Explorar o código

Ajout du csrf pour le login

François %!s(int64=6) %!d(string=hai) anos
pai
achega
894818fa26

+ 1 - 1
app/Resources/views/base.html.twig

@@ -80,7 +80,7 @@
 				<div>
 					{% for message in app.flashes('success') %}
 					<div class="alert alert-success alert-dismissible fade show" role="alert">
-						<strong>Cool</strong> {{ message }}
+						<strong>Succès</strong> {{ message }}
 						<button type="button" class="close" data-dismiss="alert" aria-label="Close">
 							<span aria-hidden="true">&times;</span>
 						</button>

+ 1 - 0
app/config/security.yml

@@ -33,6 +33,7 @@ security:
             form_login:
                 login_path: login
                 check_path: login_check
+                csrf_token_generator: security.csrf.token_manager
             logout:
                 path: logout
                 target: login

+ 4 - 4
src/AppBundle/Controller/SecurityController.php

@@ -14,19 +14,19 @@ use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Annotation\Route;
 use AppBundle\Form\UserType;
 use AppBundle\Entity\User;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 
 class SecurityController extends Controller
 {
-    public function loginAction(Request $request)
+    public function loginAction(Request $request, AuthenticationUtils $authenticationUtils, AuthorizationCheckerInterface $authorizationChecker)
     {
-        if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
+        if ($authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
             return $this->redirectToRoute('videotheque_liste');
         }
 
-        $authenticationUtils = $this->get('security.authentication_utils');
-
         return $this->render('@App/security/login.html.twig', array (
             'last_username' =>  $authenticationUtils->getLastUsername(),
             'error'         =>  $authenticationUtils->getLastAuthenticationError()

+ 3 - 1
src/AppBundle/Resources/views/security/login.html.twig

@@ -20,7 +20,9 @@
             <label for="password">Mot de passe</label>
             <input type="password" id="password" name="_password" />
         </div>
-
+        <input type="hidden" name="_csrf_token"
+               value="{{ csrf_token('authenticate') }}"
+        >
         <input type="submit" value="Connexion" />
     </form>
     <p>Pas de compte ? <a href="{{ path('security_register') }}">S'enregistrer</a></p>

+ 1 - 1
src/AppBundle/Service/Mattermost.php

@@ -47,7 +47,7 @@ class Mattermost
             .$film->getAuthered()->getUsername()
             ."** vient d'ajouter **"
             .$film->getTitre()
-            ."** dans la [vidéothèque](https://videotheque.fdlibre.eu) ! C'est beau !";
+            ."** dans la [vidéothèque](https://videotheque.fdlibre.eu) ! C'est tellement beau !";
 
         $this->SendNotif($message);
     }