Fixing issue where forms generated with requestAction would be missin…

…g the _Token fields that Security component creates. Test cases added to ensure that token key does not change when requestAction is used.

Fixes #68

cake/libs/controller/components/security.php

@@ -621,6 +621,10 @@ function _validatePost(&$controller) {
  */
 	function _generateToken(&$controller) {
 		if (isset($controller->params['requested']) && $controller->params['requested'] === 1) {
+			if ($this->Session->check('_Token')) {
+				$tokenData = unserialize($this->Session->read('_Token'));
+				$controller->params['_Token'] = $tokenData;
+			}
 			return false;
 		}
 		$authKey = Security::generateAuthKey();
@@ -651,7 +655,6 @@ function _generateToken(&$controller) {
 		}
 		$controller->params['_Token'] = $token;
 		$this->Session->write('_Token', serialize($token));
-
 		return true;
 	}
 /**

cake/tests/cases/libs/controller/components/security.test.php

@@ -1127,5 +1127,23 @@ function testInvalidAuthHeaders() {
 		$this->assertEqual(count($this->Controller->testHeaders), 1);
 		$this->assertEqual(current($this->Controller->testHeaders), $expected);
 	}
+
+/**
+ * test that a requestAction's controller will have the _Token appended to
+ * the params.
+ *
+ * @return void
+ * @see http://cakephp.lighthouseapp.com/projects/42648/tickets/68
+ */
+	function testSettingTokenForRequestAction() {
+		$this->Controller->Security->startup($this->Controller);
+		$key = $this->Controller->params['_Token']['key'];
+
+		$this->Controller->params['requested'] = 1;
+		unset($this->Controller->params['_Token']);
+
+		$this->Controller->Security->startup($this->Controller);
+		$this->assertEqual($this->Controller->params['_Token']['key'], $key);
+	}
 }
 ?>