From 8633d0f91cf7a7a70804d7d7adc752e3b48e2cab Mon Sep 17 00:00:00 2001 From: Qiang Xue Date: Sat, 19 Jul 2014 14:56:31 -0400 Subject: [PATCH] `yii\web\Request::cookieValidationKey` is now automatically generated by the installation script for the basic and advanced application templates --- apps/advanced/backend/config/main.php | 4 ++ apps/advanced/composer.json | 99 ++++++++++++++------------ apps/advanced/frontend/config/main.php | 4 ++ apps/basic/composer.json | 98 +++++++++++++------------ apps/basic/config/web.php | 4 ++ extensions/composer/Installer.php | 30 ++++++++ framework/CHANGELOG.md | 1 + 7 files changed, 146 insertions(+), 94 deletions(-) diff --git a/apps/advanced/backend/config/main.php b/apps/advanced/backend/config/main.php index a0b5fc9932..368f5e261c 100644 --- a/apps/advanced/backend/config/main.php +++ b/apps/advanced/backend/config/main.php @@ -13,6 +13,10 @@ return [ 'bootstrap' => ['log'], 'modules' => [], 'components' => [ + 'request' => [ + // a secret key used to validate cookies. You may modify this key with your own one. + 'cookieValidationKey' => '', + ], 'user' => [ 'identityClass' => 'common\models\User', 'enableAutoLogin' => true, diff --git a/apps/advanced/composer.json b/apps/advanced/composer.json index 8ec99bc6fc..eb6d7fe630 100644 --- a/apps/advanced/composer.json +++ b/apps/advanced/composer.json @@ -1,50 +1,55 @@ { - "name": "yiisoft/yii2-app-advanced", - "description": "Yii 2 Advanced Application Template", - "keywords": ["yii2", "framework", "advanced", "application template"], - "homepage": "http://www.yiiframework.com/", - "type": "project", - "license": "BSD-3-Clause", - "support": { - "issues": "https://github.com/yiisoft/yii2/issues?state=open", - "forum": "http://www.yiiframework.com/forum/", - "wiki": "http://www.yiiframework.com/wiki/", - "irc": "irc://irc.freenode.net/yii", - "source": "https://github.com/yiisoft/yii2" - }, - "minimum-stability": "dev", - "require": { - "php": ">=5.4.0", - "yiisoft/yii2": "*", - "yiisoft/yii2-bootstrap": "*", - "yiisoft/yii2-swiftmailer": "*" - }, - "require-dev": { - "yiisoft/yii2-codeception": "*", - "yiisoft/yii2-debug": "*", - "yiisoft/yii2-gii": "*" - }, - "suggest": { - "codeception/codeception": "Codeception, 2.0.* is currently works well with Yii.", - "codeception/specify": "BDD style code blocks for PHPUnit and Codeception", - "codeception/verify": "BDD Assertions for PHPUnit and Codeception", - "yiisoft/yii2-faker": "Fixtures generator for Yii2 based on Faker lib" - }, - "scripts": { - "post-create-project-cmd": [ - "yii\\composer\\Installer::setPermission" - ] - }, - "config": { - "process-timeout": 1800 - }, - "extra": { - "writable": [ - "backend/runtime", - "backend/web/assets", + "name": "yiisoft/yii2-app-advanced", + "description": "Yii 2 Advanced Application Template", + "keywords": ["yii2", "framework", "advanced", "application template"], + "homepage": "http://www.yiiframework.com/", + "type": "project", + "license": "BSD-3-Clause", + "support": { + "issues": "https://github.com/yiisoft/yii2/issues?state=open", + "forum": "http://www.yiiframework.com/forum/", + "wiki": "http://www.yiiframework.com/wiki/", + "irc": "irc://irc.freenode.net/yii", + "source": "https://github.com/yiisoft/yii2" + }, + "minimum-stability": "dev", + "require": { + "php": ">=5.4.0", + "yiisoft/yii2": "*", + "yiisoft/yii2-bootstrap": "*", + "yiisoft/yii2-swiftmailer": "*" + }, + "require-dev": { + "yiisoft/yii2-codeception": "*", + "yiisoft/yii2-debug": "*", + "yiisoft/yii2-gii": "*" + }, + "suggest": { + "codeception/codeception": "Codeception, 2.0.