Skip to content
GitLab
Commit 1ae81ce1 authored by Guillaume Perréal's avatar Guillaume Perréal
Browse files

UploadfileType: passe un token CSRF au template pour permettre le download des fichiers.

parent f9729f8d
master 0.1.x 1.x 3.x 4.x 5-migration-vers-la-nouvelle-architecture-basee-sur-webpack-npm 6-supprimer-isdevtools 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture-2 remplacer_assetic_par_webpack symfony3.4_ramsey_compatibility 2.1.0 2.0.2 2.0.1 2.0.0 1.0.1 1.0.0 0.1.5 0.1.4 0.1.3 0.1.2 0.1.1 0.1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 20 additions and 4 deletions
+20 -4
Controller/UploadController.php
+ 5
3
View file @ 1ae81ce1
...@@ -28,6 +28,8 @@ use Symfony\Component\Routing\RouterInterface; ...@@ -28,6 +28,8 @@ use Symfony\Component\Routing\RouterInterface;
*/ */
class UploadController extends Controller class UploadController extends Controller
{ {
const CSRF_INTENTION = "file_upload";
/** /**
* *
* @var FileManagerInterface * @var FileManagerInterface
...@@ -66,7 +68,7 @@ class UploadController extends Controller ...@@ -66,7 +68,7 @@ class UploadController extends Controller
$file = $this->fileManager->create($data['name'], $data['size'], $data['type'], $data['lastModified']); $file = $this->fileManager->create($data['name'], $data['size'], $data['type'], $data['lastModified']);
$token = $this->csrfProvider->generateCsrfToken("file-upload"); $token = $this->csrfProvider->generateCsrfToken(self::CSRF_INTENTION);
$location = $this->router->generate( $location = $this->router->generate(
'file_upload_put', 'file_upload_put',
...@@ -206,8 +208,8 @@ class UploadController extends Controller ...@@ -206,8 +208,8 @@ class UploadController extends Controller
*/ */
protected function validateToken(Request $request) protected function validateToken(Request $request)
{ {
if(!$this->csrfProvider->isCsrfTokenValid("file-upload", $request->query->get('token', null))) { if(!$this->csrfProvider->isCsrfTokenValid(self::CSRF_INTENTION, $request->query->get('token', null))) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid token'); throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token');
} }
} }
......
Form/Type/FileUploadType.php
+ 14
1
View file @ 1ae81ce1
...@@ -9,6 +9,7 @@ namespace Irstea\FileUploadBundle\Form\Type; ...@@ -9,6 +9,7 @@ namespace Irstea\FileUploadBundle\Form\Type;
use Irstea\FileUploadBundle\Service\FileManagerInterface; use Irstea\FileUploadBundle\Service\FileManagerInterface;
use Symfony\Component\Form\AbstractType; use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Form\FormInterface; use Symfony\Component\Form\FormInterface;
use Symfony\Component\Form\FormView; use Symfony\Component\Form\FormView;
use Symfony\Component\OptionsResolver\OptionsResolverInterface; use Symfony\Component\OptionsResolver\OptionsResolverInterface;
...@@ -30,10 +31,21 @@ class FileUploadType extends AbstractType ...@@ -30,10 +31,21 @@ class FileUploadType extends AbstractType
*/ */
private $fileManager; private $fileManager;
public function __construct(Router $router, FileManagerInterface $fileManager) /**
* @var CsrfProviderInterface
*/
protected $csrfProvider;
/**
*
* @param Router $router
* @param FileManagerInterface $fileManager
*/
public function __construct(Router $router, FileManagerInterface $fileManager, CsrfProviderInterface $csrfProvider)
{ {
$this->router = $router; $this->router = $router;
$this->fileManager = $fileManager; $this->fileManager = $fileManager;
$this->csrfProvider = $csrfProvider;
} }
public function buildView(FormView $view, FormInterface $form, array $options) public function buildView(FormView $view, FormInterface $form, array $options)
...@@ -53,6 +65,7 @@ class FileUploadType extends AbstractType ...@@ -53,6 +65,7 @@ class FileUploadType extends AbstractType
'multiple' => false, 'multiple' => false,
] ]
); );
$view->vars['csrfToken'] = $this->csrfProvider->generateCsrfToken(UploadController::CSRF_INTENTION);
} }
protected function getWidgetDefaults() protected function getWidgetDefaults()
......
Resources/config/services.yml
+ 1
0
View file @ 1ae81ce1
...@@ -36,6 +36,7 @@ services: ...@@ -36,6 +36,7 @@ services:
arguments: arguments:
- @router - @router
- @irstea_file_upload.file_manager - @irstea_file_upload.file_manager
- @form.csrf_provider
tags: tags:
- { name: form.type, alias: file_upload } - { name: form.type, alias: file_upload }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment