Skip to content
Permalink
Browse files

Removing Session deletion of nonce token on blackhole. Fixes possible…

… CSRF risk from multiple submissions of the same invalid data. Refs #214
  • Loading branch information...
markstory committed Jan 26, 2010
1 parent c195d65 commit fc304056a31088069157f2d28ac480c02e4b1d9f
@@ -381,8 +381,6 @@ function generateDigestResponseHash($data) {
* @see SecurityComponent::$blackHoleCallback
*/
function blackHole(&$controller, $error = '') {
$this->Session->del('_Token');
if ($this->blackHoleCallback == null) {
$code = 404;
if ($error == 'login') {
@@ -237,16 +237,16 @@ function testRequireAuthFail() {
$this->Controller->Security->startup($this->Controller);
$this->assertTrue($this->Controller->failed);
$this->Controller->Session->write('_Token', array('allowedControllers' => array()));
$this->Controller->Session->write('_Token', serialize(array('allowedControllers' => array())));
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
$this->Controller->action = 'posted';
$this->Controller->Security->requireAuth('posted');
$this->Controller->Security->startup($this->Controller);
$this->assertTrue($this->Controller->failed);
$this->Controller->Session->write('_Token', array(
$this->Controller->Session->write('_Token', serialize(array(
'allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted2')
));
)));
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
$this->Controller->action = 'posted';
$this->Controller->Security->requireAuth('posted');
@@ -1145,5 +1145,19 @@ function testSettingTokenForRequestAction() {
$this->Controller->Security->startup($this->Controller);
$this->assertEqual($this->Controller->params['_Token']['key'], $key);
}
/**
* test that blackhole doesn't delete the _Token session key so repeat data submissions
* stay blackholed.
*
* @link http://cakephp.lighthouseapp.com/projects/42648/tickets/214
* @return void
*/
function testBlackHoleNotDeletingSessionInformation() {
$this->Controller->Security->startup($this->Controller);
$this->Controller->Security->blackHole($this->Controller, 'auth');
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
}
}
?>

0 comments on commit fc30405

Please sign in to comment.
You can’t perform that action at this time.