* is currently works well with Yii.", + "codeception/specify": "BDD style code blocks for PHPUnit and Codeception", + "codeception/verify": "BDD Assertions for PHPUnit and Codeception", + "yiisoft/yii2-faker": "Fixtures generator for Yii2 based on Faker lib" + }, + "scripts": { + "post-create-project-cmd": [ + "yii\\composer\\Installer::setPermission", + "yii\\composer\\Installer::generateCookieValidationKey" + ] + }, + "config": { + "process-timeout": 1800 + }, + "extra": { + "writable": [ + "backend/runtime", + "backend/web/assets", - "frontend/runtime", - "frontend/web/assets" - ] - } + "frontend/runtime", + "frontend/web/assets" + ], + "config": [ + "frontend/config/main.php", + "backend/config/main.php" + ] + } } diff --git a/apps/advanced/frontend/config/main.php b/apps/advanced/frontend/config/main.php index 1ed8305ec8..e57850df2a 100644 --- a/apps/advanced/frontend/config/main.php +++ b/apps/advanced/frontend/config/main.php @@ -12,6 +12,10 @@ return [ 'bootstrap' => ['log'], 'controllerNamespace' => 'frontend\controllers', 'components' => [ + 'request' => [ + // a secret key used to validate cookies. You may modify this key with your own one. + 'cookieValidationKey' => '', + ], 'user' => [ 'identityClass' => 'common\models\User', 'enableAutoLogin' => true, diff --git a/apps/basic/composer.json b/apps/basic/composer.json index d9d0b11d3c..a21128bf31 100644 --- a/apps/basic/composer.json +++ b/apps/basic/composer.json @@ -1,49 +1,53 @@ { - "name": "yiisoft/yii2-app-basic", - "description": "Yii 2 Basic Application Template", - "keywords": ["yii2", "framework", "basic", "application template"], - "homepage": "http://www.yiiframework.com/", - "type": "project", - "license": "BSD-3-Clause", - "support": { - "issues": "https://github.com/yiisoft/yii2/issues?state=open", - "forum": "http://www.yiiframework.com/forum/", - "wiki": "http://www.yiiframework.com/wiki/", - "irc": "irc://irc.freenode.net/yii", - "source": "https://github.com/yiisoft/yii2" - }, - "minimum-stability": "dev", - "require": { - "php": ">=5.4.0", - "yiisoft/yii2": "*", - "yiisoft/yii2-bootstrap": "*", - "yiisoft/yii2-swiftmailer": "*" - }, - "require-dev": { - "yiisoft/yii2-codeception": "*", - "yiisoft/yii2-debug": "*", - "yiisoft/yii2-gii": "*" - }, - "suggest": { - "codeception/codeception": "Codeception, 2.0.* is currently works well with Yii.", - "codeception/specify": "BDD style code blocks for PHPUnit and Codeception", - "codeception/verify": "BDD Assertions for PHPUnit and Codeception" - }, - "scripts": { - "post-create-project-cmd": [ - "yii\\composer\\Installer::setPermission" - ] - }, - "config": { - "process-timeout": 1800 - }, - "extra": { - "writable": [ - "runtime", - "web/assets" - ], - "executable": [ - "yii" - ] - } + "name": "yiisoft/yii2-app-basic", + "description": "Yii 2 Basic Application Template", + "keywords": ["yii2", "framework", "basic", "application template"], + "homepage": "http://www.yiiframework.com/", + "type": "project", + "license": "BSD-3-Clause", + "support": { + "issues": "https://github.com/yiisoft/yii2/issues?state=open", + "forum": "http://www.yiiframework.com/forum/", + "wiki": "http://www.yiiframework.com/wiki/", + "irc": "irc://irc.freenode.net/yii", + "source": "https://github.com/yiisoft/yii2" + }, + "minimum-stability": "dev", + "require": { + "php": ">=5.4.0", + "yiisoft/yii2": "*", + "yiisoft/yii2-bootstrap": "*", + "yiisoft/yii2-swiftmailer": "*" + }, + "require-dev": { + "yiisoft/yii2-codeception": "*", + "yiisoft/yii2-debug": "*", + "yiisoft/yii2-gii": "*" + }, + "suggest": { + "codeception/codeception": "Codeception, 2.0.