/** * Checks whether a valid CSRF token has been provided along the given request. * * Returns TRUE in case the given request contains a valid CSRF token. * Otherwise returns FALSE. * * @param \Ableron\Lib\Http\HttpRequest $httpRequest The request to check for valid security token * @return bool */ public function checkCsrfToken(HttpRequest $httpRequest) { // check POST request if ($httpRequest->isPost() && $httpRequest->getPostParameters()->containsKey(ABLERON_PARAM_CSRF_TOKEN) && $this->isValidCsrfToken($httpRequest->getPostParameters()->get(ABLERON_PARAM_CSRF_TOKEN))) { return true; } // check GET request if ($httpRequest->isGet() && $httpRequest->getQueryParameters()->containsKey(ABLERON_PARAM_CSRF_TOKEN) && $this->isValidCsrfToken($httpRequest->getQueryParameters()->get(ABLERON_PARAM_CSRF_TOKEN))) { return true; } // handle missing/invalid CSRF token $this->handlePossibleCsrfAttack(); // given request does not contain valid CSRF token return false; }
/** * Tests whether __construct() sets provided values correctly. * * @return void */ public function testConstructWithOptionalParameters() { $request = new HttpRequest(new Uri('http://example.com/foo'), HttpRequest::METHOD_POST, AbstractHttpMessage::HTTP_VERSION_1_0, array(new GenericHeaderField('X-Test', 'Foo')), array('a' => '1'), array('b' => '2'), array(new HttpCookie('test'))); $this->assertSame('', $request->getContent()); $this->assertSame('text/plain; charset=utf-8', $request->getContentType()->toString()); $this->assertFalse($request->getContentType()->hasBinaryContent()); $this->assertSame('X-Test: Foo', $request->getHeaderFields()->get('x-test')->toString()); $this->assertTrue($request->getCookies()->containsKey('test')); $this->assertSame('1', $request->getQueryParameters()->get('a')); $this->assertSame(array('b' => '2'), $request->getPostParameters()->toArray()); $this->assertSame('http://example.com/foo', $request->getUri()->toString()); $this->assertSame(HttpRequest::METHOD_POST, $request->getMethod()); }