Permalink
Browse files

Fixing issue where forms generated with requestAction would be missin…

…g the _Token fields that Security component creates. Test cases added to ensure that token key does not change when requestAction is used.


Fixes #68
  • Loading branch information...
1 parent bbc72c3 commit 6356c6ed874e45360af164888776540d56bc5c40 @markstory markstory committed Dec 19, 2009
@@ -621,6 +621,10 @@ function _validatePost(&$controller) {
*/
function _generateToken(&$controller) {
if (isset($controller->params['requested']) && $controller->params['requested'] === 1) {
+ if ($this->Session->check('_Token')) {
+ $tokenData = unserialize($this->Session->read('_Token'));
+ $controller->params['_Token'] = $tokenData;
+ }
return false;
}
$authKey = Security::generateAuthKey();
@@ -651,7 +655,6 @@ function _generateToken(&$controller) {
}
$controller->params['_Token'] = $token;
$this->Session->write('_Token', serialize($token));
-
return true;
}
/**
@@ -1127,5 +1127,23 @@ function testInvalidAuthHeaders() {
$this->assertEqual(count($this->Controller->testHeaders), 1);
$this->assertEqual(current($this->Controller->testHeaders), $expected);
}
+
+/**
+ * test that a requestAction's controller will have the _Token appended to
+ * the params.
+ *
+ * @return void
+ * @see http://cakephp.lighthouseapp.com/projects/42648/tickets/68
+ */
+ function testSettingTokenForRequestAction() {
+ $this->Controller->Security->startup($this->Controller);
+ $key = $this->Controller->params['_Token']['key'];
+
+ $this->Controller->params['requested'] = 1;
+ unset($this->Controller->params['_Token']);
+
+ $this->Controller->Security->startup($this->Controller);
+ $this->assertEqual($this->Controller->params['_Token']['key'], $key);
+ }
}
?>

0 comments on commit 6356c6e

Please sign in to comment.