Add support for dynamic CSRF id in IsCsrfTokenValid

yguedidi · nicolas-grekas · commit 10da723660ca · 2024-04-05T11:33:47.000+02:00
diff --git a/DependencyInjection/Compiler/RegisterCsrfFeaturesPass.php b/DependencyInjection/Compiler/RegisterCsrfFeaturesPass.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\Security\Csrf\TokenStorage\ClearableTokenStorageInterface;
 use Symfony\Component\Security\Http\EventListener\CsrfProtectionListener;
@@ -35,6 +36,10 @@ public function process(ContainerBuilder $container): void
 
     private function registerCsrfProtectionListener(ContainerBuilder $container): void
     {
+        if (!$container->hasDefinition('cache.system')) {
+            $container->removeDefinition('cache.security_is_csrf_token_valid_attribute_expression_language');
+        }
+
         if (!$container->has('security.authenticator.manager') || !$container->has('security.csrf.token_manager')) {
             return;
         }
@@ -45,6 +50,7 @@ private function registerCsrfProtectionListener(ContainerBuilder $container): vo
 
         $container->register('controller.is_csrf_token_valid_attribute_listener', IsCsrfTokenValidAttributeListener::class)
             ->addArgument(new Reference('security.csrf.token_manager'))
+            ->addArgument(new Reference('security.is_csrf_token_valid_attribute_expression_language', ContainerInterface::NULL_ON_INVALID_REFERENCE))
             ->addTag('kernel.event_subscriber');
     }
 
diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php
@@ -123,6 +123,7 @@ public function load(array $configs, ContainerBuilder $container): void
             $container->removeDefinition('security.expression_language');
             $container->removeDefinition('security.access.expression_voter');
             $container->removeDefinition('security.is_granted_attribute_expression_language');
+            $container->removeDefinition('security.is_csrf_token_valid_attribute_expression_language');
         }
 
         if (!class_exists(PasswordHasherExtension::class)) {
diff --git a/Resources/config/security.php b/Resources/config/security.php
@@ -303,5 +303,12 @@
         ->set('cache.security_is_granted_attribute_expression_language')
             ->parent('cache.system')
             ->tag('cache.pool')
+
+        ->set('security.is_csrf_token_valid_attribute_expression_language', BaseExpressionLanguage::class)
+            ->args([service('cache.security_is_csrf_token_valid_attribute_expression_language')->nullOnInvalid()])
+
+        ->set('cache.security_is_csrf_token_valid_attribute_expression_language')
+            ->parent('cache.system')
+            ->tag('cache.pool')
     ;
 };

Original file line number	Diff line number	Diff line change
`@@ -123,6 +123,7 @@ public function load(array $configs, ContainerBuilder $container): void`
`123`	`123`	`$container->removeDefinition('security.expression_language');`
`124`	`124`	`$container->removeDefinition('security.access.expression_voter');`
`125`	`125`	`$container->removeDefinition('security.is_granted_attribute_expression_language');`
	`126`	`+ $container->removeDefinition('security.is_csrf_token_valid_attribute_expression_language');`
`126`	`127`	`}`
`127`	`128`
`128`	`129`	`if (!class_exists(PasswordHasherExtension::class)) {`