From 4fcb672f41de7ab1ef52e46f4dd7d1582775fcfa Mon Sep 17 00:00:00 2001
From: Akihito Koriyama <akihito.koriyama@gmail.com>
Date: Fri, 25 Sep 2015 11:14:52 +0900
Subject: [PATCH 1/2] add token

---
 src/AuraInputInterceptor.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/AuraInputInterceptor.php b/src/AuraInputInterceptor.php
index 70fba80..eb22f54 100644
--- a/src/AuraInputInterceptor.php
+++ b/src/AuraInputInterceptor.php
@@ -48,7 +48,7 @@ public function invoke(MethodInvocation $invocation)
         /* @var $formValidation FormValidation */
         $formValidation = $this->reader->getMethodAnnotation($invocation->getMethod(), AbstractValidation::class);
         $form = $this->getFormProperty($formValidation, $object);
-        $data = $object instanceof SubmitInterface ? $object->submit() : $this->getNamedArguments($invocation);
+        $data = $form instanceof SubmitInterface ? $object->submit() : $this->getNamedArguments($invocation);
         $isValid = $this->isValid($data, $form);
         if ($isValid === true) {
             // validation   success
@@ -74,6 +74,10 @@ private function getNamedArguments(MethodInvocation $invocation)
             $arg = array_shift($args);
             $submit[$param->getName()] = $arg;
         }
+        // has token ?
+        if (isset($_POST[AntiCsrf::TOKEN_KEY])) {
+            $submit += $_POST[AntiCsrf::TOKEN_KEY];
+        }
 
         return $submit;
     }

From d81857db3c34607cee95ad39d5bf6285d5d22715 Mon Sep 17 00:00:00 2001
From: Akihito Koriyama <akihito.koriyama@gmail.com>
Date: Fri, 25 Sep 2015 11:17:45 +0900
Subject: [PATCH 2/2] cleanup

---
 src/AbstractForm.php               |  1 +
 src/Annotation/FormValidation.php  |  2 +-
 src/AntiCsrf.php                   |  7 -------
 src/AuraInputInterceptor.php       | 16 +++++++---------
 src/InputValidationInterceptor.php |  3 ++-
 5 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/src/AbstractForm.php b/src/AbstractForm.php
index 30f1235..d3ddc98 100644
--- a/src/AbstractForm.php
+++ b/src/AbstractForm.php
@@ -125,6 +125,7 @@ public function form($attr = [])
      * @param array $data
      *
      * @return bool
+     * @throws CsrfViolationException
      */
     public function apply(array $data)
     {
diff --git a/src/Annotation/FormValidation.php b/src/Annotation/FormValidation.php
index b98f055..6064445 100644
--- a/src/Annotation/FormValidation.php
+++ b/src/Annotation/FormValidation.php
@@ -18,7 +18,7 @@ final class FormValidation extends AbstractValidation
     public $antiCsrf = false;
 
     /**
-     * Method name on validation faild.
+     * Method name on validation failed.
      *
      * @var string
      */
diff --git a/src/AntiCsrf.php b/src/AntiCsrf.php
index b3c27cd..5d6377f 100644
--- a/src/AntiCsrf.php
+++ b/src/AntiCsrf.php
@@ -21,13 +21,6 @@ final class AntiCsrf implements AntiCsrfInterface
      */
     private $isCli;
 
-    /**
-     * $_POST
-     *
-     * @var array
-     */
-    private $post;
-
     /**
      * @var Session
      */
diff --git a/src/AuraInputInterceptor.php b/src/AuraInputInterceptor.php
index eb22f54..88592d5 100644
--- a/src/AuraInputInterceptor.php
+++ b/src/AuraInputInterceptor.php
@@ -6,7 +6,6 @@
  */
 namespace Ray\WebFormModule;
 
-use Aura\Input\Form;
 use Doctrine\Common\Annotations\Reader;
 use Ray\Aop\MethodInterceptor;
 use Ray\Aop\MethodInvocation;
@@ -59,7 +58,7 @@ public function invoke(MethodInvocation $invocation)
     }
 
     /**
-     * Return arguments as named argumentes.
+     * Return arguments as named arguments.
      *
      * @param MethodInvocation $invocation
      *
@@ -83,12 +82,11 @@ private function getNamedArguments(MethodInvocation $invocation)
     }
 
     /**
-     * @param array $submit
-     * @param Form  $form
+     * @param array        $submit
+     * @param AbstractForm $form
      *
      * @return bool
-     *
-     * @throws \Aura\Input\Exception\CsrfViolation
+     * @throws Exception\CsrfViolationException
      */
     public function isValid(array $submit, AbstractForm $form)
     {
@@ -100,10 +98,10 @@ public function isValid(array $submit, AbstractForm $form)
     /**
      * Return form property
      *
-     * @param FormValidation $formValidation
-     * @param object         $object
+     * @param AbstractValidation $formValidation
+     * @param object             $object
      *
-     * @return AbstractForm
+     * @return mixed
      */
     private function getFormProperty(AbstractValidation $formValidation, $object)
     {
diff --git a/src/InputValidationInterceptor.php b/src/InputValidationInterceptor.php
index e4d37c2..09a4b09 100644
--- a/src/InputValidationInterceptor.php
+++ b/src/InputValidationInterceptor.php
@@ -17,7 +17,8 @@ class InputValidationInterceptor extends AuraInputInterceptor
     protected $failureHandler;
 
     /**
-     * @param Reader $reader Annotation reader
+     * @param Reader                  $reader
+     * @param FailureHandlerInterface $handler
      *
      * @Named("handler=vnd_error")
      */