* is currently works well with Yii.", + "codeception/specify": "BDD style code blocks for PHPUnit and Codeception", + "codeception/verify": "BDD Assertions for PHPUnit and Codeception" + }, + "scripts": { + "post-create-project-cmd": [ + "yii\\composer\\Installer::setPermission", + "yii\\composer\\Installer::generateCookieValidationKey" + ] + }, + "config": { + "process-timeout": 1800 + }, + "extra": { + "writable": [ + "runtime", + "web/assets" + ], + "executable": [ + "yii" + ], + "config": [ + "config/web.php" + ] + } } diff --git a/apps/basic/config/web.php b/apps/basic/config/web.php index 7939bb3225..7939437163 100644 --- a/apps/basic/config/web.php +++ b/apps/basic/config/web.php @@ -7,6 +7,10 @@ $config = [ 'basePath' => dirname(__DIR__), 'bootstrap' => ['log'], 'components' => [ + 'request' => [ + // a secret key used to validate cookies. You may modify this key with your own one. + 'cookieValidationKey' => '', + ], 'cache' => [ 'class' => 'yii\caching\FileCache', ], diff --git a/extensions/composer/Installer.php b/extensions/composer/Installer.php index 77b0a4566b..25f0a69055 100644 --- a/extensions/composer/Installer.php +++ b/extensions/composer/Installer.php @@ -22,6 +22,7 @@ class Installer extends LibraryInstaller const EXTRA_BOOTSTRAP = 'bootstrap'; const EXTRA_WRITABLE = 'writable'; const EXTRA_EXECUTABLE = 'executable'; + const EXTRA_CONFIG = 'config'; const EXTENSION_FILE = 'yiisoft/extensions.php'; @@ -258,4 +259,33 @@ EOF } } } + + /** + * Generates a cookie validation key for every app config listed in "config" in extra section. + * @param CommandEvent $event + */ + public static function generateCookieValidationKey($event) + { + $extra = $event->getComposer()->getPackage()->getExtra(); + if (empty($extra[self::EXTRA_CONFIG])) { + return; + } + $key = self::generateRandomString(); + foreach ((array) $extra[self::EXTRA_CONFIG] as $config) { + if (is_file($config)) { + $content = preg_replace('/(("|\')cookieValidationKey("|\')\s*=>\s*)(""|\'\')/i', "\\1'$key'", file_get_contents($config)); + file_put_contents($config, $content); + } + } + } + + public static function generateRandomString() + { + if (!extension_loaded('mcrypt')) { + throw new \Exception('The mcrypt PHP extension is required by Yii2.'); + } + $length = 32; + $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); + return strtr(substr(base64_encode($bytes), 0, $length), '+/=', '_-.'); + } } diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index f849d1750f..47bec67aa2 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -188,6 +188,7 @@ Yii Framework 2 Change Log - Chg: Changed the default value of the `keyPrefix` property of cache components to be null (qiangxue) - Chg: Added `prefix` column to `yii\log\DbTarget` to have the same amount of information logged as in files and emails (cebe) - Chg: Use `limit(null)` instead of `limit(-1)` in migration controller to be compatible to more backends (cebe) +- Chg: `yii\web\Request::cookieValidationKey` is now automatically generated by the installation script for the basic and advanced application templates (qiangxue) - New #3911: Added `yii\behaviors\SluggableBehavior` that fills the specified model attribute with the transliterated and adjusted version to use in URLs (creocoder) - New #4193: Added `yii\filters\Cors` CORS filter to allow Cross Origin Resource Sharing (pgaultier)