Fixed bug where CSRF-tokens are not replaced in cached forms.

- A bug was discovered where cached forms always would contain the same CSRF-token. This would prevent the hidden token from being replaced, resulting in CSRF-errors in WebComponent on every POST-request.

layouts/form/layout.bootstrap.latte

@@ -27,7 +27,7 @@
                             <small class="text-danger">{$field->getErrors()|implode}</small>
                         {/if}
                     </div>
-                {case "FuzeWorks\Forms\Fields\RadioField"}
+                {case "FuzeWorks\Forms\Fields\RadioField", "FuzeWorks\Forms\Fields\SelectField"}
                     {$field|noescape}
                 {default}
                     <div class="form-group">

src/FuzeWorks/Forms/Fields/RadioField.php

@@ -75,6 +75,9 @@ class RadioField extends Field
      */
     public function addOptions(array $options): self
     {
+        if (!$this->_isAssoc($options))
+            throw new InputException("Could not add options. Options must be provided as an associative array [name => label]");
+
         foreach ($options as $key => $val)
             $this->addOption($key, $val);
 
@@ -134,4 +137,16 @@ class RadioField extends Field
         $out .= "</div>";
         return $out;
     }
+
+    /**
+     * Internal method for addOptions()
+     *
+     * @param array $arr
+     * @return bool
+     */
+    private function _isAssoc(array $arr): bool
+    {
+        if (array() === $arr) return false;
+        return array_keys($arr) !== range(0, count($arr) - 1);
+    }
 }

src/FuzeWorks/Forms/Fields/SelectField.php

@@ -0,0 +1,79 @@
+<?php
+/**
+ * FuzeWorks Forms Library
+ *
+ * The FuzeWorks PHP FrameWork
+ *
+ * Copyright (C) 2013-${YEAR} i15
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * @author    i15
+ * @copyright Copyright (c) 2013 - ${YEAR}, i15. (http://i15.nl)
+ * @license   https://opensource.org/licenses/MIT MIT License
+ *
+ * @link  https://i15.nl
+ * @since Version 1.3.0
+ *
+ * @version Version 1.3.0
+ */
+
+namespace FuzeWorks\Forms\Fields;
+
+class SelectField extends RadioField
+{
+
+    protected int $size = 0;
+
+    /**
+     * Set the number of visible options of the drop-down list.
+     *
+     * @param int $size
+     * @return $this
+     */
+    public function size(int $size): SelectField
+    {
+        $this->size = $size;
+        return $this;
+    }
+
+    public function generateHtml(): string
+    {
+        $id = "id='".$this->getId()."'";
+        $name = "name='".$this->getName()."'";
+        $label = $this->getLabel();
+        $lock = $this->lock ? "disabled" : "";
+        $class = "class='".implode(" ", $this->classNames)."'";
+        $required = !$this->optional ? "required" : "";
+        $size = $this->size == 0 ? "" : "size='".$this->size."'";
+
+        $out = "<div $class>";
+        $out .= "<label for='$name'>$label</label>";
+        $out .= "<select class='form-control' $name $id $lock $required $size>";
+        foreach ($this->options as $key => $val)
+        {
+            $selected = $key === $this->value ? "selected" : "";
+            $out .= "<option value='$key' $selected>" . $val . "</option>";
+        }
+
+        $out .= "</select></div>";
+        return $out;
+    }
+
+}

src/FuzeWorks/Forms/Forms.php

@@ -43,6 +43,7 @@ use FuzeWorks\Logger;
 use FuzeWorks\ObjectStorage\ObjectStorageCache;
 use FuzeWorks\ObjectStorage\ObjectStorageComponent;
 use FuzeWorks\Priority;
+use FuzeWorks\Security;
 
 class Forms implements iLibrary
 {
@@ -98,7 +99,19 @@ class Forms implements iLibrary
         if ($cache->has($key))
         {
             Logger::log("Returning cached Form '".$name."'");
-            return $cache->get($key);
+
+            /** @var Form $form */
+            $form = $cache->get($key);
+            $csrf = $form->getCsrfField();
+            if (!is_null($csrf))
+            {
+                /** @var Security $security */
+                $security = Factory::getInstance("security");
+                $hash = $security->get_csrf_hash();
+                $csrf->setValue($hash);
+            }
+
+            return $form;
         }
 
