Skip to content

[Security] Rename logout’s csrf_token_generator to csrf_token_manager#17482

Merged
OskarStark merged 1 commit intosymfony:6.3from
MatTheCat:logout-csrf-token-generator
Jan 30, 2023
Merged

[Security] Rename logout’s csrf_token_generator to csrf_token_manager#17482
OskarStark merged 1 commit intosymfony:6.3from
MatTheCat:logout-csrf-token-generator

Conversation

@MatTheCat
Copy link
Copy Markdown
Contributor

@MatTheCat MatTheCat commented Nov 29, 2022
edited
Loading

Follow-up of symfony/symfony#48387

Should I still mention the deprecated csrf_token_generator in the documentation? If yes, how?

@carsonbot carsonbot added this to the 6.2 milestone Nov 29, 2022
@MatTheCat MatTheCat mentioned this pull request Nov 29, 2022
Merged
@MatTheCat MatTheCat changed the base branch from 6.2 to 6.3 November 29, 2022 16:08
fabpot added a commit to symfony/symfony that referenced this pull request Dec 22, 2022
@fabpot
feature #48387 [SecurityBundle] Rename `firewalls.logout.csrf_token_g…
9df40aa 
…enerator` to `firewalls.logout.csrf_token_manager` (MatTheCat)

This PR was merged into the 6.3 branch.

Discussion
----------

[SecurityBundle] Rename `firewalls.logout.csrf_token_generator` to `firewalls.logout.csrf_token_manager`

| Q             | A
| ------------- | ---
| Branch?       | 6.3
| Bug fix?      | no
| New feature?  | no
| Deprecations? | yes
| Tickets       | N/A
| License       | MIT
| Doc PR        | symfony/symfony-docs#17482

A long time ago, #6554 replaced `CsrfProviderInterface` by `CsrfTokenGeneratorInterface`, and #9216 split the latter into `CsrfTokenManagerInterface` and `TokenGeneratorInterface`. #9587 later introduced `csrf_token_generator`, which was already wrong at the time.

Given that token generators exist, it feels weird to have to set <code>csrf_token_**generator**</code> to <code>security.csrf.token_**manager**</code> as mentioned in [the documentation](https://symfony.com/doc/current/reference/configuration/security.html#csrf-token-generator).

As this confusion recently led to #48339, I propose to rename `firewalls.logout.csrf_token_generator` to `firewalls.logout.csrf_token_manager`.

Commits
-------

0a0a98a [SecurityBundle] Rename `firewalls.logout.csrf_token_generator` to `firewalls.logout.csrf_token_manager`
@MatTheCat MatTheCat force-pushed the logout-csrf-token-generator branch from 3a0c762 to 35e3567 Compare January 27, 2023 09:19
@xabbuh xabbuh modified the milestones: 6.2, 6.3 Jan 29, 2023
OskarStark
OskarStark reviewed Jan 30, 2023
View reviewed changes
@MatTheCat MatTheCat force-pushed the logout-csrf-token-generator branch from 35e3567 to 5a92ffd Compare January 30, 2023 08:05
@OskarStark OskarStark force-pushed the logout-csrf-token-generator branch from 5a92ffd to ced6562 Compare January 30, 2023 08:45
@OskarStark
Copy link
Copy Markdown
Contributor

OskarStark commented Jan 30, 2023

Thank you Mathieu.

@OskarStark OskarStark merged commit 86ec98c into symfony:6.3 Jan 30, 2023
@MatTheCat MatTheCat deleted the logout-csrf-token-generator branch January 30, 2023 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OskarStark OskarStark OskarStark left review comments

@xabbuh xabbuh xabbuh approved these changes

Assignees

No one assigned

Labels

Security Status: Reviewed

Projects

None yet

Milestone

6.3

Development

Successfully merging this pull request may close these issues.

4 participants

@MatTheCat @OskarStark @xabbuh @carsonbot