From 6ec7584e3fcd92274d3d4b4bf5ef5fb5982c1e12 Mon Sep 17 00:00:00 2001 From: AntonKhabiuk Date: Mon, 16 Nov 2020 16:25:08 +0200 Subject: [PATCH 01/13] CC-11723 Add CSRF protection for quick order remove row action --- .../Controller/QuickOrderController.php | 68 ++++++++++++++++++- .../QuickOrderPageDependencyProvider.php | 21 ++++++ .../QuickOrderPage/QuickOrderPageFactory.php | 9 +++ 3 files changed, 97 insertions(+), 1 deletion(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php index 0c96694..5c0b21b 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php +++ b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php @@ -22,6 +22,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Exception\HttpException; +use Symfony\Component\Security\Csrf\CsrfToken; /** * @method \SprykerShop\Yves\QuickOrderPage\QuickOrderPageFactory getFactory() @@ -33,10 +34,12 @@ class QuickOrderController extends AbstractController public const PARAM_ROW_INDEX = 'row-index'; public const PARAM_QUICK_ORDER_FORM = 'quick_order_form'; protected const PARAM_QUICK_ORDER_FILE_TYPE = 'file-type'; + protected const PARAM_FORM_TOKEN = '_token'; protected const MESSAGE_CLEAR_ALL_ROWS_SUCCESS = 'quick-order.message.success.the-form-items-have-been-successfully-cleared'; protected const ERROR_MESSAGE_QUANTITY_INVALID = 'quick-order.errors.quantity-invalid'; protected const MESSAGE_TYPE_WARNING = 'warning'; protected const MESSAGE_PERMISSION_FAILED = 'global.permission.failed'; + protected const MESSAGE_FORM_INVALID_CSRF = 'form.csrf.error.text'; /** * @uses \SprykerShop\Yves\CartPage\Plugin\Router\CartPageRouteProviderPlugin::ROUTE_NAME_CART @@ -48,6 +51,11 @@ class QuickOrderController extends AbstractController */ protected const ROUTE_NAME_CHECKOUT_INDEX = 'checkout-index'; + protected const FLASH_MESSAGE_LIST_TEMPLATE_PATH = '@ShopUi/components/organisms/flash-message-list/flash-message-list.twig'; + + protected const KEY_CODE = 'code'; + protected const KEY_MESSAGES = 'messages'; + /** * @param \Symfony\Component\HttpFoundation\Request $request * @@ -333,6 +341,10 @@ public function deleteRowAction(Request $request) $viewData = $this->executeDeleteRowAction($request); + if (isset($viewData[static::KEY_CODE])) { + return $this->jsonResponse($viewData); + } + return $this->view( $viewData, $this->getFactory()->getQuickOrderPageWidgetPlugins(), @@ -351,8 +363,15 @@ protected function executeDeleteRowAction(Request $request): array { $rowIndex = $request->get(static::PARAM_ROW_INDEX); $formData = $request->get(static::PARAM_QUICK_ORDER_FORM); - $formDataItems = $formData['items'] ?? []; + if (!$this->isQuickOrderFormCsrfTokenValid($formData)) { + return $this->createAjaxErrorResponse( + Response::HTTP_BAD_REQUEST, + [static::MESSAGE_FORM_INVALID_CSRF] + ); + } + + $formDataItems = $formData['items'] ?? []; if (!isset($formDataItems[$rowIndex])) { throw new HttpException(Response::HTTP_BAD_REQUEST, '"row-index" is out of the bound.'); } @@ -672,4 +691,51 @@ protected function transformProductsViewData(array $productConcreteTransfers): a ->createViewDataTransformer() ->transformProductData($productConcreteTransfers, $this->getFactory()->getQuickOrderFormColumnPlugins()); } + + /** + * @param array|null $quickOrderFormData + * + * @return bool + */ + protected function isQuickOrderFormCsrfTokenValid(?array $quickOrderFormData): bool + { + if (!$quickOrderFormData || !isset($quickOrderFormData[static::PARAM_FORM_TOKEN])) { + return false; + } + + $csrfToken = $this->createCsrfToken(static::PARAM_QUICK_ORDER_FORM, $quickOrderFormData[static::PARAM_FORM_TOKEN]); + + return $this->getFactory()->getCsrfTokenManager()->isTokenValid($csrfToken); + } + + /** + * @param string $tokenId + * @param string $value + * + * @return \Symfony\Component\Security\Csrf\CsrfToken + */ + protected function createCsrfToken(string $tokenId, string $value): CsrfToken + { + return new CsrfToken($tokenId, $value); + } + + /** + * @param int $code + * @param string[] $messages + * + * @return array + */ + protected function createAjaxErrorResponse(int $code, array $messages): array + { + foreach ($messages as $message) { + $this->addErrorMessage($message); + } + + $flashMessageListHtml = $this->renderView(static::FLASH_MESSAGE_LIST_TEMPLATE_PATH)->getContent(); + + return [ + static::KEY_CODE => $code, + static::KEY_MESSAGES => $flashMessageListHtml, + ]; + } } diff --git a/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageDependencyProvider.php b/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageDependencyProvider.php index 6050fa2..4bb7d34 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageDependencyProvider.php +++ b/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageDependencyProvider.php @@ -44,8 +44,14 @@ class QuickOrderPageDependencyProvider extends AbstractBundleDependencyProvider public const PLUGINS_QUICK_ORDER_UPLOADED_FILE_PARSER = 'PLUGINS_QUICK_ORDER_UPLOADED_FILE_PARSER'; public const PLUGINS_QUICK_ORDER_UPLOADED_FILE_VALIDATOR = 'PLUGINS_QUICK_ORDER_UPLOADED_FILE_VALIDATOR'; public const PLUGINS_QUICK_ORDER_FILE_TEMPLATE = 'PLUGINS_QUICK_ORDER_FILE_TEMPLATE'; + public const SERVICE_UTIL_CSV = 'SERVICE_UTIL_CSV'; + /** + * @uses \Spryker\Yves\Form\Plugin\Application\FormApplicationPlugin::SERVICE_FORM_CSRF_PROVIDER + */ + public const SERVICE_FORM_CSRF_PROVIDER = 'form.csrf_provider'; + /** * @uses \Spryker\Yves\Http\Plugin\Application\HttpApplicationPlugin::SERVICE_REQUEST_STACK */ @@ -66,6 +72,7 @@ public function provideDependencies(Container $container): Container $container = $this->addQuickOrderPageWidgetPlugins($container); $container = $this->addZedRequestClient($container); $container = $this->addQuickOrderUtilCsvService($container); + $container = $this->addCsrfProviderService($container); $container = $this->addQuickOrderItemTransferExpanderPlugins($container); $container = $this->addQuickOrderFormHandlerStrategyPlugins($container); $container = $this->addQuickOrderFormAdditionalDataColumnProviderPlugins($container); @@ -128,6 +135,20 @@ protected function addQuickOrderUtilCsvService(Container $container): Container return $container; } + /** + * @param \Spryker\Yves\Kernel\Container $container + * + * @return \Spryker\Yves\Kernel\Container + */ + protected function addCsrfProviderService(Container $container): Container + { + $container->set(static::SERVICE_FORM_CSRF_PROVIDER, function (Container $container) { + return $container->getApplicationService(static::SERVICE_FORM_CSRF_PROVIDER); + }); + + return $container; + } + /** * @param \Spryker\Yves\Kernel\Container $container * diff --git a/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageFactory.php b/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageFactory.php index 3dc6aa3..0c64028 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageFactory.php +++ b/src/SprykerShop/Yves/QuickOrderPage/QuickOrderPageFactory.php @@ -53,6 +53,7 @@ use SprykerShop\Yves\QuickOrderPage\ViewDataTransformer\ViewDataTransformerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\RequestStack; +use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Validator\Constraints\NotBlank; /** @@ -424,4 +425,12 @@ public function getModuleConfig(): QuickOrderPageConfig { return $this->getConfig(); } + + /** + * @return \Symfony\Component\Security\Csrf\CsrfTokenManagerInterface + */ + public function getCsrfTokenManager(): CsrfTokenManagerInterface + { + return $this->getProvidedDependency(QuickOrderPageDependencyProvider::SERVICE_FORM_CSRF_PROVIDER); + } } From 44b5983fd0f5ec8d7e59d682560f8c549a5a545b Mon Sep 17 00:00:00 2001 From: maslov Date: Mon, 16 Nov 2020 21:16:52 +0200 Subject: [PATCH 02/13] CC-11723: displayed the message if token not valid --- .../quick-order-form/quick-order-form.ts | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index 646c7bf..5517d03 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -1,6 +1,7 @@ import Component from 'ShopUi/models/component'; import AjaxProvider from 'ShopUi/components/molecules/ajax-provider/ajax-provider'; import { mount } from 'ShopUi/app'; +import { EVENT_UPDATE_DYNAMIC_MESSAGES } from 'ShopUi/components/organisms/dynamic-notification-area/dynamic-notification-area'; export default class QuickOrderForm extends Component { /** @@ -97,6 +98,17 @@ export default class QuickOrderForm extends Component { 'row-index': rowIndex }); const response = await this.removeRowAjaxProvider.fetch(data); + const parsedResponse = this.pareseResponse(response); + + if (typeof parsedResponse === 'object') { + const messages = parsedResponse.messages; + const dynamicNotificationCustomEvent = new CustomEvent(EVENT_UPDATE_DYNAMIC_MESSAGES, { + detail: messages, + }); + document.dispatchEvent(dynamicNotificationCustomEvent); + + return; + } this.rows.innerHTML = response; await mount(); @@ -104,6 +116,17 @@ export default class QuickOrderForm extends Component { this.mapRemoveRowTriggersEvents(); } + protected pareseResponse(response: string): string|object { + let jsonResponse = {}; + try { + jsonResponse = JSON.parse(response); + } catch (e) { + return response; + } + + return jsonResponse; + } + /** * Gets an instance of the FormData. * @template FormData A data type returned by the function. From db800a9795f6ac874da19a9ba9a897182b4259ef Mon Sep 17 00:00:00 2001 From: maslov Date: Tue, 17 Nov 2020 09:17:42 +0200 Subject: [PATCH 03/13] CC-11723: fixed according to comments --- .../molecules/quick-order-form/quick-order-form.ts | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index 5517d03..ba19e80 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -101,7 +101,7 @@ export default class QuickOrderForm extends Component { const parsedResponse = this.pareseResponse(response); if (typeof parsedResponse === 'object') { - const messages = parsedResponse.messages; + const { messages } = parsedResponse; const dynamicNotificationCustomEvent = new CustomEvent(EVENT_UPDATE_DYNAMIC_MESSAGES, { detail: messages, }); @@ -117,14 +117,11 @@ export default class QuickOrderForm extends Component { } protected pareseResponse(response: string): string|object { - let jsonResponse = {}; try { - jsonResponse = JSON.parse(response); + return JSON.parse(response); } catch (e) { return response; } - - return jsonResponse; } /** From d38adcc33083e1babbbb10dcd39378e9f5b81543 Mon Sep 17 00:00:00 2001 From: maslov Date: Tue, 17 Nov 2020 11:34:27 +0200 Subject: [PATCH 04/13] CC-11723: fixed according to AA discussion --- .../quick-order-form/quick-order-form.ts | 39 +++++++++++++------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index ba19e80..4cbe4df 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -98,25 +98,17 @@ export default class QuickOrderForm extends Component { 'row-index': rowIndex }); const response = await this.removeRowAjaxProvider.fetch(data); - const parsedResponse = this.pareseResponse(response); - if (typeof parsedResponse === 'object') { - const { messages } = parsedResponse; - const dynamicNotificationCustomEvent = new CustomEvent(EVENT_UPDATE_DYNAMIC_MESSAGES, { - detail: messages, - }); - document.dispatchEvent(dynamicNotificationCustomEvent); + if (this.isResponseJson(response)) { + this.showFlashMessage(response) return; } - this.rows.innerHTML = response; - await mount(); - this.registerRemoveRowTriggers(); - this.mapRemoveRowTriggersEvents(); + this.updateHtml(response); } - protected pareseResponse(response: string): string|object { + protected parseResponse(response: string): string|object { try { return JSON.parse(response); } catch (e) { @@ -124,6 +116,29 @@ export default class QuickOrderForm extends Component { } } + protected isResponseJson(response: string): boolean { + if (typeof this.parseResponse(response) === 'string') { + return false; + } + + return true; + } + + protected async showFlashMessage(response: string): Promise { + const { messages } = this.parseResponse(response); + const dynamicNotificationCustomEvent = new CustomEvent(EVENT_UPDATE_DYNAMIC_MESSAGES, { + detail: messages, + }); + document.dispatchEvent(dynamicNotificationCustomEvent); + } + + protected async updateHtml(response: string): Promise { + this.rows.innerHTML = response; + await mount(); + this.registerRemoveRowTriggers(); + this.mapRemoveRowTriggersEvents(); + } + /** * Gets an instance of the FormData. * @template FormData A data type returned by the function. From 9094e563874b6fe9182521b8f4cd4fc83a137a19 Mon Sep 17 00:00:00 2001 From: maslov Date: Tue, 17 Nov 2020 12:01:45 +0200 Subject: [PATCH 05/13] CC-11723: fixed according to AA discussion --- .../quick-order-form/quick-order-form.ts | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index 4cbe4df..5b6b260 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -98,9 +98,10 @@ export default class QuickOrderForm extends Component { 'row-index': rowIndex }); const response = await this.removeRowAjaxProvider.fetch(data); + const parsedResponse = this.parseResponse(response); - if (this.isResponseJson(response)) { - this.showFlashMessage(response) + if (typeof parsedResponse !