         // Otherwise, create the form

test/base/LibraryTest.php

@@ -34,6 +34,7 @@
  * @version Version 1.3.0
  */
 
+use FuzeWorks\Forms\Fields\HiddenField;
 use FuzeWorks\Forms\Form;
 use FuzeWorks\Forms\Forms;
 use PHPUnit\Framework\TestCase;
@@ -84,4 +85,34 @@ class LibraryTest extends TestCase
         $this->assertSame($form, $form2);
     }
 
+    /**
+     * @depends testGetCachedForm
+     */
+    public function testGetCachedFormCsrfChange()
+    {
+        /** @var \FuzeWorks\Security $security */
+        $security = \FuzeWorks\Factory::getInstance("security");
+        $hash = $security->get_csrf_hash();
+
+        $form = $this->forms->getCachedForm(function (Form $form) {
+            return $form;
+        }, 'testGetCachedFormCsrfChange', 'testLabel');
+
+        $csrfField = $form->getCsrfField();
+        $this->assertInstanceOf(HiddenField::class, $csrfField);
+        $this->assertEquals($hash, $csrfField->getValue());
+
+        // Now change the hash
+        $security->csrf_regenerate();
+        $newHash = $security->get_csrf_hash();
+        $this->assertNotEquals($hash, $newHash);
+
+        // Regenerate the form
+        $newForm = $this->forms->getCachedForm(function (Form $form) {
+            return $form;
+        }, 'testGetCachedFormCsrfChange', 'testLabel');
+        $csrfField = $newForm->getCsrfField();
+        $this->assertEquals($newHash, $csrfField->getValue());
+    }
+
 }

test/fields/EmailFieldTest.php

@@ -0,0 +1,87 @@
+<?php
+/**
+ * FuzeWorks Forms Library
+ *
+ * The FuzeWorks PHP FrameWork
+ *
+ * Copyright (C) 2013-2023 i15
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * @author    i15
+ * @copyright Copyright (c) 2013 - 2023, i15. (http://i15.nl)
+ * @license   https://opensource.org/licenses/MIT MIT License
+ *
+ * @link  https://i15.nl
+ * @since Version 1.3.0
+ *
+ * @version Version 1.3.0
+ */
+
+use FuzeWorks\Forms\Fields\EmailField;
+use PHPUnit\Framework\TestCase;
+
+class EmailFieldTest extends TestCase
+{
+
+    public function testFoundation()
+    {
+        $stub = $this->getMockForAbstractClass(EmailField::class, ["testName"]);
+        $this->assertEquals('testName', $stub->getName());
+        $this->assertInstanceOf(EmailField::class, $stub);
+    }
+
+    /**
+     * @depends testFoundation
+     */
+    public function testBase()
+    {
+        // Generate the field
+        $field = new EmailField("testName");
+        $field->setFormName("testForm");
+
+        // Assert expected returns
+        $html = $field->generateHtml();
+        $this->assertTrue(str_starts_with($html, "<input "));
+        $this->assertTrue(str_ends_with($html, ">"));
+        $this->assertTrue(str_contains($html, "type='email'"));
+        $this->assertTrue(str_contains($html, "name='testName'"));
+        $this->assertTrue(str_contains($html, "id='testForm_testName'"));
+    }
+
+    /**
+     * @depends testBase
+     */
+    public function testValidator()
+    {
+        // Generate a basic field
+        $field = new EmailField("testName");
+        $field->setFormName("testForm");
+
+        // Set a value that is not an email
+        $field->setValue("totallynot#an_email");
+        $this->assertFalse($field->validate());
+        $this->assertEquals(['TestName is not a valid email address.'], $field->getErrors());
+
+        // Set a value that is valid
+        $field->setValue("name@example.com");
+        $this->assertTrue($field->validate());
+        $this->assertEmpty($field->getErrors());
+    }
+}

