From 31d080a9b755faf500ad63f202465fec26dbc533 Mon Sep 17 00:00:00 2001 From: Gregwar Date: Tue, 4 Dec 2012 11:33:54 +0100 Subject: [PATCH] Fixing session key, removing valid_keys which was painful to transport the whitelist in the session (see #36) --- Controller/CaptchaController.php | 13 ++++++++++++- DependencyInjection/Configuration.php | 2 +- DependencyInjection/GregwarCaptchaExtension.php | 1 + Generator/CaptchaGenerator.php | 14 +++++++++++++- README.md | 7 ++----- Resources/config/services.yml | 3 ++- Type/CaptchaType.php | 14 +++++++++++--- 7 files changed, 42 insertions(+), 12 deletions(-) diff --git a/Controller/CaptchaController.php b/Controller/CaptchaController.php index 7684ac2..2d8e079 100644 --- a/Controller/CaptchaController.php +++ b/Controller/CaptchaController.php @@ -24,7 +24,18 @@ class CaptchaController extends Controller public function generateCaptchaAction(Request $request, $key) { $options = $this->container->getParameter('gregwar_captcha.config'); - if (!$options['as_url'] || !in_array($key, $options['valid_keys'])) { + $session = $this->get('session'); + $whitelistKey = $options['whitelist_key']; + $isOk = false; + + if ($options['as_url'] && $session->has($whitelistKey)) { + $keys = $session->get($whitelistKey); + if (is_array($keys) && in_array($key, $keys)) { + $isOk = true; + } + } + + if (!$isOk) { return $this->createNotFoundException('Unable to generate a captcha via a URL without the proper configuration.'); } diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 4cc0b36..7100f07 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -35,7 +35,7 @@ class Configuration implements ConfigurationInterface ->scalarNode('quality')->defaultValue(15)->end() ->scalarNode('invalid_message')->defaultValue('Bad code value')->end() ->scalarNode('bypass_code')->defaultValue(null)->end() - ->arrayNode('valid_keys')->defaultValue(array('captcha'))->prototype('scalar')->end() + ->scalarNode('whitelist_key')->defaultValue('captcha_whitelist_key')->end() ->end() ; diff --git a/DependencyInjection/GregwarCaptchaExtension.php b/DependencyInjection/GregwarCaptchaExtension.php index 7c49990..83f4ddb 100755 --- a/DependencyInjection/GregwarCaptchaExtension.php +++ b/DependencyInjection/GregwarCaptchaExtension.php @@ -31,6 +31,7 @@ class GregwarCaptchaExtension extends Extension $container->setParameter('gregwar_captcha.config.web_path', $config['web_path']); $container->setParameter('gregwar_captcha.config.gc_freq', $config['gc_freq']); $container->setParameter('gregwar_captcha.config.expiration', $config['expiration']); + $container->setParameter('gregwar_captcha.config.whitelist_key', $config['whitelist_key']); $resources = $container->getParameter('twig.form.resources'); $container->setParameter('twig.form.resources', array_merge(array('GregwarCaptchaBundle::captcha.html.twig'), $resources)); diff --git a/Generator/CaptchaGenerator.php b/Generator/CaptchaGenerator.php index d009b17..c39e581 100644 --- a/Generator/CaptchaGenerator.php +++ b/Generator/CaptchaGenerator.php @@ -16,6 +16,12 @@ class CaptchaGenerator */ protected $session; + /** + * Name of the whitelist key + * @var string + */ + protected $whitelistKey; + /** * @var \Symfony\Component\Routing\RouterInterface */ @@ -65,7 +71,7 @@ class CaptchaGenerator * @param int $gcFreq * @param int $expiration */ - public function __construct(SessionInterface $session, RouterInterface $router, $imageFolder, $webPath, $gcFreq, $expiration) + public function __construct(SessionInterface $session, RouterInterface $router, $imageFolder, $webPath, $gcFreq, $expiration, $whitelistKey) { $this->session = $session; $this->router = $router; @@ -73,6 +79,7 @@ class CaptchaGenerator $this->webPath = $webPath; $this->gcFreq = $gcFreq; $this->expiration = $expiration; + $this->whitelistKey = $whitelistKey; } /** @@ -96,6 +103,11 @@ class CaptchaGenerator // Returns the configured URL for image generation if ($options['as_url']) { + $keys = $this->session->get($this->whitelistKey, array()); + if (!in_array($key, $keys)) { + $keys[] = $key; + } + $this->session->set($this->whitelistKey, $keys); return $this->router->generate('gregwar_captcha.generate_captcha', array('key' => $key)); } diff --git a/README.md b/README.md index 01059bf..c8d11f7 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ You can define the following configuration options globally or on the CaptchaTyp * **as_url**: if set to true, a URL will be used in the image tag and will handle captcha generation. This can be used in a multiple-server environment and support IE6/7 (default=false) * **invalid_message**: error message displayed when an non-matching code is submitted (default="Bad code value") * **bypass_code**: code that will always validate the captcha (default=null) -* **valid_keys**: names that are able to be used for a captcha form type (default=[captcha]) +* **whitelist_key**: the session key to use for keep the session keys that can be used for captcha storage, when using as_url (default=captcha_whitelist_key) Example : @@ -167,10 +167,7 @@ This will use the bundle's route of "/generate-captcha/{key}" to handle the gene resource: "@GregwarCaptchaBundle/Resources/config/routing/routing.yml" prefix: /_gcb -If you are using multiple captchas or assigning names other than the default "captcha", you will need to whitelist your captcha names in the "valid_keys" configuration: - - gregwar_captcha: - valid_keys: [registration_captcha, confirmation_captcha] +Since the session key is transported in the URL, it's also added in another session array, under the `whitelist_key` key, for security reasons Form Theming ============ diff --git a/Resources/config/services.yml b/Resources/config/services.yml index dfb9fc0..b21bdb8 100755 --- a/Resources/config/services.yml +++ b/Resources/config/services.yml @@ -18,4 +18,5 @@ services: - %gregwar_captcha.config.image_folder% - %gregwar_captcha.config.web_path% - %gregwar_captcha.config.gc_freq% - - %gregwar_captcha.config.expiration% \ No newline at end of file + - %gregwar_captcha.config.expiration% + - %gregwar_captcha.config.whitelist_key% diff --git a/Type/CaptchaType.php b/Type/CaptchaType.php index 9c91951..00c48a6 100644 --- a/Type/CaptchaType.php +++ b/Type/CaptchaType.php @@ -25,6 +25,12 @@ class CaptchaType extends AbstractType */ protected $session; + /** + * The session key + * @var string + */ + protected $key = null; + /** * @var \Gregwar\CaptchaBundle\Generator\CaptchaGenerator */ @@ -54,9 +60,11 @@ class CaptchaType extends AbstractType */ public function buildForm(FormBuilderInterface $builder, array $options) { + $this->key = 'gcb_'.$builder->getForm()->getName(); + $validator = new CaptchaValidator( $this->session, - $builder->getForm()->getName(), + $this->key, $options['invalid_message'], $options['bypass_code'] ); @@ -74,7 +82,7 @@ class CaptchaType extends AbstractType $view->vars = array_merge($view->vars, array( 'captcha_width' => $options['width'], 'captcha_height' => $options['height'], - 'captcha_code' => $this->generator->getCaptchaCode($form->getName(), $options), + 'captcha_code' => $this->generator->getCaptchaCode($this->key, $options), 'value' => '', )); } @@ -103,4 +111,4 @@ class CaptchaType extends AbstractType { return 'captcha'; } -} \ No newline at end of file +}