bug symfony#16521 [3.0] Revert removal of framework.csrf_protection section (WouterJ)

This PR was merged into the 3.0-dev branch.

Discussion
----------

[3.0] Revert removal of framework.csrf_protection section

| Q             | A
| ------------- | ---
| Bug fix?      | [yes|no]
| New feature?  | [yes|no]
| BC breaks?    | [yes|no]
| Deprecations? | [yes|no]
| Tests pass?   | yes
| Fixed tickets | symfony#16508
| License       | MIT
| Doc PR        | -

This section was incorrectly removed from Symfony 3, only the `field_name` setting was removed. Disabling/enabling CSRF seperately from the froms is not deprecated and should not be removed.

/cc @symfony/deciders please merge quickly, it's holding up bundles with functional tests wanting to support to Symfony 3

Commits
-------

6f2782b Revert removal of framework.csrf_protection section

Author: fabpot

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

@@ -85,6 +85,7 @@ public function getConfigTreeBuilder()
             ->end()
         ;
 
+        $this->addCsrfSection($rootNode);
         $this->addFormSection($rootNode);
         $this->addEsiSection($rootNode);
         $this->addSsiSection($rootNode);
@@ -105,6 +106,17 @@ public function getConfigTreeBuilder()
         return $treeBuilder;
     }
 
+    private function addCsrfSection(ArrayNodeDefinition $rootNode)
+    {
+        $rootNode
+            ->children()
+                ->arrayNode('csrf_protection')
+                    ->canBeEnabled()
+                ->end()
+            ->end()
+        ;
+    }
+
     private function addFormSection(ArrayNodeDefinition $rootNode)
     {
         $rootNode
@@ -114,8 +126,12 @@ private function addFormSection(ArrayNodeDefinition $rootNode)
                     ->canBeEnabled()
                     ->children()
                         ->arrayNode('csrf_protection')
-                            ->canBeEnabled()
+                            ->treatFalseLike(array('enabled' => false))
+                            ->treatTrueLike(array('enabled' => true))
+                            ->treatNullLike(array('enabled' => true))
+                            ->addDefaultsIfNotSet()
                             ->children()
+                                ->booleanNode('enabled')->defaultNull()->end() // defaults to framework.csrf_protection.enabled
                                 ->scalarNode('field_name')->defaultValue('_token')->end()
                             ->end()
                         ->end()

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

@@ -97,7 +97,7 @@ public function load(array $configs, ContainerBuilder $container)
             }
         }
 
-        $this->registerSecurityCsrfConfiguration($config['form']['csrf_protection'], $container, $loader);
+        $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
 
         if (isset($config['assets'])) {
             $this->registerAssetsConfiguration($config['assets'], $container, $loader);
@@ -198,6 +198,9 @@ public function getConfiguration(array $config, ContainerBuilder $container)
     private function registerFormConfiguration($config, ContainerBuilder $container, XmlFileLoader $loader)
     {
         $loader->load('form.xml');
+        if (null === $config['form']['csrf_protection']['enabled']) {
+            $config['form']['csrf_protection']['enabled'] = $config['csrf_protection']['enabled'];
+        }
 
         if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
             $loader->load('form_csrf.xml');

src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd

@@ -11,6 +11,7 @@
         <xsd:all>
             <xsd:element name="assets" type="assets" minOccurs="0" maxOccurs="1" />
             <xsd:element name="form" type="form" minOccurs="0" maxOccurs="1" />
+            <xsd:element name="csrf-protection" type="csrf_protection" minOccurs="0" maxOccurs="1" />
             <xsd:element name="esi" type="esi" minOccurs="0" maxOccurs="1" />
             <xsd:element name="fragments" type="fragments" minOccurs="0" maxOccurs="1" />
             <xsd:element name="profiler" type="profiler" minOccurs="0" maxOccurs="1" />
@@ -46,6 +47,10 @@
         <xsd:attribute name="field-name" type="xsd:string" />
     </xsd:complexType>
 
+    <xsd:complexType name="csrf_protection">
+        <xsd:attribute name="enabled" type="xsd:boolean" />
+    </xsd:complexType>
+
     <xsd:complexType name="esi">
         <xsd:attribute name="enabled" type="xsd:boolean" />
     </xsd:complexType>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php

@@ -123,10 +123,13 @@ protected static function getBundleDefaultConfig()
             'trusted_proxies' => array(),
             'ide' => null,
             'default_locale' => 'en',
+            'csrf_protection' => array(
+                'enabled' => false,
+            ),
             'form' => array(
                 'enabled' => false,
                 'csrf_protection' => array(
-                    'enabled' => false,
+                    'enabled' => null, // defaults to csrf_protection.enabled
                     'field_name' => '_token',
                 ),
             ),

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/csrf.php

@@ -1,10 +1,8 @@
 <?php
 
 $container->loadFromExtension('framework', array(
-    'form' => array(
-        'enabled' => true,
-        'csrf_protection' => true,
-    ),
+    'csrf_protection' => true,
+    'form' => true,
     'session' => array(
         'handler_id' => null,
     ),

