bug symfony#9327 [2.2][Form] Changed FormTypeCsrfExtension to use the form's name as default intention (bschussek)

This PR was merged into the 2.2 branch. Discussion ---------- [2.2][Form] Changed FormTypeCsrfExtension to use the form's name as default intention | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Before, every form used the same "intention"/"csrf_token_id" value by default, namely "unknown". This PR fixes the default value to the form's name, which is at least different for forms with (a) explicit names and (b) different types, where the implicit name equals the type's name. Commits ------- b07c618 [Form] Changed FormTypeCsrfExtension to use the form's name as default intention

Author: fabpot

src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php

@@ -49,7 +49,11 @@ public function buildForm(FormBuilderInterface $builder, array $options)
 
  $builder
  ->setAttribute('csrf_factory', $builder->getFormFactory())
- ->addEventSubscriber(new CsrfValidationListener($options['csrf_field_name'], $options['csrf_provider'], $options['intention']))
+ ->addEventSubscriber(new CsrfValidationListener(
+ $options['csrf_field_name'],
+ $options['csrf_provider'],
+ $options['intention'] ?: $builder->getName()
+ ))
  ;
  }
 
@@ -64,7 +68,7 @@ public function finishView(FormView $view, FormInterface $form, array $options)
  {
  if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
  $factory = $form->getConfig()->getAttribute('csrf_factory');
- $data = $options['csrf_provider']->generateCsrfToken($options['intention']);
+ $data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName());
 
  $csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
  'mapped' => false,
@@ -83,7 +87,7 @@ public function setDefaultOptions(OptionsResolverInterface $resolver)
  'csrf_protection' => $this->defaultEnabled,
  'csrf_field_name' => $this->defaultFieldName,
  'csrf_provider' => $this->defaultCsrfProvider,
- 'intention' => 'unknown',
+ 'intention' => null,
  ));
  }
 

src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php

@@ -129,6 +129,24 @@ public function testGenerateCsrfToken()
  $this->assertEquals('token', $view['csrf']->vars['value']);
  }
 
+ public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
+ {
+ $this->csrfProvider->expects($this->once())
+ ->method('generateCsrfToken')
+ ->with('FORM_NAME')
+ ->will($this->returnValue('token'));
+
+ $view = $this->factory
+ ->createNamed('FORM_NAME', 'form', null, array(
+ 'csrf_field_name' => 'csrf',
+ 'csrf_provider' => $this->csrfProvider,
+ 'compound' => true,
+ ))
+ ->createView();
+
+ $this->assertEquals('token', $view['csrf']->vars['value']);
+ }
+
  public function provideBoolean()
  {
  return array(
@@ -169,6 +187,37 @@ public function testValidateTokenOnBindIfRootAndCompound($valid)
  $this->assertSame($valid, $form->isValid());
  }
 
+ /**
+ * @dataProvider provideBoolean
+ */
+ public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
+ {
+ $this->csrfProvider->expects($this->once())
+ ->method('isCsrfTokenValid')
+ ->with('FORM_NAME', 'token')
+ ->will($this->returnValue($valid));
+
+ $form = $this->factory
+ ->createNamedBuilder('FORM_NAME', 'form', null, array(
+ 'csrf_field_name' => 'csrf',
+ 'csrf_provider' => $this->csrfProvider,
+ 'compound' => true,
+ ))
+ ->add('child', 'text')
+ ->getForm();
+
+ $form->bind(array(
+ 'child' => 'foobar',
+ 'csrf' => 'token',
+ ));
+
+ // Remove token from data
+ $this->assertSame(array('child' => 'foobar'), $form->getData());
+
+ // Validate accordingly
+ $this->assertSame($valid, $form->isValid());
+ }
+
  public function testFailIfRootAndCompoundAndTokenMissing()
  {
  $this->csrfProvider->expects($this->never())