如何强制我的表单组件在每次加载时生成新的 csrf?
How to force my form compoenent to generate a new csrf on each load?
从这里 Generate new CSRF token without reloading the entire form 我了解到有一种方法 refreshToken() 但是我在下面的代码中如何以及使用 symfony 表单组件的哪一部分,我应该使用该方法进行修改以强制我的表单每次加载我的脚本时生成一个新的 csrf?
$csrfStorage = new NativeSessionTokenStorage();
$csrfGenerator = new UriSafeTokenGenerator();
$csrfManager = new CsrfTokenManager($csrfGenerator, $csrfStorage);
$formFactory = Forms::createFormFactoryBuilder()
->addExtension(new CsrfExtension($csrfManager))
->getFormFactory();
$defaultFormTheme = 'bootstrap_3_layout.html.twig';
$vendorDir = realpath(__DIR__.'/../vendor');
$appVariableReflection = new \ReflectionClass('\Symfony\Bridge\Twig\AppVariable');
$vendorTwigBridgeDir = dirname($appVariableReflection->getFileName());
$viewsDir = realpath('twig');
$twig = new Twig_Environment(new Twig_Loader_Filesystem(array(
$viewsDir,
$vendorTwigBridgeDir.'/Resources/views/Form',
)));
$formEngine = new TwigRendererEngine(array($defaultFormTheme), $twig);
$twig->addRuntimeLoader(new \Twig_FactoryRuntimeLoader(array(
TwigRenderer::class => function () use ($formEngine, $csrfManager) {
return new TwigRenderer($formEngine, $csrfManager);
},
)));
$twig->addExtension(new FormExtension());
$translator = new Translator('en');
$twig->addExtension(new TranslationExtension($translator));
$form = $formFactory->createBuilder()
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$request = Request::createFromGlobals();
$form->handleRequest();
if ($form->isSubmitted() && $form->isValid()) {
$data = $form->getData();
print_r($data);
}
$twig->display('new.html.twig', array(
'form' => $form->createView(),
));
$csrfManager->refreshToken('form');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', array('task' => 'gggg'), array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'form'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$twig->display('new.html.twig', array(
'form' => $form->createView(),
));
编辑:现在在回答的帮助下,它总是刷新,但现在的问题是它总是无效的形式。我做错了什么?
$csrfManager->refreshToken('my_form_id');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', null, array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'my_form_id'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$request = Request::createFromGlobals();
$form->handleRequest();
if ($form->isSubmitted() && $form->isValid()) {
$data = $form->getData();
print_r($data);
} else {
print("invalid");
}
即使预期有效,它始终有效,我该怎么办?
编辑 2:
$csrfManager->refreshToken('form');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', array('task' => 'gggg'), array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'form'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$twig->display('new.html.twig', array(
'form' => $form->createView(),
));
$request = Request::createFromGlobals();
$session = New Session();
$session->set($formToken, $csrfManager->getToken($formToken)->getValue());
$request->setSession($session);
$form->handleRequest();
if ($form->isSubmitted() && $form->isValid()) {
$data = $form->getData();
print_r($data);
} else {
print("invalid");
}
$csrfManager->refreshToken('my_form_id');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', null, array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'my_form_id'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
.......
$request = Request::createFromGlobals();
$formToken = '_csrf/'.$form->getName();
// $storage = new NativeSessionStorage();
$session = New Session();
$session->set($formToken, $csrfManager->getToken($formToken)->getValue());
$request->setSession($session);
$form->handleRequest();
dump($request->getSession()->all());
要禁用 csrf,请使用选项 csrf_protection
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', null, array('csrf_protection' => false))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
EDIT : Setting the session
use Symfony\Component\HttpFoundation\Session\Session;
....
$request = Request::createFromGlobals();
$formToken = '_csrf/'.$form->getName();
$session = New Session();
$session->set($formToken,$csrfManager->getToken($formToken)->getValue());
$request->setSession($session);
$form->handleRequest();
从这里 Generate new CSRF token without reloading the entire form 我了解到有一种方法 refreshToken() 但是我在下面的代码中如何以及使用 symfony 表单组件的哪一部分,我应该使用该方法进行修改以强制我的表单每次加载我的脚本时生成一个新的 csrf?
