public static function protect(Controller $controller)
{
$controller->before[] = function () {
if (CsrfProtector::isMethodProtected(Uri::getRequestType())) {
CsrfProtector::validate();
}
return true;
};
$controller->after[] = function () use($controller) {
$controller->setCookie(array('name' => 'csrftoken', 'value' => CsrfProtector::getCsrfToken(), 'expire' => 0, 'path' => '/'));
return true;
};
}
/**
* @test
*/
public function shouldCreateFormStartTagWithCsrfTokenInFormForModelClass()
{
//given
$product = new Product(array('description' => 'desc', 'name' => 'name', 'id_category' => 0));
$form = formFor($product);
//when
$startTag = $form->start('/sample/url', 'GET', array('class' => 'form-horizontal'));
//then
/** @noinspection HtmlUnknownTarget */
$this->assertEquals('<form class="form-horizontal" action="/sample/url" method="GET"><input type="hidden" id="csrftoken" name="csrftoken" value="' . CsrfProtector::getCsrfToken() . '"/>', $startTag);
}
public function start($url, $method = 'post', $attributes = array())
{
return formTag($url, $method, $attributes) . hiddenTag('csrftoken', CsrfProtector::getCsrfToken());
}
/**
* @test
*/
public function shouldSetCookie()
{
//when
$this->get('/csrf_sample/index');
//then
$this->assertHasCookie(array('name' => 'csrftoken', 'value' => CsrfProtector::getCsrfToken(), 'expire' => 0, 'path' => '/'));
}