Added functional test for csrf token description in form models

Tests/Functional/FormCsrfProtectionTest.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace Nelmio\ApiDocBundle\Tests\Functional;
+
+use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
+use Symfony\Component\HttpKernel\Kernel;
+use Symfony\Component\HttpKernel\KernelInterface;
+
+class FormCsrfProtectionTest extends WebTestCase
+{
+    protected function setUp(): void
+    {
+        parent::setUp();
+        static::bootKernel();
+    }
+
+    protected static function createKernel(array $options = []): KernelInterface
+    {
+        return new TestKernel(TestKernel::USE_FORM_CSRF);
+    }
+
+    public function testTokenDescription()
+    {
+        $this->assertEquals([
+            'type' => 'object',
+            'properties' => [
+                'quz' => [
+                    '$ref' => '#/components/schemas/User',
+                ],
+                '_token' => [
+                    'description' => 'CSRF token',
+                    'type' => 'string',
+                ],
+            ],
+            'required' => ['quz', '_token'],
+            'schema' => 'FormWithModel',
+        ], json_decode($this->getModel('FormWithModel')->toJson(), true));
+    }
+}

Tests/Functional/TestKernel.php

@@ -48,6 +48,7 @@ class TestKernel extends Kernel
     const USE_FOSREST = 3;
     const ERROR_ARRAY_ITEMS = 4;
     const USE_VALIDATION_GROUPS = 8;
+    const USE_FORM_CSRF = 16;
 
     private $flags;
 
@@ -150,6 +151,12 @@ protected function configureContainer(ContainerBuilder $c, LoaderInterface $load
             'property_access' => true,
         ];
 
+        if ($this->flags & self::USE_FORM_CSRF) {
+            $framework['csrf_protection']['enabled'] = true;
+            $framework['session']['storage_factory_id'] = 'session.storage.factory.mock_file';
+            $framework['form'] = ['csrf_protection' => true];
+        }
+
         // Support symfony/framework-bundle < 5.4
         if (method_exists(CachePoolClearCommand::class, 'complete')) {
             $framework += [

composer.json

@@ -47,6 +47,7 @@
         "symfony/twig-bundle": "^5.4|^6.0|^7.0",
         "symfony/validator": "^5.4|^6.0|^7.0",
         "symfony/expression-language": "^5.4|^6.0|^7.0",
+        "symfony/security-csrf": "^5.4|^6.0|^7.0",
 
         "api-platform/core": "^2.7.0|^3",
         "symfony/deprecation-contracts": "^2.1|^3",
@@ -67,6 +68,7 @@
         "symfony/asset": "For using the Swagger UI.",
         "symfony/cache": "For using a PSR-6 compatible cache implementation with the API doc generator.",
         "symfony/form": "For describing your form type models.",
+        "symfony/security-csrf": "For using csrf protection tokens in forms.",
         "symfony/monolog-bundle": "For using a PSR-3 compatible logger implementation with the API PHP describer.",
         "symfony/serializer": "For describing your models.",
         "symfony/twig-bundle": "For using the Swagger UI.",