public function gatekeeper($action)
{
if ($action === 'login') {
if ($this->validateActionToken(false)) {
return true;
}
$token = get_input('__elgg_token');
$ts = (int) get_input('__elgg_ts');
if ($token && $this->validateTokenTimestamp($ts)) {
// The tokens are present and the time looks valid: this is probably a mismatch due to the
// login form being on a different domain.
register_error(_elgg_services()->translator->translate('actiongatekeeper:crosssitelogin'));
_elgg_services()->responseFactory->redirect('login', 'csrf');
return false;
}
}
if ($this->validateActionToken()) {
return true;
}
_elgg_services()->responseFactory->redirect(REFERER, 'csrf');
return false;
} public function testActionGatekeeper()
{
$dt = new \DateTime();
$this->actions->setCurrentTime($dt);
ob_start();
$result = $this->actions->gatekeeper('test');
ob_end_clean();
$this->assertFalse($result);
$this->assertInstanceOf(RedirectResponse::class, _elgg_services()->responseFactory->getSentResponse());
$ts = $dt->getTimestamp();
set_input('__elgg_ts', $ts);
set_input('__elgg_token', $this->actions->generateActionToken($ts));
$this->assertTrue($this->actions->gatekeeper('test'));
}
