add optional rendering of the anti forgery field

master
Josha von Gizycki 5 years ago
parent 727478a81b
commit ea8f2d7052

@ -1,4 +1,4 @@
(defproject joshavg/formulare "0.5.0-SNAPSHOT"
(defproject joshavg/formulare "0.6.0"
:description "Forms hiccup style"
:url "https://gitea.heevyis.ninja/josha/formulare.git"
:scm {:name "git" :url "https://gitea.heevyis.ninja/josha/formulare.git"}

@ -49,8 +49,8 @@
(:fields form-def)))
(spec/fdef form-data
:args (spec/cat :form-def ::form :req map?)
:ret map?)
:args (spec/cat :form-def ::form :req map?)
:ret map?)
(spectest/instrument `form-data)
(defn form-specs-valid? [form-def req]
@ -63,14 +63,14 @@
(defn field-specs-valid? [form-def req]
(reduce-kv
(fn [result field field-def]
(if-let [field-spec (:spec field-def)]
(if (spec/valid? field-spec (get-in req [:params field]))
true
(reduced false))
result))
true
(:fields form-def)))
(fn [result field field-def]
(if-let [field-spec (:spec field-def)]
(if (spec/valid? field-spec (get-in req [:params field]))
true
(reduced false))
result))
true
(:fields form-def)))
(defn valid? [form-def req]
(let [data (form-data form-def req)]
@ -78,8 +78,8 @@
(form-specs-valid? form-def req))))
(spec/fdef valid?
:args (spec/cat :form-def ::form :req map?)
:ret map?)
:args (spec/cat :form-def ::form :req map?)
:ret map?)
(spectest/instrument `valid?)
(def ^:dynamic *row-theme* theme/row)
@ -94,7 +94,7 @@
(def ^:dynamic *hidden-widget-theme* theme/hidden-widget)
(defn widget-markup [values req validate? [id def]]
(let [{:keys [spec widget options to-form]} def
(let [{:keys [spec widget to-form]} def
value ((or to-form identity) (id values))
req-value (get-in req [:params id])
renderer (case widget
@ -118,29 +118,49 @@
(= (form-hash form-def values)
(get-in req [:params :__form-hash])))
(defn render-widgets [form-def values req]
(let [validate? (validate? form-def values req)
form-errors (when (and validate?
(not (form-specs-valid? form-def
req)))
(*form-error-theme* form-def req))
widget-mapper (partial widget-markup values req validate?)
defined-widgets (map widget-mapper (:fields form-def))
hash-field (hform/hidden-field "__form-hash"
(form-hash form-def values))
all-widgets (conj defined-widgets
hash-field
(anti-forgery-field))]
(if form-errors
(concat (if (sequential? form-errors)
form-errors
[form-errors])
all-widgets)
all-widgets)))
(defn render-widgets
([form-def values req]
(render-widgets form-def values req
{:render-anti-forgery-field? true}))
([form-def values req {raff? :render-anti-forgery-field?}]
(let [validate? (validate? form-def values req)
form-errors (when (and validate?
(not (form-specs-valid? form-def
req)))
(*form-error-theme* form-def req))
widget-mapper (partial widget-markup values req validate?)
defined-widgets (map widget-mapper (:fields form-def))
hash-field (hform/hidden-field "__form-hash"
(form-hash form-def values))
all-widgets (conj defined-widgets
hash-field)
all-widgets (if raff?
(conj all-widgets (anti-forgery-field))
all-widgets)]
(if form-errors
(concat (if (sequential? form-errors)
form-errors
[form-errors])
all-widgets)
all-widgets))))
(spec/def ::render-anti-forgery-field?
#(boolean? (boolean %)))
(spec/def ::options-map
(spec/keys :req-un
[::render-anti-forgery-field?]))
(spec/fdef render-widgets
:args (spec/cat :form-def ::form
:values (spec/or :no-values nil?
:values map?)
:req map?))
:args (spec/or :three-params
(spec/cat :form-def ::form
:values (spec/or :no-values nil?
:values map?)
:req map?)
:four-params
(spec/cat :form-def ::form
:values (spec/or :no-values nil?
:values map?)
:req map?
:options ::options-map)))
(spectest/instrument `render-widgets)

@ -238,7 +238,16 @@
first)
input-attrs (second rendered-input)]
(contains? input-attrs :autofocus)
(is (= true (:autofocus input-attrs))))))
(is (= true (:autofocus input-attrs)))))
(testing "render-anti-forgery-field"
(testing "default is true"
(let [def {:fields {:foo-id {}}}
rendered-input (-> (render-widgets def {} {})
first)]
(is (string? rendered-input))
(is (starts-with? rendered-input "<input id=\"__anti-forgery-token"))
(is (clojure.string/includes? rendered-input
"name=\"__anti-forgery-token\""))))))
(deftest to-form-is-used
(testing "data passed to fo-form is taken from values"

Loading…
Cancel
Save