CC-14130: Fix memory leak on Backoffice ODP page with 100+ items. (#1…

…1246) Fix memory leak on Backoffice ODP page with 100+ items.
spryker · Dec 13, 2024 · 1e4ab83 · 1e4ab83
1 parent 3c47c5b
commit 1e4ab83
Show file tree

Hide file tree

Showing 4 changed files with 101 additions and 6 deletions.
diff --git a/src/Spryker/Zed/Oms/Communication/Controller/TriggerController.php b/src/Spryker/Zed/Oms/Communication/Controller/TriggerController.php
@@ -13,6 +13,7 @@
 use Spryker\Zed\Oms\OmsConfig;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\Security\Csrf\CsrfToken;
 
 /**
  * @method \Spryker\Zed\Oms\Business\OmsFacadeInterface getFacade()
@@ -64,6 +65,18 @@ class TriggerController extends AbstractController
      */
     protected const ERROR_INVALID_FORM = 'Form is invalid';
 
+    /**
+     * @var string
+     */
+    protected const FORM_FIELD_CSRF_TOKEN = '_token';
+
+    /**
+     * @uses \Spryker\Zed\Sales\Communication\Controller\DetailController::OMS_TRIGGER_FORM_PREFIX
+     *
+     * @var string
+     */
+    protected const OMS_TRIGGER_FORM_PREFIX = 'oms_trigger_form_';
+
     /**
      * @param \Symfony\Component\HttpFoundation\Request $request
      *
@@ -73,7 +86,8 @@ public function submitTriggerEventForOrderItemsAction(Request $request)
     {
         /** @var string $redirect */
         $redirect = $request->query->get(static::REQUEST_PARAMETER_REDIRECT, static::ROUTE_REDIRECT_DEFAULT);
-        if (!$this->isValidPostRequest($request)) {
+
+        if (!$this->isValidPostRequest($request) && !$this->isCsrfTokenValid($request)) {
             $this->addErrorMessage(static::ERROR_INVALID_FORM);
 
             return $this->redirectResponse($redirect);
@@ -198,6 +212,27 @@ protected function isTriggerFormValid(Request $request): bool
         return $form->isSubmitted() && $form->isValid();
     }
 
+    /**
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     *
+     * @return bool
+     */
+    protected function isCsrfTokenValid(Request $request): bool
+    {
+        /** @var string|null $token */
+        $token = $request->request->get(static::FORM_FIELD_CSRF_TOKEN);
+        if (!$token) {
+            return false;
+        }
+
+        $event = $request->query->get(static::REQUEST_PARAMETER_EVENT);
+        $idSalesOrderItem = $request->query->get(static::REQUEST_PARAMETER_ID_SALES_ORDER_ITEM);
+
+        return $this->getFactory()
+            ->getCsrfTokenManager()
+            ->isTokenValid(new CsrfToken(static::OMS_TRIGGER_FORM_PREFIX . $event . '_' . $idSalesOrderItem, $token));
+    }
+
     /**
      * @param \Symfony\Component\HttpFoundation\Request $request
      *

diff --git a/src/Spryker/Zed/Oms/Communication/OmsCommunicationFactory.php b/src/Spryker/Zed/Oms/Communication/OmsCommunicationFactory.php
@@ -13,6 +13,8 @@
 use Spryker\Zed\Oms\Communication\Factory\OmsTriggerFormFactory;
 use Spryker\Zed\Oms\Communication\Factory\OmsTriggerFormFactoryInterface;
 use Spryker\Zed\Oms\Communication\Table\TransitionLogTable;
+use Spryker\Zed\Oms\OmsDependencyProvider;
+use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
 
 /**
  * @method \Spryker\Zed\Oms\Persistence\OmsQueryContainerInterface getQueryContainer()
@@ -48,4 +50,12 @@ public function createOmsTriggerFormCollectionBuilder(): OmsTriggerFormCollectio
     {
         return new OmsTriggerFormCollectionBuilder($this->createOmsTriggerFormFactory());
     }
+
+    /**
+     * @return \Symfony\Component\Security\Csrf\CsrfTokenManagerInterface
+     */
+    public function getCsrfTokenManager(): CsrfTokenManagerInterface
+    {
+        return $this->getProvidedDependency(OmsDependencyProvider::SERVICE_FORM_CSRF_PROVIDER);
+    }
 }
diff --git a/src/Spryker/Zed/Oms/OmsDependencyProvider.php b/src/Spryker/Zed/Oms/OmsDependencyProvider.php
@@ -144,6 +144,13 @@ class OmsDependencyProvider extends AbstractBundleDependencyProvider
      */
     public const FACADE_MESSAGE_BROKER = 'FACADE_MESSAGE_BROKER';
 
+    /**
+     * @uses \Spryker\Zed\Form\Communication\Plugin\Application\FormApplicationPlugin::SERVICE_FORM_CSRF_PROVIDER
+     *
+     * @var string
+     */
+    public const SERVICE_FORM_CSRF_PROVIDER = 'form.csrf_provider';
+
     /**
      * @param \Spryker\Zed\Kernel\Container $container
      *
@@ -176,6 +183,19 @@ public function provideBusinessLayerDependencies(Container $container)
         return $container;
     }
 
+    /**
+     * @param \Spryker\Zed\Kernel\Container $container
+     *
+     * @return \Spryker\Zed\Kernel\Container
+     */
+    public function provideCommunicationLayerDependencies(Container $container): Container
+    {
+        $container = parent::provideCommunicationLayerDependencies($container);
+        $container = $this->addCsrfProviderService($container);
+
+        return $container;
+    }
+
     /**
      * @param \Spryker\Zed\Kernel\Container $container
      *
@@ -644,4 +664,18 @@ protected function addMessageBrokerFacade(Container $container): Container
 
         return $container;
     }
+
+    /**
+     * @param \Spryker\Zed\Kernel\Container $container
+     *
+     * @return \Spryker\Zed\Kernel\Container
+     */
+    protected function addCsrfProviderService(Container $container): Container
+    {
+        $container->set(static::SERVICE_FORM_CSRF_PROVIDER, function (Container $container) {
+            return $container->getApplicationService(static::SERVICE_FORM_CSRF_PROVIDER);
+        });
+
+        return $container;
+    }
 }
diff --git a/src/Spryker/Zed/Oms/Presentation/RenderForm/_partial/order-item-actions.twig b/src/Spryker/Zed/Oms/Presentation/RenderForm/_partial/order-item-actions.twig
@@ -1,5 +1,21 @@
-{{ render(controller('/oms/render-form/order-item', {
-    redirectUrl: redirectUrl,
-    idSalesOrderItem: idSalesOrderItem,
-    eventsGroupedByItem: eventsGroupedByItem,
-})) }}
+{% if eventsFormAttributeMap[idSalesOrderItem] is defined %}
+    {% for formAttribute in eventsFormAttributeMap[idSalesOrderItem] %}
+        <form name="oms_trigger_form" method="post" action="{{ formAttribute.action }}" class="oms-trigger-form">
+            <div id="oms_trigger_form" class="oms-trigger-form">
+                <div class="form-group">
+                    <button type="submit" class="btn btn-primary btn-sm trigger-event safe-submit btn">
+                        {{ formAttribute.label | trans }}
+                    </button>
+                </div>
+                <input type="hidden" name="_token" value="{{ formAttribute.token }}">
+            </div>
+        </form>
+    {% endfor %}
+{% else %}
+    {{ render(controller('/oms/render-form/order-item', {
+        redirectUrl: redirectUrl,
+        idSalesOrderItem: idSalesOrderItem,
+        eventsGroupedByItem: eventsGroupedByItem,
+    })) }}
+{% endif %}
+