When a CSRF occures on a Form submit add a cause on the FormError object

gmponos · gmponos · commit e54e94c7fe8c · 2018-10-01T10:22:20.000+03:00
diff --git a/src/Symfony/Component/Form/CHANGELOG.md b/src/Symfony/Component/Form/CHANGELOG.md
@@ -7,6 +7,7 @@ CHANGELOG
  * deprecated the `$scale` argument of the `IntegerToLocalizedStringTransformer`
  * added `Symfony\Component\Form\ClearableErrorsInterface`
  * deprecated calling `FormRenderer::searchAndRenderBlock` for fields which were already rendered
+ * added a cause when a CSRF error has occurred
  * deprecated the `scale` option of the `IntegerType`
 
 4.1.0
diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
@@ -59,14 +59,15 @@ public function preSubmit(FormEvent $event)
         if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
             $data = $event->getData();
 
-            if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
+            $csrfToken = new CsrfToken($this->tokenId, $data[$this->fieldName] ?? null);
+            if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid($csrfToken)) {
                 $errorMessage = $this->errorMessage;
 
                 if (null !== $this->translator) {
                     $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain);
                 }
 
-                $form->addError(new FormError($errorMessage));
+                $form->addError(new FormError($errorMessage, $errorMessage, array(), null, $csrfToken));
             }
 
             if (\is_array($data)) {
diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
@@ -365,9 +365,10 @@ public function testNoCsrfProtectionOnPrototype()
 
     public function testsTranslateCustomErrorMessage()
     {
+        $csrfToken = new CsrfToken('TOKEN_ID', 'token');
         $this->tokenManager->expects($this->once())
             ->method('isTokenValid')
-            ->with(new CsrfToken('TOKEN_ID', 'token'))
+            ->with($csrfToken)
             ->will($this->returnValue(false));
 
         $this->translator->expects($this->once())
@@ -390,7 +391,7 @@ public function testsTranslateCustomErrorMessage()
         ));
 
         $errors = $form->getErrors();
-        $expected = new FormError('[trans]Foobar[/trans]');
+        $expected = new FormError('[trans]Foobar[/trans]', null, array(), null, $csrfToken);
         $expected->setOrigin($form);
 
         $this->assertGreaterThan(0, \count($errors));

Original file line number	Diff line number	Diff line change
`@@ -59,14 +59,15 @@ public function preSubmit(FormEvent $event)`
`59`	`59`	`if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {`
`60`	`60`	`$data = $event->getData();`
`61`	`61`
`62`		`- if (!isset($data[$this->fieldName]) \|\| !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {`
	`62`	`+ $csrfToken = new CsrfToken($this->tokenId, $data[$this->fieldName] ?? null);`
	`63`	`+ if (!isset($data[$this->fieldName]) \|\| !$this->tokenManager->isTokenValid($csrfToken)) {`
`63`	`64`	`$errorMessage = $this->errorMessage;`
`64`	`65`
`65`	`66`	`if (null !== $this->translator) {`
`66`	`67`	`$errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain);`
`67`	`68`	`}`
`68`	`69`
`69`		`- $form->addError(new FormError($errorMessage));`
	`70`	`+ $form->addError(new FormError($errorMessage, $errorMessage, array(), null, $csrfToken));`
`70`	`71`	`}`
`71`	`72`
`72`	`73`	`if (\is_array($data)) {`