Evolution #161: Session sécurité

src/Muzich/CommentBundle/Controller/CommentController.php

@@ -24,7 +24,7 @@ class CommentController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -109,7 +109,7 @@ class CommentController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -161,7 +161,7 @@ class CommentController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -206,7 +206,7 @@ class CommentController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -305,7 +305,7 @@ class CommentController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -344,7 +344,7 @@ class CommentController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',

src/Muzich/CommentBundle/Resources/views/Comment/comment.html.twig

@@ -8,20 +8,20 @@
 {% if app.user.id != comment.u.i %}
   <a title="{{ 'comment.report.link_title'|trans({}, 'userui') }}" 
     class="comment_report" 
-    href="{{ path('ajax_alert_comment', {'element_id':element_id, 'date': comment.d, 'token':app.user.getPersonalHash}) }}">
+    href="{{ path('ajax_alert_comment', {'element_id':element_id, 'date': comment.d, 'token':app.user.getPersonalHash(element_id)}) }}">
     <img src="{{ asset('bundles/muzichcore/img/1331832708_comment_alert.png') }}" alt="report" />
   </a>
 {% endif %}
 
 {% if app.user.id == comment.u.i %}
   <a title="{{ 'comment.edit.link'|trans({}, 'elements') }}" class="comment_edit_link" 
-     href="{{ path('ajax_edit_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash})  }}" style="display: none;"
+     href="{{ path('ajax_edit_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash(element_id)})  }}" style="display: none;"
   >
     <img src="{{ asset('bundles/muzichcore/img/1327151338_desktop.png') }}" alt="edit" />
   </a>
 
   <a title="{{ 'comment.remove.link'|trans({}, 'elements') }}" class="comment_remove_link" 
-     href="{{ path('ajax_delete_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash})  }}" style="display: none;"
+     href="{{ path('ajax_delete_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash(element_id)})  }}" style="display: none;"
   >
     <img src="{{ asset('bundles/muzichcore/img/1327168960_fileclose.png') }}" alt="delete" />
   </a>

src/Muzich/CommentBundle/Resources/views/Comment/edit.html.twig

@@ -3,7 +3,7 @@
   action="{{ path('ajax_update_comment', {
     'element_id':element_id, 
     'date': date, 
-    'token':app.user.getPersonalHash,
+    'token':app.user.getPersonalHash(element_id),
     'dom_id': comment.u.i~'_'~(comment.d|date_epurate)
   }) }}" 
   method="post" 

src/Muzich/CoreBundle/Controller/CoreController.php

@@ -128,7 +128,7 @@ class CoreController extends Controller
     }
     
     // Vérifications préléminaires
-    if ($user->getPersonalHash() != $token 
+    if ($user->getPersonalHash($id) != $token 
         || !in_array($type, array('user', 'group')) 
         || !is_numeric($id)
         || ($user->getId() == $id && $type == 'user')
@@ -523,7 +523,7 @@ class CoreController extends Controller
     }
     
     if (!($tag = $this->getDoctrine()->getRepository('MuzichCoreBundle:Tag')
-      ->findOneById($tag_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($tag_id)) || $this->getUser()->getPersonalHash($tag_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -586,7 +586,7 @@ class CoreController extends Controller
       ->findOneById($element_id)) 
       || !($group = $this->getDoctrine()->getRepository('MuzichCoreBundle:Group')
       ->findOneById($group_id)) 
-      || $this->getUser()->getPersonalHash() != $token)
+      || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -637,7 +637,7 @@ class CoreController extends Controller
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
       ->findOneById($element_id)) 
-      || $this->getUser()->getPersonalHash() != $token)
+      || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',

src/Muzich/CoreBundle/Controller/ElementController.php

@@ -202,13 +202,18 @@ class ElementController extends Controller
    * @param int $element_id
    * @return Response 
    */
-  public function removeAction($element_id)
+  public function removeAction($element_id, $token)
   {
     if (($response = $this->mustBeConnected()))
     {
       return $response;
     }
     
+    if ($token != $this->getUser()->getPersonalHash($element_id))
+    {
+      return $this->jsonResponse(array('status' => 'error'));
+    }
+    
     try {
       $element = $this->checkExistingAndOwned($element_id);
       $em = $this->getDoctrine()->getEntityManager();
@@ -455,7 +460,7 @@ class ElementController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -486,7 +491,7 @@ class ElementController extends Controller
         'a' => array(
           'href' => $this->generateUrl('ajax_element_remove_vote_good', array(
             'element_id' => $element->getId(),
-            'token'      => $this->getUser()->getPersonalHash()
+            'token'      => $this->getUser()->getPersonalHash($element->getId())
           ))
         ),
         'img' => array(
@@ -514,7 +519,7 @@ class ElementController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -545,7 +550,7 @@ class ElementController extends Controller
         'a' => array(
           'href' => $this->generateUrl('ajax_element_add_vote_good', array(
             'element_id' => $element->getId(),
-            'token'      => $this->getUser()->getPersonalHash()
+            'token'      => $this->getUser()->getPersonalHash($element->getId())
           ))
         ),
         'img' => array(
@@ -754,7 +759,7 @@ class ElementController extends Controller
     }
     
     if (!($proposition = $this->getDoctrine()->getRepository('MuzichCoreBundle:ElementTagsProposition')
-      ->findOneById($proposition_id)) || $token != $this->getUser()->getPersonalHash())
+      ->findOneById($proposition_id)) || $token != $this->getUser()->getPersonalHash($proposition_id))
     {
       return $this->jsonResponse(array(
         'status' => 'error',
@@ -813,7 +818,7 @@ class ElementController extends Controller
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $token != $this->getUser()->getPersonalHash())
+      ->findOneById($element_id)) || $token != $this->getUser()->getPersonalHash($element_id))
     {
       return $this->jsonResponse(array(
         'status' => 'error',

src/Muzich/CoreBundle/Resources/config/routing.yml

@@ -93,7 +93,7 @@ element_update:
   defaults: { _controller: MuzichCoreBundle:Element:update }
   
 element_remove:
-  pattern: /element/{element_id}/remove
+  pattern: /element/{element_id}/remove/{token}
   defaults: { _controller: MuzichCoreBundle:Element:remove }
   
 element_new_count:

src/Muzich/CoreBundle/Resources/views/Element/tag.propositions.html.twig

@@ -19,7 +19,7 @@
           <span class="button">{{ tag.name }}</span>
         {% endfor %}
           
-          <a class="accept_tag_propotision button darkbutton" href="{{ path('ajax_element_proposed_tags_accept', {'proposition_id':proposition.id,'token':app.user.getPersonalHash}) }}">
+          <a class="accept_tag_propotision button darkbutton" href="{{ path('ajax_element_proposed_tags_accept', {'proposition_id':proposition.id,'token':app.user.getPersonalHash(proposition.id)}) }}">
             {{ 'element.view_propositions.link_accept'|trans({}, 'elements') }}
           </a>
           
@@ -28,11 +28,11 @@
   </ul>
   
   {% if propositions|length > 1 %}
-    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash}) }}" >
+    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash(element_id)}) }}" >
       {{ 'element.view_propositions.link_refuse_x'|trans({}, 'elements') }}
     </a>
   {% else %}
-    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash}) }}" >
+    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash(element_id)}) }}" >
       {{ 'element.view_propositions.link_refuse_one'|trans({}, 'elements') }}
     </a>
   {% endif %}

src/Muzich/CoreBundle/Resources/views/SearchElement/element.html.twig

@@ -54,14 +54,14 @@
               {% if element.hasVoteGood(app.user.id) %}
                 <a class="vote" href="{{ path('ajax_element_remove_vote_good', {
                   'element_id' : element.id,
-                  'token'      : app.user.getPersonalHash
+                  'token'      : app.user.getPersonalHash(element.id)
                 }) }}" title="{{ 'element.vote.good'|trans({}, 'elements') }}">
                   <img src="{{ asset('img/icon_thumb_red.png') }}" alt="vote" />
                 </a>
               {% else %}
                 <a class="vote" href="{{ path('ajax_element_add_vote_good', {
                   'element_id' : element.id,
-                  'token'      : app.user.getPersonalHash
+                  'token'      : app.user.getPersonalHash(element.id)
                 }) }}" title="{{ 'element.vote.good'|trans({}, 'elements') }}">
                   <img src="{{ asset('img/icon_thumb.png') }}" alt="vote" />
                 </a>
@@ -70,11 +70,11 @@
         {% endif %}
         <li class="star">
           {% if element.hasFavoriteUser(app.user.id) %}
-            <a class="favorite_link" href="{{ path('favorite_remove', { 'id': element.id, 'token': app.user.personalHash }) }}" >
+            <a class="favorite_link" href="{{ path('favorite_remove', { 'id': element.id, 'token': app.user.personalHash(element.id) }) }}" >
               <img id="favorite_{{ element.id }}_is" src="{{ asset('img/icon_star_2_red.png') }}" title="{{ 'element.favorite.remove'|trans({}, 'elements') }}" alt="{{ 'element.favorite.remove'|trans({}, 'elements') }}"/>
             </a>
           {% else %}
-            <a class="favorite_link" href="{{ path('favorite_add', { 'id': element.id, 'token': app.user.personalHash }) }}" >
+            <a class="favorite_link" href="{{ path('favorite_add', { 'id': element.id, 'token': app.user.personalHash(element.id) }) }}" >
               <img id="favorite_{{ element.id }}_isnot" src="{{ asset('img/icon_star_2.png') }}" title="{{ 'element.favorite.add'|trans({}, 'elements') }}" alt="{{ 'element.favorite.add'|trans({}, 'elements') }}" />
             </a>
           {% endif %}
@@ -113,7 +113,7 @@
             <li class="element_report">
               <a title="{{ 'element.report.link_title'|trans({}, 'userui') }}" 
                 class="element_report" 
-                href="{{ path('ajax_report_element', {'element_id':element.id, 'token':app.user.getPersonalHash}) }}">
+                href="{{ path('ajax_report_element', {'element_id':element.id, 'token':app.user.getPersonalHash(element.id)}) }}">
                 <img src="{{ asset('/img/icon_alert.png') }}" alt="report" />
               </a>
             </li>
@@ -146,7 +146,7 @@
 
             <li class="element_remove_link">
               <a title="{{ 'element.remove.link'|trans({}, 'elements') }}" class="element_remove_link" 
-                href="{{ path('element_remove', {'element_id' : element.id})  }}"
+                href="{{ path('element_remove', {'element_id' : element.id, 'token':app.user.getPersonalHash(element.id)})  }}"
               >
                 <img src="{{ asset('/img/icon_close_2.png') }}" alt="delete" />
               </a>
@@ -230,7 +230,7 @@
               <a 
                 href="{{ path('ajax_tag_add_to_favorites', {
                   'tag_id' : tag.id,
-                  'token'  : app.user.getPersonalHash
+                  'token'  : app.user.getPersonalHash(tag.id)
                 }) }}" 
                 class="tag_to_favorites" 
                 style="display: none;"
@@ -310,7 +310,7 @@
     </div>
       
     <form 
-      action="{{ path('ajax_add_comment', {'element_id':element.id, 'token':app.user.getPersonalHash}) }}" 
+      action="{{ path('ajax_add_comment', {'element_id':element.id, 'token':app.user.getPersonalHash(element.id)}) }}" 
       method="post" 
       name="add_comment"
       style="display: none;"

src/Muzich/CoreBundle/Tests/Controller/CommentControllerTest.php

@@ -45,7 +45,7 @@ class CommentControllerTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "J'ai réécouté et ouaa je kiff BrOOO"
@@ -84,7 +84,7 @@ class CommentControllerTest extends FunctionalTest
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
         'dom_id'     => $id,
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(
           'comment' => "Je me modifie mon com kwaa"
@@ -118,7 +118,7 @@ class CommentControllerTest extends FunctionalTest
       $this->generateUrl('ajax_delete_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 
@@ -174,7 +174,7 @@ class CommentControllerTest extends FunctionalTest
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
         'dom_id'     => $id,
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(
           'comment' => "Je répond 13 HACKED"
@@ -194,7 +194,7 @@ class CommentControllerTest extends FunctionalTest
       $this->generateUrl('ajax_delete_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/ElementControllerTest.php

@@ -298,7 +298,7 @@ class ElementControllerTest extends FunctionalTest
     
     // On est sur la page home, on peut voir le lien de suppression l'élément
     $this->exist('a[href="'.($url = $this->generateUrl('element_remove', array(
-        'element_id' => $element->getId()
+        'element_id' => $element->getId(), 'token' => $bux->getPersonalHash($element->getId())
     ))).'"]');
   
     // Suppression de l'élément
@@ -346,7 +346,7 @@ class ElementControllerTest extends FunctionalTest
     // On peut donc voir le lien pour "dé-voter"
     $url_unvote_soul = $this->generateUrl('ajax_element_remove_vote_good', array(
       'element_id' => $element_soul->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element_soul->getId())
     ));
     $this->exist('a.vote[href="'.$url_unvote_soul.'"]');
     
@@ -378,7 +378,7 @@ class ElementControllerTest extends FunctionalTest
       'GET', 
       $this->generateUrl('ajax_element_add_vote_good', array(
         'element_id' => $element_ed->getId(),
-        'token' => $paul->getPersonalHash()
+        'token' => $paul->getPersonalHash($element_ed->getId())
       )), 
       array(), 
       array(), 
@@ -441,7 +441,7 @@ class ElementControllerTest extends FunctionalTest
       'GET', 
       $this->generateUrl('ajax_element_add_vote_good', array(
         'element_id' => $element_ed->getId(),
-        'token' => $bob->getPersonalHash()
+        'token' => $bob->getPersonalHash($element_ed->getId())
       )), 
       array(), 
       array(), 
@@ -729,17 +729,17 @@ class ElementControllerTest extends FunctionalTest
     
     $url_accept_paul = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_paul->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_paul->getId())
     ));
     $url_accept_joelle = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_joelle->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_joelle->getId())
     ));
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_paul.'"') !== false);
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_joelle.'"') !== false);
     $url_refuse = $this->generateUrl('ajax_element_proposed_tags_refuse', array(
       'element_id' => $element->getId(),
-      'token'      => $bux->getPersonalHash()
+      'token'      => $bux->getPersonalHash($element->getId())
     ));
     
     // On accepete la poposition de joelle
@@ -1099,17 +1099,17 @@ class ElementControllerTest extends FunctionalTest
     
     $url_accept_paul = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_paul->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_paul->getId())
     ));
     $url_accept_joelle = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_joelle->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_joelle->getId())
     ));
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_paul.'"') !== false);
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_joelle.'"') !== false);
     $url_refuse = $this->generateUrl('ajax_element_proposed_tags_refuse', array(
       'element_id' => $element->getId(),
-      'token'      => $bux->getPersonalHash()
+      'token'      => $bux->getPersonalHash($element->getId())
     ));
     
     // On accepete la poposition de joelle

src/Muzich/CoreBundle/Tests/Controller/EventTest.php

@@ -40,7 +40,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Du coup ce com va emettre un event"
@@ -77,7 +77,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element_2->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element_2->getId())
       )), 
       array(
           'comment' => "Du coup ce com va aussi emettre un event"
@@ -112,7 +112,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element_2->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element_2->getId())
       )), 
       array(
           'comment' => "Du coup ce com va aussi emettre un event"
@@ -247,7 +247,7 @@ class EventTest extends FunctionalTest
     // Il ajoute cet élément en favoris
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -282,7 +282,7 @@ class EventTest extends FunctionalTest
     // On enlève des favoris
     $url = $this->generateUrl('favorite_remove', array(
       'id'    => $element->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -349,7 +349,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Je choisis en commentant de suivre l'élément",
@@ -398,7 +398,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $joelle->getPersonalHash()
+        'token'      => $joelle->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Je choisis en commentant de suivre l'élément (joelle)",
@@ -447,7 +447,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $bux->getPersonalHash()
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Voila le com qui declenche les événemetns chez paul et joelle"
@@ -499,7 +499,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $bux->getPersonalHash()
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "un nouveau com"
@@ -589,7 +589,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "ze veux plus",
@@ -657,7 +657,7 @@ class EventTest extends FunctionalTest
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $bux->getPersonalHash()
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "ce com va declencher un event chez joelle mais pas chez paul"
@@ -734,7 +734,7 @@ class EventTest extends FunctionalTest
     $url_follow = $this->generateUrl('follow', array(
       'type' => 'user', 
       'id' => $bob->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($bob->getId())
     ));
     
     $this->crawler = $this->client->request('GET', $url_follow);
@@ -898,7 +898,7 @@ class EventTest extends FunctionalTest
       $this->generateUrl('ajax_element_proposed_tags_accept', 
         array(
           'proposition_id' => $proposition_id,
-          'token' => $user->getPersonalHash()
+          'token' => $user->getPersonalHash($proposition_id)
         )
       ), 
       array(), 
@@ -919,7 +919,7 @@ class EventTest extends FunctionalTest
       $this->generateUrl('ajax_element_proposed_tags_refuse', 
         array(
           'element_id' => $element_id,
-          'token' => $user->getPersonalHash()
+          'token' => $user->getPersonalHash($element_id)
         )
       ), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/FavoriteControllerTest.php

@@ -153,7 +153,7 @@ class FavoriteControllerTest extends FunctionalTest
     $this->exist('li:contains("DUDELDRUM")');
     $this->exist('a[href="'.($url = $this->generateUrl('favorite_add', array(
       'id'    => $element_DUDELDRUM->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($element_DUDELDRUM->getId())
     ))).'"]');
     $link = $this->selectLink('a[href="'.$url.'"]');
     $this->clickOnLink($link);
@@ -169,7 +169,7 @@ class FavoriteControllerTest extends FunctionalTest
     // Il a laissé place aux lien pour le retirer
     $this->exist('a[href="'.($url_rm = $this->generateUrl('favorite_remove', array(
       'id'    => $element_DUDELDRUM->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($element_DUDELDRUM->getId())
     ))).'"]');
     
     // En base l'enregistrement existe
@@ -232,7 +232,7 @@ class FavoriteControllerTest extends FunctionalTest
     // Il ajoute cet élément en favoris
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -257,7 +257,7 @@ class FavoriteControllerTest extends FunctionalTest
     // On enlève des favoris
     $url = $this->generateUrl('favorite_remove', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/Tests/Controller/GroupControllerTest.php

@@ -84,7 +84,7 @@ class GroupControllerTest extends FunctionalTest
             
     $this->exist('a[href="'.($url = $this->generateUrl('group_delete', array(
       'group_id'  => $Fans_de_psytrance->getId(),
-      'token'     => $this->getUser()->getPersonalHash()
+      'token'     => $this->getUser()->getPersonalHash($Fans_de_psytrance->getId())
     ))).'"]');
     
     $this->crawler = $this->client->request('GET', $url);

src/Muzich/CoreBundle/Tests/Controller/HomeControllerTest.php

@@ -844,7 +844,7 @@ class HomeControllerTest extends FunctionalTest
         'name' => $fan_de_psy->getName(),
         'id'   => $fan_de_psy->getId(),
         'url'  => $this->generateUrl('ajax_set_element_group', array(
-          'token'      => $this->getUser()->getPersonalHash(),
+          'token'      => $this->getUser()->getPersonalHash($element->getId()),
           'element_id' => $element->getId(),
           'group_id'   => $fan_de_psy->getId()
         ))
@@ -857,7 +857,7 @@ class HomeControllerTest extends FunctionalTest
       $this->generateUrl('ajax_set_element_group', array(
         'element_id' => $element->getId(),
         'group_id'   => $fan_de_psy->getId(),
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )), 
       array(), 
       array(), 
@@ -960,7 +960,7 @@ class HomeControllerTest extends FunctionalTest
     // On accepte la proposition de paul
     $url_accept_paul = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_paul->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_paul->getId())
     ));
     
     $crawler = $this->client->request(

src/Muzich/CoreBundle/Tests/Controller/ModerateControllerTest.php

@@ -29,7 +29,7 @@ class ModerateControllerTest extends FunctionalTest
     // Paul signale cet élément comme pas bien
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $paul->getPersonalHash()
+      'token'      => $paul->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
@@ -57,7 +57,7 @@ class ModerateControllerTest extends FunctionalTest
     // Ca ne doit pas bouger puisqu'il l'a déjà fait
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $paul->getPersonalHash()
+      'token'      => $paul->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
@@ -96,7 +96,7 @@ class ModerateControllerTest extends FunctionalTest
     // Ca ne doit pas bouger puisqu'il l'a déjà fait
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_bab->getId(),
-      'token'      => $paul->getPersonalHash()
+      'token'      => $paul->getPersonalHash($element_bab->getId())
     ));
     
     $crawler = $this->client->request(
@@ -136,7 +136,7 @@ class ModerateControllerTest extends FunctionalTest
     // Paul signale cet élément comme pas bien
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $joelle->getPersonalHash()
+      'token'      => $joelle->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
@@ -164,7 +164,7 @@ class ModerateControllerTest extends FunctionalTest
     // Ca ne doit pas bouger puisqu'elle l'a déjà fait
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $joelle->getPersonalHash()
+      'token'      => $joelle->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
@@ -318,7 +318,7 @@ class ModerateControllerTest extends FunctionalTest
       $this->generateUrl('ajax_alert_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment_bux['d'],
-        'token'      => $joelle->getPersonalHash()
+        'token'      => $joelle->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 
@@ -348,7 +348,7 @@ class ModerateControllerTest extends FunctionalTest
       $this->generateUrl('ajax_alert_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment_paul['d'],
-        'token'      => $joelle->getPersonalHash()
+        'token'      => $joelle->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/MynetworkControllerTest.php

@@ -125,7 +125,7 @@ class MynetworkControllerTest extends FunctionalTest
     $url_follow = $this->generateUrl('follow', array(
       'type' => 'user', 
       'id' => $bux->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($bux->getId())
     ));
     
     // On lance l'action de suivre
@@ -210,7 +210,7 @@ class MynetworkControllerTest extends FunctionalTest
     $url_follow = $this->generateUrl('follow', array(
       'type' => 'group', 
       'id' => $DUDELDRUM->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($DUDELDRUM->getId())
     ));
     
     // On lance l'action de suivre

src/Muzich/CoreBundle/Tests/Controller/ReputationTest.php

@@ -59,7 +59,7 @@ class ReputationTest extends FunctionalTest
       'GET', 
       $this->generateUrl('ajax_element_add_vote_good', array(
         'element_id' => $element->getId(),
-        'token' => $paul->getPersonalHash()
+        'token' => $paul->getPersonalHash($element->getId())
       )), 
       array(), 
       array(), 
@@ -83,7 +83,8 @@ class ReputationTest extends FunctionalTest
     $crawler = $this->client->request(
       'GET', 
       $this->generateUrl('element_remove', array(
-        'element_id' => $element->getId()
+        'element_id' => $element->getId(),
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/ShowControllerTest.php

@@ -228,7 +228,7 @@ class ShowControllerTest extends FunctionalTest
     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -273,7 +273,7 @@ class ShowControllerTest extends FunctionalTest
     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -322,7 +322,7 @@ class ShowControllerTest extends FunctionalTest
     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $joelle->getPersonalHash()
+      'token' => $joelle->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -367,7 +367,7 @@ class ShowControllerTest extends FunctionalTest
     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $joelle->getPersonalHash()
+      'token' => $joelle->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/Tests/Controller/TagsTest.php

@@ -51,7 +51,7 @@ class TagsTest extends FunctionalTest
     // Il ajoute cet élément en favoris
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/Tests/Controller/UserControllerTest.php

@@ -375,7 +375,7 @@ class UserControllerTest extends FunctionalTest
     
     $url = $this->generateUrl('ajax_tag_add_to_favorites', array(
       'tag_id' => $tribe->getId(),
-      'token'  => $paul->getPersonalHash()
+      'token'  => $paul->getPersonalHash($tribe->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -400,7 +400,7 @@ class UserControllerTest extends FunctionalTest
     
     $url = $this->generateUrl('ajax_tag_add_to_favorites', array(
       'tag_id' => $tribe->getId(),
-      'token'  => $paul->getPersonalHash()
+      'token'  => $paul->getPersonalHash($tribe->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
@@ -425,7 +425,7 @@ class UserControllerTest extends FunctionalTest
     
     $url = $this->generateUrl('ajax_tag_add_to_favorites', array(
       'tag_id' => $hardtek->getId(),
-      'token'  => $paul->getPersonalHash()
+      'token'  => $paul->getPersonalHash($hardtek->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/lib/Controller.php

@@ -479,7 +479,7 @@ class Controller extends BaseController
               'name' => $group->getName(),
               'id'   => $group->getId(),
               'url'  => $this->generateUrl('ajax_set_element_group', array(
-                'token'      => $this->getUser()->getPersonalHash(),
+                'token'      => $this->getUser()->getPersonalHash($element->getId()),
                 'element_id' => $element->getId(),
                 'group_id'   => $group->getId()
               ))

src/Muzich/FavoriteBundle/Controller/FavoriteController.php

@@ -47,7 +47,7 @@ class FavoriteController extends Controller
     
     $em = $this->getEntityManager();
     
-    if ($user->getPersonalHash() != $token || !is_numeric($id)
+    if ($user->getPersonalHash($id) != $token || !is_numeric($id)
       || !($element = $em->getRepository('MuzichCoreBundle:Element')->findOneById($id))
     )
     {
@@ -88,7 +88,7 @@ class FavoriteController extends Controller
         'favorite'      => true,
         'link_new_url'  => $this->generateUrl('favorite_remove', array(
             'id'    => $id,
-            'token' => $token
+            'token' => $user->getPersonalHash($id)
         )),
         'img_new_src'   => $this->getAssetUrl('img/icon_star_2_red.png'),
         'img_new_title' => $this->trans('element.favorite.remove', array(), 'elements')
@@ -116,7 +116,7 @@ class FavoriteController extends Controller
     $user = $this->getUser();
     $em = $this->getDoctrine()->getEntityManager();
     
-    if ($user->getPersonalHash() != $token || !is_numeric($id)
+    if ($user->getPersonalHash($id) != $token || !is_numeric($id)
       || !($element = $em->getRepository('MuzichCoreBundle:Element')->findOneById($id))
     )
     {
@@ -151,7 +151,7 @@ class FavoriteController extends Controller
         'favorite'      => true,
         'link_new_url'  => $this->generateUrl('favorite_add', array(
             'id'    => $id,
-            'token' => $token
+            'token' => $user->getPersonalHash($id)
         )),
         'img_new_src'   => $this->getAssetUrl('img/icon_star_2.png'),
         'img_new_title' => $this->trans('element.favorite.add', array(), 'elements')

src/Muzich/GroupBundle/Controller/DefaultController.php

@@ -201,7 +201,7 @@ class DefaultController extends Controller
   public function deleteAction($group_id, $token)
   {
     $user = $this->getUser();
-    if ($user->getPersonalHash() != $token)
+    if ($user->getPersonalHash($group_id) != $token)
     {
       throw $this->createNotFoundException('Accès non autorisé.');
     }

src/Muzich/GroupBundle/Resources/views/Default/myList.html.twig

@@ -29,7 +29,7 @@
         <a href="{{ path('show_group', { 'slug': group.slug }) }}">{{ group.name }}</a>
         
         <a title="{{ 'group.remove.link'|trans({}, 'groups') }}" class="group_remove_link" 
-          href="{{ path('group_delete', {'group_id' : group.id, 'token': app.user.personalHash})  }}"
+          href="{{ path('group_delete', {'group_id' : group.id, 'token': app.user.personalHash(group.id)})  }}"
         >
           <img src="{{ asset('bundles/muzichcore/img/1327168960_fileclose.png') }}" alt="delete" />
         </a>

src/Muzich/HomeBundle/Resources/views/Show/showGroup.html.twig

@@ -19,7 +19,7 @@
         </a>
       {% endif %}
       
-      <a href="{{ path('follow', { 'type': 'group', 'id': group.id, 'token': user.personalHash }) }}" 
+      <a href="{{ path('follow', { 'type': 'group', 'id': group.id, 'token': user.personalHash(group.id) }) }}" 
          class="follow_link button darkbutton {% if following %}following{% else %}notfollowing{% endif %}">
         {% if following %}
           {{ 'group.following'|trans({}, 'groups') }}

src/Muzich/HomeBundle/Resources/views/Show/showUser.html.twig

@@ -14,7 +14,7 @@
     <div class="show_options">
             
       {% if app.user.id != viewed_user.id %}
-        <a href="{{ path('follow', { 'type': 'user', 'id': viewed_user.id, 'token': user.personalHash }) }}" 
+        <a href="{{ path('follow', { 'type': 'user', 'id': viewed_user.id, 'token': user.personalHash(viewed_user.id) }) }}" 
            class="follow_link button darkbutton {% if following %}following{% else %}notfollowing{% endif %}" >
           {% if following %}
             {{ 'user.following'|trans({}, 'users') }}