Fixing session key, removing valid_keys which was painful to transport
the whitelist in the session (see #36)
This commit is contained in:
parent
39532390e1
commit
31d080a9b7
|
@ -24,7 +24,18 @@ class CaptchaController extends Controller
|
|||
public function generateCaptchaAction(Request $request, $key)
|
||||
{
|
||||
$options = $this->container->getParameter('gregwar_captcha.config');
|
||||
if (!$options['as_url'] || !in_array($key, $options['valid_keys'])) {
|
||||
$session = $this->get('session');
|
||||
$whitelistKey = $options['whitelist_key'];
|
||||
$isOk = false;
|
||||
|
||||
if ($options['as_url'] && $session->has($whitelistKey)) {
|
||||
$keys = $session->get($whitelistKey);
|
||||
if (is_array($keys) && in_array($key, $keys)) {
|
||||
$isOk = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$isOk) {
|
||||
return $this->createNotFoundException('Unable to generate a captcha via a URL without the proper configuration.');
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ class Configuration implements ConfigurationInterface
|
|||
->scalarNode('quality')->defaultValue(15)->end()
|
||||
->scalarNode('invalid_message')->defaultValue('Bad code value')->end()
|
||||
->scalarNode('bypass_code')->defaultValue(null)->end()
|
||||
->arrayNode('valid_keys')->defaultValue(array('captcha'))->prototype('scalar')->end()
|
||||
->scalarNode('whitelist_key')->defaultValue('captcha_whitelist_key')->end()
|
||||
->end()
|
||||
;
|
||||
|
||||
|
|
|
@ -31,6 +31,7 @@ class GregwarCaptchaExtension extends Extension
|
|||
$container->setParameter('gregwar_captcha.config.web_path', $config['web_path']);
|
||||
$container->setParameter('gregwar_captcha.config.gc_freq', $config['gc_freq']);
|
||||
$container->setParameter('gregwar_captcha.config.expiration', $config['expiration']);
|
||||
$container->setParameter('gregwar_captcha.config.whitelist_key', $config['whitelist_key']);
|
||||
|
||||
$resources = $container->getParameter('twig.form.resources');
|
||||
$container->setParameter('twig.form.resources', array_merge(array('GregwarCaptchaBundle::captcha.html.twig'), $resources));
|
||||
|
|
|
@ -16,6 +16,12 @@ class CaptchaGenerator
|
|||
*/
|
||||
protected $session;
|
||||
|
||||
/**
|
||||
* Name of the whitelist key
|
||||
* @var string
|
||||
*/
|
||||
protected $whitelistKey;
|
||||
|
||||
/**
|
||||
* @var \Symfony\Component\Routing\RouterInterface
|
||||
*/
|
||||
|
@ -65,7 +71,7 @@ class CaptchaGenerator
|
|||
* @param int $gcFreq
|
||||
* @param int $expiration
|
||||
*/
|
||||
public function __construct(SessionInterface $session, RouterInterface $router, $imageFolder, $webPath, $gcFreq, $expiration)
|
||||
public function __construct(SessionInterface $session, RouterInterface $router, $imageFolder, $webPath, $gcFreq, $expiration, $whitelistKey)
|
||||
{
|
||||
$this->session = $session;
|
||||
$this->router = $router;
|
||||
|
@ -73,6 +79,7 @@ class CaptchaGenerator
|
|||
$this->webPath = $webPath;
|
||||
$this->gcFreq = $gcFreq;
|
||||
$this->expiration = $expiration;
|
||||
$this->whitelistKey = $whitelistKey;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -96,6 +103,11 @@ class CaptchaGenerator
|
|||
|
||||
// Returns the configured URL for image generation
|
||||
if ($options['as_url']) {
|
||||
$keys = $this->session->get($this->whitelistKey, array());
|
||||
if (!in_array($key, $keys)) {
|
||||
$keys[] = $key;
|
||||
}
|
||||
$this->session->set($this->whitelistKey, $keys);
|
||||
return $this->router->generate('gregwar_captcha.generate_captcha', array('key' => $key));
|
||||
}
|
||||
|
||||
|
|
|
@ -132,7 +132,7 @@ You can define the following configuration options globally or on the CaptchaTyp
|
|||
* **as_url**: if set to true, a URL will be used in the image tag and will handle captcha generation. This can be used in a multiple-server environment and support IE6/7 (default=false)
|
||||
* **invalid_message**: error message displayed when an non-matching code is submitted (default="Bad code value")
|
||||
* **bypass_code**: code that will always validate the captcha (default=null)
|
||||
* **valid_keys**: names that are able to be used for a captcha form type (default=[captcha])
|
||||
* **whitelist_key**: the session key to use for keep the session keys that can be used for captcha storage, when using as_url (default=captcha_whitelist_key)
|
||||
|
||||
Example :
|
||||
|
||||
|
@ -167,10 +167,7 @@ This will use the bundle's route of "/generate-captcha/{key}" to handle the gene
|
|||
resource: "@GregwarCaptchaBundle/Resources/config/routing/routing.yml"
|
||||
prefix: /_gcb
|
||||
|
||||
If you are using multiple captchas or assigning names other than the default "captcha", you will need to whitelist your captcha names in the "valid_keys" configuration:
|
||||
|
||||
gregwar_captcha:
|
||||
valid_keys: [registration_captcha, confirmation_captcha]
|
||||
Since the session key is transported in the URL, it's also added in another session array, under the `whitelist_key` key, for security reasons
|
||||
|
||||
Form Theming
|
||||
============
|
||||
|
|
|
@ -18,4 +18,5 @@ services:
|
|||
- %gregwar_captcha.config.image_folder%
|
||||
- %gregwar_captcha.config.web_path%
|
||||
- %gregwar_captcha.config.gc_freq%
|
||||
- %gregwar_captcha.config.expiration%
|
||||
- %gregwar_captcha.config.expiration%
|
||||
- %gregwar_captcha.config.whitelist_key%
|
||||
|
|
|
@ -25,6 +25,12 @@ class CaptchaType extends AbstractType
|
|||
*/
|
||||
protected $session;
|
||||
|
||||
/**
|
||||
* The session key
|
||||
* @var string
|
||||
*/
|
||||
protected $key = null;
|
||||
|
||||
/**
|
||||
* @var \Gregwar\CaptchaBundle\Generator\CaptchaGenerator
|
||||
*/
|
||||
|
@ -54,9 +60,11 @@ class CaptchaType extends AbstractType
|
|||
*/
|
||||
public function buildForm(FormBuilderInterface $builder, array $options)
|
||||
{
|
||||
$this->key = 'gcb_'.$builder->getForm()->getName();
|
||||
|
||||
$validator = new CaptchaValidator(
|
||||
$this->session,
|
||||
$builder->getForm()->getName(),
|
||||
$this->key,
|
||||
$options['invalid_message'],
|
||||
$options['bypass_code']
|
||||
);
|
||||
|
@ -74,7 +82,7 @@ class CaptchaType extends AbstractType
|
|||
$view->vars = array_merge($view->vars, array(
|
||||
'captcha_width' => $options['width'],
|
||||
'captcha_height' => $options['height'],
|
||||
'captcha_code' => $this->generator->getCaptchaCode($form->getName(), $options),
|
||||
'captcha_code' => $this->generator->getCaptchaCode($this->key, $options),
|
||||
'value' => '',
|
||||
));
|
||||
}
|
||||
|
@ -103,4 +111,4 @@ class CaptchaType extends AbstractType
|
|||
{
|
||||
return 'captcha';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue