From cddd588a829efd3454419895198ee803b885a08e Mon Sep 17 00:00:00 2001 From: Alexander Zamponi Date: Fri, 22 Jun 2018 16:50:31 +0200 Subject: [PATCH] Added csrf tokens to all forms --- src/ZfcUser/Form/ChangeEmail.php | 10 ++++++++++ src/ZfcUser/Form/ChangePassword.php | 10 ++++++++++ src/ZfcUser/Form/Login.php | 10 ++++++++++ src/ZfcUser/Form/Register.php | 10 ++++++++++ tests/ZfcUserTest/Form/ChangeEmailTest.php | 1 + tests/ZfcUserTest/Form/ChangePasswordTest.php | 1 + tests/ZfcUserTest/Form/LoginTest.php | 2 ++ tests/ZfcUserTest/Form/RegisterTest.php | 2 ++ 8 files changed, 46 insertions(+) diff --git a/src/ZfcUser/Form/ChangeEmail.php b/src/ZfcUser/Form/ChangeEmail.php index 556432a0..5b2dfeb1 100644 --- a/src/ZfcUser/Form/ChangeEmail.php +++ b/src/ZfcUser/Form/ChangeEmail.php @@ -58,6 +58,16 @@ public function __construct($name, AuthenticationOptionsInterface $options) ), )); + $this->add([ + 'type' => '\Zend\Form\Element\Csrf', + 'name' => 'security', + 'options' => [ + 'csrf_options' => [ + 'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout() + ] + ] + ]); + $this->add(array( 'name' => 'submit', 'attributes' => array( diff --git a/src/ZfcUser/Form/ChangePassword.php b/src/ZfcUser/Form/ChangePassword.php index 52dada45..42ff4607 100644 --- a/src/ZfcUser/Form/ChangePassword.php +++ b/src/ZfcUser/Form/ChangePassword.php @@ -59,6 +59,16 @@ public function __construct($name, AuthenticationOptionsInterface $options) ), )); + $this->add([ + 'type' => '\Zend\Form\Element\Csrf', + 'name' => 'security', + 'options' => [ + 'csrf_options' => [ + 'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout() + ] + ] + ]); + $this->add(array( 'name' => 'submit', 'attributes' => array( diff --git a/src/ZfcUser/Form/Login.php b/src/ZfcUser/Form/Login.php index 46966778..78c64263 100644 --- a/src/ZfcUser/Form/Login.php +++ b/src/ZfcUser/Form/Login.php @@ -56,6 +56,16 @@ public function __construct($name, AuthenticationOptionsInterface $options) //$csrf->getValidator()->setTimeout($options->getLoginFormTimeout()); //$this->add($csrf); + $this->add([ + 'type' => '\Zend\Form\Element\Csrf', + 'name' => 'security', + 'options' => [ + 'csrf_options' => [ + 'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout() + ] + ] + ]); + $submitElement = new Element\Button('submit'); $submitElement ->setLabel('Sign In') diff --git a/src/ZfcUser/Form/Register.php b/src/ZfcUser/Form/Register.php index 9da9e4e6..206fbd26 100644 --- a/src/ZfcUser/Form/Register.php +++ b/src/ZfcUser/Form/Register.php @@ -24,6 +24,16 @@ public function __construct($name, RegistrationOptionsInterface $options) parent::__construct($name); + $this->add([ + 'type' => '\Zend\Form\Element\Csrf', + 'name' => 'security', + 'options' => [ + 'csrf_options' => [ + 'timeout' => $this->getRegistrationOptions()->getUserFormTimeout() + ] + ] + ]); + if ($this->getRegistrationOptions()->getUseRegistrationFormCaptcha()) { $this->add(array( 'name' => 'captcha', diff --git a/tests/ZfcUserTest/Form/ChangeEmailTest.php b/tests/ZfcUserTest/Form/ChangeEmailTest.php index 22e835e3..74860906 100644 --- a/tests/ZfcUserTest/Form/ChangeEmailTest.php +++ b/tests/ZfcUserTest/Form/ChangeEmailTest.php @@ -21,6 +21,7 @@ public function testConstruct() $this->assertArrayHasKey('newIdentity', $elements); $this->assertArrayHasKey('newIdentityVerify', $elements); $this->assertArrayHasKey('credential', $elements); + $this->assertArrayHasKey('security', $elements); } /** diff --git a/tests/ZfcUserTest/Form/ChangePasswordTest.php b/tests/ZfcUserTest/Form/ChangePasswordTest.php index 690e3b80..84b2cdfb 100644 --- a/tests/ZfcUserTest/Form/ChangePasswordTest.php +++ b/tests/ZfcUserTest/Form/ChangePasswordTest.php @@ -21,6 +21,7 @@ public function testConstruct() $this->assertArrayHasKey('credential', $elements); $this->assertArrayHasKey('newCredential', $elements); $this->assertArrayHasKey('newCredentialVerify', $elements); + $this->assertArrayHasKey('security', $elements); } /** diff --git a/tests/ZfcUserTest/Form/LoginTest.php b/tests/ZfcUserTest/Form/LoginTest.php index 398a9814..5db22325 100644 --- a/tests/ZfcUserTest/Form/LoginTest.php +++ b/tests/ZfcUserTest/Form/LoginTest.php @@ -23,6 +23,8 @@ public function testConstruct($authIdentityFields = array()) $this->assertArrayHasKey('identity', $elements); $this->assertArrayHasKey('credential', $elements); + $this->assertArrayHasKey('security', $elements); + $expectedLabel=""; if (count($authIdentityFields) > 0) { diff --git a/tests/ZfcUserTest/Form/RegisterTest.php b/tests/ZfcUserTest/Form/RegisterTest.php index 005920f8..7084588f 100644 --- a/tests/ZfcUserTest/Form/RegisterTest.php +++ b/tests/ZfcUserTest/Form/RegisterTest.php @@ -39,6 +39,8 @@ public function testConstruct($useCaptcha = false) $this->assertArrayHasKey('email', $elements); $this->assertArrayHasKey('password', $elements); $this->assertArrayHasKey('passwordVerify', $elements); + $this->assertArrayHasKey('security', $elements); + } public function providerTestConstruct()