public function let(AngularCsrfTokenManager $tokenManager, RouteMatcherInterface $routeMatcher, Request $secureRequest, Request $unsecureRequest, CsrfToken $token) { $token->getValue()->willReturn(self::TOKEN_VALUE); $tokenManager->getToken()->willReturn($token); $this->secureRequest = $secureRequest; $this->unsecureRequest = $unsecureRequest; $routeMatcher->match($this->secureRequest, $this->routes)->willReturn(true); $routeMatcher->match($this->unsecureRequest, $this->routes)->willReturn(false); $this->beConstructedWith($tokenManager, $routeMatcher, $this->routes, self::COOKIE_NAME, self::COOKIE_EXPIRE, self::COOKIE_PATH, self::COOKIE_DOMAIN, self::COOKIE_SECURE); }
/** * Handles CSRF token validation. * * @param GetResponseEvent $event * * @throws AccessDeniedHttpException */ public function onKernelRequest(GetResponseEvent $event) { if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType() || !$this->routeMatcher->match($event->getRequest(), $this->routes)) { return; } $value = $event->getRequest()->headers->get($this->headerName); if (!$value || !$this->angularCsrfTokenManager->isTokenValid($value)) { throw new AccessDeniedHttpException('Bad CSRF token.'); } }
/** * {@inheritdoc} */ public function configureOptions(OptionsResolver $resolver) { $request = $this->requestStack->getCurrentRequest(); if (null === $request) { return; } if (false === $this->routeMatcher->match($request, $this->routes)) { return; } $value = $request->headers->get($this->headerName); if ($this->angularCsrfTokenManager->isTokenValid($value)) { $resolver->setDefaults(array('csrf_protection' => false)); } }
public function let(AngularCsrfTokenManager $tokenManager, RouteMatcherInterface $routeMatcher, Request $secureValidRequest, Request $secureInvalidRequest, Request $unsecureRequest, HeaderBag $validHeaders, HeaderBag $invalidHeaders) { $tokenManager->isTokenValid(self::VALID_TOKEN)->willReturn(true); $tokenManager->isTokenValid(self::INVALID_TOKEN)->willReturn(false); $this->secureValidRequest = $secureValidRequest; $validHeaders->get(self::HEADER_NAME)->willReturn(self::VALID_TOKEN); $this->secureValidRequest->headers = $validHeaders; $this->secureInvalidRequest = $secureInvalidRequest; $invalidHeaders->get(self::HEADER_NAME)->willReturn(self::INVALID_TOKEN); $this->secureInvalidRequest->headers = $invalidHeaders; $this->unsecureRequest = $unsecureRequest; $routeMatcher->match($this->secureValidRequest, $this->routes)->willReturn(true); $routeMatcher->match($this->secureInvalidRequest, $this->routes)->willReturn(true); $routeMatcher->match($this->unsecureRequest, $this->routes)->willReturn(false); $this->beConstructedWith($tokenManager, $routeMatcher, $this->routes, self::HEADER_NAME); }