Skip to content
Permalink
Browse files

Fixing issue where forms generated with requestAction would be missin…

…g the _Token fields that Security component creates. Test cases added to ensure that token key does not change when requestAction is used.

Fixes #68
  • Loading branch information...
markstory committed Dec 19, 2009
1 parent bbc72c3 commit 6356c6ed874e45360af164888776540d56bc5c40
@@ -621,6 +621,10 @@ function _validatePost(&$controller) {
*/
function _generateToken(&$controller) {
if (isset($controller->params['requested']) && $controller->params['requested'] === 1) {
if ($this->Session->check('_Token')) {
$tokenData = unserialize($this->Session->read('_Token'));
$controller->params['_Token'] = $tokenData;
}
return false;
}
$authKey = Security::generateAuthKey();
@@ -651,7 +655,6 @@ function _generateToken(&$controller) {
}
$controller->params['_Token'] = $token;
$this->Session->write('_Token', serialize($token));
return true;
}
/**
@@ -1127,5 +1127,23 @@ function testInvalidAuthHeaders() {
$this->assertEqual(count($this->Controller->testHeaders), 1);
$this->assertEqual(current($this->Controller->testHeaders), $expected);
}
/**
* test that a requestAction's controller will have the _Token appended to
* the params.
*
* @return void
* @see http://cakephp.lighthouseapp.com/projects/42648/tickets/68
*/
function testSettingTokenForRequestAction() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
$this->Controller->params['requested'] = 1;
unset($this->Controller->params['_Token']);
$this->Controller->Security->startup($this->Controller);
$this->assertEqual($this->Controller->params['_Token']['key'], $key);
}
}
?>

0 comments on commit 6356c6e

Please sign in to comment.
You can’t perform that action at this time.