CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
checkRequest example
/** * Apply access check service to the route and parameters in the request. * * @param \Symfony\Component\HttpFoundation\Request $request * The request to access check. */
protected function checkAccess(Request $request) {
// The cacheability (if any) of this request's access check result must be // applied to the response. $access_result = $this->accessManager->checkRequest($request, $this->account, TRUE);
// Allow a master request to set the access result for a subrequest: if an // access result attribute is already set, don't overwrite it. if (!$request->attributes->has(AccessAwareRouterInterface::ACCESS_RESULT)) {
$request->attributes->set(AccessAwareRouterInterface::ACCESS_RESULT, $access_result);
}
if (!$access_result->isAllowed()) {
if ($access_result instanceof CacheableDependencyInterface && $request->isMethodCacheable()) {
throw new CacheableAccessDeniedHttpException($access_result, $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : '');
}
else {
throw new AccessDeniedHttpException($access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : '');
}
if ($request->isPost() && $request->isXmlHttpRequest()) {
return;
}
// skip whitelisted actions if ($this->isWhitelisted($controller)) {
return;
}
if (!$this->checkRequest($request)) {
throw new CSRFTokenValidationException(sprintf('The provided X-CSRF-Token for path "%s" is invalid. Please go back, reload the page and try again.', $request->getRequestUri()));
}
// mark request as validated to avoid double validation $request->setAttribute(self::CSRF_WAS_VALIDATED, true);
}
public function clearExistingCookie(): void
{
$shop = $this->contextService->getShopContext()->getShop();
$name = $this->getCsrfName();
$this->assertSame(
'http://example.com/foo?_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D&baz=bay&foo=bar',
$signer->sign('http://example.com/foo?foo=bar&baz=bay')
);
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
}
public function testCheckWithRequest()
{
$signer = new UriSigner('foobar');
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo'))));
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar'))));
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar&0=integer'))));
}
public function testCheckWithDifferentParameter()
{
$signer = new UriSigner('foobar', 'qux');
$this->assertSame(
'http://example.com/foo?baz=bay&foo=bar&qux=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D',
$signer->sign('http://example.com/foo?foo=bar&baz=bay')
);
'http://example.com/foo?_hash=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D&baz=bay&foo=bar',
$signer->sign('http://example.com/foo?foo=bar&baz=bay')
);
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
}
public function testCheckWithRequest()
{
$signer = new UriSigner('foobar');
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo'))));
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar'))));
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar&0=integer'))));
}
public function testCheckWithDifferentParameter()
{
$signer = new UriSigner('foobar', 'qux');
$this->assertSame(
'http://example.com/foo?baz=bay&foo=bar&qux=rIOcC%2FF3DoEGo%2FvnESjSp7uU9zA9S%2F%2BOLhxgMexoPUM%3D',
$signer->sign('http://example.com/foo?foo=bar&baz=bay')
);
$request->query->remove('_path');
}
protected function validateRequest(Request $request): void
{
// is the Request safe? if (!$request->isMethodSafe()) {
throw new AccessDeniedHttpException();
}
// is the Request signed? if ($this->signer->checkRequest($request)) {
return;
}
throw new AccessDeniedHttpException();
}
public static function getSubscribedEvents(): array
{
return [
KernelEvents::REQUEST => [['onKernelRequest', 48]],
];
}
}
protected function validateRequest(Request $request): void
{
// is the Request safe? if (!$request->isMethodSafe()) {
throw new AccessDeniedHttpException();
}
// is the Request signed? if ($this->signer->checkRequest($request)) {
return;
}
throw new AccessDeniedHttpException();
}
public static function getSubscribedEvents(): array
{
return [
KernelEvents::REQUEST => [['onKernelRequest', 48]],
];
}
$request->query->remove('_path');
}
protected function validateRequest(Request $request): void
{
// is the Request safe? if (!$request->isMethodSafe()) {
throw new AccessDeniedHttpException();
}
// is the Request signed? if ($this->signer->checkRequest($request)) {
return;
}
throw new AccessDeniedHttpException();
}
public static function getSubscribedEvents(): array
{
return [
KernelEvents::REQUEST => [['onKernelRequest', 48]],
];
}
}
protected function validateRequest(Request $request): void
{
// is the Request safe? if (!$request->isMethodSafe()) {
throw new AccessDeniedHttpException();
}
// is the Request signed? if ($this->signer->checkRequest($request)) {
return;
}
throw new AccessDeniedHttpException();
}
public static function getSubscribedEvents(): array
{
return [
KernelEvents::REQUEST => [['onKernelRequest', 48]],
];
}