public function startup(Event $event)
{
$controller = $event->subject();
$request = $controller->request;
$response = $controller->response;
$cookieName = $this->_config['cookieName'];
/* @var \Cake\Network\Request $request */
$cookieData = $request->cookie($cookieName);
if ($cookieData) {
$request->params['_csrfToken'] = $cookieData;
}
if ($request->is('requested')) {
return;
}
if ($request->is('get') && $cookieData === null) {
$this->_setCookie($request, $response);
}
if ($request->is(['put', 'post', 'delete', 'patch']) || !empty($request->data)) {
$this->_validateToken($request);
unset($request->data[$this->_config['field']]);
}
}
/** * Test that the configuration options work. * * @return void * @triggers Controller.startup $controller */ public function testConfigurationValidate() { $_SERVER['REQUEST_METHOD'] = 'POST'; $controller = $this->getMock('Cake\\Controller\\Controller', ['redirect']); $controller->request = new Request(['cookies' => ['csrfToken' => 'nope', 'token' => 'yes'], 'post' => ['_csrfToken' => 'no match', 'token' => 'yes']]); $controller->response = new Response(); $component = new CsrfComponent($this->registry, ['cookieName' => 'token', 'field' => 'token', 'expiry' => 90]); $event = new Event('Controller.startup', $controller); $result = $component->startup($event); $this->assertNull($result, 'Config settings should work.'); }