public function gatekeeper($action)
{
if ($action === 'login') {
if ($this->validateActionToken(false)) {
return true;
}
$token = get_input('__elgg_token');
$ts = (int) get_input('__elgg_ts');
if ($token && $this->validateTokenTimestamp($ts)) {
// The tokens are present and the time looks valid: this is probably a mismatch due to the
// login form being on a different domain.
register_error(_elgg_services()->translator->translate('actiongatekeeper:crosssitelogin'));
_elgg_services()->responseFactory->redirect('login', 'csrf');
return false;
}
}
if ($this->validateActionToken()) {
return true;
}
_elgg_services()->responseFactory->redirect(REFERER, 'csrf');
return false;
}
public function testActionGatekeeper() { $dt = new \DateTime(); $this->actions->setCurrentTime($dt); ob_start(); $result = $this->actions->gatekeeper('test'); ob_end_clean(); $this->assertFalse($result); $this->assertInstanceOf(RedirectResponse::class, _elgg_services()->responseFactory->getSentResponse()); $ts = $dt->getTimestamp(); set_input('__elgg_ts', $ts); set_input('__elgg_token', $this->actions->generateActionToken($ts)); $this->assertTrue($this->actions->gatekeeper('test')); }