srcf

2025-09-17 14:36:05 +02:00
parent b7b07e5abf
commit 91022d2037
11 changed files with 31 additions and 32 deletions
--- a/composer.json
+++ b/composer.json
@@ -40,6 +40,7 @@
        "symfony/property-info": "^7.2",
        "symfony/runtime": "^7.2",
        "symfony/security-bundle": "^7.2",
        "symfony/security-csrf": "^7.2",
        "symfony/serializer": "^7.2",
        "symfony/stimulus-bundle": "^2.21",
        "symfony/string": "^7.2",
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "67e324518270930150d990299cd0b613",
+    "content-hash": "31c3ee9a06365c5a9df6f2ed45712eb3",
    "packages": [
        {
            "name": "apereo/phpcas",
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -1,10 +1,14 @@
 # see https://symfony.com/doc/current/reference/configuration/framework.html
 framework:
    secret: '%env(APP_SECRET)%'
-    #csrf_protection: true
+    csrf_protection: true
    # Note that the session will be started ONLY if you read or write from it.
-    session: true
+    session:
        enabled: true
        handler_id: null
        cookie_secure: auto
    #esi: true
    #fragments: true
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -23,6 +23,8 @@ security:
        login_path: app_login
        check_path: app_login
        enable_csrf: true
        csrf_token_id: authenticate
        csrf_parameter: _csrf_token
        default_target_path: /
      logout:
        path: app_logout
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -2,18 +2,17 @@
 namespace App\Controller;
 use App\Entity\Project;
 use App\Entity\User;
 use App\Form\UserType;
 use App\Repository\UserRepository;
 use Doctrine\ORM\EntityManagerInterface;
 use Ramsey\Uuid\Uuid;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Attribute\Route;
 use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
 class UserController extends AbstractController
 {
@@ -127,8 +126,11 @@ class UserController extends AbstractController
    }
    #[Route('/user', name: 'app_user_profil')]
-    public function profil(Request $request, UserPasswordHasherInterface $passwordHasher, EntityManagerInterface $em): Response
+    public function profil(CsrfTokenManagerInterface $csrfTokenManager, Request $request, UserPasswordHasherInterface $passwordHasher, EntityManagerInterface $em): Response
    {
        $token = $csrfTokenManager->getToken('user')->getValue();
        dump($token);
        $user = $em->getRepository(User::class)->find($this->getUser());
        if (!$user) {
            return $this->redirectToRoute('app_home');
@@ -162,30 +164,4 @@ class UserController extends AbstractController
            'form' => $form,
        ]);
    }
    #[Route('/user/selectproject', name: 'app_user_selectproject')]
    public function selectproject(Request $request, EntityManagerInterface $em): JsonResponse
    {
        $id = $request->get('id');
        $project = $em->getRepository(Project::class)->find($id);
        if (!$project) {
            return new JsonResponse(['status' => 'KO', 'message' => 'ID non fourni'], Response::HTTP_NOT_FOUND);
        }
        $user = $this->getUser();
        if (!$user instanceof User) {
            throw new \LogicException('L\'utilisateur actuel n\'est pas une instance de App\Entity\User.');
        }
        $projects = $user->getProjects();
        if (!$projects->contains($project)) {
            return new JsonResponse(['status' => 'KO', 'message' => 'Projet non autorisée'], Response::HTTP_FORBIDDEN);
        }
        $user->setProject($project);
        $em->flush();
        return new JsonResponse(['status' => 'OK', 'message' => 'Projet selectionnée'], Response::HTTP_OK);
    }
 }
--- a/src/Form/GroupType.php
+++ b/src/Form/GroupType.php
@@ -61,6 +61,9 @@ class GroupType extends AbstractType
    {
        $resolver->setDefaults([
            'data_class' => Group::class,
            'csrf_protection' => true,
            'csrf_field_name' => '_token',
            'csrf_token_id' => static::class,
            'mode' => 'submit',
        ]);
    }
--- a/src/Form/OptionType.php
+++ b/src/Form/OptionType.php
@@ -39,6 +39,9 @@ class OptionType extends AbstractType
    {
        $resolver->setDefaults([
            'data_class' => ProjectOption::class,
            'csrf_protection' => true,
            'csrf_field_name' => '_token',
            'csrf_token_id' => static::class,
            'mode' => 'submit',
        ]);
    }
--- a/src/Form/ProjectType.php
+++ b/src/Form/ProjectType.php
@@ -71,6 +71,9 @@ class ProjectType extends AbstractType
    {
        $resolver->setDefaults([
            'data_class' => Project::class,
            'csrf_protection' => true,
            'csrf_field_name' => '_token',
            'csrf_token_id' => static::class,
            'mode' => 'submit',
        ]);
    }
--- a/src/Form/ProjectVotedType.php
+++ b/src/Form/ProjectVotedType.php
@@ -54,6 +54,9 @@ class ProjectVotedType extends AbstractType
    {
        $resolver->setDefaults([
            'data_class' => Project::class,
            'csrf_protection' => true,
            'csrf_field_name' => '_token',
            'csrf_token_id' => static::class,
            'mode' => 'submit',
        ]);
    }
--- a/src/Form/UserType.php
+++ b/src/Form/UserType.php
@@ -81,6 +81,9 @@ class UserType extends AbstractType
    {
        $resolver->setDefaults([
            'data_class' => User::class,
            'csrf_protection' => true,
            'csrf_field_name' => '_token',
            'csrf_token_id' => static::class,
            'mode' => 'submit',
            'modeAuth' => 'SQL',
        ]);
--- a/templates/user/edit.html.twig
+++ b/templates/user/edit.html.twig
@@ -7,6 +7,7 @@
    {{ form_start(form) }}
        {{ form_widget(form.submit) }}
        <a href="{{ path(routecancel) }}" class="btn btn-secondary ms-1">Annuler</a>
        {%if mode=="update" %}<a href="{{ path(routedelete,{id:form.vars.value.id}) }}" class="btn btn-danger float-end" onclick="return confirm('Confirmez-vous la suppression de cet enregistrement ?')">Supprimer</a>{%endif%}