dynamic csrf in login form

ZF-Commons · Apr 2, 2020 · 3c0179a · 3c0179a
1 parent 6d77efe
commit 3c0179a
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 9 deletions.
diff --git a/src/ZfcUser/Form/Login.php b/src/ZfcUser/Form/Login.php
@@ -47,16 +47,17 @@ public function __construct($name, AuthenticationOptionsInterface $options)
             ),
         ));
 
-        $this->add([
-            'type' => '\Zend\Form\Element\Csrf',
-            'name' => 'security',
-            'options' => [
-                'csrf_options' => [
-                    'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout()
+        if ($this->getAuthenticationOptions()->getUseLoginFormCsrf()) {
+            $this->add([
+                'type' => '\Zend\Form\Element\Csrf',
+                'name' => 'security',
+                'options' => [
+                    'csrf_options' => [
+                        'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout()
+                    ]
                 ]
-            ]
-        ]);
-
+            ]);
+        }
         if ($this->getAuthenticationOptions()->getUseLoginFormCaptcha()) {
             $this->add(array(
                 'name' => 'captcha',

diff --git a/src/ZfcUser/Options/AuthenticationOptionsInterface.php b/src/ZfcUser/Options/AuthenticationOptionsInterface.php
@@ -49,6 +49,21 @@ public function setUseLoginFormCaptcha($useRegistrationFormCaptcha);
      */
     public function getUseLoginFormCaptcha();
 
+    /**
+     * set use a csrf in login form
+     *
+     * @param bool $useRegistrationFormCaptcha
+     * @return ModuleOptions
+     */
+    public function setUseLoginFormCsrf($useLoginFormCsrf);
+
+    /**
+     * get use a csrf in login form
+     *
+     * @return bool
+     */
+    public function getUseLoginFormCsrf();
+
     /**
      * set form CAPTCHA options
      *

diff --git a/src/ZfcUser/Options/ModuleOptions.php b/src/ZfcUser/Options/ModuleOptions.php
@@ -102,6 +102,11 @@ class ModuleOptions extends AbstractOptions implements
      * @var bool
      */
     protected $useLoginFormCaptcha = false;
+
+    /**
+     * @var bool
+     */
+    protected $useLoginFormCsrf = true;
 
     /**
      * @var int
@@ -499,6 +504,28 @@ public function getUseLoginFormCaptcha()
     {
         return $this->useLoginFormCaptcha;
     }
+
+    /**
+     * set use a csrf in login form
+     *
+     * @param bool $useRegistrationFormCaptcha
+     * @return ModuleOptions
+     */
+    public function setUseLoginFormCsrf($useLoginFormCsrf)
+    {
+        $this->useLoginFormCsrf = $useLoginFormCsrf;
+        return $this;
+    }
+
+    /**
+     * get use a csrf in login form
+     *
+     * @return bool
+     */
+    public function getUseLoginFormCsrf()
+    {
+        return $this->useLoginFormCsrf;
+    }
 
     /**
      * set user entity class name