public function let(AngularCsrfTokenManager $tokenManager, RouteMatcherInterface $routeMatcher, Request $secureRequest, Request $unsecureRequest, CsrfToken $token)
{
$token->getValue()->willReturn(self::TOKEN_VALUE);
$tokenManager->getToken()->willReturn($token);
$this->secureRequest = $secureRequest;
$this->unsecureRequest = $unsecureRequest;
$routeMatcher->match($this->secureRequest, $this->routes)->willReturn(true);
$routeMatcher->match($this->unsecureRequest, $this->routes)->willReturn(false);
$this->beConstructedWith($tokenManager, $routeMatcher, $this->routes, self::COOKIE_NAME, self::COOKIE_EXPIRE, self::COOKIE_PATH, self::COOKIE_DOMAIN, self::COOKIE_SECURE);
}
/**
* Handles CSRF token validation.
*
* @param GetResponseEvent $event
*
* @throws AccessDeniedHttpException
*/
public function onKernelRequest(GetResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType() || !$this->routeMatcher->match($event->getRequest(), $this->routes)) {
return;
}
$value = $event->getRequest()->headers->get($this->headerName);
if (!$value || !$this->angularCsrfTokenManager->isTokenValid($value)) {
throw new AccessDeniedHttpException('Bad CSRF token.');
}
}
/**
* {@inheritdoc}
*/
public function configureOptions(OptionsResolver $resolver)
{
$request = $this->requestStack->getCurrentRequest();
if (null === $request) {
return;
}
if (false === $this->routeMatcher->match($request, $this->routes)) {
return;
}
$value = $request->headers->get($this->headerName);
if ($this->angularCsrfTokenManager->isTokenValid($value)) {
$resolver->setDefaults(array('csrf_protection' => false));
}
}
public function let(AngularCsrfTokenManager $tokenManager, RouteMatcherInterface $routeMatcher, Request $secureValidRequest, Request $secureInvalidRequest, Request $unsecureRequest, HeaderBag $validHeaders, HeaderBag $invalidHeaders)
{
$tokenManager->isTokenValid(self::VALID_TOKEN)->willReturn(true);
$tokenManager->isTokenValid(self::INVALID_TOKEN)->willReturn(false);
$this->secureValidRequest = $secureValidRequest;
$validHeaders->get(self::HEADER_NAME)->willReturn(self::VALID_TOKEN);
$this->secureValidRequest->headers = $validHeaders;
$this->secureInvalidRequest = $secureInvalidRequest;
$invalidHeaders->get(self::HEADER_NAME)->willReturn(self::INVALID_TOKEN);
$this->secureInvalidRequest->headers = $invalidHeaders;
$this->unsecureRequest = $unsecureRequest;
$routeMatcher->match($this->secureValidRequest, $this->routes)->willReturn(true);
$routeMatcher->match($this->secureInvalidRequest, $this->routes)->willReturn(true);
$routeMatcher->match($this->unsecureRequest, $this->routes)->willReturn(false);
$this->beConstructedWith($tokenManager, $routeMatcher, $this->routes, self::HEADER_NAME);
}