Make CSRF tokens better named (#1131)

MbinOrg · Sep 16, 2024 · e6a8ebb · e6a8ebb
1 parent 5aec5d8
commit e6a8ebb
Show file tree

Hide file tree

Showing 42 changed files with 72 additions and 72 deletions.
diff --git a/src/Controller/Admin/AdminMagazineOwnershipRequestController.php b/src/Controller/Admin/AdminMagazineOwnershipRequestController.php
@@ -32,7 +32,7 @@ public function requests(Request $request): Response
     #[IsGranted('ROLE_ADMIN')]
     public function accept(Magazine $magazine, User $user, Request $request): Response
     {
-        $this->validateCsrf('admin_magazine_ownership_requests_accept', $request->request->get('token'));
+        $this->validateCsrf('admin_magazine_ownership_requests_accept', $request->getPayload()->get('token'));
 
         $this->manager->acceptOwnershipRequest($magazine, $user, $this->getUserOrThrow());
 
@@ -42,7 +42,7 @@ public function accept(Magazine $magazine, User $user, Request $request): Respon
     #[IsGranted('ROLE_ADMIN')]
     public function reject(Magazine $magazine, User $user, Request $request): Response
     {
-        $this->validateCsrf('admin_magazine_ownership_requests_reject', $request->request->get('token'));
+        $this->validateCsrf('admin_magazine_ownership_requests_reject', $request->getPayload()->get('token'));
 
         $this->manager->toggleOwnershipRequest($magazine, $user);
 

diff --git a/src/Controller/Admin/AdminModeratorController.php b/src/Controller/Admin/AdminModeratorController.php
@@ -49,7 +49,7 @@ public function moderators(Request $request): Response
     #[IsGranted('ROLE_ADMIN')]
     public function removeModerator(User $user, Request $request): Response
     {
-        $this->validateCsrf('remove_moderator', $request->request->get('token'));
+        $this->validateCsrf('remove_moderator', $request->getPayload()->get('token'));
 
         $this->manager->removeModerator($user);
 

diff --git a/src/Controller/BoostController.php b/src/Controller/BoostController.php
@@ -23,7 +23,7 @@ public function __construct(
     #[IsGranted('ROLE_USER')]
     public function __invoke(VotableInterface $subject, Request $request): Response
     {
-        $this->validateCsrf('boost', $request->request->get('token'));
+        $this->validateCsrf('boost', $request->getPayload()->get('token'));
 
         $this->manager->vote(VotableInterface::VOTE_UP, $subject, $this->getUserOrThrow());
 

diff --git a/src/Controller/Domain/DomainBlockController.php b/src/Controller/Domain/DomainBlockController.php
@@ -22,7 +22,7 @@ public function __construct(
     #[IsGranted('ROLE_USER')]
     public function block(Domain $domain, Request $request): Response
     {
-        $this->validateCsrf('block', $request->request->get('token'));
+        $this->validateCsrf('block', $request->getPayload()->get('token'));
 
         $this->manager->block($domain, $this->getUserOrThrow());
 
@@ -36,7 +36,7 @@ public function block(Domain $domain, Request $request): Response
     #[IsGranted('ROLE_USER')]
     public function unblock(Domain $domain, Request $request): Response
     {
-        $this->validateCsrf('block', $request->request->get('token'));
+        $this->validateCsrf('block', $request->getPayload()->get('token'));
 
         $this->manager->unblock($domain, $this->getUserOrThrow());
 

diff --git a/src/Controller/Domain/DomainSubController.php b/src/Controller/Domain/DomainSubController.php
@@ -22,7 +22,7 @@ public function __construct(
     #[IsGranted('ROLE_USER')]
     public function subscribe(Domain $domain, Request $request): Response
     {
-        $this->validateCsrf('subscribe', $request->request->get('token'));
+        $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
 
         $this->manager->subscribe($domain, $this->getUserOrThrow());
 
@@ -36,7 +36,7 @@ public function subscribe(Domain $domain, Request $request): Response
     #[IsGranted('ROLE_USER')]
     public function unsubscribe(Domain $domain, Request $request): Response
     {
-        $this->validateCsrf('subscribe', $request->request->get('token'));
+        $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
 
