示例#1
0
 /**
  * {@inheritdoc}
  */
 public function renderCsrfToken($tokenId)
 {
     if (null === $this->csrfTokenManager) {
         throw new BadMethodCallException('CSRF tokens can only be generated if a CsrfTokenManagerInterface is injected in FormRenderer::__construct().');
     }
     return $this->csrfTokenManager->getToken($tokenId)->getValue();
 }
示例#2
0
 /**
  * Adds the referer ID to the request.
  *
  * @param GetResponseEvent $event
  */
 public function onKernelRequest(GetResponseEvent $event)
 {
     if (!$this->isBackendMasterRequest($event)) {
         return;
     }
     $request = $event->getRequest();
     /** @var CsrfToken $token */
     $token = $this->tokenManager->refreshToken('contao_referer_id');
     $request->attributes->set('_contao_referer_id', $token->getValue());
 }
示例#3
0
 public function getConfig()
 {
     $sessionInfo = ['isStarted' => false];
     if ($this->session->isStarted()) {
         $sessionInfo['isStarted'] = true;
         $sessionInfo['name'] = $this->session->getName();
         $sessionInfo['identifier'] = $this->session->getId();
         $sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
         $sessionInfo['href'] = $this->generateUrl('ezpublish_rest_deleteSession', ['sessionId' => $this->session->getId()]);
     }
     return $sessionInfo;
 }
示例#4
0
 /**
  * @param Annotation $annotation
  * @throws \RuntimeException
  * @return bool
  */
 public function validate(Annotation $annotation)
 {
     $request = $this->requestStack->getCurrentRequest();
     if ($request === null) {
         throw new \RuntimeException('Can not validate CSRF token without Request object');
     }
     $token = $request->get($annotation->param);
     $intention = $annotation->intention;
     if ($this->csrfManager instanceof CsrfTokenManagerInterface) {
         $tokenObject = new CsrfToken($intention, $token);
         return $this->csrfManager->isTokenValid($tokenObject);
     } else {
         throw new \RuntimeException('Invalid CSRF token manager provided');
     }
 }
示例#5
0
 /**
  * onKernelResponse
  *
  * @param FilterResponseEvent $event
  */
 public function onKernelResponse(FilterResponseEvent $event)
 {
     if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
         return;
     }
     $event->getResponse()->headers->setCookie(new Cookie($this->cookieName, $this->csrfTokenManager->getToken('rest_csrf')->getValue(), $this->cookieExpire, $this->cookiePath, $this->cookieDomain, $this->cookieSecure, false));
 }
示例#6
0
 /**
  * Checks the validity of the request's csrf token header.
  *
  * @param Request $request
  *
  * @return bool true/false if the token is valid/invalid, false if none was found in the request's headers.
  */
 protected function checkCsrfToken(Request $request)
 {
     if (!$request->headers->has(self::CSRF_TOKEN_HEADER)) {
         return false;
     }
     return $this->csrfTokenManager->isTokenValid(new CsrfToken($this->csrfTokenIntention, $request->headers->get(self::CSRF_TOKEN_HEADER)));
 }
示例#7
0
 public function preSubmit(FormEvent $event)
 {
     $form = $event->getForm();
     $data = $event->getData();
     if ($form->isRoot() && $form->getConfig()->getOption('compound')) {
         if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
             $errorMessage = $this->errorMessage;
             if (null !== $this->translator) {
                 $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain);
             }
             $form->addError(new FormError($errorMessage));
         }
         if (is_array($data)) {
             unset($data[$this->fieldName]);
         }
     }
     $event->setData($data);
 }
示例#8
0
 public function preSubmit(FormEvent $event)
 {
     $form = $event->getForm();
     $postRequestSizeExceeded = $form->getConfig()->getMethod() === 'POST' && $this->serverParams->hasPostMaxSizeBeenExceeded();
     if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
         $data = $event->getData();
         if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
             $errorMessage = $this->errorMessage;
             if (null !== $this->translator) {
                 $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain);
             }
             $form->addError(new FormError($errorMessage));
         }
         if (is_array($data)) {
             unset($data[$this->fieldName]);
             $event->setData($data);
         }
     }
 }
示例#9
0
 /**
  * @param $name
  * @return string
  */
 public function getToken($name)
 {
     $intention = '';
     $type = $this->formExtension->getType($name);
     if ($type instanceof TypeInterface) {
         $intention = $type->getDefaultIntention();
     }
     if (isset($defaults['intention'])) {
         $intention = $defaults['intention'];
     }
     return $this->csrfTokenManager->refreshToken($intention);
 }
示例#10
0
 /**
  * @param string $formName
  *
