/** * @param ContainerInterface $c * @return Guard */ public static function forge(ContainerInterface $c) { $self = new self(); $self->responder = $c->get(Responder::class); $guard = new Guard(); $guard->setFailureCallable([$self, 'forbidden']); return $guard; }
protected function getCsrfValues(Request $request) { $nameKey = $this->csrf->getTokenNameKey(); $valueKey = $this->csrf->getTokenValueKey(); $name = $request->getAttribute($nameKey); $value = $request->getAttribute($valueKey); return ['nameKey' => $nameKey, 'valueKey' => $valueKey, 'name' => $name, 'value' => $value]; }
/** * @param Request $request * @param Response $response * @param callable $next * @return Response * @throws UnexpectedValueException */ public function __invoke(Request $request, Response $response, callable $next) { $nameKey = $this->csrf->getTokenNameKey(); $valueKey = $this->csrf->getTokenValueKey(); $csrfToken = [$nameKey => $request->getAttribute($nameKey), $valueKey => $request->getAttribute($valueKey)]; if ($csrfToken[$nameKey] && $csrfToken[$valueKey]) { // waiting for a possible Slim View Interface if ($this->renderer instanceof ArrayAccess) { $this->renderer['csrf_token'] = $csrfToken; } elseif (method_exists($this->renderer, 'addAttribute')) { $this->renderer->addAttribute('csrf_token', $csrfToken); } else { throw new UnexpectedValueException('Unsupported view renderer type.'); } } return $next($request, $response); }
public function dispatch(Request $request, Response $response, $args) { $speakers = $this->eventManager->getSpeakers(); $venues = $this->eventService->getVenues(); $supporters = $this->eventManager->getSupporters(); $eventInfo = ['title' => '', 'description' => '']; if ($request->getParam('meetup_id')) { $event = $this->eventService->getEventById((int) $request->getParam('meetup_id')); if (!empty($event)) { $eventInfo['title'] = $event['subject']; $eventInfo['description'] = $event['description']; $eventInfo['venue_id'] = $event['venue_id']; $date = \DateTime::createFromFormat('F jS Y', $event['date']); $eventInfo['date'] = $date->format("d/m/Y"); } } $errors = $this->flash->getMessage('event') ?? []; $frmErrors = []; if ($request->isPost()) { $validator = new EventValidator($_POST); try { $validator->talkValidation()->dateValidation(); if (!$validator->isValid()) { throw new \Exception('Form not valid.'); } $event = new \App\Model\Event\Event(new Talk(strip_tags($request->getParam('talk_title'), '<p><a><br>'), strip_tags($request->getParam('talk_description'), '<p><img><a><br>'), $this->eventManager->getSpeakerById((int) $request->getParam('speaker'))), $request->getParam('start_date'), $request->getParam('start_time'), $this->eventService->getVenueById($request->getParam('venue')), $this->eventManager->getSupporterByID($request->getParam('supporter'))); $this->eventService->createEvent($event); if (!$request->getParam('meetup_id')) { if ((int) $this->eventService->createMeetup()->getStatusCode() !== 201) { throw new \Exception('Could not create meetup event.'); } } else { // Do not create a meetup $this->eventService->getMeetupEvent()->setEventID((int) $request->getParam('meetup_id')); } if ((int) $this->eventService->createJoindinEvent($this->eventSettings['name'], $this->eventSettings['description'])->getStatusCode() !== 201) { $this->flash->addMessage('event', 'Could not create Joindin event. Please try again.'); return $response->withStatus(302)->withHeader('Location', '/create-event?meetup_id=' . $this->eventService->getMeetupEvent()->getMeetupEventID()); } if ((int) $this->eventService->createJoindinTalk()->getStatusCode() !== 201) { // TODO // Delete meetup event and JoindIn event just created. throw new \Exception('Could not create Joindin talk.'); } $eventEntity = $this->eventService->updateEvents(); return $response->withStatus(302)->withHeader('Location', '/event/' . $eventEntity->getId()); } catch (\Exception $e) { $frmErrors = $validator->getErrors(); $errors[] = $e->getMessage(); } } $nameKey = $this->csrf->getTokenNameKey(); $valueKey = $this->csrf->getTokenValueKey(); $name = $request->getAttribute($nameKey); $value = $request->getAttribute($valueKey); $this->view->render($response, 'admin/create-event.twig', ['speakers' => $speakers, 'venues' => $venues, 'eventInfo' => $eventInfo, 'supporters' => $supporters, 'nameKey' => $nameKey, 'valueKey' => $valueKey, 'name' => $name, 'value' => $value, 'errors' => $errors, 'frmErrors' => $frmErrors]); return $response; }
public function testTokenKeys() { $mw = new Guard('test'); $this->assertEquals('test_name', $mw->getTokenNameKey()); $this->assertEquals('test_value', $mw->getTokenValueKey()); }
public function testStorageLimitIsEnforcedForArrays() { $storage = []; $request = $this->request; $response = $this->response; $next = function ($req, $res) { return $res; }; $mw = new Guard('csrf', $storage); $mw->setStorageLimit(2); $this->assertEquals(0, count($storage)); $response = $mw($request, $response, $next); $response = $mw($request, $response, $next); $response = $mw($request, $response, $next); $this->assertEquals(2, count($storage)); }
public function testKeyPair() { $mw = new Guard(); $next = function ($req, $res) { return $res; }; $response = $mw($this->request, $this->response, $next); $this->assertNotNull($mw->getTokenName()); $this->assertNotNull($mw->getTokenValue()); }