== 'string') { + this.showFlashMessage(parsedResponse); return; } @@ -116,18 +117,16 @@ export default class QuickOrderForm extends Component { } } - protected isResponseJson(response: string): boolean { - if (typeof this.parseResponse(response) === 'string') { - return false; - } - - return true; + protected hasMessage (obj: object): obj is { messages: string } { + return 'messages' in obj; } - protected async showFlashMessage(response: string): Promise { - const { messages } = this.parseResponse(response); + protected async showFlashMessage(response: object): Promise { + if (!this.hasMessage(response)) { + return; + } const dynamicNotificationCustomEvent = new CustomEvent(EVENT_UPDATE_DYNAMIC_MESSAGES, { - detail: messages, + detail: response.messages, }); document.dispatchEvent(dynamicNotificationCustomEvent); } From b6a52f82aec5220a893e695e5052e08432fd9e8f Mon Sep 17 00:00:00 2001 From: maslov Date: Tue, 17 Nov 2020 12:06:49 +0200 Subject: [PATCH 06/13] CC-11723: fixed according to AA discussion --- .../components/molecules/quick-order-form/quick-order-form.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index 5b6b260..48fef0c 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -117,8 +117,8 @@ export default class QuickOrderForm extends Component { } } - protected hasMessage (obj: object): obj is { messages: string } { - return 'messages' in obj; + protected hasMessage (response: object): response is { messages: string } { + return 'messages' in response; } protected async showFlashMessage(response: object): Promise { From 6eb70cb79e77628261176dc30fca8238b33cbb7c Mon Sep 17 00:00:00 2001 From: maslov Date: Tue, 17 Nov 2020 12:50:06 +0200 Subject: [PATCH 07/13] CC-11723: fixed according to comments --- .../molecules/quick-order-form/quick-order-form.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index 48fef0c..b2f3243 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -112,17 +112,17 @@ export default class QuickOrderForm extends Component { protected parseResponse(response: string): string|object { try { return JSON.parse(response); - } catch (e) { + } catch { return response; } } - protected hasMessage (response: object): response is { messages: string } { + protected hasMessages (response: object): response is { messages: string } { return 'messages' in response; } protected async showFlashMessage(response: object): Promise { - if (!this.hasMessage(response)) { + if (!this.hasMessages(response)) { return; } const dynamicNotificationCustomEvent = new CustomEvent(EVENT_UPDATE_DYNAMIC_MESSAGES, { From d3d55c84ddc12c88caafbfebd57ee868b8a56ddc Mon Sep 17 00:00:00 2001 From: maslov Date: Tue, 17 Nov 2020 12:56:07 +0200 Subject: [PATCH 08/13] CC-11723: removed space --- .../components/molecules/quick-order-form/quick-order-form.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index b2f3243..ea3e895 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -117,7 +117,7 @@ export default class QuickOrderForm extends Component { } } - protected hasMessages (response: object): response is { messages: string } { + protected hasMessages(response: object): response is { messages: string } { return 'messages' in response; } From 66ddf31ccbc725405ecfcff8b15c98d73bea99d8 Mon Sep 17 00:00:00 2001 From: maslov Date: Tue, 17 Nov 2020 14:02:24 +0200 Subject: [PATCH 09/13] CC-11723: renamed method --- .../components/molecules/quick-order-form/quick-order-form.