public function isValid(Form $form)
{
if ($form->has('token')) {
$values = $form->getValues();
$values['token'] = 'modified by csrf scanner';
$form->setValues($values);
$this->client->submit($form);
$status = $this->client->getResponse()->getStatus();
if (403 == $status) {
return true;
}
$this->message = "403 response expected, but got a {$status}";
} else {
$this->message = "No 'token' input field found";
}
return false;
}
/**
* Returns a Form object for the first node in the list.
*
* @param array $values An array of values for the form fields
* @param string $method The method for the form
*
* @return Form A Form instance
*
* @throws \InvalidArgumentException If the current node list is empty
*
* @api
*/
public function form(array $values = null, $method = null)
{
if (!count($this)) {
throw new \InvalidArgumentException('The current node list is empty.');
}
$form = new Form($this->getNode(0), $this->uri, $method);
if (null !== $values) {
$form->setValues($values);
}
return $form;
}
/**
* Submits a form.
*
* @param Form $form A Form instance
* @param array $values An array of form field values
*
* @api
*/
public function submit(Form $form, array $values = array())
{
$form->setValues($values);
return $this->request($form->getMethod(), $form->getUri(), $form->getPhpValues(), $form->getPhpFiles());
}
/**
* Returns a Form object for the first node in the list.
*
* @param array $values An array of values for the form fields
* @param string $method The method for the form
*
* @return Form A Form instance
*
* @throws \InvalidArgumentException If the current node list is empty or the selected node is not instance of DOMElement
*/
public function form(array $values = null, $method = null)
{
if (!$this->nodes) {
throw new \InvalidArgumentException('The current node list is empty.');
}
$node = $this->getNode(0);
if (!$node instanceof \DOMElement) {
throw new \InvalidArgumentException(sprintf('The selected node should be instance of DOMElement, got "%s".', get_class($node)));
}
$form = new Form($node, $this->uri, $method, $this->baseHref);
if (null !== $values) {
$form->setValues($values);
}
return $form;
}
/**
* @param Form $form
* @param string $username
* @param string $password
* @param Session $session
*
* @return Promise
*
* @rejects RequestException
* @rejects InvalidCredentialsException
*/
public function loginAsync(Form $form, $username, $password, Session $session)
{
$form->setValues(['name' => $username, 'pass' => $password]);
return $this->client->requestAsync($form->getMethod(), $form->getUri(), [RequestOptions::COOKIES => $session->getCookieJar(), RequestOptions::AUTH => $session->getAuthData(), RequestOptions::FORM_PARAMS => $form->getPhpValues(), RequestOptions::HEADERS => ['referer' => $form->getUri()], RequestOptions::ALLOW_REDIRECTS => false])->then(function (ResponseInterface $response) use($form) {
if (substr($response->getStatusCode(), 0, 1) === '3') {
// We got a redirect, meaning we got logged in (hopefully).
return;
}
throw new InvalidCredentialsException();
});
}