FosUserBundle配置文件编辑表单提交" CSRF令牌无效。 "错误。即使表单中存在_token值

时间:2014-08-23 13:10:55

标签: symfony fosuserbundle

我已经覆盖了fosuserbundle的注册和个人资料编辑表单,但没有覆盖他们的表单处理程序。注册表格按预期工作。但是提交个人资料编辑表单无效。当我追踪它失败的地方时,我发现它没有通过FOSUserBundle中的$this->form->isValid():ProfileFormHandler。当我var_dump错误时,它说“CSRF令牌无效......”但我的表单正在呈现一个_token值。

这是我的代码:

Overriden Profile Controller的editAction:

public function editAction()
    {
        $user = $this->container->get('security.context')->getToken()->getUser();
        if (!is_object($user) || !$user instanceof UserInterface) {
            throw new AccessDeniedException('This user does not have access to this section.');
        }

//        $form = $this->container->get('fos_user.profile.form');
        $form = $this->container->get('form.factory')->create('yyt_user_profile', $user);

        $formHandler = $this->container->get('fos_user.profile.form.handler');
        $process = $formHandler->process($user);

        if ($process) {
            $this->setFlash('fos_user_success', 'profile.flash.updated');

            return new RedirectResponse($this->getRedirectionUrl($user));
        }
        return $this->container->get('templating')->renderResponse(
            'UserBundle:Profile:edit.html.'.$this->container->getParameter('fos_user.template.engine'),
            array('form' => $form->createView(), 'active_page' => 'Profile')
        );
    }

我的个人资料表格类型:

namespace YYT\UserBundle\Form\Type;

use Symfony\Component\Form\FormBuilderInterface;
use FOS\UserBundle\Form\Type\ProfileFormType as BaseType;
use YYT\SharedBundle\Form\Type\AddressType;

class ProfileFormType extends BaseType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        parent::buildForm($builder, $options);

        $builder->add('fullName')
            ->add('address', new AddressType(), array('label' => false))

        ;
    }

    public function getName()
    {
        return 'yyt_user_profile';
    }
}

我的service.yml 

services:
  yyt_user.registration.form.type:
          class: YYT\UserBundle\Form\Type\RegistrationFormType
          arguments: [%fos_user.model.user.class%]
          tags:
              - { name: form.type, alias: yyt_user_registration }
  yyt_user.profile.form.type:
          class: YYT\UserBundle\Form\Type\ProfileFormType
          arguments: [%fos_user.model.user.class%]
          tags:
              - { name: form.type, alias: yyt_user_profile }

app / config / config.yml 

...
fos_user:
    db_driver: orm
    firewall_name: main
    user_class: YYT\UserBundle\Entity\User
    registration:
        form:
            type: yyt_user_registration
    profile:
        form:
            type: yyt_user_profile

我的个人资料表单类型:

我的首要任务是edit_content.html.twig:

<form action="{{ path('fos_user_profile_edit') }}" {{ form_enctype(form) }} method="POST" class="fos_user_profile_edit">
    <div class="col-md-7">
        <div class="form-group row">
            {{ form_row(form.fullName) }}
        </div>
        <div class="form-group row">
            {{ form_row(form.username) }}
        </div>
        <div class="form-group row">
            {{ form_row(form.email) }}
        </div>
        <div class="form-group row">
            {{ form_row(form.address.addrTelephone) }}
        </div>
        <div class="form-group row">
            {{ form_row(form.address.addrMobile) }}
        </div>
        <div class="form-group row">
            {{ form_row(form.address.addrSubCity) }}
        </div>
        <div class="form-group row">
            {{ form_row(form.current_password) }}
        </div>
    </div>
    <div class="col-md-12">
        <input class="btn btn-primary" type="submit" value="{{ 'profile.edit.submit'|trans({}, 'FOSUserBundle') }}" />
    </div>
    {{ form_end(form, { "render_rest":false}) }}

我在这里想念的是什么?

1 个答案:

答案 0 :(得分:0)

  {{ form_end(form, { "render_rest":false}) }}

您没有使用csrf令牌渲染字段。删除"render_rest":false或手动添加csrf令牌<input type="hidden" name="_csrf_token" value="{{ csrf_token('intention') }}">

相关问题
最新问题