1.0.2 see cl

heimrichhannot · Mar 16, 2018 · 96168c7 · 96168c7
1 parent bcca4ff
commit 96168c7
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.0.2] - 2018-03-16
+
+### Fixed
+* fixed isset csrf_protection and tests
+
 ## [1.0.1] - 2018-03-14
 
 ### Fixed

diff --git a/src/Manager/AjaxManager.php b/src/Manager/AjaxManager.php
@@ -187,7 +187,7 @@ public function getActiveAction(string $groupRequested, string $actionRequested)
         $arrAttributes = $arrActions[$strAct];
 
         // ajax request token check
-        if (!isset($arrAttributes['csrf_protection']) && (!$strToken || !System::getContainer()->get('huh.ajax.token')->validate($strToken))) {
+        if (isset($arrAttributes['csrf_protection']) && $arrAttributes['csrf_protection'] && (!$strToken || !System::getContainer()->get('huh.ajax.token')->validate($strToken))) {
             return static::AJAX_ERROR_INVALID_TOKEN;
         }
 

diff --git a/tests/Manager/AjaxManagerTest.php b/tests/Manager/AjaxManagerTest.php
@@ -153,10 +153,10 @@ public function testGetActiveAction()
         $GLOBALS['AJAX'] = ['ag' => ['actions' => []]];
         $this->assertSame(3, $manager->getActiveAction('ag', 'getTrue'));
 
-        $GLOBALS['AJAX'] = ['ag' => ['actions' => ['getTrue' => 'action']]];
+        $GLOBALS['AJAX'] = ['ag' => ['actions' => ['getTrue' => ['csrf_protection' => true]]]];
         $this->assertSame(4, $manager->getActiveAction('ag', 'getTrue'));
 
-        $GLOBALS['AJAX'] = ['ag' => ['actions' => ['getTrue' => ['csrf_protection' => true]]]];
+        $GLOBALS['AJAX'] = ['ag' => ['actions' => ['getTrue' => ['csrf_protection' => false]]]];
         $this->assertInstanceOf(AjaxActionManager::class, $manager->getActiveAction('ag', 'getTrue'));
 
         $container = System::getContainer();
@@ -235,8 +235,8 @@ public function testRunActiveAction()
         }
 
         try {
-            $GLOBALS['AJAX'] = ['ag' => ['actions' => ['getTrue' => 'action']]];
-            $manager->runActiveAction('ag', 'getTrue', 'test');
+            $GLOBALS['AJAX'] = ['ag' => ['actions' => ['getResponse' => ['csrf_protection' => true]]]];
+            $manager->runActiveAction('ag', 'getResponse', 'test');
         } catch (InvalidAjaxTokenException $exception) {
             $this->assertSame('Invalid ajax token.', $exception->getMessage());
         }
@@ -259,9 +259,10 @@ public function testRunActiveAction()
         $request->setGet(AjaxManager::AJAX_ATTR_SCOPE, 'ajax');
         $request->setGet(AjaxManager::AJAX_ATTR_GROUP, 'ag');
 
-        $token = $this->mockAdapter(['getActiveToken', 'remove', 'create']);
+        $token = $this->mockAdapter(['getActiveToken', 'remove', 'create', 'validate']);
         $token->method('getActiveToken')->willReturn('token');
         $token->method('create')->willReturn('token');
+        $token->method('validate')->willReturn(true);
         $container = System::getContainer();
         $container->set('huh.request', $request);
         $container->set('huh.ajax.token', $token);