CODEWITHSUNDEEP
unit-testingsymfonycodeceptionfosrestbundlesymfony-forms
Xero
Xero

Reputation: 4175

Symfony - CSRF token is invalid - FosRestBundle

I'm using Symfony and FosRestBundle.

When I want to simply test my rest api, I got this :

The CSRF token is invalid. Please try to resubmit the form.

/**
     * @example ["titre", "short description", "description", "2016-10-10", 200, "with complete data"]
     * @example ["titre", "short description", "description", "2016-10-31", 200, "with complete data"]
     */
    public function editNewsTest(ApiTester $I, Example $example)
    {

        $I->wantTo('edit a news (' . $example[5] . ')');
        $I->haveHttpHeader('Content-Type', 'application/json');
        $I->sendPUT('/news', ['title' => $example[0], 'shortDescription' => $example[1], 'description' => $example[2], 'date' => $example[3]]);
        $I->seeResponseCodeIs($example[4]); // 200
        $I->seeResponseIsJson();

    }

Here my FosRestBundle configuration :

#FOSRestBundle
fos_rest:
    service:
        inflector: appbundle.util.inflector
    param_fetcher_listener: force
    body_listener:
        array_normalizer: fos_rest.normalizer.camel_keys
    format_listener: true
    view:
        view_response_listener: 'force'
        formats:
            json : true
        templating_formats:
            html: true
        force_redirects:
            html: true
        failed_validation: HTTP_BAD_REQUEST
        default_engine: twig
    routing_loader:
         default_format: json
         include_format: false
    serializer:
        serialize_null: true
    access_denied_listener:
        json: true
    exception:
        enabled: true
        messages:
            Symfony\Component\HttpKernel\Exception\BadRequestHttpException: true
    disable_csrf_role: IS_AUTHENTICATED_ANONYMOUSLY

Upvotes: 1

Views: 784

Answers (2)

Xero
Xero

Reputation: 4175

I was not authenticated, cause my security.yml look this :

dev:
    pattern: ^/
    security: false

I change that, and add a new firewall

dev:
    pattern: ^/(_(profiler|wdt)|css|images|js)/
    security: false

test:
    anonymous: ~
    pattern: ^/

Now with this in config.yml :

   disable_csrf_role: IS_AUTHENTICATED_ANONYMOUSLY

It's working.

Thanks to Martin, for helping

Upvotes: 0

martin
martin

Reputation: 96899

That's correct if you validate the request data as a Symfony Form. With $I->sendPUT(...) you're not sending any CSRF token that's why it gives you the error.

You can disable CSRF with FOSRestBundle for specific roles, see http://symfony.com/doc/current/bundles/FOSRestBundle/2-the-view-layer.html#csrf-validation

The other option is to send also the CSRF token of course.

Upvotes: 1

Related Questions