Make CSRF token assignment use a method as well.

This makes SecurityComponent and CsrfComponent work the same in the IntegrationTestCase. Refs #7004
cakephp · Oct 11, 2015 · cd77c1c · cd77c1c
1 parent 1d9aed1
commit cd77c1c
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 9 deletions.
diff --git a/src/TestSuite/IntegrationTestCase.php b/src/TestSuite/IntegrationTestCase.php
@@ -111,6 +111,14 @@ abstract class IntegrationTestCase extends TestCase
      */
     protected $_securityToken = false;
 
+    /**
+     * Boolean flag for whether or not the request should have
+     * a CSRF token added.
+     *
+     * @var bool
+     */
+    protected $_csrfToken = false;
+
     /**
      * Clears the state used for requests.
      *
@@ -129,6 +137,7 @@ public function tearDown()
         $this->_layoutName = null;
         $this->_requestSession = null;
         $this->_securityToken = false;
+        $this->_csrfToken = false;
     }
 
     /**
@@ -143,6 +152,19 @@ public function enableSecurityToken()
         $this->_securityToken = true;
     }
 
+    /**
+     * Calling this method will add a CSRF token to the request.
+     *
+     * Both the POST data and cookie will be populated when this option
+     * is enabled. The default parameter names will be used.
+     *
+     * @return void
+     */
+    public function enableCsrfToken()
+    {
+        $this->_csrfToken = true;
+    }
+
     /**
      * Configures the data for the *next* request.
      *
@@ -371,7 +393,7 @@ protected function _buildRequest($url, $method, $data)
 
         $props = [
             'url' => $url,
-            'post' => $this->_addTokens($url, $method, $data),
+            'post' => $this->_addTokens($url, $data),
             'cookies' => $this->_cookie,
             'session' => $session,
             'query' => $query
@@ -396,24 +418,25 @@ protected function _buildRequest($url, $method, $data)
      * Add the CSRF and Security Component tokens if necessary.
      *
      * @param string $url The URL the form is being submitted on.
-     * @param string $method The HTTP method being used.
      * @param array $data The request body data.
      * @return array The request body with tokens added.
      */
-    protected function _addTokens($url, $method, $data)
+    protected function _addTokens($url, $data)
     {
         if ($this->_securityToken === true) {
             $keys = Hash::flatten($data);
             $tokenData = $this->_buildFieldToken($url, $keys);
             $data['_Token'] = $tokenData;
         }
 
-        $csrfToken = Text::uuid();
-        if ($method !== 'GET' && !isset($data['_csrfToken'])) {
-            $data['_csrfToken'] = $csrfToken;
-        }
-        if (!isset($this->_cookie['csrfToken'])) {
-            $this->_cookie['csrfToken'] = $csrfToken;
+        if ($this->_csrfToken === true) {
+            $csrfToken = Text::uuid();
+            if (!isset($data['_csrfToken'])) {
+                $data['_csrfToken'] = $csrfToken;
+            }
+            if (!isset($this->_cookie['csrfToken'])) {
+                $this->_cookie['csrfToken'] = $csrfToken;
+            }
         }
         return $data;
     }

diff --git a/tests/TestCase/TestSuite/IntegrationTestCaseTest.php b/tests/TestCase/TestSuite/IntegrationTestCaseTest.php
@@ -80,6 +80,7 @@ public function testRequestBuilding()
      */
     public function testRequestBuildingCsrfTokens()
     {
+        $this->enableCsrfToken();
         $request = $this->_buildRequest('/tasks/add', 'POST', ['title' => 'First post']);
 
         $this->assertArrayHasKey('csrfToken', $request->cookies);