add optional rendering of the anti forgery field

5 years ago · ea8f2d7052
parent 727478a81b
commit ea8f2d7052
3 changed files with 67 additions and 38 deletions
--- a/project.clj
+++ b/project.clj
@ -1,4 +1,4 @@
-(defproject joshavg/formulare "0.5.0-SNAPSHOT"
+(defproject joshavg/formulare "0.6.0"
  :description "Forms hiccup style"
  :url "https://gitea.heevyis.ninja/josha/formulare.git"
  :scm {:name "git" :url "https://gitea.heevyis.ninja/josha/formulare.git"}
--- a/src/formulare/core.clj
+++ b/src/formulare/core.clj
@ -49,8 +49,8 @@
          (:fields form-def)))

 (spec/fdef form-data
-  :args (spec/cat :form-def ::form :req map?)
-  :ret map?)
+           :args (spec/cat :form-def ::form :req map?)
+           :ret map?)
 (spectest/instrument `form-data)

 (defn form-specs-valid? [form-def req]
@ -63,14 +63,14 @@

 (defn field-specs-valid? [form-def req]
  (reduce-kv
-   (fn [result field field-def]
-     (if-let [field-spec (:spec field-def)]
-       (if (spec/valid? field-spec (get-in req [:params field]))
-         true
-         (reduced false))
-       result))
-   true
-   (:fields form-def)))
+    (fn [result field field-def]
+      (if-let [field-spec (:spec field-def)]
+        (if (spec/valid? field-spec (get-in req [:params field]))
+          true
+          (reduced false))
+        result))
+    true
+    (:fields form-def)))

 (defn valid? [form-def req]
  (let [data (form-data form-def req)]
@ -78,8 +78,8 @@
         (form-specs-valid? form-def req))))

 (spec/fdef valid?
-  :args (spec/cat :form-def ::form :req map?)
-  :ret map?)
+           :args (spec/cat :form-def ::form :req map?)
+           :ret map?)
 (spectest/instrument `valid?)

 (def ^:dynamic *row-theme* theme/row)
@ -94,7 +94,7 @@
 (def ^:dynamic *hidden-widget-theme* theme/hidden-widget)

 (defn widget-markup [values req validate? [id def]]
-  (let [{:keys [spec widget options to-form]} def
+  (let [{:keys [spec widget to-form]} def
        value ((or to-form identity) (id values))
        req-value (get-in req [:params id])
        renderer (case widget
@ -118,29 +118,49 @@
  (= (form-hash form-def values)
     (get-in req [:params :__form-hash])))

-(defn render-widgets [form-def values req]
-  (let [validate? (validate? form-def values req)
-        form-errors (when (and validate?
-                               (not (form-specs-valid? form-def
-                                                       req)))
-                      (*form-error-theme* form-def req))
-        widget-mapper (partial widget-markup values req validate?)
-        defined-widgets (map widget-mapper (:fields form-def))
-        hash-field (hform/hidden-field "__form-hash"
-                                       (form-hash form-def values))
-        all-widgets (conj defined-widgets
-                          hash-field
-                          (anti-forgery-field))]
-    (if form-errors
-      (concat (if (sequential? form-errors)
-                form-errors
-                [form-errors])
-              all-widgets)
-      all-widgets)))
+(defn render-widgets
+  ([form-def values req]
+   (render-widgets form-def values req
+                   {:render-anti-forgery-field? true}))
+  ([form-def values req {raff? :render-anti-forgery-field?}]
+   (let [validate? (validate? form-def values req)
+         form-errors (when (and validate?
+                                (not (form-specs-valid? form-def
+                                                        req)))
+                       (*form-error-theme* form-def req))
+         widget-mapper (partial widget-markup values req validate?)
+         defined-widgets (map widget-mapper (:fields form-def))
+         hash-field (hform/hidden-field "__form-hash"
+                                        (form-hash form-def values))
+         all-widgets (conj defined-widgets
+                           hash-field)
+         all-widgets (if raff?
+                       (conj all-widgets (anti-forgery-field))
+                       all-widgets)]
+     (if form-errors
+       (concat (if (sequential? form-errors)
+                 form-errors
+                 [form-errors])
+               all-widgets)
+       all-widgets))))
+
+(spec/def ::render-anti-forgery-field?
+  #(boolean? (boolean %)))
+
+(spec/def ::options-map
+  (spec/keys :req-un
+             [::render-anti-forgery-field?]))

 (spec/fdef render-widgets
-  :args (spec/cat :form-def ::form
-                  :values (spec/or :no-values nil?
-                                   :values map?)
-                  :req map?))
+           :args (spec/or :three-params
+                          (spec/cat :form-def ::form
+                                    :values (spec/or :no-values nil?
+                                                     :values map?)
+                                    :req map?)
+                          :four-params
+                          (spec/cat :form-def ::form
+                                    :values (spec/or :no-values nil?
+                                                     :values map?)
+                                    :req map?
+                                    :options ::options-map)))
 (spectest/instrument `render-widgets)
--- a/test/formulare/core_test.clj
+++ b/test/formulare/core_test.clj
@ -238,7 +238,16 @@
                             first)
          input-attrs (second rendered-input)]
      (contains? input-attrs :autofocus)
-      (is (= true (:autofocus input-attrs))))))
+      (is (= true (:autofocus input-attrs)))))
+  (testing "render-anti-forgery-field"
+    (testing "default is true"
+      (let [def {:fields {:foo-id {}}}
+            rendered-input (-> (render-widgets def {} {})
+                               first)]
+        (is (string? rendered-input))
+        (is (starts-with? rendered-input "<input id=\"__anti-forgery-token"))
+        (is (clojure.string/includes? rendered-input
+                                      "name=\"__anti-forgery-token\""))))))

 (deftest to-form-is-used
  (testing "data passed to fo-form is taken from values"