When a CSRF occures on a Form submit add a cause on the FormError object
This commit is contained in:
parent
d1fd4325ea
commit
e54e94c7fe
@ -7,6 +7,7 @@ CHANGELOG
|
||||
* deprecated the `$scale` argument of the `IntegerToLocalizedStringTransformer`
|
||||
* added `Symfony\Component\Form\ClearableErrorsInterface`
|
||||
* deprecated calling `FormRenderer::searchAndRenderBlock` for fields which were already rendered
|
||||
* added a cause when a CSRF error has occurred
|
||||
* deprecated the `scale` option of the `IntegerType`
|
||||
|
||||
4.1.0
|
||||
|
@ -59,14 +59,15 @@ class CsrfValidationListener implements EventSubscriberInterface
|
||||
if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
|
||||
$data = $event->getData();
|
||||
|
||||
if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
|
||||
$csrfToken = new CsrfToken($this->tokenId, $data[$this->fieldName] ?? null);
|
||||
if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid($csrfToken)) {
|
||||
$errorMessage = $this->errorMessage;
|
||||
|
||||
if (null !== $this->translator) {
|
||||
$errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain);
|
||||
}
|
||||
|
||||
$form->addError(new FormError($errorMessage));
|
||||
$form->addError(new FormError($errorMessage, $errorMessage, array(), null, $csrfToken));
|
||||
}
|
||||
|
||||
if (\is_array($data)) {
|
||||
|
@ -365,9 +365,10 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
||||
|
||||
public function testsTranslateCustomErrorMessage()
|
||||
{
|
||||
$csrfToken = new CsrfToken('TOKEN_ID', 'token');
|
||||
$this->tokenManager->expects($this->once())
|
||||
->method('isTokenValid')
|
||||
->with(new CsrfToken('TOKEN_ID', 'token'))
|
||||
->with($csrfToken)
|
||||
->will($this->returnValue(false));
|
||||
|
||||
$this->translator->expects($this->once())
|
||||
@ -390,7 +391,7 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
||||
));
|
||||
|
||||
$errors = $form->getErrors();
|
||||
$expected = new FormError('[trans]Foobar[/trans]');
|
||||
$expected = new FormError('[trans]Foobar[/trans]', null, array(), null, $csrfToken);
|
||||
$expected->setOrigin($form);
|
||||
|
||||
$this->assertGreaterThan(0, \count($errors));
|
||||
|
Reference in New Issue
Block a user