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts index ea3e895..bf4199e 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts +++ b/src/SprykerShop/Yves/QuickOrderPage/Theme/default/components/molecules/quick-order-form/quick-order-form.ts @@ -106,7 +106,7 @@ export default class QuickOrderForm extends Component { return; } - this.updateHtml(response); + this.updateTableHtml(response); } protected parseResponse(response: string): string|object { @@ -131,7 +131,7 @@ export default class QuickOrderForm extends Component { document.dispatchEvent(dynamicNotificationCustomEvent); } - protected async updateHtml(response: string): Promise { + protected async updateTableHtml(response: string): Promise { this.rows.innerHTML = response; await mount(); this.registerRemoveRowTriggers(); From 7bfabc6ace3e51a0e1c403258bdc32984a7e43ba Mon Sep 17 00:00:00 2001 From: AntonKhabiuk Date: Tue, 17 Nov 2020 15:14:31 +0200 Subject: [PATCH 10/13] CC-11723 Adjusted spryker-shop/shop-ui module version in composer.json --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 57b51ec..25a495e 100644 --- a/composer.json +++ b/composer.json @@ -7,7 +7,7 @@ "php": ">=7.3", "spryker-shop/quick-order-page-extension": "^1.1.0", "spryker-shop/shop-application": "^1.0.0", - "spryker-shop/shop-ui": "^1.28.1", + "spryker-shop/shop-ui": "^1.41.0", "spryker/application": "^3.0.0", "spryker/cart": "^4.0.0 || ^5.0.0 || ^7.0.0", "spryker/kernel": "^3.52.0", From 3c396602cd9f62141851ca0b3a24bd07a434a134 Mon Sep 17 00:00:00 2001 From: AntonKhabiuk Date: Thu, 19 Nov 2020 12:53:47 +0200 Subject: [PATCH 11/13] CC-11757 Add missing translation --- .../Controller/QuickOrderController.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php index 5c0b21b..b01c5b8 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php +++ b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php @@ -94,15 +94,21 @@ protected function executeQuickOrderFormSubmitAction(Request $request) ->getQuickOrderForm($quickOrderTransfer) ->handleRequest($request); - if ($quickOrderForm->isSubmitted() && $quickOrderForm->isValid()) { - $response = $this->processQuickOrderForm($quickOrderForm, $request); - - if ($response !== null) { - return $response; + if ($quickOrderForm->isSubmitted() && !$quickOrderForm->isValid()) { + foreach ($quickOrderForm->getErrors() as $formError) { + $this->addErrorMessage($formError->getMessage()); } + + return []; + } + + $response = $this->processQuickOrderForm($quickOrderForm, $request); + + if ($response === null) { + return []; } - return []; + return $response; } /** From 3042703bb52105830a21f9416ef9112dd845998f Mon Sep 17 00:00:00 2001 From: AntonKhabiuk Date: Thu, 19 Nov 2020 13:04:21 +0200 Subject: [PATCH 12/13] CC-11780 Fixed CR comments --- .../QuickOrderPage/Controller/QuickOrderController.php | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php index b01c5b8..a56eda1 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php +++ b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php @@ -95,20 +95,14 @@ protected function executeQuickOrderFormSubmitAction(Request $request) ->handleRequest($request); if ($quickOrderForm->isSubmitted() && !$quickOrderForm->isValid()) { - foreach ($quickOrderForm->getErrors() as $formError) { + foreach ($quickOrderForm->getErrors(true) as $formError) { $this->addErrorMessage($formError->getMessage()); } return []; } - $response = $this->processQuickOrderForm($quickOrderForm, $request); - - if ($response === null) { - return []; - } - - return $response; + return $this->processQuickOrderForm($quickOrderForm, $request) ?? []; } /** From b0c5d76c1e1e72d67209d6e4fd4c69976f1def2d Mon Sep 17 00:00:00 2001 From: AntonKhabiuk Date: Fri, 20 Nov 2020 12:02:12 +0200 Subject: [PATCH 13/13] CC-11780 Fix condition --- .../Yves/QuickOrderPage/Controller/QuickOrderController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php index a56eda1..aee84c5 100644 --- a/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php +++ b/src/SprykerShop/Yves/QuickOrderPage/Controller/QuickOrderController.php @@ -94,7 +94,7 @@ protected function executeQuickOrderFormSubmitAction(Request $request) ->getQuickOrderForm($quickOrderTransfer) ->handleRequest($request); - if ($quickOrderForm->isSubmitted() && !$quickOrderForm->isValid()) { + if (!$quickOrderForm->isSubmitted() || !$quickOrderForm->isValid()) { foreach ($quickOrderForm->getErrors(true) as $formError) { $this->addErrorMessage($formError->getMessage()); }