Skip to content

Commit

Permalink
fixed use of _token in csrf protection & updated README
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlossg00
carlossg00 committed Jun 28, 2011
1 parent ebbe342 commit fc3e648
Show file tree
Hide file tree
Showing 10 changed files with 57 additions and 60 deletions.
2 changes: 1 addition & 1 deletion Controller/CategoryController.php
View file
Expand Up @@ -32,7 +32,7 @@ public function showAction($slug)


$adapter = $this->get('knplabs_paginator.adapter');
$adapter->setQuery($this->repository->getActiveJobsByCategoryQuery($category));
$adapter->setQuery($repository->getActiveJobsByCategoryQuery($category));
$adapter->setDistinct(true);

$jobs = new Paginator($adapter);
Expand Down
24 changes: 13 additions & 11 deletions Controller/JobController.php
View file
Expand Up @@ -77,7 +77,8 @@ public function showTokenizedAction($token)
}
return $this->render('Jobeet2Bundle:Job:show.html.twig',
array('job'=>$job,
'active_days' => $this->active_days));
'active_days' => $this->container->getParameter('jobeet2.active_days')
));

}

Expand Down Expand Up @@ -111,7 +112,7 @@ public function deleteAction($token)

/**
* @Route("/create", name="_job_create")
* @Route("{id}/edit", name="_job_edit")
* @Route("{token}/edit", name="_job_edit")
*/


Expand All @@ -131,18 +132,17 @@ public function editAction($token = null)
$job = new Job();
}

$form = $this->createForm(new JobType($this->em),$job);

if ($this->getRequest()->getMethod() == 'POST') {

$form->bindRequest($this->getRequest());
$form = $this->createForm(new JobType(),$job);
$request = $this->get('request');

if ($request->getMethod() == 'POST') {
$form->bindRequest($request);
if ($form->isValid()) {
$em->persist($job);
$em->flush();

return $this->redirect($this->generateUrl('_job_show_tokenized'
,array('token'=>$job->get_Token())
,array('token'=>$job->getToken())
));
}
}
Expand Down Expand Up @@ -172,11 +172,13 @@ public function publishAction($token)
$em->persist($job);
$em->flush();

$this->get('session')->setFlash('notice', "Your job is now online for $this->active_days days");
$active_days = $this->container->getParameter('jobeet2.active_days');
$this->get('session')->setFlash('notice',
"Your job is now online for $active_days days");


return $this->redirect($this->generateUrl('_job_show_tokenized'
,array('token'=>$job->get_Token())
,array('token'=>$job->getToken())
));
}

Expand All @@ -203,7 +205,7 @@ public function extendAction($token)
$em->flush();

return $this->redirect($this->generateUrl('_job_show_tokenized'
,array('token'=>$job->get_Token())
,array('token'=>$job->getToken())
));

}
Expand Down
14 changes: 7 additions & 7 deletions Entity/Job.php
View file
Expand Up @@ -82,7 +82,7 @@ class Job
* @var string $token
* @ORM\Column(type="string", length=255, nullable=true)
*/
private $_token;
private $token;

/**
* @var boolean $is_public
Expand Down Expand Up @@ -327,19 +327,19 @@ public function getHowToApply()
*
* @param string $token
*/
public function set_Token($token)
public function setToken($token)
{
$this->_token = $token;
$this->token = $token;
}

/**
* Get token
*
* @return string $token
*/
public function get_Token()
public function getToken()
{
return $this->_token;
return $this->token;
}

/**
Expand Down Expand Up @@ -561,9 +561,9 @@ public function touchCreated()
}

//set token if not
if (!isset($this->_token))
if (!isset($this->token))
{
$this->set_Token(sha1($this->getEmail().rand(11111,99999)));
$this->setToken(sha1($this->getEmail().rand(11111,99999)));
}
}

Expand Down
2 changes: 1 addition & 1 deletion Entity/JobRepository.php
View file
Expand Up @@ -21,7 +21,7 @@ public function findOneBySlug($slug)

public function findOneByToken($token)
{
return $this->findOneBy(array('_token' => $token));
return $this->findOneBy(array('token' => $token));
}

/**
Expand Down
11 changes: 2 additions & 9 deletions Form/JobType.php
View file
Expand Up @@ -14,12 +14,6 @@

class JobType extends AbstractType
{
protected $em;

public function __construct(EntityManager $em)
{
$this->em = $em;
}
public function buildForm(FormBuilder $builder, array $options)
{
$builder->add('category','entity',array('class' => 'Application\Jobeet2Bundle\Entity\Category'));
Expand All @@ -40,15 +34,14 @@ public function buildForm(FormBuilder $builder, array $options)
$builder->add('how_to_apply','textarea',array('label' => 'How to apply?'));
$builder->add('is_public','checkbox',array('required'=>false,'label' => 'Public?'));
$builder->add('email','text');
$builder->add('_token');
}

public function getDefaultOptions(array $options)
{
return array(
'data_class' => 'Application\Jobeet2Bundle\Entity\Job',
'csrf_protection' => true,
'csrf_field_name' => '_token',
//'csrf_protection' => true,
//'csrf_field_name' => '_token',
);
}
}
49 changes: 25 additions & 24 deletions README.md
View file
Expand Up @@ -4,6 +4,8 @@ Jobeet2Bundle is the well known day by day tutorial for symfony 1.4 ported to Sy

## Installation

Jobeet2Bundle is mantained to be installed with the latest symfony-standard version (at this time RC3)