$csrfStorage = new NativeSessionTokenStorage();
$csrfGenerator = new UriSafeTokenGenerator();
$csrfManager = new CsrfTokenManager($csrfGenerator, $csrfStorage);
$formFactory = Forms::createFormFactoryBuilder()
->addExtension(new CsrfExtension($csrfManager))
->getFormFactory();
$defaultFormTheme = 'bootstrap_3_layout.html.twig';
$vendorDir = realpath(__DIR__.'/../vendor');
$appVariableReflection = new \ReflectionClass('\Symfony\Bridge\Twig\AppVariable');
$vendorTwigBridgeDir = dirname($appVariableReflection->getFileName());
$viewsDir = realpath('twig');
$twig = new Twig_Environment(new Twig_Loader_Filesystem(array(
$viewsDir,
$vendorTwigBridgeDir.'/Resources/views/Form',
)));
$formEngine = new TwigRendererEngine(array($defaultFormTheme), $twig);
$twig->addRuntimeLoader(new \Twig_FactoryRuntimeLoader(array(
TwigRenderer::class => function () use ($formEngine, $csrfManager) {
return new TwigRenderer($formEngine, $csrfManager);
},
)));
$twig->addExtension(new FormExtension());
$translator = new Translator('en');
$twig->addExtension(new TranslationExtension($translator));
$form = $formFactory->createBuilder()
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$request = Request::createFromGlobals();
$form->handleRequest();
if ($form->isSubmitted() && $form->isValid()) {
$data = $form->getData();
print_r($data);
}
$twig->display('new.html.twig', array(
'form' => $form->createView(),
));
$csrfManager->refreshToken('form');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', array('task' => 'gggg'), array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'form'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$twig->display('new.html.twig', array(
'form' => $form->createView(),
));
编辑:现在在回答的帮助下,它总是刷新,但现在的问题是它总是无效的形式。我做错了什么?
$csrfManager->refreshToken('my_form_id');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', null, array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'my_form_id'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$request = Request::createFromGlobals();
$form->handleRequest();
if ($form->isSubmitted() && $form->isValid()) {
$data = $form->getData();
print_r($data);
} else {
print("invalid");
}
即使预期有效,它始终有效,我该怎么办?
编辑 2:
$csrfManager->refreshToken('form');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', array('task' => 'gggg'), array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'form'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
$twig->display('new.html.twig', array(
'form' => $form->createView(),
));
$request = Request::createFromGlobals();
$session = New Session();
$session->set($formToken, $csrfManager->getToken($formToken)->getValue());
$request->setSession($session);
$form->handleRequest();
if ($form->isSubmitted() && $form->isValid()) {
$data = $form->getData();
print_r($data);
} else {
print("invalid");
}
$csrfManager->refreshToken('my_form_id');
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', null, array('csrf_token_manager' => $csrfManager, 'csrf_token_id' => 'my_form_id'))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
.......
$request = Request::createFromGlobals();
$formToken = '_csrf/'.$form->getName();
// $storage = new NativeSessionStorage();
$session = New Session();
$session->set($formToken, $csrfManager->getToken($formToken)->getValue());
$request->setSession($session);
$form->handleRequest();
dump($request->getSession()->all());
要禁用 csrf,请使用选项 csrf_protection
$form = $formFactory->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', null, array('csrf_protection' => false))
->add('task', TextType::class)
->add('dueDate', DateType::class)
->getForm();
EDIT : Setting the session
use Symfony\Component\HttpFoundation\Session\Session;
....
$request = Request::createFromGlobals();
$formToken = '_csrf/'.$form->getName();
$session = New Session();
$session->set($formToken,$csrfManager->getToken($formToken)->getValue());
$request->setSession($session);
$form->handleRequest();