From 3c0179a3b8571b198336f0453e951f13a2e88909 Mon Sep 17 00:00:00 2001
From: "Lampret, Alexander" <alexander.lampret@vamed-medical.com>
Date: Thu, 2 Apr 2020 16:25:10 +0200
Subject: [PATCH] dynamic csrf in login form

---
 src/ZfcUser/Form/Login.php                    | 19 ++++++-------
 .../AuthenticationOptionsInterface.php        | 15 +++++++++++
 src/ZfcUser/Options/ModuleOptions.php         | 27 +++++++++++++++++++
 3 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/src/ZfcUser/Form/Login.php b/src/ZfcUser/Form/Login.php
index c487be1d..50f4ce4d 100644
--- a/src/ZfcUser/Form/Login.php
+++ b/src/ZfcUser/Form/Login.php
@@ -47,16 +47,17 @@ public function __construct($name, AuthenticationOptionsInterface $options)
             ),
         ));
 
-        $this->add([
-            'type' => '\Zend\Form\Element\Csrf',
-            'name' => 'security',
-            'options' => [
-                'csrf_options' => [
-                    'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout()
+        if ($this->getAuthenticationOptions()->getUseLoginFormCsrf()) {
+            $this->add([
+                'type' => '\Zend\Form\Element\Csrf',
+                'name' => 'security',
+                'options' => [
+                    'csrf_options' => [
+                        'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout()
+                    ]
                 ]
-            ]
-        ]);
-        
+            ]);
+        }
         if ($this->getAuthenticationOptions()->getUseLoginFormCaptcha()) {
             $this->add(array(
                 'name' => 'captcha',
diff --git a/src/ZfcUser/Options/AuthenticationOptionsInterface.php b/src/ZfcUser/Options/AuthenticationOptionsInterface.php
index bdaf133f..5c0a6b7d 100644
--- a/src/ZfcUser/Options/AuthenticationOptionsInterface.php
+++ b/src/ZfcUser/Options/AuthenticationOptionsInterface.php
@@ -49,6 +49,21 @@ public function setUseLoginFormCaptcha($useRegistrationFormCaptcha);
      */
     public function getUseLoginFormCaptcha();
     
+    /**
+     * set use a csrf in login form
+     *
+     * @param bool $useRegistrationFormCaptcha
+     * @return ModuleOptions
+     */
+    public function setUseLoginFormCsrf($useLoginFormCsrf);
+    
+    /**
+     * get use a csrf in login form
+     *
+     * @return bool
+     */
+    public function getUseLoginFormCsrf();
+    
     /**
      * set form CAPTCHA options
      *
diff --git a/src/ZfcUser/Options/ModuleOptions.php b/src/ZfcUser/Options/ModuleOptions.php
index 108b8c80..59d47f19 100644
--- a/src/ZfcUser/Options/ModuleOptions.php
+++ b/src/ZfcUser/Options/ModuleOptions.php
@@ -102,6 +102,11 @@ class ModuleOptions extends AbstractOptions implements
      * @var bool
      */
     protected $useLoginFormCaptcha = false;
+    
+    /**
+     * @var bool
+     */
+    protected $useLoginFormCsrf = true;
 
     /**
      * @var int
@@ -499,6 +504,28 @@ public function getUseLoginFormCaptcha()
     {
         return $this->useLoginFormCaptcha;
     }
+    
+    /**
+     * set use a csrf in login form
+     *
+     * @param bool $useRegistrationFormCaptcha
+     * @return ModuleOptions
+     */
+    public function setUseLoginFormCsrf($useLoginFormCsrf)
+    {
+        $this->useLoginFormCsrf = $useLoginFormCsrf;
+        return $this;
+    }
+    
+    /**
+     * get use a csrf in login form
+     *
+     * @return bool
+     */
+    public function getUseLoginFormCsrf()
+    {
+        return $this->useLoginFormCsrf;
+    }
 
     /**
      * set user entity class name