### clone repository

git clone git://github.com/carlossg00/Jobeet2Bundle.git src/Application/Jobeet2Bundle
Expand Down Expand Up @@ -31,18 +33,29 @@ Jobeet2Bundle is the well known day by day tutorial for symfony 1.4 ported to Sy
'Application' => __DIR__.'/../src',
));

### Add a reference to the routes in app/config/routing.yml
### Add the following routes to your global routing file (app/config/routing.yml or app/config/routing_dev.yml)

_jobeet:
resource: "@Jobeet2Bundle/Controller/Jobeet2Controller.php"
type: annotation
prefix: /jobeet

_job:
resource: "@Jobeet2Bundle/Resources/config/routing.yml"
resource: "@Jobeet2Bundle/Controller/JobController.php"
type: annotation
prefix: /job

_category:
resource: "@Jobeet2Bundle/Controller/CategoryController.php"
type: annotation
prefix: /category


### Dependencies

- [SensioFrameworkExtraBundle](http://github.com/sensio/FrameworkExtraBundle/) <-NOT USED RIGHT NOW
- [PaginatorBundle](http://github.com/knplabs/PaginatorBundle/)
Jobeet2Bundle uses:

- [PaginatorBundle](http://github.com/knplabs/PaginatorBundle/) <<-- needs Zend (see KnplabsPaginator readme)

### Install assets

Expand All @@ -51,7 +64,9 @@ Jobeet2Bundle is the well known day by day tutorial for symfony 1.4 ported to Sy

### Build the database

Modify config.yml to your doctrine configuration
In SE modify parameters.ini to your database settings

You can set them manually in config.yml

## Doctrine Configuration
doctrine:
Expand All @@ -64,21 +79,7 @@ Jobeet2Bundle is the well known day by day tutorial for symfony 1.4 ported to Sy
auto_generate_proxy_classes: %kernel.debug%
mappings:
Jobeet2Bundle: ~

Modify Resources/orm.xml to your connection
if multiple connections

<services>
<!-- Object Manager Service -->
<service id="jobeet2.object_manager" alias="doctrine.orm.myConnection_entity_manager" />
</services>

or default connection if only one

<services>
<!-- Object Manager Service -->
<service id="jobeet2.object_manager" alias="doctrine.orm.default_entity_manager" />
</services>


create the database schema running the following commands

Expand All @@ -87,16 +88,16 @@ Jobeet2Bundle is the well known day by day tutorial for symfony 1.4 ported to Sy

Load data fixtures

php app/console doctrine:data:load
php app/console doctrine:fixtures:load


### Try the application

Make sure the web folder is document root and visit the site:

http://jobeet2/app_dev.php/job
http://jobeet2/app_dev.php/jobeet
or
http://localhost/web/app_dev.php/job
http://localhost/web/app_dev.php/jobeet

## Configuration

Expand Down
10 changes: 5 additions & 5 deletions Resources/views/Admin/_admin.html.twig
View file
Expand Up @@ -4,23 +4,23 @@
<h3>Admin</h3>
<ul>
{% if not(job.isActivated) %}
<li><a href="{{ path('edit', {'token': job._token}) }}">Edit</a></li>
<li><a href="{{ path('publish', {'token': job._token}) }}">Publish</a></li>
<li><a href="{{ path('_job_edit', {'token': job.token}) }}">Edit</a></li>
<li><a href="{{ path('_job_publish', {'token': job.token}) }}">Publish</a></li>
{% endif %}
<li><a href="{{ path('delete', {'token' : job._token }) }}">Delete</a></li>
<li><a href="{{ path('_job_delete', {'token' : job.token }) }}">Delete</a></li>
{% if job.isActivated %}
<li class='expires_soon'>
{% if job.isExpired() %} Expired
{% else %} Expires in <strong>{{ job.getDaysBeforeExpires() }}</strong> days
{% endif %}

{% if job.expiresSoon() %}
- <a href="{{ path('extend', {'token' : job._token}) }}">Extend</a> for another {{ active_days }} days
- <a href="{{ path('_job_extend', {'token' : job.token}) }}">Extend</a> for another {{ active_days }} days
{% endif %}
</li>
{% else %}
<li>
[Bookmark this page <a href="{{ path('tokenized_show',{'token':job._token}) }}">URL</a>
[Bookmark this page <a href="{{ path('_job_show_tokenized',{'token':job.token}) }}">URL</a>
to manage this job in the future.]
</li>
{% endif %}
Expand Down
2 changes: 1 addition & 1 deletion Resources/views/Form/fields.html.twig
View file
@@ -1,5 +1,5 @@
{# src/Application/Jobeet2Bundle/Resources/views/Form/fields.html.twig #}
{% extends 'TwigBundle:Form:div_layout.html.twig' %}
{% extends 'form_div_layout.html.twig' %}

{% block field_row %}
<tr>
Expand Down
1 change: 1 addition & 0 deletions Resources/views/Job/_form.html.twig
View file
Expand Up @@ -24,5 +24,6 @@
{{form_row(form.is_public) }}
{{form_row(form.email , { 'help' : 'email' }) }}
</tbody>
{{form_rest(form)}}
</table>
</form>
2 changes: 1 addition & 1 deletion Resources/views/Job/show.html.twig
View file
Expand Up @@ -8,7 +8,7 @@
{% endblock %}

{% block content %}
{% if app.request.attributes.get('token') == job._token %}
{% if app.request.attributes.get('token') == job.token %}
{% include 'Jobeet2Bundle:Admin:_admin.html.twig' with {'job': job} %}
{% endif %}
<div id="job">
Expand Down

0 comments on commit fc3e648

Please sign in to comment.