yii\web\Request::cookieValidationKey is now automatically generated by the installation script for the basic and advanced application templates

2025-11-03 13:58:55 +08:00 · 2014-07-19 14:56:31 -04:00
parent 73f1daad07
commit 8633d0f91c
7 changed files with 146 additions and 94 deletions
--- a/apps/advanced/backend/config/main.php
+++ b/apps/advanced/backend/config/main.php
@ -13,6 +13,10 @@ return [
    'bootstrap' => ['log'],
    'modules' => [],
    'components' => [
+        'request' => [
+            // a secret key used to validate cookies. You may modify this key with your own one.
+            'cookieValidationKey' => '',
+        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
--- a/apps/advanced/composer.json
+++ b/apps/advanced/composer.json
@ -32,7 +32,8 @@
    },
    "scripts": {
        "post-create-project-cmd": [
-			"yii\\composer\\Installer::setPermission"
+            "yii\\composer\\Installer::setPermission",
+            "yii\\composer\\Installer::generateCookieValidationKey"
        ]
    },
    "config": {
@ -45,6 +46,10 @@

            "frontend/runtime",
            "frontend/web/assets"
+        ],
+        "config": [
+            "frontend/config/main.php",
+            "backend/config/main.php"
        ]
    }
 }
--- a/apps/advanced/frontend/config/main.php
+++ b/apps/advanced/frontend/config/main.php
@ -12,6 +12,10 @@ return [
    'bootstrap' => ['log'],
    'controllerNamespace' => 'frontend\controllers',
    'components' => [
+        'request' => [
+            // a secret key used to validate cookies. You may modify this key with your own one.
+            'cookieValidationKey' => '',
+        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
--- a/apps/basic/composer.json
+++ b/apps/basic/composer.json
@ -31,7 +31,8 @@
    },
    "scripts": {
        "post-create-project-cmd": [
-			"yii\\composer\\Installer::setPermission"
+            "yii\\composer\\Installer::setPermission",
+            "yii\\composer\\Installer::generateCookieValidationKey"
        ]
    },
    "config": {
@ -44,6 +45,9 @@
        ],
        "executable": [
            "yii"
+        ],
+        "config": [
+            "config/web.php"
        ]
    }
 }
--- a/apps/basic/config/web.php
+++ b/apps/basic/config/web.php
@ -7,6 +7,10 @@ $config = [
    'basePath' => dirname(__DIR__),
    'bootstrap' => ['log'],
    'components' => [
+        'request' => [
+            // a secret key used to validate cookies. You may modify this key with your own one.
+            'cookieValidationKey' => '',
+        ],
        'cache' => [
            'class' => 'yii\caching\FileCache',
        ],
--- a/extensions/composer/Installer.php
+++ b/extensions/composer/Installer.php
@ -22,6 +22,7 @@ class Installer extends LibraryInstaller
    const EXTRA_BOOTSTRAP = 'bootstrap';
    const EXTRA_WRITABLE = 'writable';
    const EXTRA_EXECUTABLE = 'executable';
+    const EXTRA_CONFIG = 'config';

    const EXTENSION_FILE = 'yiisoft/extensions.php';

@ -258,4 +259,33 @@ EOF
            }
        }
    }
+
+    /**
+     * Generates a cookie validation key for every app config listed in "config" in extra section.
+     * @param CommandEvent $event
+     */
+    public static function generateCookieValidationKey($event)
+    {
+        $extra = $event->getComposer()->getPackage()->getExtra();
+        if (empty($extra[self::EXTRA_CONFIG])) {
+            return;
+        }
+        $key = self::generateRandomString();
+        foreach ((array) $extra[self::EXTRA_CONFIG] as $config) {
+            if (is_file($config)) {
+                $content = preg_replace('/(("|\')cookieValidationKey("|\')\s*=>\s*)(""|\'\')/i', "\\1'$key'", file_get_contents($config));
+                file_put_contents($config, $content);
+            }
+        }
+    }
+
+    public static function generateRandomString()
+    {
+        if (!extension_loaded('mcrypt')) {
+            throw new \Exception('The mcrypt PHP extension is required by Yii2.');
+        }
+        $length = 32;
+        $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+        return strtr(substr(base64_encode($bytes), 0, $length), '+/=', '_-.');
+    }
 }
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@ -188,6 +188,7 @@ Yii Framework 2 Change Log
 - Chg: Changed the default value of the `keyPrefix` property of cache components to be null (qiangxue)
 - Chg: Added `prefix` column to `yii\log\DbTarget` to have the same amount of information logged as in files and emails (cebe)
 - Chg: Use `limit(null)` instead of `limit(-1)` in migration controller to be compatible to more backends (cebe)
+- Chg: `yii\web\Request::cookieValidationKey` is now automatically generated by the installation script for the basic and advanced application templates (qiangxue)
 - New #3911: Added `yii\behaviors\SluggableBehavior` that fills the specified model attribute with the transliterated and adjusted version to use in URLs (creocoder)
 - New #4193: Added `yii\filters\Cors` CORS filter to allow Cross Origin Resource Sharing (pgaultier)