/**
* @test
*/
public function handleReturnResponse()
{
$token = new Token('someuser', 'somedigest', 'someproviderkey');
$token->setAttribute('nonce', 'somenonce');
$token->setAttribute('created', '2010-12-12 20:00:00');
$response = new Response();
$this->authenticationManager->expects($this->once())->method('authenticate')->with($token)->will($this->returnValue($response));
$this->responseEvent->expects($this->once())->method('setResponse')->with($response);
$this->request->headers->add(array('X-WSSE' => 'UsernameToken Username="******", PasswordDigest="somedigest", Nonce="somenonce", Created="2010-12-12 20:00:00"'));
$listener = new Listener($this->securityContext, $this->authenticationManager, 'someproviderkey', $this->authenticationEntryPoint);
$listener->handle($this->responseEvent);
}
/**
* Check for a possible CSRF attack in REST API
*
* @param GetResponseEvent $event
* @return mixed
* @throws AuthenticationException
*/
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
// check for a special "anti-CSRF" header in AJAX calls
if (!$request->headers->has('X-WSSE') && !$request->headers->has('X-CSRF-Header')) {
throw new AuthenticationException('Possible CSRF attack detected');
}
return parent::handle($event);
}
