删除密码检查编辑配置文件

时间:2012-04-12 14:50:11

标签: symfony fosuserbundle

对于sf应用程序我想从FOSUserBundle的编辑配置文件表单中删除密码检查。

通过覆盖配置文件表单删除“当前”字段仍然会导致“密码无效”验证消息。这是由FOSUSerBundle中的ProfileFormHandler类引起的,代码如下:

 $this->form->setData(new CheckPassword($user));

所以我也覆盖了表单处理程序,并用

替换了上面的代码
 $this->form->setData($user);

到目前为止,这是有效的,我的表单类型显示,我的表单处理程序处理表单,但我得到以下错误

The CSRF token is invalid. Please try to resubmit the form

确实,csrf令牌不再添加到表单中。坦率地说,我不知道我做错了什么;(

thx,ben

以下是表单,处理程序和模板的完整代码:

<?php

namespace Application\Sonata\UserBundle\Form\Type;

use Symfony\Component\Form\FormBuilder;

class ProfileFormType extends \FOS\UserBundle\Form\Type\ProfileFormType
{

    private $class;

    /**
     * @param string $class The User class name
     */
    public function __construct($class)
    {
        $this->class = $class;
    }

    public function buildForm(FormBuilder $builder, array $options)
    {
       $builder
           ->add('first_name')
            ->add('last_name')
            ->add('phone')
            ->add('location','room13_geo_location')
            ->add('birthday','birthday')
            ->add('smoker')
            ->add('newsletter')
        ;


    }

    public function getName()
    {
        return 'balkanride_user_profile';
    }

    public function getDefaultOptions(array $options)
    {
        return array(
            'data_class' => $this->class,
            'intention'  => 'profile',
        );
    }
}

-

<?php


namespace Application\Sonata\UserBundle\Form\Handler;

use Symfony\Component\Form\Form;
use Symfony\Component\HttpFoundation\Request;

use FOS\UserBundle\Model\UserInterface;
use FOS\UserBundle\Model\UserManagerInterface;
use FOS\UserBundle\Form\Model\CheckPassword;

class ProfileFormHandler
{
    protected $request;
    protected $userManager;
    protected $form;

    public function __construct(Form $form, Request $request, UserManagerInterface $userManager)
    {
        $this->form = $form;
        $this->request = $request;
        $this->userManager = $userManager;
    }

    public function process(UserInterface $user)
    {

        $this->form->setData($user);

        if ('POST' === $this->request->getMethod())
        {
            $this->form->bindRequest($this->request);

            //var_dump($this->form->getErrors());
            //die();

            if ($this->form->isValid())
            {

                $this->onSuccess($user);

                return true;
            }

            // Reloads the user to reset its username. This is needed when the
            // username or password have been changed to avoid issues with the
            // security layer.
            $this->userManager->reloadUser($user);
        }

        return false;
    }

    protected function onSuccess(UserInterface $user)
    {
        $this->userManager->updateUser($user);
    }
}

-

{% extends "ApplicationSonataUserBundle::layout.html.twig" %}


{% block page_body %}

<section>

    <form id="ProfileForm" action="{{ path('fos_user_profile_edit') }}" {{ form_enctype(form) }} method="POST" class="fos_user_profile_edit">
        {{ form_widget(form) }}
        <div>

            <div class="form-actions">
                <input type="submit" value="{{ 'profile.edit.submit'|trans }}" class="btn btn-primary" />
                <a href="{{path('fos_user_profile_show')}}" class="btn">{{ 'profile.edit.cancel'|trans }}</a>
            </div>

        </div>



    </form>

</section>

{% endblock page_body %}

1 个答案:

答案 0 :(得分:1)

建议的解决方法是创建一个单独的表单,以便在编辑之前编辑不需要密码保护的字段。最简单,没有黑客攻击:)