github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-11 18:48:47 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.

Browse Source 
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
This commit is contained in:
Daniël Klabbers 2019-06-18 17:22:23 +02:00
parent 953cae0de1
commit b69b24eea6
5 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
framework/core/src/Http/Middleware/AuthenticateWithHeader.php
View File

@ -40,12 +40,11 @@ class AuthenticateWithHeader implements Middleware
$request = $request->withAttribute('apiKey', $key);
$request = $request->withAttribute('bypassFloodgate', true);
$request = $request->withAttribute('bypassCsrfToken', true);
} elseif ($token = AccessToken::find($id)) {
$token->touch();
$actor = $token->user;
$request = $request->withAttribute('bypassCsrfToken', true);
}
if (isset($actor)) {

1
framework/core/src/Http/Middleware/CheckCsrfToken.php
View File

@ -39,6 +39,7 @@ class CheckCsrfToken implements Middleware
private function tokensMatch(Request $request): bool
{
$expected = (string) $request->getAttribute('session')->token();
$provided = $request->getParsedBody()['csrfToken'] ??
$request->getHeaderLine('X-CSRF-Token');

8
framework/core/src/Http/Middleware/StartSession.php
View File

@ -67,7 +67,7 @@ class StartSession implements Middleware
return $this->withSessionCookie($response, $session);
}
private function makeSession(Request $request)
private function makeSession(Request $request): Store
{
return new Store(
$this->config['cookie'],
@ -76,12 +76,12 @@ class StartSession implements Middleware
);
}
private function withCsrfTokenHeader(Response $response, Session $session)
private function withCsrfTokenHeader(Response $response, Session $session): Response
{
return $response->withHeader('X-CSRF-Token', $session->token());
}
private function withSessionCookie(Response $response, Session $session)
private function withSessionCookie(Response $response, Session $session): Response
{
return FigResponseCookies::set(
$response,
@ -89,7 +89,7 @@ class StartSession implements Middleware
);
}
private function getSessionLifetimeInSeconds()
private function getSessionLifetimeInSeconds(): int
{
return $this->config['lifetime'] * 60;
}

6
framework/core/tests/integration/api/csrf_protection/RequireCsrfTokenTest.php
View File

@ -36,11 +36,11 @@ class RequireCsrfTokenTest extends TestCase
'group_permission' => [
['permission' => 'viewUserList', 'group_id' => 3],
],
'access_tokens' => [
['user_id' => 1, 'token' => 'superadmin', 'lifetime_seconds' => 30],
'api_keys' => [
['user_id' => 1, 'key' => 'superadmin'],
],
'settings' => [
['key' => 'mail_driver', 'value' => 'smtp'],
['key' => 'mail_driver', 'value' => 'mail'],
['key' => 'version', 'value' => Application::VERSION],
],
]);

0
framework/core/tests/integration/tmp/storage/.gitkeep
View File