test/fields/TextFieldTest.php

@@ -0,0 +1,172 @@
+<?php
+/**
+ * FuzeWorks Forms Library
+ *
+ * The FuzeWorks PHP FrameWork
+ *
+ * Copyright (C) 2013-2023 i15
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * @author    i15
+ * @copyright Copyright (c) 2013 - 2023, i15. (http://i15.nl)
+ * @license   https://opensource.org/licenses/MIT MIT License
+ *
+ * @link  https://i15.nl
+ * @since Version 1.3.0
+ *
+ * @version Version 1.3.0
+ */
+
+use FuzeWorks\Forms\Fields\TextField;
+use PHPUnit\Framework\TestCase;
+
+class TextFieldTest extends TestCase
+{
+
+    public function testFoundation()
+    {
+        $stub = $this->getMockForAbstractClass(TextField::class, ["testName"]);
+        $this->assertEquals('testName', $stub->getName());
+        $this->assertInstanceOf(TextField::class, $stub);
+    }
+
+    /**
+     * @depends testFoundation
+     */
+    public function testBase()
+    {
+        // Generate the field
+        $field = new TextField("testName");
+        $field->setFormName("testForm");
+
+        // Assert expected returns
+        $html = $field->generateHtml();
+        $this->assertTrue(str_starts_with($html, "<input "));
+        $this->assertTrue(str_ends_with($html, ">"));
+        $this->assertTrue(str_contains($html, "type='text'"));
+        $this->assertTrue(str_contains($html, "name='testName'"));
+        $this->assertTrue(str_contains($html, "id='testForm_testName'"));
+    }
+
+    /**
+     * @depends testBase
+     */
+    public function testBlankValidate()
+    {
+        // Generate a blank TextField
+        $field = new TextField("testName");
+        $field->setFormName("testForm");
+
+        // And enter an answer
+        $field->setValue("Hello World");
+
+        // Run a validation
+        $this->assertTrue($field->validate());
+        $this->assertTrue($field->isValidated());
+        $this->assertTrue($field->isValid());
+    }
+
+    /**
+     * @depends testBlankValidate
+     */
+    public function testEmptyValidate()
+    {
+        // Generate a blank TextField
+        $field = new TextField("testName");
+        $field->setFormName("testForm");
+
+        // Run a validation
+        $this->assertFalse($field->validate());
+        $this->assertTrue($field->isValidated());
+        $this->assertFalse($field->isValid());
+
+        // And check for the empty error
+        $this->assertEquals(['TestName may not be empty.'], $field->getErrors());
+    }
+
+    /**
+     * @depends testBlankValidate
+     */
+    public function testMinMaxLength()
+    {
+        // Generate a field with a minLength and a maxLength
+        $field = new TextField("testName");
+        $field->setFormName("testForm");
+        $field->minLength(16);
+        $field->maxLength(24);
+
+        // Generate the html and verify the minlength and maxlength
+        $html = $field->generateHtml();
+        $this->assertTrue(str_contains($html, "minlength='16'"));
+        $this->assertTrue(str_contains($html, "maxlength='24'"));
+
+        // First test a value that's too short
+        $field->setValue("Hello");
+        $this->assertFalse($field->validate());
+        $this->assertEquals(['TestName must at least be 16 characters.'], $field->getErrors());
+
+        // Then test a value that's too long
+        $field->setValue("What is the meaning of life?");
+        $this->assertFalse($field->validate());
+        $this->assertEquals(['TestName exceeds maximum length of 24 characters.'], $field->getErrors());
+
+        // And test a value that is just right
+        $field->setValue("Great deal buckaroo");
+        $this->assertTrue($field->validate());
+        $this->assertEmpty($field->getErrors());
+    }
+
+    /**
+     * @depends testBlankValidate
+     */
+    public function testRegex()
+    {
+        // Generate a field with a simple regex
+        $field = new TextField("testName");
+        $field->setFormName("testForm");
+        $field->regex("[a-zA-Z]+\s+[a-zA-Z]+", "Very illegal characters!");
+
+        // First test a value which doesn't match
+        $field->setValue("Hello");
+        $this->assertFalse($field->validate());
+        $this->assertEquals(["Very illegal characters!"], $field->getErrors());
+
+        // Then test with a value which does match
+        $field->setValue("Hello World");
+        $this->assertTrue($field->validate());
+        $this->assertEmpty($field->getErrors());
+    }
+
+    /**
+     * @depends testBlankValidate
+     */
+    public function testPlaceholder()
+    {
+        // Generate a field with a placeholder
+        $field = new TextField("testName");
+        $field->setFormName("testForm");
+        $field->placeholder("Some Text");
+
+        // Generate the HTML
+        $html = $field->generateHtml();
+        $this->assertTrue(str_contains($html, "placeholder='Some Text'"));
+    }
+
+}