Backbone.js and Symfony2 form validation - symfony

I'm creating a single-page app with backbone.js and symfony2 and I need your opinion on one thing.
For example see this create user action. The request is sent by a backbone model (model.save), and I want to check values on the server side. My question is pretty simple, is it pertinent to use the symfony2 form validation to do this check ?
/**
*
* #Route("/user", defaults={"_format"="json"}, name="create_user")
* #Method({"POST"})
*/
public function createUserAction() {
$request = $this->get('request');
if (0 === strpos($request->headers->get('Content-Type'), 'application/json')) {
$data = json_decode($request->getContent(), true);
$request->request->replace(is_array($data) ? $data : array());
}
$entity = new User();
$form = $this->createForm(new UserType(), $entity);
$form->bind($request);
...
}
If yes, how can I do that? Backbone sends JSON request body whereas bind method of Symfony2 form object only accepts URL encoding. I've already tried to use urlencode function without success.

Yes it is pertinent, you should always do server side validation. My question is where is your content variable coming from? I don't see it being assigned in the above code.

You could use FOSRestBundle. It has a "body listener", which will decode request body, and let you bind you form with a request that had a json body.
You can learn more about this feature in the FOSRestBundle documentation.

Related

Transform GET parameters to clean URL

I use Datatables on fronted to send GET parameters to my Silex application.
Datatables send GET parameters of that type:
champs_societes%5B%5D=naf&zone-geographique=ville&effectif%5B%5D=eff_1a9&effectif%5B%5D=eff_10a19&effectif
%5B%5D=eff_20a49&effectif%5B%5D=eff_plus5000&ca%5B%5D=10k-50k&ca%5B%5D=50k-100k&ca%5B%5D=1kk-2kk&ca%5B
%5D=2kk-5kk&champs_societes%5B%5D=capital_int&fondation%5Bmin%5D=&fondation%5Bmax%5D=&champs_societes
%5B%5D=siren&champs_societes%5B%5D=siret&champs_societes%5B%5D=nature&nature%5B%5D=Etablissement&champs_societes
%5B%5D=formejur&champs_societes%5B%5D=emailg&champs_contacts%5B%5D=emailn&ac_formejur=Artisan-Commer
%C3%A7ant%2CBanque+Populaire%2FLoi+Mars+1917%2CCoop.+%C3%80+Responsabilit%C3%A9+Limit%C3%A9e&ac_naf=0113Z
%2C0121Z%2C0126Z%2C0130Z&ac_departements=14%2C50%2C61%2C68%2C03&ac_villes=77330%2C77680%2C77340&ac_fonction
=Assistant%2CCharg%C3%A9+D'Affaires%2CContr%C3%B4leur+De+Gestion%2CDirecteur+%2F+Responsable
I there a way to genereate a clean URL from this chain ? Ideally by using the Symfony/Silex routing.
Thanks for help
EDIT
I get the GET params above with Request:
$app->post('/ajax/formprocess', function (Request $request) use ($app) {
$df = new Filtres( $request->request->get('dataForm') );
$filtroAdd = $df->getRequest();
I would try with Request class first
Request class from HttpFoundation component (default in Symfony, not sure about Silex as I never used it)
/**
* #param \Symfony\Component\HttpFoundation\Request $request
*/
public function someAction(Request $request)
{
$request->getSchemeAndHttpHost();
$request->getBasePath();
$request->getQueryString(); // this will be the most helpful in your case
// access what you need and build normalized url
}
You should be able to build clean normalized url
Edit, solution for parsing query parameter string to array
$queryParameters = 'query parameters as string to be parsed';
$output = [];
parse_str($queryParameters, $queryParameters);
print_r($queryParameters);
http://php.net/manual/en/function.parse-str.php

