From 408484b113147401520d526b6416be71014f598c Mon Sep 17 00:00:00 2001
From: Albin <albin.kester@gmail.com>
Date: Thu, 4 Jan 2024 22:17:45 +0100
Subject: [PATCH] #1395 Registration antispam

---
 .../AppBundle/Controller/LegacyController.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/sources/AppBundle/Controller/LegacyController.php b/sources/AppBundle/Controller/LegacyController.php
index 17e852ed3..1bd0d1d2e 100644
--- a/sources/AppBundle/Controller/LegacyController.php
+++ b/sources/AppBundle/Controller/LegacyController.php
@@ -14,6 +14,7 @@
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
 
 class LegacyController extends Controller
 {
@@ -130,10 +131,28 @@ public function registerAction(Request $request)
 
         $formulaire->addElement('password', 'mot_de_passe', 'Mot de passe', ['size' => 30, 'maxlength' => 30]);
         $formulaire->addElement('password', 'confirmation_mot_de_passe', '', ['size' => 30, 'maxlength' => 30]);
+        $formulaire->addElement('hidden', 'csrf'); // CSRF token
+        $formulaire->addElement('text', 'lastname', '', ['style' => 'display:none']);   // Pot de miel, doit être vide
         $formulaire->addElement('header', 'boutons', '');
         $formulaire->addElement('submit', 'soumettre', 'Ajouter');
 
         $formulaire->addRule('nom', 'Nom manquant', 'required');
+
+        // CSRF validation
+        $lastCsrf = $this->get('session')->get('csrf');
+        $formulaire->addRule('csrf', 'csrf validation', 'callback', static function ($value) use ($lastCsrf) {
+            return $lastCsrf === $value;
+        });
+
+        // CSRF generation
+        $csrf = md5(uniqid(mt_rand(), true));
+        $this->get('session')->set('csrf', $csrf);
+        $formulaire->getElement('csrf')->setValue($csrf);
+
+        $formulaire->addRule('lastname', 'Lastname manquant', 'callback', static function ($value) {
+            return empty($value);
+        });
+
         $formulaire->addRule('prenom', 'Prénom manquant', 'required');
         $formulaire->addRule('login', 'Login manquant', 'required');
         $formulaire->addRule('login', 'Login déjà existant', 'callback', static function ($value) use ($userRepository) {