Add disabledCsrfTokenManager (#277)

sulu · Feb 23, 2021 · 4c0c30e · 4c0c30e
1 parent 2d23b39
commit 4c0c30e
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 0 deletions.
diff --git a/Csrf/DisabledCsrfTokenManager.php b/Csrf/DisabledCsrfTokenManager.php
@@ -0,0 +1,38 @@
+<?php
+
+/*
+ * This file is part of Sulu.
+ *
+ * (c) Sulu GmbH
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+namespace Sulu\Bundle\FormBundle\Csrf;
+
+use Symfony\Component\Security\Csrf\CsrfToken;
+use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
+
+class DisabledCsrfTokenManager implements CsrfTokenManagerInterface
+{
+    public function refreshToken(string $tokenId)
+    {
+        throw new \RuntimeException('Should not be called');
+    }
+
+    public function removeToken(string $tokenId)
+    {
+        throw new \RuntimeException('Should not be called');
+    }
+
+    public function isTokenValid(CsrfToken $token)
+    {
+        throw new \RuntimeException('Should not be called');
+    }
+
+    public function getToken(string $tokenId)
+    {
+        return new CsrfToken('', null);
+    }
+}
diff --git a/Form/Type/AbstractType.php b/Form/Type/AbstractType.php
@@ -11,6 +11,7 @@
 
 namespace Sulu\Bundle\FormBundle\Form\Type;
 
+use Sulu\Bundle\FormBundle\Csrf\DisabledCsrfTokenManager;
 use Symfony\Component\Form\AbstractType as SymfonyAbstractType;
 use Symfony\Component\Form\Util\StringUtil;
 use Symfony\Component\OptionsResolver\OptionsResolver;
@@ -60,6 +61,7 @@ public function configureOptions(OptionsResolver $resolver)
         if ($this->csrfProtection) {
             $defaults['csrf_field_name'] = $this->csrfFieldName;
             $defaults['intention'] = $this->getDefaultIntention();
+            $defaults['csrf_token_manager'] = new DisabledCsrfTokenManager();
         }
 
         if ($this->dataClass) {

diff --git a/Form/Type/DynamicFormType.php b/Form/Type/DynamicFormType.php
@@ -11,6 +11,7 @@
 
 namespace Sulu\Bundle\FormBundle\Form\Type;
 
+use Sulu\Bundle\FormBundle\Csrf\DisabledCsrfTokenManager;
 use Sulu\Bundle\FormBundle\Dynamic\Checksum;
 use Sulu\Bundle\FormBundle\Dynamic\FormFieldTypePool;
 use Sulu\Bundle\FormBundle\Entity\Dynamic;
@@ -192,6 +193,7 @@ public function configureOptions(OptionsResolver $resolver)
 
         $defaults['csrf_protection'] = true;
         $defaults['csrf_field_name'] = '_token';
+        $defaults['csrf_token_manager'] = new DisabledCsrfTokenManager();
         $defaults['data_class'] = Dynamic::class;
 
         $resolver->setDefaults($defaults);