/**
* {@inheritdoc}
*/
public function renderCsrfToken($tokenId)
{
if (null === $this->csrfTokenManager) {
throw new BadMethodCallException('CSRF tokens can only be generated if a CsrfTokenManagerInterface is injected in FormRenderer::__construct().');
}
return $this->csrfTokenManager->getToken($tokenId)->getValue();
}
public function getConfig()
{
$sessionInfo = ['isStarted' => false];
if ($this->session->isStarted()) {
$sessionInfo['isStarted'] = true;
$sessionInfo['name'] = $this->session->getName();
$sessionInfo['identifier'] = $this->session->getId();
$sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
$sessionInfo['href'] = $this->generateUrl('ezpublish_rest_deleteSession', ['sessionId' => $this->session->getId()]);
}
return $sessionInfo;
}
/**
* onKernelResponse
*
* @param FilterResponseEvent $event
*/
public function onKernelResponse(FilterResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
$event->getResponse()->headers->setCookie(new Cookie($this->cookieName, $this->csrfTokenManager->getToken('rest_csrf')->getValue(), $this->cookieExpire, $this->cookiePath, $this->cookieDomain, $this->cookieSecure, false));
}
public function let(CsrfTokenManagerInterface $tokenManager, CsrfToken $token)
{
$tokenManager->getToken(self::ID)->willReturn($token);
$tokenManager->refreshToken(self::ID)->willReturn($token);
$tokenManager->removeToken(self::ID)->willReturn(self::VALUE);
$tokenManager->isTokenValid(Argument::type('Symfony\\Component\\Security\\Csrf\\CsrfToken'))->willReturn(true);
$this->beConstructedWith($tokenManager, self::ID);
}
/**
* Generate a token for a given id
* @param string $tokenId
* @param boolean $refresh
* @return string
*/
protected function getToken($tokenId, $refresh = false)
{
if ($refresh) {
$token = $this->manager->refreshToken($tokenId)->getValue();
} else {
$token = $this->manager->getToken($tokenId)->getValue();
}
$this->logger->debug("CSRF: generated token '{$token}' for '{$tokenId}'");
return $token;
}
/**
* Handles the request token.
*
* @throws AjaxRedirectResponseException|InvalidRequestTokenException If the token is invalid
*/
private function handleRequestToken()
{
// Deprecated since Contao 4.0, to be removed in Contao 5.0
if (!defined('REQUEST_TOKEN')) {
define('REQUEST_TOKEN', $this->tokenManager->getToken($this->csrfTokenName)->getValue());
}
if (null === $this->request || 'POST' !== $this->request->getRealMethod()) {
return;
}
$token = new CsrfToken($this->csrfTokenName, $this->request->request->get('REQUEST_TOKEN'));
if ($this->tokenManager->isTokenValid($token)) {
return;
}
if ($this->request->isXmlHttpRequest()) {
throw new AjaxRedirectResponseException($this->router->generate('contao_backend'));
}
throw new InvalidRequestTokenException('Invalid request token. Please reload the page and try again.');
}
/**
* {@inheritdoc}
*/
public function generateCsrfToken($intention)
{
trigger_error('The ' . __METHOD__ . ' method is deprecated since version 2.4 and will be removed in version 3.0. Use the Symfony\\Component\\Security\\Csrf\\CsrfTokenManager class instead.', E_USER_DEPRECATED);
return $this->tokenManager->getToken($intention)->getValue();
}
/**
* {@inheritdoc}
*/
public function generateCsrfToken($intention)
{
return $this->tokenManager->getToken($intention)->getValue();
}
public function getCsrfToken($intention)
{
return $this->csrfTokenManager->getToken($intention);
}
/**
* Gets the CSRF token.
*
* @return CsrfToken
*
* @see CsrfTokenManagerInterface::getToken()
*/
public function getToken()
{
return $this->csrfTokenManager->getToken($this->tokenId);
}
