Skip to content
GitLab
Commit 1ae81ce1 authored by Guillaume Perréal's avatar Guillaume Perréal
Browse files

UploadfileType: passe un token CSRF au template pour permettre le download des fichiers.

parent f9729f8d
master 0.1.x 1.x 3.x 4.x 5-migration-vers-la-nouvelle-architecture-basee-sur-webpack-npm 6-supprimer-isdevtools 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture-2 remplacer_assetic_par_webpack symfony3.4_ramsey_compatibility 2.1.0 2.0.2 2.0.1 2.0.0 1.0.1 1.0.0 0.1.5 0.1.4 0.1.3 0.1.2 0.1.1 0.1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 20 additions and 4 deletions
+20 -4
Controller/UploadController.php
+ 5
3
View file @ 1ae81ce1
......@@ -28,6 +28,8 @@ use Symfony\Component\Routing\RouterInterface;
*/
class UploadController extends Controller
{
const CSRF_INTENTION = "file_upload";
/**
*
* @var FileManagerInterface
......@@ -66,7 +68,7 @@ class UploadController extends Controller
$file = $this->fileManager->create($data['name'], $data['size'], $data['type'], $data['lastModified']);
$token = $this->csrfProvider->generateCsrfToken("file-upload");
$token = $this->csrfProvider->generateCsrfToken(self::CSRF_INTENTION);
$location = $this->router->generate(
'file_upload_put',
......@@ -206,8 +208,8 @@ class UploadController extends Controller
*/
protected function validateToken(Request $request)
{
if(!$this->csrfProvider->isCsrfTokenValid("file-upload", $request->query->get('token', null))) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid token');
if(!$this->csrfProvider->isCsrfTokenValid(self::CSRF_INTENTION, $request->query->get('token', null))) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token');
}
}
......
Form/Type/FileUploadType.php
+ 14
1
View file @ 1ae81ce1
......@@ -9,6 +9,7 @@ namespace Irstea\FileUploadBundle\Form\Type;
use Irstea\FileUploadBundle\Service\FileManagerInterface;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\Form\FormView;
use Symfony\Component\OptionsResolver\OptionsResolverInterface;
......@@ -30,10 +31,21 @@ class FileUploadType extends AbstractType
*/
private $fileManager;
public function __construct(Router $router, FileManagerInterface $fileManager)
/**
* @var CsrfProviderInterface
*/
protected $csrfProvider;
/**
*
* @param Router $router
* @param FileManagerInterface $fileManager
*/
public function __construct(Router $router, FileManagerInterface $fileManager, CsrfProviderInterface $csrfProvider)
{
$this->router = $router;
$this->fileManager = $fileManager;
$this->csrfProvider = $csrfProvider;
}
public function buildView(FormView $view, FormInterface $form, array $options)
......@@ -53,6 +65,7 @@ class FileUploadType extends AbstractType
'multiple' => false,
]
);
$view->vars['csrfToken'] = $this->csrfProvider->generateCsrfToken(UploadController::CSRF_INTENTION);
}
protected function getWidgetDefaults()
......
Resources/config/services.yml
+ 1
0
View file @ 1ae81ce1
......@@ -36,6 +36,7 @@ services:
arguments:
- @router
- @irstea_file_upload.file_manager
- @form.csrf_provider
tags:
- { name: form.type, alias: file_upload }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment