checkRequest example



  /** * Apply access check service to the route and parameters in the request. * * @param \Symfony\Component\HttpFoundation\Request $request * The request to access check. */
  protected function checkAccess(Request $request) {
    // The cacheability (if any) of this request's access check result must be     // applied to the response.     $access_result = $this->accessManager->checkRequest($request$this->account, TRUE);
    // Allow a master request to set the access result for a subrequest: if an     // access result attribute is already set, don't overwrite it.     if (!$request->attributes->has(AccessAwareRouterInterface::ACCESS_RESULT)) {
      $request->attributes->set(AccessAwareRouterInterface::ACCESS_RESULT, $access_result);
    }
    if (!$access_result->isAllowed()) {
      if ($access_result instanceof CacheableDependencyInterface && $request->isMethodCacheable()) {
        throw new CacheableAccessDeniedHttpException($access_result$access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : '');
      }
      else {
        throw new AccessDeniedHttpException($access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : '');
      }


        if ($request->isPost() && $request->isXmlHttpRequest()) {
            return;
        }

        // skip whitelisted actions         if ($this->isWhitelisted($controller)) {
            return;
        }

        if (!$this->checkRequest($request)) {
            throw new CSRFTokenValidationException(sprintf('The provided X-CSRF-Token for path "%s" is invalid. Please go back, reload the page and try again.', $request->getRequestUri()));
        }

        // mark request as validated to avoid double validation         $request->setAttribute(self::CSRF_WAS_VALIDATED, true);
    }

    public function clearExistingCookie(): void
    {
        $shop = $this->contextService->getShopContext()->getShop();
        $name = $this->getCsrfName();

        
$this->assertSame(
            'http://example.com/foo?_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D&baz=bay&foo=bar',
            $signer->sign('http://example.com/foo?foo=bar&baz=bay')
        );
        $this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
    }

    public function testCheckWithRequest()
    {
        $signer = new UriSigner('foobar');

        $this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo'))));
        $this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar'))));
        $this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar&0=integer'))));
    }

    public function testCheckWithDifferentParameter()
    {
        $signer = new UriSigner('foobar', 'qux');

        $this->assertSame(
            'http://example.com/foo?baz=bay&foo=bar&qux=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D',
            $signer->sign('http://example.com/foo?foo=bar&baz=bay')
        );
$request->query->remove('_path');
    }

    protected function validateRequest(Request $request): void
    {
        // is the Request safe?         if (!$request->isMethodSafe()) {
            throw new AccessDeniedHttpException();
        }

        // is the Request signed?         if ($this->signer->checkRequest($request)) {
            return;
        }

        throw new AccessDeniedHttpException();
    }

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::REQUEST => [['onKernelRequest', 48]],
        ];
    }
$request->query->remove('_path');
    }

    protected function validateRequest(Request $request): void
    {
        // is the Request safe?         if (!$request->isMethodSafe()) {
            throw new AccessDeniedHttpException();
        }

        // is the Request signed?         if ($this->signer->checkRequest($request)) {
            return;
        }

        throw new AccessDeniedHttpException();
    }

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::REQUEST => [['onKernelRequest', 48]],
        ];
    }
Home | Imprint | This part of the site doesn't use cookies.