对于sf应用程序我想从FOSUserBundle的编辑配置文件表单中删除密码检查。
通过覆盖配置文件表单删除“当前”字段仍然会导致“密码无效”验证消息。这是由FOSUSerBundle中的ProfileFormHandler类引起的,代码如下:
$this->form->setData(new CheckPassword($user));
所以我也覆盖了表单处理程序,并用
替换了上面的代码 $this->form->setData($user);
到目前为止,这是有效的,我的表单类型显示,我的表单处理程序处理表单,但我得到以下错误
The CSRF token is invalid. Please try to resubmit the form
确实,csrf令牌不再添加到表单中。坦率地说,我不知道我做错了什么;(
thx,ben
以下是表单,处理程序和模板的完整代码:
<?php
namespace Application\Sonata\UserBundle\Form\Type;
use Symfony\Component\Form\FormBuilder;
class ProfileFormType extends \FOS\UserBundle\Form\Type\ProfileFormType
{
private $class;
/**
* @param string $class The User class name
*/
public function __construct($class)
{
$this->class = $class;
}
public function buildForm(FormBuilder $builder, array $options)
{
$builder
->add('first_name')
->add('last_name')
->add('phone')
->add('location','room13_geo_location')
->add('birthday','birthday')
->add('smoker')
->add('newsletter')
;
}
public function getName()
{
return 'balkanride_user_profile';
}
public function getDefaultOptions(array $options)
{
return array(
'data_class' => $this->class,
'intention' => 'profile',
);
}
}
-
<?php
namespace Application\Sonata\UserBundle\Form\Handler;
use Symfony\Component\Form\Form;
use Symfony\Component\HttpFoundation\Request;
use FOS\UserBundle\Model\UserInterface;
use FOS\UserBundle\Model\UserManagerInterface;
use FOS\UserBundle\Form\Model\CheckPassword;
class ProfileFormHandler
{
protected $request;
protected $userManager;
protected $form;
public function __construct(Form $form, Request $request, UserManagerInterface $userManager)
{
$this->form = $form;
$this->request = $request;
$this->userManager = $userManager;
}
public function process(UserInterface $user)
{
$this->form->setData($user);
if ('POST' === $this->request->getMethod())
{
$this->form->bindRequest($this->request);
//var_dump($this->form->getErrors());
//die();
if ($this->form->isValid())
{
$this->onSuccess($user);
return true;
}
// Reloads the user to reset its username. This is needed when the
// username or password have been changed to avoid issues with the
// security layer.
$this->userManager->reloadUser($user);
}
return false;
}
protected function onSuccess(UserInterface $user)
{
$this->userManager->updateUser($user);
}
}
-
{% extends "ApplicationSonataUserBundle::layout.html.twig" %}
{% block page_body %}
<section>
<form id="ProfileForm" action="{{ path('fos_user_profile_edit') }}" {{ form_enctype(form) }} method="POST" class="fos_user_profile_edit">
{{ form_widget(form) }}
<div>
<div class="form-actions">
<input type="submit" value="{{ 'profile.edit.submit'|trans }}" class="btn btn-primary" />
<a href="{{path('fos_user_profile_show')}}" class="btn">{{ 'profile.edit.cancel'|trans }}</a>
</div>
</div>
</form>
</section>
{% endblock page_body %}
答案 0 :(得分:1)
建议的解决方法是创建一个单独的表单,以便在编辑之前编辑不需要密码保护的字段。最简单,没有黑客攻击:)