feature #11602 [DX] [FrameworkBundle] Added Crontoller::isCsrfTokenValid (lyrixx)

This PR was merged into the 2.6-dev branch.

Discussion
----------

[DX] [FrameworkBundle] Added Crontoller::isCsrfTokenValid

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

Commits
-------

479c833 [FrameworkBundle] Added Crontoller::isCsrfTokenValid

Author: nicolas-grekas

CHANGELOG.md

@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+2.6.0
+-----
+
+ * Added `Controller::isCsrfTokenValid` helper
+
 2.5.0
 -----
 

Controller/Controller.php

@@ -19,6 +19,7 @@
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Form\FormTypeInterface;
 use Symfony\Component\Form\Form;
 use Symfony\Component\Form\FormBuilder;
@@ -273,4 +274,21 @@ public function get($id)
     {
         return $this->container->get($id);
     }
+
+    /**
+     * Checks the validity of a CSRF token
+     *
+     * @param string $id    The id used when generating the token
+     * @param string $token The actual token sent with the request that should be validated
+     *
+     * @return bool
+     */
+    protected function isCsrfTokenValid($id, $token)
+    {
+        if (!$this->container->has('security.csrf.token_manager')) {
+            throw new \LogicException('CSRF protection is not enabled in your application.');
+        }
+
+        return $this->container->get('security.csrf.token_manager')->isTokenValid(new CsrfToken($id, $token));
+    }
 }