add optional rendering of the anti forgery field

master
Josha von Gizycki 5 years ago
parent 727478a81b
commit ea8f2d7052

@ -1,4 +1,4 @@
(defproject joshavg/formulare "0.5.0-SNAPSHOT" (defproject joshavg/formulare "0.6.0"
:description "Forms hiccup style" :description "Forms hiccup style"
:url "https://gitea.heevyis.ninja/josha/formulare.git" :url "https://gitea.heevyis.ninja/josha/formulare.git"
:scm {:name "git" :url "https://gitea.heevyis.ninja/josha/formulare.git"} :scm {:name "git" :url "https://gitea.heevyis.ninja/josha/formulare.git"}

@ -94,7 +94,7 @@
(def ^:dynamic *hidden-widget-theme* theme/hidden-widget) (def ^:dynamic *hidden-widget-theme* theme/hidden-widget)
(defn widget-markup [values req validate? [id def]] (defn widget-markup [values req validate? [id def]]
(let [{:keys [spec widget options to-form]} def (let [{:keys [spec widget to-form]} def
value ((or to-form identity) (id values)) value ((or to-form identity) (id values))
req-value (get-in req [:params id]) req-value (get-in req [:params id])
renderer (case widget renderer (case widget
@ -118,7 +118,11 @@
(= (form-hash form-def values) (= (form-hash form-def values)
(get-in req [:params :__form-hash]))) (get-in req [:params :__form-hash])))
(defn render-widgets [form-def values req] (defn render-widgets
([form-def values req]
(render-widgets form-def values req
{:render-anti-forgery-field? true}))
([form-def values req {raff? :render-anti-forgery-field?}]
(let [validate? (validate? form-def values req) (let [validate? (validate? form-def values req)
form-errors (when (and validate? form-errors (when (and validate?
(not (form-specs-valid? form-def (not (form-specs-valid? form-def
@ -129,18 +133,34 @@
hash-field (hform/hidden-field "__form-hash" hash-field (hform/hidden-field "__form-hash"
(form-hash form-def values)) (form-hash form-def values))
all-widgets (conj defined-widgets all-widgets (conj defined-widgets
hash-field hash-field)
(anti-forgery-field))] all-widgets (if raff?
(conj all-widgets (anti-forgery-field))
all-widgets)]
(if form-errors (if form-errors
(concat (if (sequential? form-errors) (concat (if (sequential? form-errors)
form-errors form-errors
[form-errors]) [form-errors])
all-widgets) all-widgets)
all-widgets))) all-widgets))))
(spec/def ::render-anti-forgery-field?
#(boolean? (boolean %)))
(spec/def ::options-map
(spec/keys :req-un
[::render-anti-forgery-field?]))
(spec/fdef render-widgets (spec/fdef render-widgets
:args (spec/cat :form-def ::form :args (spec/or :three-params
(spec/cat :form-def ::form
:values (spec/or :no-values nil?
:values map?)
:req map?)
:four-params
(spec/cat :form-def ::form
:values (spec/or :no-values nil? :values (spec/or :no-values nil?
:values map?) :values map?)
:req map?)) :req map?
:options ::options-map)))
(spectest/instrument `render-widgets) (spectest/instrument `render-widgets)

@ -238,7 +238,16 @@
first) first)
input-attrs (second rendered-input)] input-attrs (second rendered-input)]
(contains? input-attrs :autofocus) (contains? input-attrs :autofocus)
(is (= true (:autofocus input-attrs)))))) (is (= true (:autofocus input-attrs)))))
(testing "render-anti-forgery-field"
(testing "default is true"
(let [def {:fields {:foo-id {}}}
rendered-input (-> (render-widgets def {} {})
first)]
(is (string? rendered-input))
(is (starts-with? rendered-input "<input id=\"__anti-forgery-token"))
(is (clojure.string/includes? rendered-input
"name=\"__anti-forgery-token\""))))))
(deftest to-form-is-used (deftest to-form-is-used
(testing "data passed to fo-form is taken from values" (testing "data passed to fo-form is taken from values"

Loading…
Cancel
Save