  * @return array
  * @throws FormlyMapperException
  */
 public function map($formName = null)
 {
     $formlyConfiguration = [];
     try {
         $configuration = (array) $this->formFactory->getConfiguration($formName);
     } catch (NonExistentFormException $e) {
         throw new FormlyMapperException($e->getMessage());
     }
     if (!empty($configuration)) {
         foreach ($configuration as $fieldName => $fieldConfiguration) {
             $fieldConfiguration['name'] = $fieldName;
             $formlyField = $this->formlyFieldFactory->getFormlyField($fieldConfiguration['type']);
             $formlyField->setFieldConfiguration($fieldConfiguration);
             $formlyConfiguration[] = $formlyField->getFormlyFieldConfiguration();
         }
     }
     $formName = !empty($formName) ? $formName : 'form';
     $token = $this->csrfTokenManager->refreshToken($formName);
     $tokenFieldConfiguration = ['key' => '_token', 'type' => 'hidden', 'defaultValue' => $token->getValue()];
     $formlyConfiguration[] = $tokenFieldConfiguration;
     return $formlyConfiguration;
 }
示例#11
0
 public function let(CsrfTokenManagerInterface $tokenManager, CsrfToken $token)
 {
     $tokenManager->getToken(self::ID)->willReturn($token);
     $tokenManager->refreshToken(self::ID)->willReturn($token);
     $tokenManager->removeToken(self::ID)->willReturn(self::VALUE);
     $tokenManager->isTokenValid(Argument::type('Symfony\\Component\\Security\\Csrf\\CsrfToken'))->willReturn(true);
     $this->beConstructedWith($tokenManager, self::ID);
 }
示例#12
0
 /**
  * Provide a BC wrapper for CSRF token manager/provider compatibility between versions.
  *
  * @param Request $request
  */
 protected function validateCsrfToken(Request $request)
 {
     if (is_null($this->csrfTokenManager)) {
         return;
     }
     $csrfToken = $this->getParameterFromRequest($request, $this->options['csrf_parameter']);
     if ($this->csrfTokenManager instanceof CsrfTokenManagerInterface) {
         if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) {
             throw new InvalidCsrfTokenException('Invalid CSRF token.');
         }
     }
     if ($this->csrfTokenManager instanceof CsrfProviderInterface) {
         if (false === $this->csrfTokenManager->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
             throw new InvalidCsrfTokenException('Invalid CSRF token.');
         }
     }
 }
示例#13
0
 /**
  * Handles the request token.
  *
  * @throws AjaxRedirectResponseException|InvalidRequestTokenException If the token is invalid
  */
 private function handleRequestToken()
 {
     // Deprecated since Contao 4.0, to be removed in Contao 5.0
     if (!defined('REQUEST_TOKEN')) {
         define('REQUEST_TOKEN', $this->tokenManager->getToken($this->csrfTokenName)->getValue());
     }
     if (null === $this->request || 'POST' !== $this->request->getRealMethod()) {
         return;
     }
     $token = new CsrfToken($this->csrfTokenName, $this->request->request->get('REQUEST_TOKEN'));
     if ($this->tokenManager->isTokenValid($token)) {
         return;
     }
     if ($this->request->isXmlHttpRequest()) {
         throw new AjaxRedirectResponseException($this->router->generate('contao_backend'));
     }
     throw new InvalidRequestTokenException('Invalid request token. Please reload the page and try again.');
 }
示例#14
0
 /**
  * {@inheritdoc}
  */
 public function isCsrfTokenValid($intention, $token)
 {
     trigger_error('The ' . __METHOD__ . ' method is deprecated since version 2.4 and will be removed in version 3.0. Use the Symfony\\Component\\Security\\Csrf\\CsrfTokenManager class instead.', E_USER_DEPRECATED);
     return $this->tokenManager->isTokenValid(new CsrfToken($intention, $token));
 }
示例#15
0
 /**
  * Tests if the given token value is valid.
  *
  * @param $value The CSRF token value to test
  *
  * @return bool
  *
  * @see CsrfTokenManagerInterface::isTokenValid()
  */
 public function isTokenValid($value)
 {
     $csrfToken = new CsrfToken($this->tokenId, $value);
     return $this->csrfTokenManager->isTokenValid($csrfToken);
 }
示例#16
0
 /**
  * {@inheritdoc}
  */
 public function isCsrfTokenValid($intention, $token)
 {
     return $this->tokenManager->isTokenValid(new CsrfToken($intention, $token));
 }
示例#17
0
 /**
  * Validate token for given id
  * @param string $tokenId
  * @param string $value
  * @return boolean
  */
 protected function isTokenValid($tokenId, $value)
 {
     return $this->manager->isTokenValid(new CsrfToken($tokenId, $value));
 }
示例#18
0
 public function getCsrfToken($intention)
 {
     return $this->csrfTokenManager->getToken($intention);
 }
示例#19
0
 /**
  * @param string $intention
  * @param string $token
  * @return boolean
  */
 public function isTokenValid($intention, $token)
 {
     $securityToken = new CsrfToken($intention, $token);
     return $this->tokenManager->isTokenValid($securityToken);
 }