missing dependency, non-existent service "security.csrf.token_manager".

FriendsOfSymfony / FOSUserBundle

Provides user management for your Symfony project. Compatible with Doctrine ORM & ODM, and custom storages.

https://symfony.com/doc/master/bundles/FOSUserBundle/index.html

MIT License

3.24k stars 1.57k forks source link

missing dependency, non-existent service "security.csrf.token_manager". #2705

Closed ahenry2 closed 6 years ago

ahenry2 commented 6 years ago

I've installed

composer info | egrep -i "fos|symfony/framework-bundle"
    symfony/framework-bundle            v4.0.3             Symfony FrameworkBundle
    friendsofsymfony/user-bundle        dev-master 587c9bb Symfony FOSUserBundle

I'm working on getting Symfony4 + FOSUserBundle setup.

Following the FOSUser docs, (https://symfony.com/doc/master/bundles/FOSUserBundle/index.html) on exec of:

    bin/console doctrine:schema:update --force

returns:

The service "security.authentication.listener.form.main" has a dependency on a non-existent service "security.csrf.token_manager".

I've searched online docs for that security.csrf.token_manager but am finding nothing about it. The only thing I'm coming up with is on stackoverflow to "Replace csrf_provider with csrf_token_generator", which is already done.

Tomsgu commented 6 years ago

Do you have this in your framework.yaml file?

framework:
    csrf_protection: ~

ahenry2 commented 6 years ago

Nope. There was no mention of it on

    https://symfony.com/doc/master/bundles/FOSUserBundle/index.html

So guessing that I should change

    ./config/packages/framework.yaml
        framework:
            secret: '%env(APP_SECRET)%'
            #default_locale: en
-           #csrf_protection: ~
+           csrf_protection: ~
            #http_method_override: true
            #trusted_hosts: ~
        ...

now

    bin/console doctrine:schema:update --force

returns NO ERROR.

Is that all that needs changing? If yes, then maybe a reminder on the doc page?

Tomsgu commented 6 years ago

The documentation is still for the stable 2.0.x version which is not symfony 4 compatible. But in the new one there is probably no need to add it, because the flex recipe should do it automatically.

ahenry2 commented 6 years ago

There's a flex recipe already?

Checking at

[RFC] Compatibility with Symfony Flex #2562 https://github.com/FriendsOfSymfony/FOSUserBundle/issues/2562

looks still open/unfinished, and there's no mention there of any needed change to

/config/packages/framework.yaml

Or are you just saying that it NEEDS to be added?

Tomsgu commented 6 years ago

Well to be clear. The csrf_protection enabling will be fixed in https://github.com/symfony/symfony/pull/25508 so we should not worry about it here.

And to have info about a recipe you can see https://github.com/FriendsOfSymfony/FOSUserBundle/issues/2704 .

ahenry2 commented 6 years ago

Ok, sounds like all I need for now is the manual change. The rest looks like it's all in the queue.

Thanks for the links.