Remove dead code

src/Controller/BoostController.php

@@ -23,9 +23,6 @@ public function __construct(
     #[IsGranted('ROLE_USER')]
     public function __invoke(VotableInterface $subject, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('boost', $request->getPayload()->get('token'));
-
         $this->manager->vote(VotableInterface::VOTE_UP, $subject, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {

src/Controller/Domain/DomainBlockController.php

@@ -22,9 +22,6 @@ public function __construct(
     #[IsGranted('ROLE_USER')]
     public function block(Domain $domain, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('block', $request->getPayload()->get('token'));
-
         $this->manager->block($domain, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {
@@ -37,9 +34,6 @@ public function block(Domain $domain, Request $request): Response
     #[IsGranted('ROLE_USER')]
     public function unblock(Domain $domain, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('block', $request->getPayload()->get('token'));
-
         $this->manager->unblock($domain, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {

src/Controller/Domain/DomainSubController.php

@@ -22,9 +22,6 @@ public function __construct(
     #[IsGranted('ROLE_USER')]
     public function subscribe(Domain $domain, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
-
         $this->manager->subscribe($domain, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {
@@ -37,9 +34,6 @@ public function subscribe(Domain $domain, Request $request): Response
     #[IsGranted('ROLE_USER')]
     public function unsubscribe(Domain $domain, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
-
         $this->manager->unsubscribe($domain, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {

src/Controller/FavouriteController.php

@@ -21,9 +21,6 @@ public function __construct(private readonly GenerateHtmlClassService $classServ
     #[IsGranted('ROLE_USER')]
     public function __invoke(FavouriteInterface $subject, Request $request, FavouriteManager $manager): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('up_vote', $request->getPayload()->get('token'));
-
         $manager->toggle($this->getUserOrThrow(), $subject);
 
         if ($request->isXmlHttpRequest()) {

src/Controller/Magazine/MagazineBlockController.php

@@ -22,9 +22,6 @@ public function __construct(private readonly MagazineManager $manager)
     #[IsGranted('block', subject: 'magazine')]
     public function block(Magazine $magazine, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('block', $request->getPayload()->get('token'));
-
         $this->manager->block($magazine, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {
@@ -38,9 +35,6 @@ public function block(Magazine $magazine, Request $request): Response
     #[IsGranted('block', subject: 'magazine')]
     public function unblock(Magazine $magazine, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('block', $request->getPayload()->get('token'));
-
         $this->manager->unblock($magazine, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {

src/Controller/Magazine/MagazineSubController.php

@@ -22,9 +22,6 @@ public function __construct(private readonly MagazineManager $manager)
     #[IsGranted('subscribe', subject: 'magazine')]
     public function subscribe(Magazine $magazine, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
-
         $this->manager->subscribe($magazine, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {
@@ -38,9 +35,6 @@ public function subscribe(Magazine $magazine, Request $request): Response
     #[IsGranted('subscribe', subject: 'magazine')]
     public function unsubscribe(Magazine $magazine, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
-
         $this->manager->unsubscribe($magazine, $this->getUserOrThrow());
 
         if ($request->isXmlHttpRequest()) {

src/Controller/Post/PostDeleteController.php

@@ -28,9 +28,6 @@ public function delete(
         Post $post,
         Request $request
     ): Response {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('post_delete', $request->getPayload()->get('token'));
-
         $this->manager->delete($this->getUserOrThrow(), $post);
 
         return $this->redirectToRefererOrHome($request);
@@ -45,9 +42,6 @@ public function restore(
         Post $post,
         Request $request
     ): Response {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('post_restore', $request->getPayload()->get('token'));
-
         $this->manager->restore($this->getUserOrThrow(), $post);
 
         return $this->redirectToRefererOrHome($request);
@@ -62,9 +56,6 @@ public function purge(
         Post $post,
         Request $request
     ): Response {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('post_purge', $request->getPayload()->get('token'));
-
         $this->manager->purge($this->getUserOrThrow(), $post);
 
         return $this->redirectToMagazine($magazine);

src/Controller/User/Profile/UserNotificationController.php

@@ -29,9 +29,6 @@ public function notifications(NotificationRepository $repository, Request $reque
     #[IsGranted('ROLE_USER')]
     public function read(NotificationManager $manager, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('read_notifications', $request->getPayload()->get('token'));
-
         $manager->markAllAsRead($this->getUserOrThrow());
 
         return $this->redirectToRefererOrHome($request);
@@ -40,9 +37,6 @@ public function read(NotificationManager $manager, Request $request): Response
     #[IsGranted('ROLE_USER')]
     public function clear(NotificationManager $manager, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('clear_notifications', $request->getPayload()->get('token'));
-
         $manager->clear($this->getUserOrThrow());
 
