how?

@carsonbot carsonbot added this to the 6.2 milestone Nov 29, 2022
@MatTheCat MatTheCat mentioned this pull request Nov 29, 2022
Merged
@MatTheCat MatTheCat changed the base branch from 6.2 to 6.3 November 29, 2022 16:08
fabpot added a commit to symfony/symfony that referenced this pull request Dec 22, 2022
@fabpot
feature #48387 [SecurityBundle] Rename `firewalls.logout.csrf_token_g…
9df40aa 
…enerator` to `firewalls.logout.csrf_token_manager` (MatTheCat)

This PR was merged into the 6.3 branch.

Discussion
----------

[SecurityBundle] Rename `firewalls.logout.csrf_token_generator` to `firewalls.logout.csrf_token_manager`

| Q             | A
| ------------- | ---
| Branch?       | 6.3
| Bug fix?      | no
| New feature?  | no
| Deprecations? | yes
| Tickets       | N/A
| License       | MIT
| Doc PR        | symfony/symfony-docs#17482

A long time ago, #6554 replaced `CsrfProviderInterface` by `CsrfTokenGeneratorInterface`, and #9216 split the latter into `CsrfTokenManagerInterface` and `TokenGeneratorInterface`. #9587 later introduced `csrf_token_generator`, which was already wrong at the time.

Given that token generators exist, it feels weird to have to set <code>csrf_token_**generator**</code> to <code>security.csrf.token_**manager**</code> as mentioned in [the documentation](https://symfony.com/doc/current/reference/configuration/security.html#csrf-token-generator).

As this confusion recently led to #48339, I propose to rename `firewalls.logout.csrf_token_generator` to `firewalls.logout.csrf_token_manager`.

Commits
-------

0a0a98a [SecurityBundle] Rename `firewalls.logout.csrf_token_generator` to `firewalls.logout.csrf_token_manager`
@MatTheCat MatTheCat force-pushed the logout-csrf-token-generator branch from 3a0c762 to 35e3567 Compare January 27, 2023 09:19
@xabbuh xabbuh modified the milestones: 6.2, 6.3 Jan 29, 2023
@MatTheCat MatTheCat force-pushed the logout-csrf-token-generator branch from 35e3567 to 5a92ffd Compare January 30, 2023 08:05
@OskarStark OskarStark force-pushed the logout-csrf-token-generator branch from 5a92ffd to ced6562 Compare January 30, 2023 08:45
@OskarStark
Copy link
Contributor

Thank you Mathieu.

@OskarStark OskarStark merged commit 86ec98c into symfony:6.3 Jan 30, 2023
@MatTheCat MatTheCat deleted the logout-csrf-token-generator branch January 30, 2023 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OskarStark OskarStark OskarStark left review comments

@xabbuh xabbuh xabbuh approved these changes

Assignees
No one assigned
Labels
Security Status: Reviewed
Projects
None yet
Milestone
6.3
Development

Successfully merging this pull request may close these issues.
4 participants
@MatTheCat @OskarStark @xabbuh @carsonbot