bug #9328 [2.3][Form] Changed FormTypeCsrfExtension to use the form's name as default intention (bschussek)
This PR was merged into the 2.3 branch. Discussion ---------- [2.3][Form] Changed FormTypeCsrfExtension to use the form's name as default intention Equivalent of #9327, merged into 2.3. Commits -------c4abe83
Merge branch 'fix-csrf-default-2.2' into fix-csrf-default-2.3b07c618
[Form] Changed FormTypeCsrfExtension to use the form's name as default intention
This commit is contained in:
commit
408769ead1
@ -76,7 +76,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
->addEventSubscriber(new CsrfValidationListener(
|
||||
$options['csrf_field_name'],
|
||||
$options['csrf_provider'],
|
||||
$options['intention'],
|
||||
$options['intention'] ?: $builder->getName(),
|
||||
$options['csrf_message'],
|
||||
$this->translator,
|
||||
$this->translationDomain
|
||||
@ -95,7 +95,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
{
|
||||
if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
|
||||
$factory = $form->getConfig()->getAttribute('csrf_factory');
|
||||
$data = $options['csrf_provider']->generateCsrfToken($options['intention']);
|
||||
$data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName());
|
||||
|
||||
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
|
||||
'mapped' => false,
|
||||
@ -115,7 +115,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
'csrf_field_name' => $this->defaultFieldName,
|
||||
'csrf_provider' => $this->defaultCsrfProvider,
|
||||
'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
|
||||
'intention' => 'unknown',
|
||||
'intention' => null,
|
||||
));
|
||||
}
|
||||
|
||||
|
@ -140,6 +140,24 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
||||
$this->assertEquals('token', $view['csrf']->vars['value']);
|
||||
}
|
||||
|
||||
public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
|
||||
{
|
||||
$this->csrfProvider->expects($this->once())
|
||||
->method('generateCsrfToken')
|
||||
->with('FORM_NAME')
|
||||
->will($this->returnValue('token'));
|
||||
|
||||
$view = $this->factory
|
||||
->createNamed('FORM_NAME', 'form', null, array(
|
||||
'csrf_field_name' => 'csrf',
|
||||
'csrf_provider' => $this->csrfProvider,
|
||||
'compound' => true,
|
||||
))
|
||||
->createView();
|
||||
|
||||
$this->assertEquals('token', $view['csrf']->vars['value']);
|
||||
}
|
||||
|
||||
public function provideBoolean()
|
||||
{
|
||||
return array(
|
||||
@ -180,6 +198,37 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
||||
$this->assertSame($valid, $form->isValid());
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideBoolean
|
||||
*/
|
||||
public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
|
||||
{
|
||||
$this->csrfProvider->expects($this->once())
|
||||
->method('isCsrfTokenValid')
|
||||
->with('FORM_NAME', 'token')
|
||||
->will($this->returnValue($valid));
|
||||
|
||||
$form = $this->factory
|
||||
->createNamedBuilder('FORM_NAME', 'form', null, array(
|
||||
'csrf_field_name' => 'csrf',
|
||||
'csrf_provider' => $this->csrfProvider,
|
||||
'compound' => true,
|
||||
))
|
||||
->add('child', 'text')
|
||||
->getForm();
|
||||
|
||||
$form->submit(array(
|
||||
'child' => 'foobar',
|
||||
'csrf' => 'token',
|
||||
));
|
||||
|
||||
// Remove token from data
|
||||
$this->assertSame(array('child' => 'foobar'), $form->getData());
|
||||
|
||||
// Validate accordingly
|
||||
$this->assertSame($valid, $form->isValid());
|
||||
}
|
||||
|
||||
public function testFailIfRootAndCompoundAndTokenMissing()
|
||||
{
|
||||
$this->csrfProvider->expects($this->never())
|
||||
|
Reference in New Issue
Block a user