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/csrf_disabled.php

@@ -1,9 +1,7 @@
 <?php
 
 $container->loadFromExtension('framework', array(
-    'form' => array(
-        'csrf_protection' => array(
-            'enabled' => true,
-        ),
+    'csrf_protection' => array(
+        'enabled' => true,
     ),
 ));

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/csrf_needs_session.php

@@ -2,7 +2,8 @@
 
 $container->loadFromExtension('framework', array(
     'form' => array(
-        'enabled' => true,
-        'csrf_protection' => false,
+        'csrf_protection' => array(
+            'enabled' => false,
+        ),
     ),
 ));

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_sets_field_name.php

@@ -3,9 +3,9 @@
 $container->loadFromExtension('framework', array(
     'secret' => 's3cr3t',
     'default_locale' => 'fr',
+    'csrf_protection' => true,
     'form' => array(
         'csrf_protection' => array(
-            'enabled' => true,
             'field_name' => '_csrf',
         ),
     ),

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_csrf_under_form_sets_field_name.php

@@ -7,10 +7,8 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form>
-            <framework:csrf-protection />
-        </framework:form>
-
+        <framework:csrf-protection />
+        <framework:form />
         <framework:session />
     </framework:config>
 </container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/form_no_csrf.php

@@ -7,8 +7,6 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form>
-            <framework:csrf-protection enabled="false" />
-        </framework:form>
+        <framework:csrf-protection enabled="false" />
     </framework:config>
 </container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php

@@ -7,8 +7,6 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form>
-            <framework:csrf-protection />
-        </framework:form>
+        <framework:csrf-protection />
     </framework:config>
 </container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/csrf.xml

@@ -7,9 +7,8 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form>
-            <framework:csrf-protection field-name="_custom" />
-        </framework:form>
+        <framework:csrf-protection field-name="_custom" />
         <framework:session />
+        <framework:form />
     </framework:config>
 </container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/csrf_disabled.xml

@@ -7,9 +7,8 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form>
-            <framework:csrf-protection field-name="_custom_form" />
-        </framework:form>
+        <framework:csrf-protection field-name="_custom_form" />
+        <framework:form />
         <framework:session />
     </framework:config>
 </container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/csrf_needs_session.xml

@@ -7,8 +7,9 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
+        <framework:csrf-protection />
         <framework:form>
-            <framework:csrf-protection enabled="true" field-name="_csrf"/>
+            <framework:csrf-protection field-name="_csrf"/>
         </framework:form>
         <framework:esi enabled="true" />
         <framework:profiler only-exceptions="true" enabled="false" />

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_sets_field_name.xml

@@ -1,5 +1,5 @@
 framework:
     secret: s3cr3t
-    form:
-        csrf_protection: true
+    csrf_protection: ~
+    form: ~
     session: ~

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_under_form_sets_field_name.xml

@@ -1,3 +1,2 @@
 framework:
-    form:
-        csrf_protection: ~
+    csrf_protection: ~

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml

@@ -1,6 +1,7 @@
 framework:
     secret: s3cr3t
     default_locale: fr
+    csrf_protection: true
     form:
         csrf_protection:
             field_name: _csrf

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml

@@ -24,7 +24,7 @@ abstract class FrameworkExtensionTest extends TestCase
 {
     abstract protected function loadFromFile(ContainerBuilder $container, $file);
 
-    public function testCsrfProtection()
+    public function testFormCsrfProtection()
     {
         $container = $this->createContainerFromFile('full');
 

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf_disabled.yml

@@ -2,9 +2,8 @@ framework:
     secret:        test
     router:        { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
     validation:    { enabled: true, enable_annotations: true }
-    form:
-        csrf_protection:
-            enabled: true
+    csrf_protection: true
+    form: true
     test: ~
     default_locale: en
     session:

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf_needs_session.yml

@@ -1,10 +1,9 @@
 framework:
-    secret:        test
-    router:        { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
-    validation:    { enabled: true, enable_annotations: true }
-    form:
-        csrf_protection:
-            enabled: true
+    secret: test
+    router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
+    validation: { enabled: true, enable_annotations: true }
+    csrf_protection: true
+    form: true
     test: ~
     default_locale: en
     session:

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/form_csrf_under_form_sets_field_name.yml

@@ -1,15 +1,14 @@
 framework:
-    secret:        test
-    router:        { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
-    validation:    { enabled: true, enable_annotations: true }
+    secret: test
+    router: { resource: "%kernel.root_dir%/%kernel.test_case%/routing.yml" }
+    validation: { enabled: true, enable_annotations: true }
     assets: ~
-    form:
-        csrf_protection:
-            enabled: true
+    csrf_protection: true
+    form: true
     test: ~
     default_locale: en
     session:
-        storage_id:     session.storage.mock_file
+        storage_id: session.storage.mock_file
     profiler: { only_exceptions: false }
 
 services: