Fix PHPDoc types on AuditLog, reduce returns in CsrfProtectionSubscriber

- AuditLog: add @return/@param array<string, mixed> on getData()/setData() - CsrfProtectionSubscriber: extract shouldVerifyCsrf() helper (5→2 returns in onKernelRequest) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 14:26:44 +01:00
parent 600e095d16
commit e1d41e7724
2 changed files with 17 additions and 16 deletions
--- a/src/Entity/AuditLog.php
+++ b/src/Entity/AuditLog.php
@@ -63,11 +63,13 @@ class AuditLog
        return $this->entityId;
    }

+    /** @return array<string, mixed> */
    public function getData(): array
    {
        return $this->data;
    }

+    /** @param array<string, mixed> $data */
    public function setData(array $data): static
    {
        $this->data = $data;
--- a/src/EventSubscriber/CsrfProtectionSubscriber.php
+++ b/src/EventSubscriber/CsrfProtectionSubscriber.php
@@ -48,30 +48,29 @@ class CsrfProtectionSubscriber implements EventSubscriberInterface

        $request = $event->getRequest();

-        if (!$request->isMethod('POST')) {
-            return;
-        }
-
-        $route = $request->attributes->getString('_route');
-        if (\in_array($route, self::EXCLUDED_ROUTES, true)) {
-            return;
-        }
-
-        $contentType = $request->headers->get('Content-Type', '');
-        if (str_contains($contentType, 'application/json')) {
+        if (!$this->shouldVerifyCsrf($request)) {
            return;
        }

        $token = $request->request->getString(self::TOKEN_FIELD);
-        if ('' === $token) {
-            return;
-        }
-
-        if (!$this->csrfTokenManager->isTokenValid(new CsrfToken(self::TOKEN_ID, $token))) {
+        if ('' !== $token && !$this->csrfTokenManager->isTokenValid(new CsrfToken(self::TOKEN_ID, $token))) {
            $event->setResponse(new Response('CSRF token invalid.', 403));
        }
    }

+    private function shouldVerifyCsrf(\Symfony\Component\HttpFoundation\Request $request): bool
+    {
+        if (!$request->isMethod('POST')) {
+            return false;
+        }
+
+        if (\in_array($request->attributes->getString('_route'), self::EXCLUDED_ROUTES, true)) {
+            return false;
+        }
+
+        return !str_contains($request->headers->get('Content-Type', ''), 'application/json');
+    }
+
    public function onKernelResponse(ResponseEvent $event): void
    {
        if (!$event->isMainRequest()) {