[Form] Changed FormTypeCsrfExtension to use the form's name as default intention

webmozart · webmozart · commit 1cd233ef4358 · 2013-10-17T17:52:50.000+02:00
diff --git a/Extension/Csrf/Type/FormTypeCsrfExtension.php b/Extension/Csrf/Type/FormTypeCsrfExtension.php
@@ -49,7 +49,11 @@ public function buildForm(FormBuilderInterface $builder, array $options)
 
         $builder
             ->setAttribute('csrf_factory', $builder->getFormFactory())
-            ->addEventSubscriber(new CsrfValidationListener($options['csrf_field_name'], $options['csrf_provider'], $options['intention']))
+            ->addEventSubscriber(new CsrfValidationListener(
+                $options['csrf_field_name'],
+                $options['csrf_provider'],
+                $options['intention'] ?: $builder->getName()
+            ))
         ;
     }
 
@@ -64,7 +68,7 @@ public function finishView(FormView $view, FormInterface $form, array $options)
     {
         if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
             $factory = $form->getConfig()->getAttribute('csrf_factory');
-            $data = $options['csrf_provider']->generateCsrfToken($options['intention']);
+            $data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName());
 
             $csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
                 'mapped' => false,
@@ -83,7 +87,7 @@ public function setDefaultOptions(OptionsResolverInterface $resolver)
             'csrf_protection'   => $this->defaultEnabled,
             'csrf_field_name'   => $this->defaultFieldName,
             'csrf_provider'     => $this->defaultCsrfProvider,
-            'intention'         => 'unknown',
+            'intention'         => null,
         ));
     }
 
diff --git a/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
@@ -129,6 +129,24 @@ public function testGenerateCsrfToken()
         $this->assertEquals('token', $view['csrf']->vars['value']);
     }
 
+    public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
+    {
+        $this->csrfProvider->expects($this->once())
+            ->method('generateCsrfToken')
+            ->with('FORM_NAME')
+            ->will($this->returnValue('token'));
+
+        $view = $this->factory
+            ->createNamed('FORM_NAME', 'form', null, array(
+                'csrf_field_name' => 'csrf',
+                'csrf_provider' => $this->csrfProvider,
+                'compound' => true,
+            ))
+            ->createView();
+
+        $this->assertEquals('token', $view['csrf']->vars['value']);
+    }
+
     public function provideBoolean()
     {
         return array(
@@ -169,6 +187,37 @@ public function testValidateTokenOnBindIfRootAndCompound($valid)
         $this->assertSame($valid, $form->isValid());
     }
 
+    /**
+     * @dataProvider provideBoolean
+     */
+    public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
+    {
+        $this->csrfProvider->expects($this->once())
+            ->method('isCsrfTokenValid')
+            ->with('FORM_NAME', 'token')
+            ->will($this->returnValue($valid));
+
+        $form = $this->factory
+            ->createNamedBuilder('FORM_NAME', 'form', null, array(
+                'csrf_field_name' => 'csrf',
+                'csrf_provider' => $this->csrfProvider,
+                'compound' => true,
+            ))
+            ->add('child', 'text')
+            ->getForm();
+
+        $form->bind(array(
+            'child' => 'foobar',
+            'csrf' => 'token',
+        ));
+
+        // Remove token from data
+        $this->assertSame(array('child' => 'foobar'), $form->getData());
+
+        // Validate accordingly
+        $this->assertSame($valid, $form->isValid());
+    }
+
     public function testFailIfRootAndCompoundAndTokenMissing()
     {
         $this->csrfProvider->expects($this->never())
