/** * @param Annotation $annotation * @throws \RuntimeException * @return bool */ public function validate(Annotation $annotation) { $request = $this->requestStack->getCurrentRequest(); if ($request === null) { throw new \RuntimeException('Can not validate CSRF token without Request object'); } $token = $request->get($annotation->param); $intention = $annotation->intention; if ($this->csrfManager instanceof CsrfTokenManagerInterface) { $tokenObject = new CsrfToken($intention, $token); return $this->csrfManager->isTokenValid($tokenObject); } else { throw new \RuntimeException('Invalid CSRF token manager provided'); } }
/** * Checks the validity of the request's csrf token header. * * @param Request $request * * @return bool true/false if the token is valid/invalid, false if none was found in the request's headers. */ protected function checkCsrfToken(Request $request) { if (!$request->headers->has(self::CSRF_TOKEN_HEADER)) { return false; } return $this->csrfTokenManager->isTokenValid(new CsrfToken($this->csrfTokenIntention, $request->headers->get(self::CSRF_TOKEN_HEADER))); }
public function let(CsrfTokenManagerInterface $tokenManager, CsrfToken $token) { $tokenManager->getToken(self::ID)->willReturn($token); $tokenManager->refreshToken(self::ID)->willReturn($token); $tokenManager->removeToken(self::ID)->willReturn(self::VALUE); $tokenManager->isTokenValid(Argument::type('Symfony\\Component\\Security\\Csrf\\CsrfToken'))->willReturn(true); $this->beConstructedWith($tokenManager, self::ID); }
public function preSubmit(FormEvent $event) { $form = $event->getForm(); $data = $event->getData(); if ($form->isRoot() && $form->getConfig()->getOption('compound')) { if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) { $errorMessage = $this->errorMessage; if (null !== $this->translator) { $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain); } $form->addError(new FormError($errorMessage)); } if (is_array($data)) { unset($data[$this->fieldName]); } } $event->setData($data); }
public function preSubmit(FormEvent $event) { $form = $event->getForm(); $postRequestSizeExceeded = $form->getConfig()->getMethod() === 'POST' && $this->serverParams->hasPostMaxSizeBeenExceeded(); if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) { $data = $event->getData(); if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) { $errorMessage = $this->errorMessage; if (null !== $this->translator) { $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain); } $form->addError(new FormError($errorMessage)); } if (is_array($data)) { unset($data[$this->fieldName]); $event->setData($data); } } }
/** * Provide a BC wrapper for CSRF token manager/provider compatibility between versions. * * @param Request $request */ protected function validateCsrfToken(Request $request) { if (is_null($this->csrfTokenManager)) { return; } $csrfToken = $this->getParameterFromRequest($request, $this->options['csrf_parameter']); if ($this->csrfTokenManager instanceof CsrfTokenManagerInterface) { if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken($this->options['intention'], $csrfToken))) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } if ($this->csrfTokenManager instanceof CsrfProviderInterface) { if (false === $this->csrfTokenManager->isCsrfTokenValid($this->options['intention'], $csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } }
/** * Handles the request token. * * @throws AjaxRedirectResponseException|InvalidRequestTokenException If the token is invalid */ private function handleRequestToken() { // Deprecated since Contao 4.0, to be removed in Contao 5.0 if (!defined('REQUEST_TOKEN')) { define('REQUEST_TOKEN', $this->tokenManager->getToken($this->csrfTokenName)->getValue()); } if (null === $this->request || 'POST' !== $this->request->getRealMethod()) { return; } $token = new CsrfToken($this->csrfTokenName, $this->request->request->get('REQUEST_TOKEN')); if ($this->tokenManager->isTokenValid($token)) { return; } if ($this->request->isXmlHttpRequest()) { throw new AjaxRedirectResponseException($this->router->generate('contao_backend')); } throw new InvalidRequestTokenException('Invalid request token. Please reload the page and try again.'); }
/** * {@inheritdoc} */ public function isCsrfTokenValid($intention, $token) { trigger_error('The ' . __METHOD__ . ' method is deprecated since version 2.4 and will be removed in version 3.0. Use the Symfony\\Component\\Security\\Csrf\\CsrfTokenManager class instead.', E_USER_DEPRECATED); return $this->tokenManager->isTokenValid(new CsrfToken($intention, $token)); }
/** * {@inheritdoc} */ public function isCsrfTokenValid($intention, $token) { return $this->tokenManager->isTokenValid(new CsrfToken($intention, $token)); }
/** * @param string $intention * @param string $token * @return boolean */ public function isTokenValid($intention, $token) { $securityToken = new CsrfToken($intention, $token); return $this->tokenManager->isTokenValid($securityToken); }
/** * Validate token for given id * @param string $tokenId * @param string $value * @return boolean */ protected function isTokenValid($tokenId, $value) { return $this->manager->isTokenValid(new CsrfToken($tokenId, $value)); }
/** * Tests if the given token value is valid. * * @param $value The CSRF token value to test * * @return bool * * @see CsrfTokenManagerInterface::isTokenValid() */ public function isTokenValid($value) { $csrfToken = new CsrfToken($this->tokenId, $value); return $this->csrfTokenManager->isTokenValid($csrfToken); }