EZP-25482: Fix exception with CSRF protection disabled

ezsystems · Feb 23, 2016 · 3362f0d · 3362f0d
1 parent d4409aa
commit 3362f0d
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 3 deletions.
diff --git a/ApplicationConfig/Providers/SessionInfo.php b/ApplicationConfig/Providers/SessionInfo.php
@@ -29,7 +29,7 @@ class SessionInfo implements Provider
 
     public function __construct(
         SessionInterface $session,
-        CsrfTokenManagerInterface $csrfTokenManager,
+        CsrfTokenManagerInterface $csrfTokenManager = null,
         $csrfTokenIntention,
         RouterInterface $router
     ) {
@@ -46,11 +46,14 @@ public function getConfig()
             $sessionInfo['isStarted'] = true;
             $sessionInfo['name'] = $this->session->getName();
             $sessionInfo['identifier'] = $this->session->getId();
-            $sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
             $sessionInfo['href'] = $this->generateUrl(
                 'ezpublish_rest_deleteSession',
                 ['sessionId' => $this->session->getId()]
             );
+
+            if ($this->csrfTokenManager instanceof CsrfTokenManagerInterface) {
+                $sessionInfo['csrfToken'] = $this->csrfTokenManager->getToken($this->csrfTokenIntention)->getValue();
+            }
         }
 
         return $sessionInfo;

diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -60,7 +60,7 @@ services:
         class: %ezsystems.platformui.application_config.provider.session_info.class%
         arguments:
             - @session
-            - @security.csrf.token_manager
+            - @?security.csrf.token_manager
             - %ezpublish_rest.csrf_token_intention%
             - @router
         tags:

diff --git a/Tests/ApplicationConfig/Providers/SessionInfoTest.php b/Tests/ApplicationConfig/Providers/SessionInfoTest.php
@@ -32,6 +32,26 @@ public function testGetConfig()
         );
     }
 
+    public function testGetConfigWithoutTokenManager()
+    {
+        $provider = new SessionInfo(
+            $this->createSession(),
+            null,
+            'intention',
+            $this->getRouterMock('/api/ezp/v2/user/sessions/the_session_id')
+        );
+
+        self::assertEquals(
+            [
+                'isStarted' => true,
+                'name' => 'the_session_name',
+                'identifier' => 'the_session_id',
+                'href' => '/api/ezp/v2/user/sessions/the_session_id',
+            ],
+            $provider->getConfig()
+        );
+    }
+
     /**
      * @return \Symfony\Component\HttpFoundation\Session\SessionInterface|\PHPUnit_Framework_MockObject_MockObject
      */