/** * Renders the legacy website toolbar template. * * If the logged in user doesn't have the required permission, an empty response is returned * * @param mixed $locationId * @param Request $request * * @return Response */ public function websiteToolbarAction($locationId, Request $request) { $response = new Response(); if (isset($this->csrfProvider)) { $parameters['form_token'] = $this->csrfProvider->generateCsrfToken('legacy'); } if ($this->previewHelper->isPreviewActive()) { $template = 'design:parts/website_toolbar_versionview.tpl'; $previewedContent = $authValueObject = $this->previewHelper->getPreviewedContent(); $previewedVersionInfo = $previewedContent->versionInfo; $parameters = array('object' => $previewedContent, 'version' => $previewedVersionInfo, 'language' => $previewedVersionInfo->initialLanguageCode, 'is_creator' => $previewedVersionInfo->creatorId === $this->getRepository()->getCurrentUser()->id); } elseif ($locationId === null) { return $response; } else { $authValueObject = $this->loadContentByLocationId($locationId); $template = 'design:parts/website_toolbar.tpl'; $parameters = array('current_node_id' => $locationId, 'redirect_uri' => $request->attributes->get('semanticPathinfo')); } $authorizationAttribute = new AuthorizationAttribute('websitetoolbar', 'use', array('valueObject' => $authValueObject)); if (!$this->authChecker->isGranted($authorizationAttribute)) { return $response; } $response->setContent($this->legacyTemplateEngine->render($template, $parameters)); return $response; }
/** * {@inheritdoc} */ public function renderCsrfToken($intention) { if (null === $this->csrfProvider) { throw new \BadMethodCallException('CSRF token can only be generated if a CsrfProviderInterface is injected in the constructor.'); } return $this->csrfProvider->generateCsrfToken($intention); }
public function onBindClientData(DataEvent $event) { $form = $event->getForm(); $data = $event->getData(); if ((!$form->hasParent() || $form->getParent()->isRoot()) && !$this->csrfProvider->isCsrfTokenValid($this->intention, $data)) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form')); // If the session timed out, the token is invalid now. // Regenerate the token so that a resubmission is possible. $event->setData($this->csrfProvider->generateCsrfToken($this->intention)); } }
public function loginAction() { $session = $this->request->getSession(); if ($this->request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) { $error = $this->request->attributes->get(SecurityContextInterface::AUTHENTICATION_ERROR); } else { $error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR); $session->remove(SecurityContextInterface::AUTHENTICATION_ERROR); } $csrfToken = isset($this->csrfProvider) ? $this->csrfProvider->generateCsrfToken('authenticate') : null; return new Response($this->templateEngine->render($this->configResolver->getParameter('security.login_template'), array('last_username' => $session->get(SecurityContextInterface::LAST_USERNAME), 'error' => $error, 'csrf_token' => $csrfToken, 'layout' => $this->configResolver->getParameter('security.base_layout')))); }
/** * Renders the legacy website toolbar template. * * If the logged in user doesn't have the required permission, an empty response is returned * * @param mixed $locationId */ public function websiteToolbarAction($locationId) { $response = new Response(); // Happens in PreviewController. See EZP-22823. if ($locationId === null) { return $response; } $authorizationAttribute = new AuthorizationAttribute('websitetoolbar', 'use', array('valueObject' => $this->loadContentByLocationId($locationId))); if (!$this->securityContext->isGranted($authorizationAttribute)) { return $response; } $parameters = array('current_node_id' => $locationId); if (isset($this->csrfProvider)) { $parameters['form_token'] = $this->csrfProvider->generateCsrfToken('legacy'); } $response->setContent($this->legacyTemplateEngine->render('design:parts/website_toolbar.tpl', $parameters)); return $response; }
/** * @param string $intention * @return string */ public function getToken($intention) { return $this->csrfProvider->generateCsrfToken($intention); }
/** * {@inheritdoc} */ public function getToken($tokenId) { return new CsrfToken($tokenId, $this->csrfProvider->generateCsrfToken($tokenId)); }
public function getAuthorizationUrl() { $options = [self::STATE_KEY => $this->csrf->generateCsrfToken(__CLASS__)]; return $this->provider->getAuthorizationUrl($options); }
private function getDefaultViewVars() { $vars = $this->getConfiguration()->getDefaultViewVars($this->getRequest()); $vars['csrf_token'] = $this->csrfProvider->generateCsrfToken($this->getConfiguration()->getCSRFIntention()); return $vars; }