From a1785e1f3c8f9239e761df9e3e61fe2d2984cff1 Mon Sep 17 00:00:00 2001
From: Tugrul Topuz <tugrultopuz@gmail.com>
Date: Tue, 23 Apr 2024 14:01:12 +0300
Subject: [PATCH] csrf_token_lazy form option

---
 .../Csrf/Type/FormTypeCsrfExtension.php       |  3 ++-
 .../Csrf/Type/FormTypeCsrfExtensionTest.php   | 20 +++++++++++++++++++
 .../Descriptor/resolved_form_type_1.json      |  1 +
 .../Descriptor/resolved_form_type_1.txt       |  4 ++--
 4 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
index 0ad4daeb3c10..04ae5622cff8 100644
--- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
+++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
@@ -68,7 +68,7 @@ public function finishView(FormView $view, FormInterface $form, array $options):
         if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
             $factory = $form->getConfig()->getFormFactory();
             $tokenId = $options['csrf_token_id'] ?: ($form->getName() ?: $form->getConfig()->getType()->getInnerType()::class);
-            $data = (string) $options['csrf_token_manager']->getToken($tokenId);
+            $data = $options['csrf_token_lazy'] ? '' : (string) $options['csrf_token_manager']->getToken($tokenId);
 
             $csrfForm = $factory->createNamed($options['csrf_field_name'], HiddenType::class, $data, [
                 'block_prefix' => 'csrf_token',
@@ -87,6 +87,7 @@ public function configureOptions(OptionsResolver $resolver): void
             'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
             'csrf_token_manager' => $this->defaultTokenManager,
             'csrf_token_id' => null,
+            'csrf_token_lazy' => false,
         ]);
     }
 
diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
index bfa30255545e..86f3ab941d83 100644
--- a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
+++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
@@ -122,6 +122,26 @@ public function testGenerateCsrfToken()
         $this->assertEquals('token', $view['csrf']->vars['value']);
     }
 
+    public function testGenerateLazyCsrfToken()
+    {
+        $this->tokenManager->expects($this->once())
+            ->method('getToken')
+            ->with('TOKEN_ID')
+            ->willReturn(new CsrfToken('TOKEN_ID', 'token'));
+
+        $view = $this->factory
+            ->create('Symfony\Component\Form\Extension\Core\Type\FormType', null, [
+                'csrf_field_name' => 'csrf',
+                'csrf_token_manager' => $this->tokenManager,
+                'csrf_token_id' => 'TOKEN_ID',
+                'csrf_token_lazy' => true,
+                'compound' => true,
+            ])
+            ->createView();
+
+        $this->assertEquals('token', '');
+    }
+
     public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
     {
         $this->tokenManager->expects($this->once())
diff --git a/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.json b/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.json
index e071ec712fa1..48303345b69f 100644
--- a/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.json
+++ b/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.json
@@ -76,6 +76,7 @@
                 "csrf_message",
                 "csrf_protection",
                 "csrf_token_id",
+                "csrf_token_lazy",
                 "csrf_token_manager"
             ]
         },
diff --git a/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.txt b/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.txt
index 005bfd3e9635..57c8b9dd0d83 100644
--- a/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.txt
+++ b/src/Symfony/Component/Form/Tests/Fixtures/Descriptor/resolved_form_type_1.txt
@@ -11,8 +11,8 @@ Symfony\Component\Form\Extension\Core\Type\ChoiceType (Block prefix: "choice")
   choice_loader                   data_class           allow_file_upload              csrf_message           
   choice_name                     empty_data           attr                           csrf_protection        
   choice_translation_domain       error_bubbling       attr_translation_parameters    csrf_token_id          
-  choice_translation_parameters   invalid_message      auto_initialize                csrf_token_manager     
-  choice_value                    trim                 block_name                                            
+  choice_translation_parameters   invalid_message      auto_initialize                csrf_token_lazy        
+  choice_value                    trim                 block_name                     csrf_token_manager     
   choices                                              block_prefix                                          
   duplicate_preferred_choices                          by_reference                                          
   expanded                                             data