protected function getCsrfValues(Request $request)
{
$nameKey = $this->csrf->getTokenNameKey();
$valueKey = $this->csrf->getTokenValueKey();
$name = $request->getAttribute($nameKey);
$value = $request->getAttribute($valueKey);
return ['nameKey' => $nameKey, 'valueKey' => $valueKey, 'name' => $name, 'value' => $value];
}
/**
* @param Request $request
* @param Response $response
* @param callable $next
* @return Response
* @throws UnexpectedValueException
*/
public function __invoke(Request $request, Response $response, callable $next)
{
$nameKey = $this->csrf->getTokenNameKey();
$valueKey = $this->csrf->getTokenValueKey();
$csrfToken = [$nameKey => $request->getAttribute($nameKey), $valueKey => $request->getAttribute($valueKey)];
if ($csrfToken[$nameKey] && $csrfToken[$valueKey]) {
// waiting for a possible Slim View Interface
if ($this->renderer instanceof ArrayAccess) {
$this->renderer['csrf_token'] = $csrfToken;
} elseif (method_exists($this->renderer, 'addAttribute')) {
$this->renderer->addAttribute('csrf_token', $csrfToken);
} else {
throw new UnexpectedValueException('Unsupported view renderer type.');
}
}
return $next($request, $response);
}
public function dispatch(Request $request, Response $response, $args)
{
$speakers = $this->eventManager->getSpeakers();
$venues = $this->eventService->getVenues();
$supporters = $this->eventManager->getSupporters();
$eventInfo = ['title' => '', 'description' => ''];
if ($request->getParam('meetup_id')) {
$event = $this->eventService->getEventById((int) $request->getParam('meetup_id'));
if (!empty($event)) {
$eventInfo['title'] = $event['subject'];
$eventInfo['description'] = $event['description'];
$eventInfo['venue_id'] = $event['venue_id'];
$date = \DateTime::createFromFormat('F jS Y', $event['date']);
$eventInfo['date'] = $date->format("d/m/Y");
}
}
$errors = $this->flash->getMessage('event') ?? [];
$frmErrors = [];
if ($request->isPost()) {
$validator = new EventValidator($_POST);
try {
$validator->talkValidation()->dateValidation();
if (!$validator->isValid()) {
throw new \Exception('Form not valid.');
}
$event = new \App\Model\Event\Event(new Talk(strip_tags($request->getParam('talk_title'), '<p><a><br>'), strip_tags($request->getParam('talk_description'), '<p><img><a><br>'), $this->eventManager->getSpeakerById((int) $request->getParam('speaker'))), $request->getParam('start_date'), $request->getParam('start_time'), $this->eventService->getVenueById($request->getParam('venue')), $this->eventManager->getSupporterByID($request->getParam('supporter')));
$this->eventService->createEvent($event);
if (!$request->getParam('meetup_id')) {
if ((int) $this->eventService->createMeetup()->getStatusCode() !== 201) {
throw new \Exception('Could not create meetup event.');
}
} else {
// Do not create a meetup
$this->eventService->getMeetupEvent()->setEventID((int) $request->getParam('meetup_id'));
}
if ((int) $this->eventService->createJoindinEvent($this->eventSettings['name'], $this->eventSettings['description'])->getStatusCode() !== 201) {
$this->flash->addMessage('event', 'Could not create Joindin event. Please try again.');
return $response->withStatus(302)->withHeader('Location', '/create-event?meetup_id=' . $this->eventService->getMeetupEvent()->getMeetupEventID());
}
if ((int) $this->eventService->createJoindinTalk()->getStatusCode() !== 201) {
// TODO
// Delete meetup event and JoindIn event just created.
throw new \Exception('Could not create Joindin talk.');
}
$eventEntity = $this->eventService->updateEvents();
return $response->withStatus(302)->withHeader('Location', '/event/' . $eventEntity->getId());
} catch (\Exception $e) {
$frmErrors = $validator->getErrors();
$errors[] = $e->getMessage();
}
}
$nameKey = $this->csrf->getTokenNameKey();
$valueKey = $this->csrf->getTokenValueKey();
$name = $request->getAttribute($nameKey);
$value = $request->getAttribute($valueKey);
$this->view->render($response, 'admin/create-event.twig', ['speakers' => $speakers, 'venues' => $venues, 'eventInfo' => $eventInfo, 'supporters' => $supporters, 'nameKey' => $nameKey, 'valueKey' => $valueKey, 'name' => $name, 'value' => $value, 'errors' => $errors, 'frmErrors' => $frmErrors]);
return $response;
}
public function testTokenGeneration()
{
$storage = [];
$request = $this->request;
$response = $this->response;
$mw = new Guard('csrf', $storage);
$next = function ($req, $res) use($mw) {
return $res->withHeader('X-CSRF-NAME', $req->getAttribute($mw->getTokenNameKey()))->withHeader('X-CSRF-VALUE', $req->getAttribute($mw->getTokenValueKey()));
};
$response1 = $mw($request, $response, $next);
$response2 = $mw($request, $response, $next);
$this->assertStringStartsWith('csrf', $response1->getHeaderLine('X-CSRF-NAME'), 'Name key should start with csrf prefix');
$this->assertStringStartsWith('csrf', $response2->getHeaderLine('X-CSRF-NAME'), 'Name key should start with csrf prefix');
$this->assertNotEquals($response1->getHeaderLine('X-CSRF-NAME'), $response2->getHeaderLine('X-CSRF-NAME'), 'Generated token names must be unique');
$this->assertEquals(32, strlen($response1->getHeaderLine('X-CSRF-VALUE')), 'Length of the generated token value should be double the strength');
$this->assertEquals(32, strlen($response2->getHeaderLine('X-CSRF-VALUE')), 'Length of the generated token value should be double the strength');
$this->assertTrue(ctype_xdigit($response1->getHeaderLine('X-CSRF-VALUE')), 'Generated token value is not hexadecimal');
$this->assertTrue(ctype_xdigit($response2->getHeaderLine('X-CSRF-VALUE')), 'Generated token value is not hexadecimal');
}
public function testTokenKeys()
{
$mw = new Guard('test');
$this->assertEquals('test_name', $mw->getTokenNameKey());
$this->assertEquals('test_value', $mw->getTokenValueKey());
}