         $this->manager->unsubscribe($domain, $this->getUserOrThrow());
 

diff --git a/src/Controller/Entry/Comment/EntryCommentChangeAdultController.php b/src/Controller/Entry/Comment/EntryCommentChangeAdultController.php
@@ -31,7 +31,7 @@ public function __invoke(
         EntryComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('change_adult', $request->request->get('token'));
+        $this->validateCsrf('change_adult', $request->getPayload()->get('token'));
 
         $comment->isAdult = 'on' === $request->get('adult');
 

diff --git a/src/Controller/Entry/Comment/EntryCommentDeleteController.php b/src/Controller/Entry/Comment/EntryCommentDeleteController.php
@@ -32,7 +32,7 @@ public function delete(
         EntryComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('entry_comment_delete', $request->request->get('token'));
+        $this->validateCsrf('entry_comment_delete', $request->getPayload()->get('token'));
 
         $this->manager->delete($this->getUserOrThrow(), $comment);
 
@@ -50,7 +50,7 @@ public function restore(
         EntryComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('entry_comment_restore', $request->request->get('token'));
+        $this->validateCsrf('entry_comment_restore', $request->getPayload()->get('token'));
 
         $this->manager->restore($this->getUserOrThrow(), $comment);
 
@@ -68,7 +68,7 @@ public function purge(
         EntryComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('entry_comment_purge', $request->request->get('token'));
+        $this->validateCsrf('entry_comment_purge', $request->getPayload()->get('token'));
 
         $this->manager->purge($this->getUserOrThrow(), $comment);
 

diff --git a/src/Controller/Entry/EntryChangeAdultController.php b/src/Controller/Entry/EntryChangeAdultController.php
@@ -28,7 +28,7 @@ public function __invoke(
         Entry $entry,
         Request $request
     ): Response {
-        $this->validateCsrf('change_adult', $request->request->get('token'));
+        $this->validateCsrf('change_adult', $request->getPayload()->get('token'));
 
         $entry->isAdult = 'on' === $request->get('adult');
 

diff --git a/src/Controller/Entry/EntryChangeMagazineController.php b/src/Controller/Entry/EntryChangeMagazineController.php
@@ -30,7 +30,7 @@ public function __invoke(
         Entry $entry,
         Request $request
     ): Response {
-        $this->validateCsrf('change_magazine', $request->request->get('token'));
+        $this->validateCsrf('change_magazine', $request->getPayload()->get('token'));
 
         $newMagazine = $this->repository->findOneByName($request->get('change_magazine')['new_magazine']);
 

diff --git a/src/Controller/Entry/EntryDeleteController.php b/src/Controller/Entry/EntryDeleteController.php
@@ -29,7 +29,7 @@ public function delete(
         Entry $entry,
         Request $request
     ): Response {
-        $this->validateCsrf('entry_delete', $request->request->get('token'));
+        $this->validateCsrf('entry_delete', $request->getPayload()->get('token'));
 
         $this->manager->delete($this->getUserOrThrow(), $entry);
 
@@ -50,7 +50,7 @@ public function restore(
         Entry $entry,
         Request $request
     ): Response {
-        $this->validateCsrf('entry_restore', $request->request->get('token'));
+        $this->validateCsrf('entry_restore', $request->getPayload()->get('token'));
 
         $this->manager->restore($this->getUserOrThrow(), $entry);
 
@@ -66,7 +66,7 @@ public function purge(
         Entry $entry,
         Request $request
     ): Response {
-        $this->validateCsrf('entry_purge', $request->request->get('token'));
+        $this->validateCsrf('entry_purge', $request->getPayload()->get('token'));
 
         $this->manager->purge($this->getUserOrThrow(), $entry);
 

diff --git a/src/Controller/Entry/EntryPinController.php b/src/Controller/Entry/EntryPinController.php
@@ -29,7 +29,7 @@ public function __invoke(
         Entry $entry,
         Request $request
     ): Response {
-        $this->validateCsrf('entry_pin', $request->request->get('token'));
+        $this->validateCsrf('entry_pin', $request->getPayload()->get('token'));
 
