1. 首頁
  2. 問答
  3. API Rest「CSRF令牌無效,請嘗試重新提交表單。」

API Rest「CSRF令牌無效,請嘗試重新提交表單。」

2017-08-07 299 views
1

我期待將FOS Rest Bundle和FOS User Bundle結合到我的API應用程序中來註冊新用戶。問題是:API Rest「CSRF令牌無效,請嘗試重新提交表單。」

  • 不能發現用戶註冊最佳做法API休息
  • 無法使用FOS用戶註冊類型註冊用戶,拿到400「的CSRF令牌無效請求無效,請嘗試。重新提交表格。「

我該如何解決這些問題?

我的帖子正文

{ 
    "firstname": "xxx", 
    "lastname": "xxx", 
    "email":"[email protected]", 
    "username":"xxx", 
    "plainPassword":{ 
     "first":"xxx", 
     "second":"xxx" 
    } 
}

響應

{ 
    "errors": [ 
     "The CSRF token is invalid. Please try to resubmit the form." 
    ], 
    "children": { 
     "email": {}, 
     "username": {}, 
     "plainPassword": { 
      "children": { 
       "first": {}, 
       "second": {} 
      } 
     }, 
     "firstname": {}, 
     "lastname": {} 
    } 
}

用戶類型表

class UserType extends AbstractType 
    { 
     /** 
     * @inheritDoc 
     */ 
     public function buildForm(FormBuilderInterface $builder, array $options) 
     { 
      $builder 
       ->add('firstname') 
       ->add('lastname'); 
     } 

     public function configureOptions(OptionsResolver $resolver) 
     { 
      $resolver->setDefaults([ 
       'crsf_protection' => false, 
       'csrf_token_id' => null, 
       'data_class' => 'TM\UserBundle\Document\User' 
      ]); 
     } 

     public function getParent() 
     { 
      return 'FOS\UserBundle\Form\Type\RegistrationFormType'; 

      // Or for Symfony < 2.8 
      // return 'fos_user_registration'; 
     } 
    }

該控制器

class UserController extends FOSRestController 
{ 
    /** 
    * @Rest\Post("/register") 
    * @param Request $request 
    * @return null|Response 
    */ 
    public function postUserAction(Request $request) 
    { 
     /** @var $formFactory FormFactory */ 
     $formFactory = $this->get('form.factory'); 
     /** @var $userManager UserManagerInterface */ 
     $userManager = $this->get('fos_user.user_manager'); 
     /** @var $dispatcher EventDispatcherInterface */ 
     $dispatcher = $this->get('event_dispatcher'); 

     $user = $userManager->createUser(); 
     $user->setEnabled(true); 

     $event = new GetResponseUserEvent($user, $request); 
     $dispatcher->dispatch(FOSUserEvents::REGISTRATION_INITIALIZE, $event); 

     if (null !== $event->getResponse()) { 
      return $event->getResponse(); 
     } 

     $form = $formFactory->create(UserType::class, $user); 

     $form->submit($request->request->all()); 

     if ($form->isValid()) { 
      $event = new FormEvent($form, $request); 
      $dispatcher->dispatch(FOSUserEvents::REGISTRATION_SUCCESS, $event); 

      $userManager->updateUser($user); 

      if (null === $response = $event->getResponse()) { 
       $url = $this->generateUrl('fos_user_registration_confirmed'); 
       $response = new RedirectResponse($url); 
      } 

      $dispatcher->dispatch(FOSUserEvents::REGISTRATION_COMPLETED, new FilterUserResponseEvent($user, $request, $response)); 

      $view = $this->view(array('token' => $this->get("lexik_jwt_authentication.jwt_manager")->create($user)), Response::HTTP_CREATED); 

      return $this->handleView($view); 
     } 

     $view = $this->view($form, Response::HTTP_BAD_REQUEST); 
     return $this->handleView($view); 
    } 
}

來源

2017-08-07 Liogate

回答

1

因爲你很可能需要全線禁用CSRF,特別是如果你的API通過形式直接處理數據的API(這我會建議你做的如何)。

你可以找到這個在這裏一個聰明的解決方案:https://stackoverflow.com/a/9888593/4620798

你的具體情況,我想你可能需要刪除csrf_token_id,因爲它可能儘管你可以提交null值告訴表格反正禁用它?

另外,如果您將Angular2或任何其他「現代」前端框架用作消費者,您最終可能會遇到PREFLIGHT問題。如果/當你這樣做時也有解決方案:)

來源

2017-08-07 22:04:58

相關問題

 相關問題