Adding SecurityComponent::generateToken()

This method allows end developers to add the csrf tokens manually, if they aren't added automatically. Tokens are cheap to generate, simplifying the logic makes things a bit easier to understand.
2025-01-31 09:06:17 +00:00 · 2011-12-03 19:37:23 -05:00 · 2011-12-03 19:37:23 -05:00 · e421b3bc8f
commit e421b3bc8f
parent 545f4d2811
2 changed files with 22 additions and 11 deletions
--- a/lib/Cake/Controller/Component/SecurityComponent.php
+++ b/lib/Cake/Controller/Component/SecurityComponent.php
@ -207,7 +207,7 @@ class SecurityComponent extends Component {
 				return $this->blackHole($controller, 'csrf');
 			}
 		}
-		$this->_generateToken($controller);
+		$this->generateToken($controller->request);
 		if ($isPost) {
 			unset($controller->request->data['_Token']);
 		}
@ -469,16 +469,15 @@ class SecurityComponent extends Component {
 	}

 /**
- * Add authentication key for new form posts
+ * Manually add CSRF token information into the provided request object.
 *
- * @param Controller $controller Instantiating controller
- * @return boolean Success
+ * @param CakeRequest $request The request object to add into.
+ * @return boolean
 */
-	protected function _generateToken($controller) {
-		if (isset($controller->request->params['requested']) && $controller->request->params['requested'] === 1) {
+	public function generateToken(CakeRequest $request) {
+		if (isset($request->params['requested']) && $request->params['requested'] === 1) {
 			if ($this->Session->check('_Token')) {
-				$tokenData = $this->Session->read('_Token');
-				$controller->request->params['_Token'] = $tokenData;
+				$request->params['_Token'] = $this->Session->read('_Token');
 			}
 			return false;
 		}
@ -498,15 +497,15 @@ class SecurityComponent extends Component {
 				$token['csrfTokens'] = $this->_expireTokens($tokenData['csrfTokens']);
 			}
 		}
-		if ($this->csrfCheck && ($this->csrfUseOnce || empty($token['csrfTokens'])) ) {
+		if ($this->csrfUseOnce || empty($token['csrfTokens'])) {
 			$token['csrfTokens'][$authKey] = strtotime($this->csrfExpires);
 		}
-		if ($this->csrfCheck && $this->csrfUseOnce == false) {
+		if (!$this->csrfUseOnce) {
 			$csrfTokens = array_keys($token['csrfTokens']);
 			$token['key'] = $csrfTokens[0];
 		}
 		$this->Session->write('_Token', $token);
-		$controller->request->params['_Token'] = array(
+		$request->params['_Token'] = array(
 			'key' => $token['key'],
 			'unlockedFields' => $token['unlockedFields']
 		);
--- a/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/SecurityComponentTest.php
@ -1277,4 +1277,16 @@ class SecurityComponentTest extends CakeTestCase {
 		$token = $this->Security->Session->read('_Token');
 		$this->assertTrue(isset($token['csrfTokens']['nonce1']), 'Token was consumed');
 	}
+
+/**
+ * Test generateToken()
+ *
+ * @return void
+ */
+	public function testGenerateToken() {
+		$request = $this->Controller->request;
+		$this->Security->generateToken($request);
+
+		$this->assertNotEmpty($request->params['_Token']);
+	}
 }