From 1ae81ce146b151ccb3395b5f1c033a5a2f0d2f9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guillaume=20Perr=C3=A9al?= <guillaume.perreal@irstea.fr>
Date: Thu, 22 Jan 2015 13:41:19 +0100
Subject: [PATCH] UploadfileType: passe un token CSRF au template pour
permettre le download des fichiers.
---
Controller/UploadController.php | 8 +++++---
Form/Type/FileUploadType.php | 15 ++++++++++++++-
Resources/config/services.yml | 1 +
3 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/Controller/UploadController.php b/Controller/UploadController.php
index dd81da81..ea29e3a7 100644
--- a/Controller/UploadController.php
+++ b/Controller/UploadController.php
@@ -28,6 +28,8 @@ use Symfony\Component\Routing\RouterInterface;
*/
class UploadController extends Controller
{
+ const CSRF_INTENTION = "file_upload";
+
/**
*
* @var FileManagerInterface
@@ -66,7 +68,7 @@ class UploadController extends Controller
$file = $this->fileManager->create($data['name'], $data['size'], $data['type'], $data['lastModified']);
- $token = $this->csrfProvider->generateCsrfToken("file-upload");
+ $token = $this->csrfProvider->generateCsrfToken(self::CSRF_INTENTION);
$location = $this->router->generate(
'file_upload_put',
@@ -206,8 +208,8 @@ class UploadController extends Controller
*/
protected function validateToken(Request $request)
{
- if(!$this->csrfProvider->isCsrfTokenValid("file-upload", $request->query->get('token', null))) {
- throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid token');
+ if(!$this->csrfProvider->isCsrfTokenValid(self::CSRF_INTENTION, $request->query->get('token', null))) {
+ throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token');
}
}
diff --git a/Form/Type/FileUploadType.php b/Form/Type/FileUploadType.php
index 061a2a40..4204500e 100644
--- a/Form/Type/FileUploadType.php
+++ b/Form/Type/FileUploadType.php
@@ -9,6 +9,7 @@ namespace Irstea\FileUploadBundle\Form\Type;
use Irstea\FileUploadBundle\Service\FileManagerInterface;
use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\Form\FormView;
use Symfony\Component\OptionsResolver\OptionsResolverInterface;
@@ -30,10 +31,21 @@ class FileUploadType extends AbstractType
*/
private $fileManager;
- public function __construct(Router $router, FileManagerInterface $fileManager)
+ /**
+ * @var CsrfProviderInterface
+ */
+ protected $csrfProvider;
+
+ /**
+ *
+ * @param Router $router
+ * @param FileManagerInterface $fileManager
+ */
+ public function __construct(Router $router, FileManagerInterface $fileManager, CsrfProviderInterface $csrfProvider)
{
$this->router = $router;
$this->fileManager = $fileManager;
+ $this->csrfProvider = $csrfProvider;
}
public function buildView(FormView $view, FormInterface $form, array $options)
@@ -53,6 +65,7 @@ class FileUploadType extends AbstractType
'multiple' => false,
]
);
+ $view->vars['csrfToken'] = $this->csrfProvider->generateCsrfToken(UploadController::CSRF_INTENTION);
}
protected function getWidgetDefaults()
diff --git a/Resources/config/services.yml b/Resources/config/services.yml
index a926211f..ba76ea51 100644
--- a/Resources/config/services.yml
+++ b/Resources/config/services.yml
@@ -36,6 +36,7 @@ services:
arguments:
- @router
- @irstea_file_upload.file_manager
+ - @form.csrf_provider
tags:
- { name: form.type, alias: file_upload }
--
GitLab