Skip to content
GitLab
Commit 216ad121 authored by Raidelet Nicolas's avatar Raidelet Nicolas Committed by Guillaume Perréal
Browse files

CsrfProviderInterface => CsrfTokenManagerInterface

parent 1175d22c
master 1.x 3.x 4.x 5-migration-vers-la-nouvelle-architecture-basee-sur-webpack-npm 6-supprimer-isdevtools 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture-2 remplacer_assetic_par_webpack symfony3.4_ramsey_compatibility 2.1.0 2.0.2 2.0.1 2.0.0 1.0.1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 16 additions and 6 deletions
+16 -6
Controller/UploadController.php
+ 16
6
View file @ 216ad121
......@@ -14,7 +14,6 @@ use Irstea\FileUploadBundle\Model\UploadedFileInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
......@@ -24,6 +23,7 @@ use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Symfony\Component\Templating\EngineInterface;
/**
......@@ -44,9 +44,9 @@ class UploadController extends Controller
protected $urlGenerator;
/**
* @var CsrfProviderInterface
* @var CsrfTokenManagerInterface
*/
protected $csrfProvider;
protected $csrfTokenManager;
/**
* @var TokenStorageInterface
......@@ -58,16 +58,25 @@ class UploadController extends Controller
*/
protected $templating;
/**
* UploadController constructor.
*
* @param FileManagerInterface $fileManager
* @param UrlGeneratorInterface $urlGenerator
* @param CsrfTokenManagerInterface $csrfTokenManager
* @param TokenStorageInterface $tokenStorage
* @param EngineInterface $templating
*/
public function __construct(
FileManagerInterface $fileManager,
UrlGeneratorInterface $urlGenerator,
CsrfProviderInterface $csrfProvider,
CsrfTokenManagerInterface $csrfTokenManager,
TokenStorageInterface $tokenStorage,
EngineInterface $templating
) {
$this->fileManager = $fileManager;
$this->urlGenerator = $urlGenerator;
$this->csrfProvider = $csrfProvider;
$this->csrfTokenManager = $csrfTokenManager;
$this->tokenStorage = $tokenStorage;
$this->templating = $templating;
}
......@@ -249,7 +258,8 @@ class UploadController extends Controller
*/
protected function validateCsrfToken(Request $request)
{
if (!$this->csrfProvider->isCsrfTokenValid(self::CSRF_INTENTION, $request->query->get('token', null))) {
$token = $this->csrfTokenManager->getToken($request->query->get('token', null));
if (!$this->csrfTokenManager->isTokenValid($token)) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token');
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment