mirror of
https://github.com/flarum/framework.git
synced 2024-12-11 13:05:50 +08:00
parent
80546b9ed7
commit
a737b98e7f
|
@ -39,7 +39,6 @@ class AuthenticateWithHeader implements Middleware
|
||||||
|
|
||||||
$request = $request->withAttribute('apiKey', $key);
|
$request = $request->withAttribute('apiKey', $key);
|
||||||
$request = $request->withAttribute('bypassFloodgate', true);
|
$request = $request->withAttribute('bypassFloodgate', true);
|
||||||
$request = $request->withAttribute('bypassCsrfToken', true);
|
|
||||||
} elseif ($token = AccessToken::find($id)) {
|
} elseif ($token = AccessToken::find($id)) {
|
||||||
$token->touch();
|
$token->touch();
|
||||||
|
|
||||||
|
@ -48,6 +47,7 @@ class AuthenticateWithHeader implements Middleware
|
||||||
|
|
||||||
if (isset($actor)) {
|
if (isset($actor)) {
|
||||||
$request = $request->withAttribute('actor', $actor);
|
$request = $request->withAttribute('actor', $actor);
|
||||||
|
$request = $request->withAttribute('bypassCsrfToken', true);
|
||||||
$request = $request->withoutAttribute('session');
|
$request = $request->withoutAttribute('session');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -188,4 +188,34 @@ class RequireCsrfTokenTest extends TestCase
|
||||||
$this->database()->table('settings')->where('key', 'csrf_test')->first()->value
|
$this->database()->table('settings')->where('key', 'csrf_test')->first()->value
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test
|
||||||
|
*/
|
||||||
|
public function access_token_does_not_need_csrf_token()
|
||||||
|
{
|
||||||
|
$this->database()->table('access_tokens')->insert(
|
||||||
|
['token' => 'myaccesstoken', 'user_id' => 1]
|
||||||
|
);
|
||||||
|
|
||||||
|
$response = $this->send(
|
||||||
|
$this->request(
|
||||||
|
'POST', '/api/settings',
|
||||||
|
[
|
||||||
|
'json' => ['csrf_test' => 2],
|
||||||
|
]
|
||||||
|
)->withHeader('Authorization', 'Token myaccesstoken')
|
||||||
|
);
|
||||||
|
|
||||||
|
// Successful response?
|
||||||
|
$this->assertEquals(204, $response->getStatusCode());
|
||||||
|
|
||||||
|
// Was the setting actually changed in the database?
|
||||||
|
$this->assertEquals(
|
||||||
|
2,
|
||||||
|
$this->database()->table('settings')->where('key', 'csrf_test')->first()->value
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->database()->table('access_tokens')->where('token', 'myaccesstoken')->delete();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user