         return $this->redirectToRefererOrHome($request);

src/Controller/User/UserBlockController.php

@@ -17,9 +17,6 @@ class UserBlockController extends AbstractController
     #[IsGranted('ROLE_USER')]
     public function block(User $blocked, UserManager $manager, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('block', $request->getPayload()->get('token'));
-
         $manager->block($this->getUserOrThrow(), $blocked);
 
         if ($request->isXmlHttpRequest()) {
@@ -32,9 +29,6 @@ public function block(User $blocked, UserManager $manager, Request $request): Re
     #[IsGranted('ROLE_USER')]
     public function unblock(User $blocked, UserManager $manager, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('block', $request->getPayload()->get('token'));
-
         $manager->unblock($this->getUserOrThrow(), $blocked);
 
         if ($request->isXmlHttpRequest()) {

src/Controller/User/UserFollowController.php

@@ -18,9 +18,6 @@ class UserFollowController extends AbstractController
     #[IsGranted('follow', subject: 'following')]
     public function follow(User $following, UserManager $manager, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('follow', $request->getPayload()->get('token'));
-
         $manager->follow($this->getUserOrThrow(), $following);
 
         if ($request->isXmlHttpRequest()) {
@@ -34,9 +31,6 @@ public function follow(User $following, UserManager $manager, Request $request):
     #[IsGranted('follow', subject: 'following')]
     public function unfollow(User $following, UserManager $manager, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('follow', $request->getPayload()->get('token'));
-
         $manager->unfollow($this->getUserOrThrow(), $following);
 
         if ($request->isXmlHttpRequest()) {

src/Controller/VoteController.php

@@ -30,8 +30,6 @@ public function __construct(
     #[IsGranted('vote', subject: 'votable')]
     public function __invoke(VotableInterface $votable, int $choice, Request $request): Response
     {
-        // CSRF is causing a lot of issues, so we disable it for now. See PR: https://github.com/MbinOrg/mbin/pull/1136
-        // $this->validateCsrf('down_vote', $request->getPayload()->get('token'));
         if (VotableInterface::VOTE_DOWN === $choice && DownvotesMode::Disabled === $this->settingsManager->getDownvotesMode()) {
             throw new BadRequestException('Downvotes are disabled!');
         }

templates/components/boost.html.twig

@@ -2,7 +2,6 @@
 {%- set user_choice = is_granted('ROLE_USER') ? subject.userChoice(app.user) : null -%}
 <form method="post"
       action="{{ path(formDest~'_boost', {id: subject.id}) }}">
-    <input type="hidden" name="token" value="{{ csrf_token('boost') }}">
     <button class="{{ html_classes('boost-link', 'stretched-link', {'active': app.user and user_choice is same as(VOTE_UP) }) }}"
             type="submit"
             data-action="subject#favourite">

templates/components/domain_sub.html.twig

@@ -12,7 +12,6 @@
                 data-action="subs#send">
             {{ is_domain_subscribed(domain) ? 'unsubscribe'|trans : 'subscribe'|trans }}
         </button>
-        <input type="hidden" name="token" value="{{ csrf_token('subscribe') }}">
     </form>
     <form action="{{ path('domain_' ~ (is_domain_blocked(domain) ? 'unblock' : 'block'), {name: domain.name}) }}"
           name="domain_block"
@@ -22,6 +21,5 @@
                 data-action="subs#send">
             <i class="fa-solid fa-ban" aria-hidden="true"></i><span>{{ is_domain_blocked(domain) ? 'unblock'|trans : 'block'|trans  }}</span>
         </button>
-        <input type="hidden" name="token" value="{{ csrf_token('block') }}">
     </form>
 </aside>

templates/components/favourite.html.twig

@@ -1,6 +1,5 @@
 <form method="post"
       action="{{ path(formDest~'_favourite', {id: subject.id}) }}">
-    <input type="hidden" name="token" value="{{ csrf_token('up_vote') }}">
     <button class="{{ html_classes('stretched-link', {'active': app.user and subject.isFavored(app.user) }) }}"
             type="submit"
             data-action="subject#favourite">

templates/components/magazine_sub.html.twig

@@ -16,7 +16,6 @@
                 <i class="fa-sharp fa-solid fa-folder-plus" aria-hidden="true"></i><span>{{ 'subscribe'|trans }}</span>
             {% endif %}
         </button>
-        <input type="hidden" name="token" value="{{ csrf_token('subscribe') }}">
     </form>
     <form action="{{ path('magazine_' ~ (is_magazine_blocked(magazine) ? 'unblock' : 'block'), {name: magazine.name}) }}"
           name="magazine_block"
@@ -26,6 +25,5 @@
                 data-action="subs#send">
             <i class="fa-solid fa-ban" aria-hidden="true"></i><span>{{ is_magazine_blocked(magazine) ? 'unblock'|trans : 'block'|trans }}</span>
         </button>
-        <input type="hidden" name="token" value="{{ csrf_token('block') }}">
     </form>
 </aside>