         $entry = $this->manager->pin($entry, $this->getUserOrThrow());
 

diff --git a/src/Controller/FavouriteController.php b/src/Controller/FavouriteController.php
@@ -21,7 +21,7 @@ public function __construct(private readonly GenerateHtmlClassService $classServ
     #[IsGranted('ROLE_USER')]
     public function __invoke(FavouriteInterface $subject, Request $request, FavouriteManager $manager): Response
     {
-        $this->validateCsrf('favourite', $request->request->get('token'));
+        $this->validateCsrf('up_vote', $request->getPayload()->get('token'));
 
         $manager->toggle($this->getUserOrThrow(), $subject);
 

diff --git a/src/Controller/Magazine/MagazineBlockController.php b/src/Controller/Magazine/MagazineBlockController.php
@@ -22,7 +22,7 @@ public function __construct(private readonly MagazineManager $manager)
     #[IsGranted('block', subject: 'magazine')]
     public function block(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('block', $request->request->get('token'));
+        $this->validateCsrf('block', $request->getPayload()->get('token'));
 
         $this->manager->block($magazine, $this->getUserOrThrow());
 
@@ -37,7 +37,7 @@ public function block(Magazine $magazine, Request $request): Response
     #[IsGranted('block', subject: 'magazine')]
     public function unblock(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('block', $request->request->get('token'));
+        $this->validateCsrf('block', $request->getPayload()->get('token'));
 
         $this->manager->unblock($magazine, $this->getUserOrThrow());
 

diff --git a/src/Controller/Magazine/MagazineDeleteController.php b/src/Controller/Magazine/MagazineDeleteController.php
@@ -21,7 +21,7 @@ public function __construct(private readonly MagazineManager $manager)
     #[IsGranted('delete', subject: 'magazine')]
     public function delete(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('magazine_delete', $request->request->get('token'));
+        $this->validateCsrf('magazine_delete', $request->getPayload()->get('token'));
 
         $this->manager->delete($magazine);
 
@@ -32,7 +32,7 @@ public function delete(Magazine $magazine, Request $request): Response
     #[IsGranted('delete', subject: 'magazine')]
     public function restore(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('magazine_restore', $request->request->get('token'));
+        $this->validateCsrf('magazine_restore', $request->getPayload()->get('token'));
 
         $this->manager->restore($magazine);
 
@@ -43,7 +43,7 @@ public function restore(Magazine $magazine, Request $request): Response
     #[IsGranted('purge', subject: 'magazine')]
     public function purge(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('magazine_purge', $request->request->get('token'));
+        $this->validateCsrf('magazine_purge', $request->getPayload()->get('token'));
 
         $this->manager->purge($magazine);
 
@@ -54,7 +54,7 @@ public function purge(Magazine $magazine, Request $request): Response
     #[IsGranted('purge', subject: 'magazine')]
     public function purgeContent(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('magazine_purge_content', $request->request->get('token'));
+        $this->validateCsrf('magazine_purge_content', $request->getPayload()->get('token'));
 
         $this->manager->purge($magazine, true);
 

diff --git a/src/Controller/Magazine/MagazineModeratorRequestController.php b/src/Controller/Magazine/MagazineModeratorRequestController.php
@@ -27,7 +27,7 @@ public function __invoke(Magazine $magazine, Request $request): Response
             throw new AccessDeniedException();
         }
 
-        $this->validateCsrf('moderator_request', $request->request->get('token'));
+        $this->validateCsrf('moderator_request', $request->getPayload()->get('token'));
 
         $this->manager->toggleModeratorRequest($magazine, $this->getUserOrThrow());
 

diff --git a/src/Controller/Magazine/MagazineOwnershipRequestController.php b/src/Controller/Magazine/MagazineOwnershipRequestController.php
@@ -27,7 +27,7 @@ public function toggle(Magazine $magazine, Request $request): Response
             throw new AccessDeniedException();
         }
 
-        $this->validateCsrf('magazine_ownership_request', $request->request->get('token'));
+        $this->validateCsrf('magazine_ownership_request', $request->getPayload()->get('token'));
 
