Merge pull request #3 from koriym/token

include token key
ray-di · Sep 25, 2015 · e3195e6 · e3195e6
2 parents 8b3c1d6 + d81857d
commit e3195e6
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 19 deletions.
diff --git a/src/AbstractForm.php b/src/AbstractForm.php
@@ -125,6 +125,7 @@ public function form($attr = [])
      * @param array $data
      *
      * @return bool
+     * @throws CsrfViolationException
      */
     public function apply(array $data)
     {

diff --git a/src/Annotation/FormValidation.php b/src/Annotation/FormValidation.php
@@ -18,7 +18,7 @@ final class FormValidation extends AbstractValidation
     public $antiCsrf = false;
 
     /**
-     * Method name on validation faild.
+     * Method name on validation failed.
      *
      * @var string
      */

diff --git a/src/AntiCsrf.php b/src/AntiCsrf.php
@@ -21,13 +21,6 @@ final class AntiCsrf implements AntiCsrfInterface
      */
     private $isCli;
 
-    /**
-     * $_POST
-     *
-     * @var array
-     */
-    private $post;
-
     /**
      * @var Session
      */

diff --git a/src/AuraInputInterceptor.php b/src/AuraInputInterceptor.php
@@ -6,7 +6,6 @@
  */
 namespace Ray\WebFormModule;
 
-use Aura\Input\Form;
 use Doctrine\Common\Annotations\Reader;
 use Ray\Aop\MethodInterceptor;
 use Ray\Aop\MethodInvocation;
@@ -48,7 +47,7 @@ public function invoke(MethodInvocation $invocation)
         /* @var $formValidation FormValidation */
         $formValidation = $this->reader->getMethodAnnotation($invocation->getMethod(), AbstractValidation::class);
         $form = $this->getFormProperty($formValidation, $object);
-        $data = $object instanceof SubmitInterface ? $object->submit() : $this->getNamedArguments($invocation);
+        $data = $form instanceof SubmitInterface ? $object->submit() : $this->getNamedArguments($invocation);
         $isValid = $this->isValid($data, $form);
         if ($isValid === true) {
             // validation   success
@@ -59,7 +58,7 @@ public function invoke(MethodInvocation $invocation)
     }
 
     /**
-     * Return arguments as named argumentes.
+     * Return arguments as named arguments.
      *
      * @param MethodInvocation $invocation
      *
@@ -74,17 +73,20 @@ private function getNamedArguments(MethodInvocation $invocation)
             $arg = array_shift($args);
             $submit[$param->getName()] = $arg;
         }
+        // has token ?
+        if (isset($_POST[AntiCsrf::TOKEN_KEY])) {
+            $submit += $_POST[AntiCsrf::TOKEN_KEY];
+        }
 
         return $submit;
     }
 
     /**
-     * @param array $submit
-     * @param Form  $form
+     * @param array        $submit
+     * @param AbstractForm $form
      *
      * @return bool
-     *
-     * @throws \Aura\Input\Exception\CsrfViolation
+     * @throws Exception\CsrfViolationException
      */
     public function isValid(array $submit, AbstractForm $form)
     {
@@ -96,10 +98,10 @@ public function isValid(array $submit, AbstractForm $form)
     /**
      * Return form property
      *
-     * @param FormValidation $formValidation
-     * @param object         $object
+     * @param AbstractValidation $formValidation
+     * @param object             $object
      *
-     * @return AbstractForm
+     * @return mixed
      */
     private function getFormProperty(AbstractValidation $formValidation, $object)
     {

diff --git a/src/InputValidationInterceptor.php b/src/InputValidationInterceptor.php
@@ -17,7 +17,8 @@ class InputValidationInterceptor extends AuraInputInterceptor
     protected $failureHandler;
 
     /**
-     * @param Reader $reader Annotation reader
+     * @param Reader                  $reader
+     * @param FailureHandlerInterface $handler
      *
      * @Named("handler=vnd_error")
      */