我正在开发自己的身份验证功能,但我没有使用CSRF验证部分,我会这样做(FOSUserBundle已安装并配置完毕。)
这是我的PHP控制器:
public function checkLoginAjaxAction() {
$request = $this->get('request');
$success = false;
$responseCode = 300;
if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
$user = $this->get('fos_user.user_manager')->findUserBy(array('username' => $request->request->get('_username')));
if ($user) {
$encoderManager = $this->get('security.encoder_factory');
$encoder = $encoderManager->getEncoder($user);
$encodedPass = $encoder->encodePassword($request->request->get('_password'), $user->getSalt());
$token = $request->request->get('_csrf_token');
$res = $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('calendar-connection-form', $token));
dump($res); // always return false...
if ($user->getPassword() === $encodedPass /* && $res*/) { // but $res is false everytime
$responseCode = 200;
$success = true;
} else {
$responseCode = 400;
}
}
}
$return = json_encode(array('responseCode' => $responseCode, 'success' => $success));
return new Response($return, 200, array('Content-Type'=>'application/json'));
}
在我的树枝上:
<input type="hidden" name="_csrf_token" value="{{ csrf_token('calendar-connection-form') }}" />
那么,如何在我的身份验证中实现CSRF令牌?
顺便说一句,如果你看到一些改进,请告诉我(我没有做连接部分,只是验证,暂时)。
由于