         $this->manager->toggleOwnershipRequest($magazine, $this->getUserOrThrow());
 
@@ -37,7 +37,7 @@ public function toggle(Magazine $magazine, Request $request): Response
     #[IsGranted('ROLE_ADMIN')]
     public function accept(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('magazine_ownership_request', $request->request->get('token'));
+        $this->validateCsrf('magazine_ownership_request', $request->getPayload()->get('token'));
 
         $user = $this->getUserOrThrow();
         $this->manager->acceptOwnershipRequest($magazine, $user, $user);

diff --git a/src/Controller/Magazine/MagazineRemoveSubscriptionsController.php b/src/Controller/Magazine/MagazineRemoveSubscriptionsController.php
@@ -20,7 +20,7 @@ public function __construct(private readonly MagazineManager $manager)
     #[IsGranted('ROLE_ADMIN')]
     public function __invoke(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('magazine_remove_subscriptions', $request->request->get('token'));
+        $this->validateCsrf('magazine_remove_subscriptions', $request->getPayload()->get('token'));
 
         $this->manager->removeSubscriptions($magazine);
 

diff --git a/src/Controller/Magazine/MagazineSubController.php b/src/Controller/Magazine/MagazineSubController.php
@@ -22,7 +22,7 @@ public function __construct(private readonly MagazineManager $manager)
     #[IsGranted('subscribe', subject: 'magazine')]
     public function subscribe(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('subscribe', $request->request->get('token'));
+        $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
 
         $this->manager->subscribe($magazine, $this->getUserOrThrow());
 
@@ -37,7 +37,7 @@ public function subscribe(Magazine $magazine, Request $request): Response
     #[IsGranted('subscribe', subject: 'magazine')]
     public function unsubscribe(Magazine $magazine, Request $request): Response
     {
-        $this->validateCsrf('subscribe', $request->request->get('token'));
+        $this->validateCsrf('subscribe', $request->getPayload()->get('token'));
 
         $this->manager->unsubscribe($magazine, $this->getUserOrThrow());
 

diff --git a/src/Controller/Magazine/Panel/MagazineBadgeController.php b/src/Controller/Magazine/Panel/MagazineBadgeController.php
@@ -61,7 +61,7 @@ public function remove(
         BadgeManager $manager,
         Request $request
     ): Response {
-        $this->validateCsrf('badge_remove', $request->request->get('token'));
+        $this->validateCsrf('badge_remove', $request->getPayload()->get('token'));
 
         $manager->delete($badge);
 

diff --git a/src/Controller/Magazine/Panel/MagazineBanController.php b/src/Controller/Magazine/Panel/MagazineBanController.php
@@ -69,7 +69,7 @@ public function ban(Magazine $magazine, Request $request, ?User $user = null): R
     #[IsGranted('moderate', subject: 'magazine')]
     public function unban(Magazine $magazine, User $user, Request $request): Response
     {
-        $this->validateCsrf('magazine_unban', $request->request->get('token'));
+        $this->validateCsrf('magazine_unban', $request->getPayload()->get('token'));
 
         $this->manager->unban($magazine, $user);
 

diff --git a/src/Controller/Magazine/Panel/MagazineModeratorController.php b/src/Controller/Magazine/Panel/MagazineModeratorController.php
@@ -59,7 +59,7 @@ public function remove(
         Moderator $moderator,
         Request $request
     ): Response {
-        $this->validateCsrf('remove_moderator', $request->request->get('token'));
+        $this->validateCsrf('remove_moderator', $request->getPayload()->get('token'));
 
         $this->manager->removeModerator($moderator, $this->getUser());
 

diff --git a/src/Controller/Magazine/Panel/MagazineModeratorRequestsController.php b/src/Controller/Magazine/Panel/MagazineModeratorRequestsController.php
@@ -34,7 +34,7 @@ public function requests(Magazine $magazine, Request $request): Response
     #[IsGranted('edit', subject: 'magazine')]
     public function accept(Magazine $magazine, User $user, Request $request): Response
     {
-        $this->validateCsrf('magazine_panel_moderator_request_accept', $request->request->get('token'));
+        $this->validateCsrf('magazine_panel_moderator_request_accept', $request->getPayload()->get('token'));
 
