Commit 1ae81ce1 authored by Guillaume Perréal's avatar Guillaume Perréal
Browse files

UploadfileType: passe un token CSRF au template pour permettre le download des fichiers.

Showing with 20 additions and 4 deletions
+20 -4
......@@ -28,6 +28,8 @@ use Symfony\Component\Routing\RouterInterface;
*/
class UploadController extends Controller
{
const CSRF_INTENTION = "file_upload";
/**
*
* @var FileManagerInterface
......@@ -66,7 +68,7 @@ class UploadController extends Controller
$file = $this->fileManager->create($data['name'], $data['size'], $data['type'], $data['lastModified']);
$token = $this->csrfProvider->generateCsrfToken("file-upload");
$token = $this->csrfProvider->generateCsrfToken(self::CSRF_INTENTION);
$location = $this->router->generate(
'file_upload_put',
......@@ -206,8 +208,8 @@ class UploadController extends Controller
*/
protected function validateToken(Request $request)
{
if(!$this->csrfProvider->isCsrfTokenValid("file-upload", $request->query->get('token', null))) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid token');
if(!$this->csrfProvider->isCsrfTokenValid(self::CSRF_INTENTION, $request->query->get('token', null))) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token');
}
}
......
......@@ -9,6 +9,7 @@ namespace Irstea\FileUploadBundle\Form\Type;
use Irstea\FileUploadBundle\Service\FileManagerInterface;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\Form\FormView;
use Symfony\Component\OptionsResolver\OptionsResolverInterface;
......@@ -30,10 +31,21 @@ class FileUploadType extends AbstractType
*/
private $fileManager;
public function __construct(Router $router, FileManagerInterface $fileManager)
/**
* @var CsrfProviderInterface
*/
protected $csrfProvider;
/**
*
* @param Router $router
* @param FileManagerInterface $fileManager
*/
public function __construct(Router $router, FileManagerInterface $fileManager, CsrfProviderInterface $csrfProvider)
{
$this->router = $router;
$this->fileManager = $fileManager;
$this->csrfProvider = $csrfProvider;
}
public function buildView(FormView $view, FormInterface $form, array $options)
......@@ -53,6 +65,7 @@ class FileUploadType extends AbstractType
'multiple' => false,
]
);
$view->vars['csrfToken'] = $this->csrfProvider->generateCsrfToken(UploadController::CSRF_INTENTION);
}
protected function getWidgetDefaults()
......
......@@ -36,6 +36,7 @@ services:
arguments:
- @router
- @irstea_file_upload.file_manager
- @form.csrf_provider
tags:
- { name: form.type, alias: file_upload }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment