mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-19 02:56:15 +00:00
Adding tests for csrf feature separation.
Removing serialize() calls as they didn't really add anything.
This commit is contained in:
mark_story
parent
72a1c959a1
commit
b088daf045
2 changed files with 20 additions and 14 deletions
|
|
@ -580,7 +580,7 @@ class SecurityComponent extends Component {
|
|||
$token = $data['_Token']['key'];
|
||||
|
||||
if ($this->Session->check('_Token')) {
|
||||
$tokenData = unserialize($this->Session->read('_Token'));
|
||||
$tokenData = $this->Session->read('_Token');
|
||||
|
||||
if ($tokenData['expires'] < time() || $tokenData['key'] !== $token) {
|
||||
return false;
|
||||
|
|
@ -651,7 +651,7 @@ class SecurityComponent extends Component {
|
|||
protected function _generateToken(&$controller) {
|
||||
if (isset($controller->params['requested']) && $controller->params['requested'] === 1) {
|
||||
if ($this->Session->check('_Token')) {
|
||||
$tokenData = unserialize($this->Session->read('_Token'));
|
||||
$tokenData = $this->Session->read('_Token');
|
||||
$controller->params['_Token'] = $tokenData;
|
||||
}
|
||||
return false;
|
||||
|
|
@ -671,7 +671,7 @@ class SecurityComponent extends Component {
|
|||
}
|
||||
|
||||
if ($this->Session->check('_Token')) {
|
||||
$tokenData = unserialize($this->Session->read('_Token'));
|
||||
$tokenData = $this->Session->read('_Token');
|
||||
$valid = (
|
||||
isset($tokenData['expires']) &&
|
||||
$tokenData['expires'] > time() &&
|
||||
|
|
@ -683,7 +683,7 @@ class SecurityComponent extends Component {
|
|||
}
|
||||
}
|
||||
$controller->request->params['_Token'] = $token;
|
||||
$this->Session->write('_Token', serialize($token));
|
||||
$this->Session->write('_Token', $token);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -152,6 +152,7 @@ class SecurityComponentTest extends CakeTestCase {
|
|||
$this->Controller->Components->init($this->Controller);
|
||||
$this->Controller->Security = $this->Controller->TestSecurity;
|
||||
$this->Controller->Security->blackHoleCallback = 'fail';
|
||||
$this->Security = $this->Controller->Security;
|
||||
|
||||
Configure::write('Security.salt', 'foo!');
|
||||
}
|
||||
|
|
@ -856,16 +857,6 @@ DIGEST;
|
|||
$this->assertTrue($result);
|
||||
}
|
||||
|
||||
/**
|
||||
* testLoginValidation method
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
function testLoginValidation() {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* testValidateHasManyModel method
|
||||
*
|
||||
|
|
@ -1238,4 +1229,19 @@ DIGEST;
|
|||
$this->Controller->Security->blackHole($this->Controller, 'auth');
|
||||
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
|
||||
}
|
||||
|
||||
/**
|
||||
* test setting
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
function testCsrfSettings() {
|
||||
$this->Security->validatePost = false;
|
||||
$this->Security->enableCsrf = true;
|
||||
$this->Security->csrfExpires = '+10 minutes';
|
||||
$this->Security->startup($this->Controller);
|
||||
|
||||
$token = $this->Security->Session->read('_Token');
|
||||
$this->assertEquals(count($token['csrf']), 1, 'Missing the csrf token.');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue