hasInvalidToken example

// If this form has completed validation, do not validate again.     if ($form_state->isValidationComplete()) {
      return;
    }

    // If the session token was set by self::prepareForm(), ensure that it     // matches the current user's session. This is duplicate to code in     // FormBuilder::doBuildForm() but left to protect any custom form handling     // code.     if (isset($form['#token'])) {
      if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token']) || $form_state->hasInvalidToken()) {
        $this->setInvalidTokenError($form_state);

        // Stop here and don't run any further validation handlers, because they         // could invoke non-safe operations which opens the door for CSRF         // vulnerabilities.         $this->finalizeValidation($form, $form_state, $form_id);
        return;
      }
    }

    // Recursively validate each form element.

        if (!$input_exists && !$form_state->isRebuilding() && !$form_state->isProgrammed()) {
          // Add the necessary parent keys to FormState::$input and sets the           // element's input value to NULL.           NestedArray::setValue($form_state->getUserInput(), $element['#parents'], NULL);
          $input_exists = TRUE;
        }
        // If we have input for the current element, assign it to the #value         // property, optionally filtered through $value_callback.         if ($input_exists) {
          // Skip all value callbacks except safe ones like text if the CSRF           // token was invalid.           if (!$form_state->hasInvalidToken() || $this->valueCallableIsSafe($value_callable)) {
            $element['#value'] = call_user_func_array($value_callable, [&$element, $input, &$form_state]);
          }
          else {
            $input = NULL;
          }

          if (!isset($element['#value']) && isset($input)) {
            $element['#value'] = $input;
          }
        }
        // Mark all posted values for validation.

->shouldBeCalled();

    $this->assertSame($this->formStateDecoratorBase, $this->formStateDecoratorBase->setInvalidToken($expected));
  }

  /** * @covers ::hasInvalidToken * * @dataProvider providerSingleBooleanArgument */
  public function testHasInvalidToken($expected) {
    $this->decoratedFormState->hasInvalidToken()
      ->willReturn($expected)
      ->shouldBeCalled();

    $this->assertSame($expected, $this->formStateDecoratorBase->hasInvalidToken());
  }

  /** * @covers ::prepareCallback * * @dataProvider providerPrepareCallback */
  

  public function setInvalidToken($invalid_token) {
    $this->decoratedFormState->setInvalidToken($invalid_token);

    return $this;
  }

  /** * {@inheritdoc} */
  public function hasInvalidToken() {
    return $this->decoratedFormState->hasInvalidToken();
  }

  /** * {@inheritdoc} */
  public function prepareCallback($callback) {
    return $this->decoratedFormState->prepareCallback($callback);
  }

  /** * {@inheritdoc} */

// Set up some request data so we can be sure it is removed when a token is     // invalid.     $this->request->request->set('foo', 'bar');
    $_POST['foo'] = 'bar';

    $form_state = new FormState();
    $input['form_id'] = $form_id;
    $input['form_token'] = $form_token;
    $input['test'] = 'example-value';
    $form_state->setUserInput($input);
    $form = $this->simulateFormSubmission($form_id, $form_arg, $form_state, FALSE);
    $this->assertSame($expected, $form_state->hasInvalidToken());
    if ($expected) {
      $this->assertEmpty($form['test']['#value']);
      $this->assertEmpty($form_state->getValue('test'));
      $this->assertEmpty($_POST);
      $this->assertEmpty(iterator_to_array($this->request->request->getIterator()));
    }
    else {
      $this->assertEquals('example-value', $form['test']['#value']);
      $this->assertEquals('example-value', $form_state->getValue('test'));
      $this->assertEquals('bar', $_POST['foo']);
      $this->assertEquals('bar', $this->request->request->get('foo'));
    }