PHP Class eZ\Bundle\EzPublishRestBundle\EventListener\CsrfListener

Inheritance: implements Symfony\Component\EventDispatcher\EventSubscriberInterface
Mostrar archivo Open project: ezsystems/ezpublish-kernel

Public Methods

Method Description
__construct ( Symfony\Component\EventDispatcher\EventDispatcherInterface $eventDispatcher, boolean $csrfEnabled, string $csrfTokenIntention, Symfony\Component\Security\Csrf\CsrfTokenManagerInterface $csrfTokenManager = null ) Note that CSRF provider needs to be optional as it will not be available when CSRF protection is disabled.
getSubscribedEvents ( ) : array
onKernelRequest ( GetResponseEvent $event ) This method validates CSRF token if CSRF protection is enabled.

Protected Methods

Method Description
checkCsrfToken ( Request $request ) : boolean Checks the validity of the request's csrf token header.
isLoginRequest ( string $route ) : boolean
isMethodSafe ( string $method ) : boolean
isSessionRoute ( string $route ) : boolean Tests if a given $route is a session management one.

Method Details

__construct() public method

Note that CSRF provider needs to be optional as it will not be available when CSRF protection is disabled.
public __construct ( Symfony\Component\EventDispatcher\EventDispatcherInterface $eventDispatcher, boolean $csrfEnabled, string $csrfTokenIntention, Symfony\Component\Security\Csrf\CsrfTokenManagerInterface $csrfTokenManager = null )
$eventDispatcher Symfony\Component\EventDispatcher\EventDispatcherInterface
$csrfEnabled boolean
$csrfTokenIntention string
$csrfTokenManager Symfony\Component\Security\Csrf\CsrfTokenManagerInterface

checkCsrfToken() protected method

Checks the validity of the request's csrf token header.
protected checkCsrfToken ( Request $request ) : boolean
$request Symfony\Component\HttpFoundation\Request
return boolean true/false if the token is valid/invalid, false if none was found in the request's headers.

getSubscribedEvents() public static method

public static getSubscribedEvents ( ) : array
return array

isLoginRequest() protected method

Deprecation: Deprecated since 6.5. Use isSessionRoute() instead.
protected isLoginRequest ( string $route ) : boolean
$route string
return boolean

isMethodSafe() protected method

protected isMethodSafe ( string $method ) : boolean
$method string
return boolean

isSessionRoute() protected method

Tests if a given $route is a session management one.
protected isSessionRoute ( string $route ) : boolean
$route string
return boolean

onKernelRequest() public method

This method validates CSRF token if CSRF protection is enabled.
public onKernelRequest ( GetResponseEvent $event )
$event Symfony\Component\HttpKernel\Event\GetResponseEvent