From 23c0fae36fb8159bcf8b95bae98555201146457e Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Mon, 3 Sep 2018 15:33:13 +0100
Subject: Added csrf middleware

---
 src/Renderer/Twig/Extensions/Csrf.php | 48 +++++++++++++++++++++++++++++++++++
 src/Renderer/TwigServiceProvider.php  |  4 ++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 src/Renderer/Twig/Extensions/Csrf.php

(limited to 'src/Renderer')

diff --git a/src/Renderer/Twig/Extensions/Csrf.php b/src/Renderer/Twig/Extensions/Csrf.php
new file mode 100644
index 00000000..9f77df80
--- /dev/null
+++ b/src/Renderer/Twig/Extensions/Csrf.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Engelsystem\Renderer\Twig\Extensions;
+
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Twig_Extension as TwigExtension;
+use Twig_Function as TwigFunction;
+
+class Csrf extends TwigExtension
+{
+    /** @var SessionInterface */
+    protected $session;
+
+    /**
+     * @param SessionInterface $session
+     */
+    public function __construct(SessionInterface $session)
+    {
+        $this->session = $session;
+    }
+
+    /**
+     * @return TwigFunction[]
+     */
+    public function getFunctions()
+    {
+        return [
+            new TwigFunction('csrf', [$this, 'getCsrfField'], ['is_safe' => ['html']]),
+            new TwigFunction('csrf_token', [$this, 'getCsrfToken']),
+        ];
+    }
+
+    /**
+     * @return string
+     */
+    public function getCsrfField()
+    {
+        return sprintf('<input type="hidden" name="_token" value="%s">', $this->getCsrfToken());
+    }
+
+    /**
+     * @return string
+     */
+    public function getCsrfToken()
+    {
+        return $this->session->get('_token');
+    }
+}
diff --git a/src/Renderer/TwigServiceProvider.php b/src/Renderer/TwigServiceProvider.php
index 49a0eb90..57ebe9e5 100644
--- a/src/Renderer/TwigServiceProvider.php
+++ b/src/Renderer/TwigServiceProvider.php
@@ -4,9 +4,10 @@ namespace Engelsystem\Renderer;
 
 use Engelsystem\Config\Config as EngelsystemConfig;
 use Engelsystem\Container\ServiceProvider;
-use Engelsystem\Renderer\Twig\Extensions\Authentication;
 use Engelsystem\Renderer\Twig\Extensions\Assets;
+use Engelsystem\Renderer\Twig\Extensions\Authentication;
 use Engelsystem\Renderer\Twig\Extensions\Config;
+use Engelsystem\Renderer\Twig\Extensions\Csrf;
 use Engelsystem\Renderer\Twig\Extensions\Globals;
 use Engelsystem\Renderer\Twig\Extensions\Legacy;
 use Engelsystem\Renderer\Twig\Extensions\Session;
@@ -23,6 +24,7 @@ class TwigServiceProvider extends ServiceProvider
         'assets'         => Assets::class,
         'authentication' => Authentication::class,
         'config'         => Config::class,
+        'csrf'           => Csrf::class,
         'globals'        => Globals::class,
         'session'        => Session::class,
         'legacy'         => Legacy::class,
-- 
cgit v1.2.3-54-g00ecf