templates/components/post.html.twig

@@ -128,7 +128,6 @@
                             <form method="post"
                                   action="{{ path('post_restore', {magazine_name: post.magazine.name, post_id: post.id}) }}"
                                   data-action="confirmation#ask" data-confirmation-message-param="{{ 'are_you_sure'|trans }}">
-                                <input type="hidden" name="token" value="{{ csrf_token('post_restore') }}">
                                 <button type="submit">{{ 'restore'|trans }}</button>
                             </form>
                         </li>

templates/components/user_actions.html.twig

@@ -18,7 +18,6 @@
             {% endif %}
 
             </button>
-            <input type="hidden" name="token" value="{{ csrf_token('follow') }}">
         </form>
         <form action="{{ path('user_' ~ (is_user_blocked(user) ? 'unblock' : 'block'), {username: user.username}) }}"
               name="user_block"
@@ -34,7 +33,6 @@
             {% endif %}
 
             </button>
-            <input type="hidden" name="token" value="{{ csrf_token('block') }}">
         </form>
         <a href="{{ path('messages_create', {username: user.username}) }}" title="{{ 'direct_message'|trans }}" aria-label="{{ 'direct_message'|trans }}">
             <button class="btn btn__secondary">

templates/components/vote.html.twig

@@ -33,7 +33,6 @@
                 data-action="subject#vote">
             <span data-subject-target="favCounter">{{ subject.apLikeCount ?? subject.favouriteCount }}</span> <span><i class="fa-solid fa-arrow-up" aria-hidden="true"></i></span>
         </button>
-        <input type="hidden" name="token" value="{{ csrf_token('up_vote') }}">
     </form>
     {% set downvoteMode = mbin_downvotes_mode() %}
     {% if showDownvote and downvoteMode is not same as DOWNVOTES_DISABLED %}
@@ -51,7 +50,6 @@
                 {% endif %}
                 <span><i class="fa-solid fa-arrow-down" aria-hidden="true"></i></span>
             </button>
-            <input type="hidden" name="token" value="{{ csrf_token('down_vote') }}">
         </form>
     {% endif %}
 </aside>

templates/notifications/front.html.twig

@@ -19,14 +19,12 @@
     <div class="pills">
         <div>
             <form action="{{ path('notifications_read') }}" method="POST" class="me-2">
-                <input type="hidden" name="token" value="{{ csrf_token('read_notifications') }}">
                 <button class="btn btn__primary" type="submit">
                     {{ 'read_all'|trans }}
                 </button>
             </form>
             <form method="post" action="{{ path('notifications_clear') }}"
                   data-action="confirmation#ask" data-confirmation-message-param="{{ 'are_you_sure'|trans }}">
-                <input type="hidden" name="token" value="{{ csrf_token('clear_notifications') }}">
                 <button class="btn btn__secondary" type="submit">
                     <i class="fa-solid fa-dumpster" aria-hidden="true"></i> <span>{{ 'purge'|trans }}</span>
                 </button>

templates/post/_menu.html.twig

@@ -51,7 +51,6 @@
                 <form method="post"
                         action="{{ post_delete_url(post) }}"
                         data-action="confirmation#ask" data-confirmation-message-param="{{ 'are_you_sure'|trans }}">
-                    <input type="hidden" name="token" value="{{ csrf_token('post_delete') }}">
                     <button type="submit">{{ 'delete'|trans }}</button>
                 </form>
             </li>

templates/post/_moderate_panel.html.twig

@@ -32,7 +32,6 @@
             <form action="{{ post_delete_url(post) }}"
                   method="post"
                   data-action="confirmation#ask" data-confirmation-message-param="{{ 'are_you_sure'|trans }}">
-                <input type="hidden" name="token" value="{{ csrf_token('post_delete') }}">
                 <button type="submit" class="btn btn__secondary">
                     <i class="fa fa-dumpster" aria-hidden="true"></i> <span>{{ 'delete'|trans }}</span>
                 </button>
@@ -43,7 +42,6 @@
                 <form action="{{ path('post_purge', {magazine_name: post.magazine.name, post_id: post.id,}) }}"
                       method="post"
                       data-action="confirmation#ask" data-confirmation-message-param="{{ 'are_you_sure'|trans }}">
-                    <input type="hidden" name="token" value="{{ csrf_token('post_purge') }}">
                     <button type="submit" class="btn btn__danger">
                         <i class="fa fa-dumpster" aria-hidden="true"></i> <span>{{ 'purge'|trans }}</span>
                     </button>