From 216ad1216a0af5ac2779681d21441561878b23e6 Mon Sep 17 00:00:00 2001
From: Nicolas Raidelet <nicolas.raidelet@irstea.fr>
Date: Tue, 26 Sep 2017 14:50:23 +0200
Subject: [PATCH] CsrfProviderInterface => CsrfTokenManagerInterface

---
 Controller/UploadController.php | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/Controller/UploadController.php b/Controller/UploadController.php
index 3dabb4d8..48669bb8 100644
--- a/Controller/UploadController.php
+++ b/Controller/UploadController.php
@@ -14,7 +14,6 @@ use Irstea\FileUploadBundle\Model\UploadedFileInterface;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
-use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -24,6 +23,7 @@ use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
 use Symfony\Component\Templating\EngineInterface;
 
 /**
@@ -44,9 +44,9 @@ class UploadController extends Controller
     protected $urlGenerator;
 
     /**
-     * @var CsrfProviderInterface
+     * @var CsrfTokenManagerInterface
      */
-    protected $csrfProvider;
+    protected $csrfTokenManager;
 
     /**
      * @var TokenStorageInterface
@@ -58,16 +58,25 @@ class UploadController extends Controller
      */
     protected $templating;
 
+    /**
+     * UploadController constructor.
+     *
+     * @param FileManagerInterface      $fileManager
+     * @param UrlGeneratorInterface     $urlGenerator
+     * @param CsrfTokenManagerInterface $csrfTokenManager
+     * @param TokenStorageInterface     $tokenStorage
+     * @param EngineInterface           $templating
+     */
     public function __construct(
         FileManagerInterface $fileManager,
         UrlGeneratorInterface $urlGenerator,
-        CsrfProviderInterface $csrfProvider,
+        CsrfTokenManagerInterface $csrfTokenManager,
         TokenStorageInterface $tokenStorage,
         EngineInterface $templating
     ) {
         $this->fileManager = $fileManager;
         $this->urlGenerator = $urlGenerator;
-        $this->csrfProvider = $csrfProvider;
+        $this->csrfTokenManager = $csrfTokenManager;
         $this->tokenStorage = $tokenStorage;
         $this->templating = $templating;
     }
@@ -249,7 +258,8 @@ class UploadController extends Controller
      */
     protected function validateCsrfToken(Request $request)
     {
-        if (!$this->csrfProvider->isCsrfTokenValid(self::CSRF_INTENTION, $request->query->get('token', null))) {
+        $token = $this->csrfTokenManager->getToken($request->query->get('token', null));
+        if (!$this->csrfTokenManager->isTokenValid($token)) {
             throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token');
         }
     }
-- 
GitLab