fix csrf problem

jeroennoten · Aug 16, 2016 · c01764b · c01764b
1 parent f4a0366
commit c01764b
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 53 deletions.
diff --git a/src/CkEditor.php b/src/CkEditor.php
@@ -6,19 +6,20 @@
 
 use Illuminate\Contracts\Routing\UrlGenerator;
 use Illuminate\Contracts\View\Factory;
+use Illuminate\Session\Store;
 
 class CkEditor
 {
     private $view;
-
     private $url;
-
+    private $session;
     private $instanceCount = 0;
 
-    public function __construct(Factory $view, UrlGenerator $url)
+    public function __construct(Factory $view, UrlGenerator $url, Store $session)
     {
         $this->view = $view;
         $this->url = $url;
+        $this->session = $session;
     }
 
     public function editor($name = null, $config = null)
@@ -31,8 +32,8 @@ public function editor($name = null, $config = null)
     private function config()
     {
         return [
-            'filebrowserImageUploadUrl' => $this->url->route('ckeditor.images.store'),
-            'uploadUrl' => $this->url->route('ckeditor.images.store', 'json'),
+            'filebrowserImageUploadUrl' => $this->url->route('ckeditor.images.store', ['_token' => $this->session->token()]),
+            'uploadUrl' => $this->url->route('ckeditor.images.store', ['json', '_token' => $this->session->token()]),
             'extraPlugins' => 'uploadimage'
         ];
     }

diff --git a/src/Http/Middleware/VerifyCsrfToken.php b/src/Http/Middleware/VerifyCsrfToken.php
diff --git a/src/ServiceProvider.php b/src/ServiceProvider.php
@@ -54,7 +54,7 @@ private function registerRoutes(Router $router)
         $router->group([
             'prefix' => 'ckeditor',
             'as' => 'ckeditor.',
-            'middleware' => ['api', StartSession::class, 'auth', VerifyCsrfToken::class],
+            'middleware' => ['web', 'auth'],
             'namespace' => __NAMESPACE__ . '\\Http\\Controllers'
         ], function (Router $router) {
 

diff --git a/tests/ImagesTest.php b/tests/ImagesTest.php
@@ -33,19 +33,6 @@ public function testJsonUpload(UrlGenerator $urlGenerator)
         ]);
     }
 
-    /**
-     * @param UrlGenerator $urlGenerator
-     * @expectedException \Illuminate\Session\TokenMismatchException
-     */
-    public function testCsrf(UrlGenerator $urlGenerator)
-    {
-        $this->actingAs(new User);
-
-        $this->upload($urlGenerator->route('ckeditor.images.store', [
-            'CKEditorFuncNum' => 9
-        ]), 0, false);
-    }
-
     public function testAuth(UrlGenerator $urlGenerator)
     {
         $this->upload($urlGenerator->route('ckeditor.images.store', [