[FrameworkBundle] Enabled csrf_protection by default if form.csrf_protection is enabled

webmozart · webmozart · commit b5e5c7167f28 · 2013-11-30T11:58:54.000+01:00
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -93,14 +93,18 @@ public function load(array $configs, ContainerBuilder $container)
 
         $loader->load('security.xml');
 
-        $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
-
         if ($this->isConfigEnabled($container, $config['form'])) {
             $this->formConfigEnabled = true;
             $this->registerFormConfiguration($config, $container, $loader);
             $config['validation']['enabled'] = true;
+
+            if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
+                $config['csrf_protection']['enabled'] = true;
+            }
         }
 
+        $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
+
         if (isset($config['templating'])) {
             $this->registerTemplatingConfiguration($config['templating'], $config['ide'], $container, $loader);
         }
@@ -159,10 +163,6 @@ private function registerFormConfiguration($config, ContainerBuilder $container,
     {
         $loader->load('form.xml');
         if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
-            if (!$this->isConfigEnabled($container, $config['csrf_protection'])) {
-                throw new \LogicException('CSRF protection needs to be enabled in order to use CSRF protection for forms.');
-            }
-
             $loader->load('form_csrf.xml');
 
             $container->setParameter('form.type_extension.csrf.enabled', true);
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -41,13 +41,11 @@ public function testCsrfProtectionNeedsSessionToBeEnabled()
         $this->createContainerFromFile('csrf_needs_session');
     }
 
-    /**
-     * @expectedException \LogicException
-     * @expectedExceptionMessage CSRF protection needs to be enabled in order to use CSRF protection for forms.
-     */
-    public function testCsrfProtectionForFormsNeedCsrfProtectionToBeEnabled()
+    public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()
     {
-        $this->createContainerFromFile('csrf');
+        $container = $this->createContainerFromFile('csrf');
+
+        $this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
     }
 
     public function testSecureRandomIsAvailableIfCsrfIsDisabled()

Original file line number	Diff line number	Diff line change
`@@ -41,13 +41,11 @@ public function testCsrfProtectionNeedsSessionToBeEnabled()`
`41`	`41`	`$this->createContainerFromFile('csrf_needs_session');`
`42`	`42`	`}`
`43`	`43`
`44`		`- /**`
`45`		`- * @expectedException \LogicException`
`46`		`- * @expectedExceptionMessage CSRF protection needs to be enabled in order to use CSRF protection for forms.`
`47`		`- */`
`48`		`- public function testCsrfProtectionForFormsNeedCsrfProtectionToBeEnabled()`
	`44`	`+ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()`
`49`	`45`	`{`
`50`		`- $this->createContainerFromFile('csrf');`
	`46`	`+ $container = $this->createContainerFromFile('csrf');`
	`47`	`+`
	`48`	`+ $this->assertTrue($container->hasDefinition('security.csrf.token_manager'));`
`51`	`49`	`}`
`52`	`50`
`53`	`51`	`public function testSecureRandomIsAvailableIfCsrfIsDisabled()`