From b07c618bf4aec0f3905d120580f09a8b1f85a9a0 Mon Sep 17 00:00:00 2001 From: Bernhard Schussek Date: Thu, 17 Oct 2013 17:52:50 +0200 Subject: [PATCH] [Form] Changed FormTypeCsrfExtension to use the form's name as default intention --- .../Csrf/Type/FormTypeCsrfExtension.php | 10 ++-- .../Csrf/Type/FormTypeCsrfExtensionTest.php | 49 +++++++++++++++++++ 2 files changed, 56 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php index ea13056c86..6ccc5be5e4 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php +++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php @@ -49,7 +49,11 @@ class FormTypeCsrfExtension extends AbstractTypeExtension $builder ->setAttribute('csrf_factory', $builder->getFormFactory()) - ->addEventSubscriber(new CsrfValidationListener($options['csrf_field_name'], $options['csrf_provider'], $options['intention'])) + ->addEventSubscriber(new CsrfValidationListener( + $options['csrf_field_name'], + $options['csrf_provider'], + $options['intention'] ?: $builder->getName() + )) ; } @@ -64,7 +68,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension { if ($options['csrf_protection'] && !$view->parent && $options['compound']) { $factory = $form->getConfig()->getAttribute('csrf_factory'); - $data = $options['csrf_provider']->generateCsrfToken($options['intention']); + $data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName()); $csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array( 'mapped' => false, @@ -83,7 +87,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension 'csrf_protection' => $this->defaultEnabled, 'csrf_field_name' => $this->defaultFieldName, 'csrf_provider' => $this->defaultCsrfProvider, - 'intention' => 'unknown', + 'intention' => null, )); } diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php index 47dd529270..3ee91e01e9 100644 --- a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php +++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php @@ -129,6 +129,24 @@ class FormTypeCsrfExtensionTest extends TypeTestCase $this->assertEquals('token', $view['csrf']->vars['value']); } + public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault() + { + $this->csrfProvider->expects($this->once()) + ->method('generateCsrfToken') + ->with('FORM_NAME') + ->will($this->returnValue('token')); + + $view = $this->factory + ->createNamed('FORM_NAME', 'form', null, array( + 'csrf_field_name' => 'csrf', + 'csrf_provider' => $this->csrfProvider, + 'compound' => true, + )) + ->createView(); + + $this->assertEquals('token', $view['csrf']->vars['value']); + } + public function provideBoolean() { return array( @@ -169,6 +187,37 @@ class FormTypeCsrfExtensionTest extends TypeTestCase $this->assertSame($valid, $form->isValid()); } + /** + * @dataProvider provideBoolean + */ + public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid) + { + $this->csrfProvider->expects($this->once()) + ->method('isCsrfTokenValid') + ->with('FORM_NAME', 'token') + ->will($this->returnValue($valid)); + + $form = $this->factory + ->createNamedBuilder('FORM_NAME', 'form', null, array( + 'csrf_field_name' => 'csrf', + 'csrf_provider' => $this->csrfProvider, + 'compound' => true, + )) + ->add('child', 'text') + ->getForm(); + + $form->bind(array( + 'child' => 'foobar', + 'csrf' => 'token', + )); + + // Remove token from data + $this->assertSame(array('child' => 'foobar'), $form->getData()); + + // Validate accordingly + $this->assertSame($valid, $form->isValid()); + } + public function testFailIfRootAndCompoundAndTokenMissing() { $this->csrfProvider->expects($this->never())