From 5aec5d890c831100c7f770cb1c199a1b65ca6701 Mon Sep 17 00:00:00 2001 From: Melroy van den Berg Date: Mon, 16 Sep 2024 11:53:52 +0200 Subject: [PATCH] Improve invalid CSRF token logging + add explicit dependency (#1130) --- composer.json | 3 ++- composer.lock | 2 +- src/Controller/AbstractController.php | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index 13d4ad19d..3d2b5cc25 100644 --- a/composer.json +++ b/composer.json @@ -89,11 +89,12 @@ "symfony/runtime": "7.1.*", "symfony/scheduler": "7.1.*", "symfony/security-bundle": "7.1.*", + "symfony/security-csrf": "7.1.*", "symfony/serializer": "7.1.*", "symfony/string": "7.1.*", "symfony/translation": "7.1.*", - "symfony/type-info": "7.1.*", "symfony/twig-bundle": "7.1.*", + "symfony/type-info": "7.1.*", "symfony/uid": "7.1.*", "symfony/ux-autocomplete": "^2.18.0", "symfony/ux-chartjs": "^2.18.0", diff --git a/composer.lock b/composer.lock index a676396d8..bc2ca40b8 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "7ed49456d146886c9e0644e6f2fd03ba", + "content-hash": "d0882e299980e712ba5773b8b8663c31", "packages": [ { "name": "aws/aws-crt-php", diff --git a/src/Controller/AbstractController.php b/src/Controller/AbstractController.php index c8beee2b2..c3b34d49e 100644 --- a/src/Controller/AbstractController.php +++ b/src/Controller/AbstractController.php @@ -36,7 +36,7 @@ protected function getUserOrThrow(): User protected function validateCsrf(string $id, $token): void { if (!\is_string($token) || !$this->isCsrfTokenValid($id, $token)) { - throw new BadRequestHttpException('Invalid CSRF token'); + throw new BadRequestHttpException("Invalid CSRF token, with ID: $id."); } }