Remove deprecated CSRF wildcard path match

2025-02-02 09:05:38 +08:00 · 2021-01-19 19:09:06 -05:00 · 2021-01-19 19:09:06 -05:00 · a10da427ff
commit a10da427ff
parent 4561f56fb9
3 changed files with 1 additions and 65 deletions
--- a/src/Extend/Csrf.php
+++ b/src/Extend/Csrf.php
@ -28,18 +28,6 @@ class Csrf implements ExtenderInterface
        return $this;
    }

-    /**
-     * Exempt a path from csrf checks. Wildcards are supported.
-     *
-     * @deprecated beta 15, remove beta 16. Exempt routes should be used instead.
-     */
-    public function exemptPath(string $path)
-    {
-        $this->csrfExemptRoutes[] = $path;
-
-        return $this;
-    }
-
    public function extend(Container $container, Extension $extension = null)
    {
        $container->extend('flarum.http.csrfExemptPaths', function ($existingExemptPaths) {
--- a/src/Http/Middleware/CheckCsrfToken.php
+++ b/src/Http/Middleware/CheckCsrfToken.php
@ -26,12 +26,8 @@ class CheckCsrfToken implements Middleware

    public function process(Request $request, Handler $handler): Response
    {
-        $path = $request->getAttribute('originalUri')->getPath();
        foreach ($this->exemptRoutes as $exemptRoute) {
-            /**
-             * @deprecated path match should be removed in beta 16, only route name match should be supported.
-             */
-            if ($exemptRoute === $request->getAttribute('routeName') || fnmatch($exemptRoute, $path)) {
+            if ($exemptRoute === $request->getAttribute('routeName')) {
                return $handler->handle($request);
            }
        }
--- a/tests/integration/extenders/CsrfTest.php
+++ b/tests/integration/extenders/CsrfTest.php
@ -41,38 +41,8 @@ class CsrfTest extends TestCase

    /**
     * @test
-     * @deprecated
     */
    public function create_user_post_doesnt_need_csrf_token_if_whitelisted()
-    {
-        $this->extend(
-            (new Extend\Csrf)
-                ->exemptPath('/api/users')
-        );
-
-        $response = $this->send(
-            $this->request('POST', '/api/users', [
-                'json' => [
-                    'data' => [
-                        'attributes' => $this->testUser
-                    ]
-                ],
-            ])
-        );
-
-        $this->assertEquals(201, $response->getStatusCode());
-
-        $user = User::where('username', $this->testUser['username'])->firstOrFail();
-
-        $this->assertEquals(0, $user->is_email_confirmed);
-        $this->assertEquals($this->testUser['username'], $user->username);
-        $this->assertEquals($this->testUser['email'], $user->email);
-    }
-
-    /**
-     * @test
-     */
-    public function create_user_post_doesnt_need_csrf_token_if_whitelisted_via_routename()
    {
        $this->extend(
            (new Extend\Csrf)
@ -97,22 +67,4 @@ class CsrfTest extends TestCase
        $this->assertEquals($this->testUser['username'], $user->username);
        $this->assertEquals($this->testUser['email'], $user->email);
    }
-
-    /**
-     * @test
-     * @deprecated
-     */
-    public function csrf_matches_wildcards_properly()
-    {
-        $this->extend(
-            (new Extend\Csrf)
-                ->exemptPath('/api/fake/*/up')
-        );
-
-        $response = $this->send(
-            $this->request('POST', '/api/fake/route/i/made/up')
-        );
-
-        $this->assertEquals(404, $response->getStatusCode());
-    }
 }