First test if form is submitted

Then verify validity. This to prevent the "User Deprecated: Call Form::isValid() with an unsubmitted form is deprecated since Symfony 3.2 and will throw an exception in 4.0. Use Form::isSubmitted() before Form::isValid() instead." deprecation warning.

src/Surfnet/StepupRa/RaBundle/Controller/RaLocationController.php

@@ -86,7 +86,7 @@ public function createAction(Request $request)
 
         $form = $this->createForm(CreateRaLocationType::class, $command)->handleRequest($request);
 
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $logger->debug('RA Location form submitted, start processing command');
 
             $success = $this->getRaLocationService()->create($command);
@@ -147,7 +147,7 @@ public function changeAction(Request $request)
 
         $form = $this->createForm(ChangeRaLocationType::class, $command)->handleRequest($request);
 
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $logger->debug('RA Location form submitted, start processing command');
 
             $success = $this->getRaLocationService()->change($command);

src/Surfnet/StepupRa/RaBundle/Controller/RaManagementController.php

@@ -164,7 +164,7 @@ public function createRaAction(Request $request)
         $command->institution = $raCandidate->institution;
 
         $form = $this->createForm(CreateRaType::class, $command)->handleRequest($request);
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $logger->debug('Accreditation form submitted, start processing command');
 
             $success = $this->getRaCandidateService()->accreditCandidate($command);
@@ -214,7 +214,7 @@ public function amendRaInformationAction(Request $request, $identityId)
         $command->contactInformation = $raListing->contactInformation;
 
         $form = $this->createForm(AmendRegistrationAuthorityInformationType::class, $command)->handleRequest($request);
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $logger->notice(sprintf("RA(A) '%s' information amendment form submitted, processing", $identityId));
 
             if ($this->get('ra.service.ra')->amendRegistrationAuthorityInformation($command)) {
@@ -258,7 +258,7 @@ public function changeRaRoleAction(Request $request, $identityId)
         $command->role        = $raListing->role;
 
         $form = $this->createForm(ChangeRaRoleType::class, $command)->handleRequest($request);
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $logger->notice(sprintf('RA(A) "%s" Change Role form submitted, processing', $identityId));
 
             if ($this->get('ra.service.ra')->changeRegistrationAuthorityRole($command)) {
@@ -300,7 +300,7 @@ public function retractRegistrationAuthorityAction(Request $request, $identityId
         $command->identityId = $identityId;
 
         $form = $this->createForm(RetractRegistrationAuthorityType::class, $command)->handleRequest($request);
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             if ($form->get('cancel')->isClicked()) {
                 $logger->notice('Retraction of registration authority cancelled');
                 return $this->redirectToRoute('ra_management_manage');

src/Surfnet/StepupRa/RaBundle/Controller/SraaController.php

@@ -46,7 +46,7 @@ public function selectInstitutionAction(Request $request)
         $form = $this->createForm(InstitutionSelectionType::class, $command);
         $form->handleRequest($request);
 
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $institutionConfigurationOptions = $this->get('ra.service.institution_configuration_options')
                 ->getInstitutionConfigurationOptionsFor($command->institution);
             $token->changeInstitutionScope($command->institution, $institutionConfigurationOptions);

src/Surfnet/StepupRa/RaBundle/Controller/Vetting/SmsController.php

@@ -66,7 +66,7 @@ public function sendChallengeAction(Request $request, $procedureId)
         $maximumOtpRequests = $vettingService->getSmsMaximumOtpRequestsCount();
         $viewVariables = ['otpRequestsRemaining' => $otpRequestsRemaining, 'maximumOtpRequests' => $maximumOtpRequests];
 
-        if (!$form->isValid()) {
+        if (!$form->isSubmitted() || !$form->isValid()) {
             $logger->notice('Form has not been submitted, not sending SMS, rendering Send SMS Challenge page');
 
             return array_merge(
@@ -124,7 +124,7 @@ public function provePossessionAction(Request $request, $procedureId)
             return $this->redirectToRoute('ra_vetting_search');
         }
 
-        if (!$form->isValid()) {
+        if (!$form->isSubmitted() || !$form->isValid()) {
             $logger->notice(
                 'SMS OTP was not submitted through form, rendering Proof of Possession of SMS Second Factor page'
             );

src/Surfnet/StepupRa/RaBundle/Controller/Vetting/U2fController.php

@@ -120,7 +120,7 @@ public function provePossessionAction(Request $request, $procedureId)
             )
             ->handleRequest($request);
 
-        if (!$form->isValid()) {
+        if (!$form->isSubmitted() || !$form->isValid()) {
             return $this->render('SurfnetStepupRaRaBundle:Vetting/U2f:authentication.html.twig', [
                 'authenticationFailed' => true,
                 'procedureId' => $procedureId,

src/Surfnet/StepupRa/RaBundle/Controller/Vetting/YubikeyController.php

@@ -52,7 +52,7 @@ public function verifyAction(Request $request, $procedureId)
         $command = new VerifyYubikeyPublicIdCommand();
         $form = $this->createForm(VerifyYubikeyPublicIdType::class, $command)->handleRequest($request);
 
-        if ($form->isValid()) {
+        if ($form->isSubmitted() && $form->isValid()) {
             $result = $this->getVettingService()->verifyYubikeyPublicId($procedureId, $command);
 
             if ($result->didPublicIdMatch()) {

src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php

@@ -63,7 +63,7 @@ public function startProcedureAction(Request $request)
 
         $form = $this->createForm(StartVettingProcedureType::class, $command)->handleRequest($request);
 
-        if (!$form->isValid()) {
+        if (!$form->isSubmitted() || !$form->isValid()) {
             $logger->notice('No search submitted, displaying search by registration code form');
 
             return ['form' => $form->createView()];
@@ -189,6 +189,9 @@ public function cancelProcedureAction($procedureId)
      * @param Request $request
      * @param string $procedureId
      * @return array|Response
+     *
+     * @SuppressWarnings(PHPMD.CyclomaticComplexity)
+     * @SuppressWarnings(PHPMD.NPathComplexity)
      */
     public function verifyIdentityAction(Request $request, $procedureId)
     {
@@ -225,7 +228,7 @@ public function verifyIdentityAction(Request $request, $procedureId)
             return ['commonName' => $commonName, 'form' => $form->createView()];
         };
 
-        if (!$form->isValid()) {
+        if (!$form->isSubmitted() || !$form->isValid()) {
             $logger->notice('Verify Identity Form not submitted, displaying form');
 
             return $showForm();