what is the role of handle request in symfony form

I'm using FormBuilderInterface , to create my form, so i find that i can validate my form using the function isvalid() , i have an issue with handleRequest($request) ,i did't understand what is the role of it.
here is my code :
function ajout2Action()
{
$client= new \Esprit\PiBundle\Entity\Client();
$formv= new \Esprit\PiBundle\Form\ClientType();
$form= $this->createForm($formv,$client);
$request = $this->get('request');
if($form->handleRequest($request)->isValid())
{
$em=$this->getDoctrine()->getManager();
$em->persist($client);
$em->flush();
}
thank you for your help .
straight from the docs its used to process the form data
it takes the POST’ed data from the previous request, processes it, and runs any validation (checks integrity of expected versus received data). it only does this for POST requests
read more

symfony crud simple request

i'm trying to do a simple add without the form generated by doctrine
$mail = new Subscription();
$request = $this->getRequest();
if ($request->getMethod() == "POST") {
$em = $this->getDoctrine()->getManager();
$samplees = $request->get("samplees");
$mail->setEmail($samplees);
$em->persist($mail);
$em->flush();
return $this->redirect($this->generateUrl('user_homepage'));
}
First of all, Doctrine2 will not handle any form facility (nor creation neither data binding process): the whole process is up to symfony and its form bundle.
That said, if you need to retrieve a posted data you need to modify
$samplees = $request->get("samplees");
into
$samplees = $request->request->get("samplees");
This because $request is the whole Request object (so, basically, it will handle also get parameters [$request->query->get(...)] just to say one of the functionalities)

CSRF Token from the controller

I have a controller getting a form posted.
public function myPostAction(Request $request)
{
$form = $this->createForm('my_form', $my_object);
$form->handleRequest($request);
#...
I can see my CSRF token posted as parameter
my_form[_token] => lH38HTm5P0Cv3TOc4-9xi2COx-cZ670mpJ_36gR8ccI
I simply need to read it
$form->get('_token')
This tells me
Child "_token" does not exist.
How can I get this token ?
Here is the workaround I'm going to use meanwhile:
$token = $request->get($form->getName())['_token'];
I also noticed by chance that the intention used to generate the token is the form name
$csrf = $this->get('form.csrf_provider');
$intention = $form->getName();
$token = $csrf->generateCsrfToken($intention);
Like #Pierre de LESPINAY said, it is possible to do it by retrieving Token Manager service.
This service can also be injected in your constructor like that :
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
...
public function __construct(CsrfTokenManagerInterface $tokenManager)
{
$this->tokenManager = $tokenManager;
}
And used later like previously demonstrated :
$token = $this->tokenManager->getToken('myformname')->getValue();
You can get it with:
$request->request->get('my_form[_token]');
If you didn't disable CSRF-protection it will be applied and validated automatically and you don't need to check it by self.

handleRequest($request) does not work for "GET" method in Symfony 2

I am a noobie in Symfony2. The handleRequest() function does not work for "GET" method whereas same code works fine for "POST".
public function addAction(Request $request){
$std = new Student();
$form = $this->createForm(new StudentForm, $std,
array( 'method'=>'GET'));
$form->handleRequest($request);
if($form->isSubmitted()){
$std= $form->getData();
$em= $this->getDoctrine()->getManager();
$em->persist($std);
$em->flush();
return $this->render('target.twig');
}
return $this->render('target twig',
array('newStdForm'=> $form->createView(),));
}
The above code is not working but if I change 'method':'GET' to 'method':'POST', then it works fine.
Specify the form's method in the StudentForm class's buildForm method. Therefore, handleRequest will be able to grab the GET parameters.
class StudentForm
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
// ...
$builder->setMethod('GET');
}
}
I think it is because in POST requests, parameters are passed in the body of the HTTP request. And that handleRequest looks for those values inside the body of the request. But in a GET request, parameters are passed in the url directly. So I think that is why the handling doesn't work.
Usually we use GET to fetch a page or url and a POST to send info to server.
Are you sure your twig template is correct?
I faced this issue today.
Pierre Roland's answer is partially correct for the current version.
I checked the default "HttpFoundationRequestHandler" which is called in "handleRequest".
An explicit GET form will be considered "submitted" if:
the form has no name (if you use a form class for example).
the request query contains a parameter with the form's name.

Resources