public function testUseExistingTokenIfAvailable()
{
$this->storage->expects($this->once())->method('hasToken')->with('token_id')->will($this->returnValue(true));
$this->storage->expects($this->once())->method('getToken')->with('token_id')->will($this->returnValue('TOKEN'));
$token = $this->manager->getToken('token_id');
$this->assertInstanceOf('Symfony\\Component\\Security\\Csrf\\CsrfToken', $token);
$this->assertSame('token_id', $token->getId());
$this->assertSame('TOKEN', $token->getValue());
}
public function generateToken($entity)
{
$className = get_class($entity);
if (method_exists($entity, 'getId')) {
$entityName = $entity->getId();
} elseif (method_exists($entity, '__toString')) {
$entityName = $entity->__toString();
} else {
throw new ObjectDoesNotContainMethods(['getId()', '__toString()']);
}
return $this->tokenManager->getToken($className . ':' . $entityName)->getValue();
}
/**
* Returns the csrf token for REST. The token is generated if it doesn't exist.
*
* @return string The csrf token, or an empty string if csrf check is disabled.
*/
private function getCsrfToken()
{
if ($this->csrfTokenManager === null) {
return '';
}
return $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
}
function it_should_get_the_csrf_token_value(CsrfTokenManager $tokenManager, CsrfToken $token)
{
$tokenManager->getToken('_csrf_login')->willReturn($token);
$this->beConstructedWith($tokenManager);
$this->getToken('_csrf_login');
$token->getValue()->shouldHaveBeenCalled();
}
public function runTest()
{
$tokenStorage = new ArrayTokenStorage();
$crsfTokenManager = new CsrfTokenManager(null, $tokenStorage);
$token = $crsfTokenManager->getToken("montest");
if ($crsfTokenManager->isTokenValid($token)) {
echo "[VALIDATION] OK" . PHP_EOL;
} else {
echo "[VALIDATION] KO" . PHP_EOL;
}
echo "Tokens stockés : " . print_r($tokenStorage->all(), true) . PHP_EOL;
}
/**
* @param BlockInterface $block
*
* @return array
*/
public function getViewParameters(BlockInterface $block)
{
$authErrorKey = Security::AUTHENTICATION_ERROR;
$lastUsernameKey = Security::LAST_USERNAME;
// get the error if any (works with forward and redirect -- see below)
if ($this->getRequest()->attributes->has($authErrorKey)) {
$error = $this->getRequest()->attributes->get($authErrorKey);
} elseif (null !== $this->session && $this->session->has($authErrorKey)) {
$error = $this->session->get($authErrorKey);
$this->session->remove($authErrorKey);
} else {
$error = null;
}
if (!$error instanceof AuthenticationException) {
$error = null;
// The value does not come from the security component.
}
// last username entered by the user
$lastUsername = null === $this->session ? '' : $this->session->get($lastUsernameKey);
$csrfToken = $this->csrfTokenManager->getToken('authenticate')->getValue();
$parameters = ['block_service' => $this, 'block' => $block, 'last_username' => $lastUsername, 'error' => $error, 'csrf_token' => $csrfToken];
return $parameters;
}
/**
* Get and set an upload token for this upload form.
*
* @param FormView $view
* @param FormInterface $form
* @param array $options
*/
public function finishView(FormView $view, FormInterface $form, array $options)
{
parent::finishView($view, $form, $options);
/*
* Dump the last index (key) of attachment collection array into the view so we can
* add new items without accidentally overriding already existing ones
*/
$data = $form->getData();
end($data);
$key = key($data);
$view->vars['attachment_index'] = $key;
// dump the form's csrf token into the view
$token = $this->tokenManager->getToken($view->vars['full_name']);
$view->vars['_file_upload_token'] = $token->getValue();
}
/**
* @param string $tokenId
* @return string
*/
public function getToken($tokenId)
{
return $this->tokenManager->getToken($tokenId)->getValue();
}