         $this->manager->acceptModeratorRequest($magazine, $user, $this->getUserOrThrow());
 
@@ -45,7 +45,7 @@ public function accept(Magazine $magazine, User $user, Request $request): Respon
     #[IsGranted('edit', subject: 'magazine')]
     public function reject(Magazine $magazine, User $user, Request $request): Response
     {
-        $this->validateCsrf('magazine_panel_moderator_request_reject', $request->request->get('token'));
+        $this->validateCsrf('magazine_panel_moderator_request_reject', $request->getPayload()->get('token'));
 
         $this->manager->toggleModeratorRequest($magazine, $user);
 

diff --git a/src/Controller/Magazine/Panel/MagazineReportController.php b/src/Controller/Magazine/Panel/MagazineReportController.php
@@ -49,7 +49,7 @@ public function reportApprove(
         Report $report,
         Request $request
     ): Response {
-        $this->validateCsrf('report_approve', $request->request->get('token'));
+        $this->validateCsrf('report_approve', $request->getPayload()->get('token'));
 
         $this->reportManager->accept($report, $this->getUserOrThrow());
 
@@ -65,7 +65,7 @@ public function reportReject(
         Report $report,
         Request $request
     ): Response {
-        $this->validateCsrf('report_decline', $request->request->get('token'));
+        $this->validateCsrf('report_decline', $request->getPayload()->get('token'));
 
         $this->reportManager->reject($report, $this->getUserOrThrow());
 

diff --git a/src/Controller/Post/Comment/PostCommentChangeAdultController.php b/src/Controller/Post/Comment/PostCommentChangeAdultController.php
@@ -31,7 +31,7 @@ public function __invoke(
         PostComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('change_adult', $request->request->get('token'));
+        $this->validateCsrf('change_adult', $request->getPayload()->get('token'));
 
         $comment->isAdult = 'on' === $request->get('adult');
 

diff --git a/src/Controller/Post/Comment/PostCommentDeleteController.php b/src/Controller/Post/Comment/PostCommentDeleteController.php
@@ -28,7 +28,7 @@ public function delete(
         PostComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('post_comment_delete', $request->request->get('token'));
+        $this->validateCsrf('post_comment_delete', $request->getPayload()->get('token'));
 
         $this->manager->delete($this->getUserOrThrow(), $comment);
 
@@ -44,7 +44,7 @@ public function restore(
         PostComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('post_comment_restore', $request->request->get('token'));
+        $this->validateCsrf('post_comment_restore', $request->getPayload()->get('token'));
 
         $this->manager->restore($this->getUserOrThrow(), $comment);
 
@@ -60,7 +60,7 @@ public function purge(
         PostComment $comment,
         Request $request
     ): Response {
-        $this->validateCsrf('post_comment_purge', $request->request->get('token'));
+        $this->validateCsrf('post_comment_purge', $request->getPayload()->get('token'));
 
         $this->manager->purge($this->getUserOrThrow(), $comment);
 

diff --git a/src/Controller/Post/PostChangeAdultController.php b/src/Controller/Post/PostChangeAdultController.php
@@ -27,7 +27,7 @@ public function __invoke(
         Post $post,
         Request $request
     ): Response {
-        $this->validateCsrf('change_adult', $request->request->get('token'));
+        $this->validateCsrf('change_adult', $request->getPayload()->get('token'));
 
         $post->isAdult = 'on' === $request->get('adult');
 

diff --git a/src/Controller/Post/PostChangeMagazineController.php b/src/Controller/Post/PostChangeMagazineController.php
@@ -30,7 +30,7 @@ public function __invoke(
         Post $post,
         Request $request
     ): Response {
-        $this->validateCsrf('change_magazine', $request->request->get('token'));
+        $this->validateCsrf('change_magazine', $request->getPayload()->get('token'));
 
         $newMagazine = $this->repository->findOneByName($request->get('change_magazine')['new_magazine']);